@cdklabs/genai-idp

Constructs

AgentAnalytics

Implements: IAgentAnalytics

Agent Analytics construct for natural language document analytics.

This construct provides AI-powered analytics capabilities that enable natural language querying of processed document data. Key features include:

Convert natural language questions to SQL queries
Generate interactive visualizations and tables
Explore database schema automatically
Secure code execution in AWS Bedrock AgentCore sandboxes
Multi-tool agent system for comprehensive analytics

The analytics system uses a multi-tool approach: - Database discovery tool for schema exploration - Athena query tool for SQL execution - Secure code sandbox for data transfer - Python visualization tool for charts and tables

Initializers

import { AgentAnalytics } from '@cdklabs/genai-idp'

new AgentAnalytics(scope: Construct, id: string, props: AgentAnalyticsProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`AgentAnalyticsProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Required

Type: AgentAnalyticsProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.

`toString`

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.

`isConstruct`

import { AgentAnalytics } from '@cdklabs/genai-idp'

AgentAnalytics.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`agentProcessor`	`aws-cdk-lib.aws_lambda.IFunction`	Lambda function that processes agent queries using Bedrock AgentCore.
`agentRequestHandler`	`aws-cdk-lib.aws_lambda.IFunction`	Lambda function that handles agent query requests from the UI.
`agentTable`	`IAgentTable`	The DynamoDB table for tracking agent jobs and analytics queries.
`listAvailableAgents`	`aws-cdk-lib.aws_lambda.IFunction`	Lambda function that lists available analytics agents.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`agentProcessor`^Required

public readonly agentProcessor: IFunction;

Type: aws-cdk-lib.aws_lambda.IFunction

Lambda function that processes agent queries using Bedrock AgentCore.

`agentRequestHandler`^Required

public readonly agentRequestHandler: IFunction;

Type: aws-cdk-lib.aws_lambda.IFunction

Lambda function that handles agent query requests from the UI.

`agentTable`^Required

public readonly agentTable: IAgentTable;

Type: IAgentTable

The DynamoDB table for tracking agent jobs and analytics queries.

`listAvailableAgents`^Required

public readonly listAvailableAgents: IFunction;

Type: aws-cdk-lib.aws_lambda.IFunction

Lambda function that lists available analytics agents.

AgentProcessorFunction

Lambda function for processing agent analytics queries.

This function processes natural language queries using AWS Bedrock AgentCore, converting them to SQL queries and generating visualizations. It uses a multi-tool approach with secure code execution in Bedrock sandboxes.

Initializers

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

new AgentProcessorFunction(scope: Construct, id: string, props: AgentProcessorFunctionProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`AgentProcessorFunctionProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Required

Type: AgentProcessorFunctionProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addEventSource`	Adds an event source to this function.
`addEventSourceMapping`	Adds an event source that maps to this AWS Lambda function.
`addFunctionUrl`	Adds a url to this lambda function.
`addPermission`	Adds a permission to the Lambda resource policy.
`addToRolePolicy`	Adds a statement to the IAM role assumed by the instance.
`configureAsyncInvoke`	Configures options for asynchronous invocation.
`considerWarningOnInvokeFunctionPermissions`	A warning will be added to functions under the following conditions: - permissions that include `lambda:InvokeFunction` are added to the unqualified function.
`grantInvoke`	Grant the given identity permissions to invoke this Lambda.
`grantInvokeCompositePrincipal`	Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.
`grantInvokeLatestVersion`	Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.
`grantInvokeUrl`	Grant the given identity permissions to invoke this Lambda Function URL.
`grantInvokeVersion`	Grant the given identity permissions to invoke the given version of this Lambda.
`metric`	Return the given named metric for this Function.
`metricDuration`	How long execution of this Lambda takes.
`metricErrors`	How many invocations of this Lambda fail.
`metricInvocations`	How often this Lambda is invoked.
`metricThrottles`	How often this Lambda is throttled.
`addAlias`	Defines an alias for this function.
`addEnvironment`	Adds an environment variable to this Lambda function.
`addLayers`	Adds one or more Lambda Layers to this Lambda function.
`invalidateVersionBasedOn`	Mix additional information into the hash of the Version object.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addEventSource`

public addEventSource(source: IEventSource): void

Adds an event source to this function.

Event sources are implemented in the aws-cdk-lib/aws-lambda-event-sources module.

The following example adds an SQS Queue as an event source:

import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
myFunction.addEventSource(new SqsEventSource(myQueue));

`source`^Required

Type: aws-cdk-lib.aws_lambda.IEventSource

`addEventSourceMapping`

public addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping

Adds an event source that maps to this AWS Lambda function.

`id`^Required

Type: string

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventSourceMappingOptions

`addFunctionUrl`

public addFunctionUrl(options?: FunctionUrlOptions): FunctionUrl

Adds a url to this lambda function.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.FunctionUrlOptions

`addPermission`

public addPermission(id: string, permission: Permission): void

Adds a permission to the Lambda resource policy.

`id`^Required

Type: string

The id for the permission construct.

`permission`^Required

Type: aws-cdk-lib.aws_lambda.Permission

The permission to grant to this Lambda function.

`addToRolePolicy`

public addToRolePolicy(statement: PolicyStatement): void

Adds a statement to the IAM role assumed by the instance.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

`configureAsyncInvoke`

public configureAsyncInvoke(options: EventInvokeConfigOptions): void

Configures options for asynchronous invocation.

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventInvokeConfigOptions

`considerWarningOnInvokeFunctionPermissions`

public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string): void

A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function.

function.currentVersion is invoked before or after the permission is created.

This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.

`scope`^Required

Type: constructs.Construct

`action`^Required

Type: string

`grantInvoke`

public grantInvoke(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeCompositePrincipal`

public grantInvokeCompositePrincipal(compositePrincipal: CompositePrincipal): Grant[]

Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.

`compositePrincipal`^Required

Type: aws-cdk-lib.aws_iam.CompositePrincipal

`grantInvokeLatestVersion`

public grantInvokeLatestVersion(grantee: IGrantable): Grant

Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeUrl`

public grantInvokeUrl(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda Function URL.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeVersion`

public grantInvokeVersion(grantee: IGrantable, version: IVersion): Grant

Grant the given identity permissions to invoke the given version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`version`^Required

Type: aws-cdk-lib.aws_lambda.IVersion

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Function.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricDuration`

public metricDuration(props?: MetricOptions): Metric

How long execution of this Lambda takes.

Average over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricErrors`

public metricErrors(props?: MetricOptions): Metric

How many invocations of this Lambda fail.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricInvocations`

public metricInvocations(props?: MetricOptions): Metric

How often this Lambda is invoked.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottles`

public metricThrottles(props?: MetricOptions): Metric

How often this Lambda is throttled.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addAlias`

public addAlias(aliasName: string, options?: AliasOptions): Alias

Defines an alias for this function.

The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment.

declare const fn: lambda.Function;

fn.addAlias('Live');

// Is equivalent to

new lambda.Alias(this, 'AliasLive', {
  aliasName: 'Live',
  version: fn.currentVersion,
});

`aliasName`^Required

Type: string

The name of the alias.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.AliasOptions

Alias options.

`addEnvironment`

public addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function

Adds an environment variable to this Lambda function.

If this is a ref to a Lambda function, this operation results in a no-op.

`key`^Required

Type: string

The environment variable key.

`value`^Required

Type: string

The environment variable's value.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.EnvironmentOptions

Environment variable options.

`addLayers`

public addLayers(layers: ...ILayerVersion[]): void

Adds one or more Lambda Layers to this Lambda function.

`layers`^Required

Type: ...aws-cdk-lib.aws_lambda.ILayerVersion[]

the layers to be added.

`invalidateVersionBasedOn`

public invalidateVersionBasedOn(x: string): void

Mix additional information into the hash of the Version object.

The Lambda Function construct does its best to automatically create a new Version when anything about the Function changes (its code, its layers, any of the other properties).

However, you can sometimes source information from places that the CDK cannot look into, like the deploy-time values of SSM parameters. In those cases, the CDK would not force the creation of a new Version object when it actually should.

This method can be used to invalidate the current Version object. Pass in any string into this method, and make sure the string changes when you know a new Version needs to be created.

This method may be called more than once.

`x`^Required

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`classifyVersionProperty`	Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource.
`fromFunctionArn`	Import a lambda function into the CDK using its ARN.
`fromFunctionAttributes`	Creates a Lambda function object which represents a function not defined within this stack.
`fromFunctionName`	Import a lambda function into the CDK using its name.
`metricAll`	Return the given named metric for this Lambda.
`metricAllConcurrentExecutions`	Metric for the number of concurrent executions across all Lambdas.
`metricAllDuration`	Metric for the Duration executing all Lambdas.
`metricAllErrors`	Metric for the number of Errors executing all Lambdas.
`metricAllInvocations`	Metric for the number of invocations of all Lambdas.
`metricAllThrottles`	Metric for the number of throttled invocations of all Lambdas.
`metricAllUnreservedConcurrentExecutions`	Metric for the number of unreserved concurrent executions across all Lambdas.

`isConstruct`

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

AgentProcessorFunction.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

AgentProcessorFunction.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

AgentProcessorFunction.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`classifyVersionProperty`

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

AgentProcessorFunction.classifyVersionProperty(propertyName: string, locked: boolean)

Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource.

See 'currentVersion' section in the module README for more details.

`propertyName`^Required

Type: string

The property to classify.

`locked`^Required

Type: boolean

whether the property should be associated to the version or not.

`fromFunctionArn`

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

AgentProcessorFunction.fromFunctionArn(scope: Construct, id: string, functionArn: string)

Import a lambda function into the CDK using its ARN.

For Function.addPermissions() to work on this imported lambda, make sure that is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionArn`^Required

Type: string

`fromFunctionAttributes`

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

AgentProcessorFunction.fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes)

Creates a Lambda function object which represents a function not defined within this stack.

For Function.addPermissions() to work on this imported lambda, set the sameEnvironment property to true if this imported lambda is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

The parent construct.

`id`^Required

Type: string

The name of the lambda construct.

`attrs`^Required

Type: aws-cdk-lib.aws_lambda.FunctionAttributes

the attributes of the function to import.

`fromFunctionName`

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

AgentProcessorFunction.fromFunctionName(scope: Construct, id: string, functionName: string)

Import a lambda function into the CDK using its name.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionName`^Required

Type: string

`metricAll`

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

AgentProcessorFunction.metricAll(metricName: string, props?: MetricOptions)

Return the given named metric for this Lambda.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllConcurrentExecutions`

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

AgentProcessorFunction.metricAllConcurrentExecutions(props?: MetricOptions)

Metric for the number of concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllDuration`

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

AgentProcessorFunction.metricAllDuration(props?: MetricOptions)

Metric for the Duration executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllErrors`

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

AgentProcessorFunction.metricAllErrors(props?: MetricOptions)

Metric for the number of Errors executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllInvocations`

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

AgentProcessorFunction.metricAllInvocations(props?: MetricOptions)

Metric for the number of invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllThrottles`

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

AgentProcessorFunction.metricAllThrottles(props?: MetricOptions)

Metric for the number of throttled invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllUnreservedConcurrentExecutions`

import { AgentProcessorFunction } from '@cdklabs/genai-idp'

AgentProcessorFunction.metricAllUnreservedConcurrentExecutions(props?: MetricOptions)

Metric for the number of unreserved concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
`connections`	`aws-cdk-lib.aws_ec2.Connections`	Access the Connections object.
`functionArn`	`string`	ARN of this function.
`functionName`	`string`	Name of this function.
`grantPrincipal`	`aws-cdk-lib.aws_iam.IPrincipal`	The principal this Lambda Function is running as.
`isBoundToVpc`	`boolean`	Whether or not this Lambda function was bound to a VPC.
`latestVersion`	`aws-cdk-lib.aws_lambda.IVersion`	The `$LATEST` version of this function.
`permissionsNode`	`constructs.Node`	The construct node where permissions are attached.
`resourceArnsForGrantInvoke`	`string[]`	The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().
`role`	`aws-cdk-lib.aws_iam.IRole`	Execution role associated with this function.
`currentVersion`	`aws-cdk-lib.aws_lambda.Version`	Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The LogGroup where the Lambda function's logs are made available.
`runtime`	`aws-cdk-lib.aws_lambda.Runtime`	The runtime configured for this lambda.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).
`timeout`	`aws-cdk-lib.Duration`	The timeout configured for this lambda.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`architecture`^Required

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture

The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).

`connections`^Required

public readonly connections: Connections;

Type: aws-cdk-lib.aws_ec2.Connections

Access the Connections object.

Will fail if not a VPC-enabled Lambda Function

`functionArn`^Required

public readonly functionArn: string;

Type: string

ARN of this function.

`functionName`^Required

public readonly functionName: string;

Type: string

Name of this function.

`grantPrincipal`^Required

public readonly grantPrincipal: IPrincipal;

Type: aws-cdk-lib.aws_iam.IPrincipal

The principal this Lambda Function is running as.

`isBoundToVpc`^Required

public readonly isBoundToVpc: boolean;

Type: boolean

Whether or not this Lambda function was bound to a VPC.

If this is is false, trying to access the connections object will fail.

`latestVersion`^Required

public readonly latestVersion: IVersion;

Type: aws-cdk-lib.aws_lambda.IVersion

The $LATEST version of this function.

Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.

To obtain a reference to an explicit version which references the current function configuration, use lambdaFunction.currentVersion instead.

`permissionsNode`^Required

public readonly permissionsNode: Node;

Type: constructs.Node

The construct node where permissions are attached.

`resourceArnsForGrantInvoke`^Required

public readonly resourceArnsForGrantInvoke: string[];

Type: string[]

The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole

Execution role associated with this function.

`currentVersion`^Required

public readonly currentVersion: Version;

Type: aws-cdk-lib.aws_lambda.Version

Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.

You can specify options for this version using the currentVersionOptions prop when initializing the lambda.Function.

`logGroup`^Required

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup

The LogGroup where the Lambda function's logs are made available.

If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention period (never expire, by default).

Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.

`runtime`^Required

public readonly runtime: Runtime;

Type: aws-cdk-lib.aws_lambda.Runtime

The runtime configured for this lambda.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue

The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic

The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).

`timeout`^Optional

public readonly timeout: Duration;

Type: aws-cdk-lib.Duration

The timeout configured for this lambda.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

AgentRequestHandlerFunction

Lambda function for handling agent query requests.

This function receives agent query requests from the GraphQL API and manages the job lifecycle, including creating job records and invoking the agent processor.

Initializers

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

new AgentRequestHandlerFunction(scope: Construct, id: string, props: AgentRequestHandlerFunctionProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`AgentRequestHandlerFunctionProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Required

Type: AgentRequestHandlerFunctionProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addEventSource`	Adds an event source to this function.
`addEventSourceMapping`	Adds an event source that maps to this AWS Lambda function.
`addFunctionUrl`	Adds a url to this lambda function.
`addPermission`	Adds a permission to the Lambda resource policy.
`addToRolePolicy`	Adds a statement to the IAM role assumed by the instance.
`configureAsyncInvoke`	Configures options for asynchronous invocation.
`considerWarningOnInvokeFunctionPermissions`	A warning will be added to functions under the following conditions: - permissions that include `lambda:InvokeFunction` are added to the unqualified function.
`grantInvoke`	Grant the given identity permissions to invoke this Lambda.
`grantInvokeCompositePrincipal`	Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.
`grantInvokeLatestVersion`	Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.
`grantInvokeUrl`	Grant the given identity permissions to invoke this Lambda Function URL.
`grantInvokeVersion`	Grant the given identity permissions to invoke the given version of this Lambda.
`metric`	Return the given named metric for this Function.
`metricDuration`	How long execution of this Lambda takes.
`metricErrors`	How many invocations of this Lambda fail.
`metricInvocations`	How often this Lambda is invoked.
`metricThrottles`	How often this Lambda is throttled.
`addAlias`	Defines an alias for this function.
`addEnvironment`	Adds an environment variable to this Lambda function.
`addLayers`	Adds one or more Lambda Layers to this Lambda function.
`invalidateVersionBasedOn`	Mix additional information into the hash of the Version object.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addEventSource`

public addEventSource(source: IEventSource): void

Adds an event source to this function.

Event sources are implemented in the aws-cdk-lib/aws-lambda-event-sources module.

The following example adds an SQS Queue as an event source:

import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
myFunction.addEventSource(new SqsEventSource(myQueue));

`source`^Required

Type: aws-cdk-lib.aws_lambda.IEventSource

`addEventSourceMapping`

public addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping

Adds an event source that maps to this AWS Lambda function.

`id`^Required

Type: string

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventSourceMappingOptions

`addFunctionUrl`

public addFunctionUrl(options?: FunctionUrlOptions): FunctionUrl

Adds a url to this lambda function.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.FunctionUrlOptions

`addPermission`

public addPermission(id: string, permission: Permission): void

Adds a permission to the Lambda resource policy.

`id`^Required

Type: string

The id for the permission construct.

`permission`^Required

Type: aws-cdk-lib.aws_lambda.Permission

The permission to grant to this Lambda function.

`addToRolePolicy`

public addToRolePolicy(statement: PolicyStatement): void

Adds a statement to the IAM role assumed by the instance.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

`configureAsyncInvoke`

public configureAsyncInvoke(options: EventInvokeConfigOptions): void

Configures options for asynchronous invocation.

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventInvokeConfigOptions

`considerWarningOnInvokeFunctionPermissions`

public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string): void

A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function.

function.currentVersion is invoked before or after the permission is created.

This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.

`scope`^Required

Type: constructs.Construct

`action`^Required

Type: string

`grantInvoke`

public grantInvoke(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeCompositePrincipal`

public grantInvokeCompositePrincipal(compositePrincipal: CompositePrincipal): Grant[]

Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.

`compositePrincipal`^Required

Type: aws-cdk-lib.aws_iam.CompositePrincipal

`grantInvokeLatestVersion`

public grantInvokeLatestVersion(grantee: IGrantable): Grant

Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeUrl`

public grantInvokeUrl(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda Function URL.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeVersion`

public grantInvokeVersion(grantee: IGrantable, version: IVersion): Grant

Grant the given identity permissions to invoke the given version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`version`^Required

Type: aws-cdk-lib.aws_lambda.IVersion

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Function.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricDuration`

public metricDuration(props?: MetricOptions): Metric

How long execution of this Lambda takes.

Average over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricErrors`

public metricErrors(props?: MetricOptions): Metric

How many invocations of this Lambda fail.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricInvocations`

public metricInvocations(props?: MetricOptions): Metric

How often this Lambda is invoked.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottles`

public metricThrottles(props?: MetricOptions): Metric

How often this Lambda is throttled.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addAlias`

public addAlias(aliasName: string, options?: AliasOptions): Alias

Defines an alias for this function.

The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment.

declare const fn: lambda.Function;

fn.addAlias('Live');

// Is equivalent to

new lambda.Alias(this, 'AliasLive', {
  aliasName: 'Live',
  version: fn.currentVersion,
});

`aliasName`^Required

Type: string

The name of the alias.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.AliasOptions

Alias options.

`addEnvironment`

public addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function

Adds an environment variable to this Lambda function.

If this is a ref to a Lambda function, this operation results in a no-op.

`key`^Required

Type: string

The environment variable key.

`value`^Required

Type: string

The environment variable's value.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.EnvironmentOptions

Environment variable options.

`addLayers`

public addLayers(layers: ...ILayerVersion[]): void

Adds one or more Lambda Layers to this Lambda function.

`layers`^Required

Type: ...aws-cdk-lib.aws_lambda.ILayerVersion[]

the layers to be added.

`invalidateVersionBasedOn`

public invalidateVersionBasedOn(x: string): void

Mix additional information into the hash of the Version object.

The Lambda Function construct does its best to automatically create a new Version when anything about the Function changes (its code, its layers, any of the other properties).

However, you can sometimes source information from places that the CDK cannot look into, like the deploy-time values of SSM parameters. In those cases, the CDK would not force the creation of a new Version object when it actually should.

This method can be used to invalidate the current Version object. Pass in any string into this method, and make sure the string changes when you know a new Version needs to be created.

This method may be called more than once.

`x`^Required

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`classifyVersionProperty`	Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource.
`fromFunctionArn`	Import a lambda function into the CDK using its ARN.
`fromFunctionAttributes`	Creates a Lambda function object which represents a function not defined within this stack.
`fromFunctionName`	Import a lambda function into the CDK using its name.
`metricAll`	Return the given named metric for this Lambda.
`metricAllConcurrentExecutions`	Metric for the number of concurrent executions across all Lambdas.
`metricAllDuration`	Metric for the Duration executing all Lambdas.
`metricAllErrors`	Metric for the number of Errors executing all Lambdas.
`metricAllInvocations`	Metric for the number of invocations of all Lambdas.
`metricAllThrottles`	Metric for the number of throttled invocations of all Lambdas.
`metricAllUnreservedConcurrentExecutions`	Metric for the number of unreserved concurrent executions across all Lambdas.

`isConstruct`

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

AgentRequestHandlerFunction.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

AgentRequestHandlerFunction.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

AgentRequestHandlerFunction.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`classifyVersionProperty`

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

AgentRequestHandlerFunction.classifyVersionProperty(propertyName: string, locked: boolean)

Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource.

See 'currentVersion' section in the module README for more details.

`propertyName`^Required

Type: string

The property to classify.

`locked`^Required

Type: boolean

whether the property should be associated to the version or not.

`fromFunctionArn`

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

AgentRequestHandlerFunction.fromFunctionArn(scope: Construct, id: string, functionArn: string)

Import a lambda function into the CDK using its ARN.

For Function.addPermissions() to work on this imported lambda, make sure that is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionArn`^Required

Type: string

`fromFunctionAttributes`

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

AgentRequestHandlerFunction.fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes)

Creates a Lambda function object which represents a function not defined within this stack.

For Function.addPermissions() to work on this imported lambda, set the sameEnvironment property to true if this imported lambda is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

The parent construct.

`id`^Required

Type: string

The name of the lambda construct.

`attrs`^Required

Type: aws-cdk-lib.aws_lambda.FunctionAttributes

the attributes of the function to import.

`fromFunctionName`

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

AgentRequestHandlerFunction.fromFunctionName(scope: Construct, id: string, functionName: string)

Import a lambda function into the CDK using its name.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionName`^Required

Type: string

`metricAll`

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

AgentRequestHandlerFunction.metricAll(metricName: string, props?: MetricOptions)

Return the given named metric for this Lambda.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllConcurrentExecutions`

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

AgentRequestHandlerFunction.metricAllConcurrentExecutions(props?: MetricOptions)

Metric for the number of concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllDuration`

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

AgentRequestHandlerFunction.metricAllDuration(props?: MetricOptions)

Metric for the Duration executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllErrors`

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

AgentRequestHandlerFunction.metricAllErrors(props?: MetricOptions)

Metric for the number of Errors executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllInvocations`

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

AgentRequestHandlerFunction.metricAllInvocations(props?: MetricOptions)

Metric for the number of invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllThrottles`

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

AgentRequestHandlerFunction.metricAllThrottles(props?: MetricOptions)

Metric for the number of throttled invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllUnreservedConcurrentExecutions`

import { AgentRequestHandlerFunction } from '@cdklabs/genai-idp'

AgentRequestHandlerFunction.metricAllUnreservedConcurrentExecutions(props?: MetricOptions)

Metric for the number of unreserved concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
`connections`	`aws-cdk-lib.aws_ec2.Connections`	Access the Connections object.
`functionArn`	`string`	ARN of this function.
`functionName`	`string`	Name of this function.
`grantPrincipal`	`aws-cdk-lib.aws_iam.IPrincipal`	The principal this Lambda Function is running as.
`isBoundToVpc`	`boolean`	Whether or not this Lambda function was bound to a VPC.
`latestVersion`	`aws-cdk-lib.aws_lambda.IVersion`	The `$LATEST` version of this function.
`permissionsNode`	`constructs.Node`	The construct node where permissions are attached.
`resourceArnsForGrantInvoke`	`string[]`	The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().
`role`	`aws-cdk-lib.aws_iam.IRole`	Execution role associated with this function.
`currentVersion`	`aws-cdk-lib.aws_lambda.Version`	Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The LogGroup where the Lambda function's logs are made available.
`runtime`	`aws-cdk-lib.aws_lambda.Runtime`	The runtime configured for this lambda.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).
`timeout`	`aws-cdk-lib.Duration`	The timeout configured for this lambda.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`architecture`^Required

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture

The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).

`connections`^Required

public readonly connections: Connections;

Type: aws-cdk-lib.aws_ec2.Connections

Access the Connections object.

Will fail if not a VPC-enabled Lambda Function

`functionArn`^Required

public readonly functionArn: string;

Type: string

ARN of this function.

`functionName`^Required

public readonly functionName: string;

Type: string

Name of this function.

`grantPrincipal`^Required

public readonly grantPrincipal: IPrincipal;

Type: aws-cdk-lib.aws_iam.IPrincipal

The principal this Lambda Function is running as.

`isBoundToVpc`^Required

public readonly isBoundToVpc: boolean;

Type: boolean

Whether or not this Lambda function was bound to a VPC.

If this is is false, trying to access the connections object will fail.

`latestVersion`^Required

public readonly latestVersion: IVersion;

Type: aws-cdk-lib.aws_lambda.IVersion

The $LATEST version of this function.

Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.

To obtain a reference to an explicit version which references the current function configuration, use lambdaFunction.currentVersion instead.

`permissionsNode`^Required

public readonly permissionsNode: Node;

Type: constructs.Node

The construct node where permissions are attached.

`resourceArnsForGrantInvoke`^Required

public readonly resourceArnsForGrantInvoke: string[];

Type: string[]

The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole

Execution role associated with this function.

`currentVersion`^Required

public readonly currentVersion: Version;

Type: aws-cdk-lib.aws_lambda.Version

Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.

You can specify options for this version using the currentVersionOptions prop when initializing the lambda.Function.

`logGroup`^Required

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup

The LogGroup where the Lambda function's logs are made available.

If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention period (never expire, by default).

Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.

`runtime`^Required

public readonly runtime: Runtime;

Type: aws-cdk-lib.aws_lambda.Runtime

The runtime configured for this lambda.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue

The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic

The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).

`timeout`^Optional

public readonly timeout: Duration;

Type: aws-cdk-lib.Duration

The timeout configured for this lambda.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

AgentTable

Implements: IAgentTable

DynamoDB table for agent job tracking.

Uses fixed keys: PK (partition key) and SK (sort key).

Initializers

import { AgentTable } from '@cdklabs/genai-idp'

new AgentTable(scope: Construct, id: string, props?: FixedKeyTableProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`FixedKeyTableProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Optional

Type: FixedKeyTableProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addToResourcePolicy`	Adds a statement to the resource policy associated with this file system.
`grant`	Adds an IAM policy statement associated with this table to an IAM principal's policy.
`grantFullAccess`	Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.
`grantReadData`	Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.
`grantReadWriteData`	Permits an IAM principal to all data read/write operations to this table.
`grantStream`	Adds an IAM policy statement associated with this table's stream to an IAM principal's policy.
`grantStreamRead`	Permits an IAM principal all stream data read operations for this table's stream: DescribeStream, GetRecords, GetShardIterator, ListStreams.
`grantTableListStreams`	Permits an IAM Principal to list streams attached to current dynamodb table.
`grantWriteData`	Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.
`metric`	Return the given named metric for this Table.
`metricConditionalCheckFailedRequests`	Metric for the conditional check failed requests this table.
`metricConsumedReadCapacityUnits`	Metric for the consumed read capacity units this table.
`metricConsumedWriteCapacityUnits`	Metric for the consumed write capacity units this table.
`metricSuccessfulRequestLatency`	Metric for the successful request latency this table.
`metricSystemErrors`	Metric for the system errors this table.
`metricSystemErrorsForOperations`	Metric for the system errors this table.
`metricThrottledRequests`	How many requests are throttled on this table.
`metricThrottledRequestsForOperation`	How many requests are throttled on this table, for the given operation.
`metricThrottledRequestsForOperations`	How many requests are throttled on this table.
`metricUserErrors`	Metric for the user errors.
`addGlobalSecondaryIndex`	Add a global secondary index of table.
`addLocalSecondaryIndex`	Add a local secondary index of table.
`autoScaleGlobalSecondaryIndexReadCapacity`	Enable read capacity scaling for the given GSI.
`autoScaleGlobalSecondaryIndexWriteCapacity`	Enable write capacity scaling for the given GSI.
`autoScaleReadCapacity`	Enable read capacity scaling for this table.
`autoScaleWriteCapacity`	Enable write capacity scaling for this table.
`schema`	Get schema attributes of table or index.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addToResourcePolicy`

public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult

Adds a statement to the resource policy associated with this file system.

A resource policy will be automatically created upon the first call to addToResourcePolicy.

Note that this does not work with imported file systems.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

The policy statement to add.

`grant`

public grant(grantee: IGrantable, actions: ...string[]): Grant

Adds an IAM policy statement associated with this table to an IAM principal's policy.

If encryptionKey is present, appropriate grants to the key needs to be added separately using the table.encryptionKey.grant* methods.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`actions`^Required

Type: ...string[]

The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...).

`grantFullAccess`

public grantFullAccess(grantee: IGrantable): Grant

Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantReadData`

public grantReadData(grantee: IGrantable): Grant

Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantReadWriteData`

public grantReadWriteData(grantee: IGrantable): Grant

Permits an IAM principal to all data read/write operations to this table.

BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantStream`

public grantStream(grantee: IGrantable, actions: ...string[]): Grant

Adds an IAM policy statement associated with this table's stream to an IAM principal's policy.

If encryptionKey is present, appropriate grants to the key needs to be added separately using the table.encryptionKey.grant* methods.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`actions`^Required

Type: ...string[]

The set of actions to allow (i.e. "dynamodb:DescribeStream", "dynamodb:GetRecords", ...).

`grantStreamRead`

public grantStreamRead(grantee: IGrantable): Grant

Permits an IAM principal all stream data read operations for this table's stream: DescribeStream, GetRecords, GetShardIterator, ListStreams.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantTableListStreams`

public grantTableListStreams(grantee: IGrantable): Grant

Permits an IAM Principal to list streams attached to current dynamodb table.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`grantWriteData`

public grantWriteData(grantee: IGrantable): Grant

Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConditionalCheckFailedRequests`

public metricConditionalCheckFailedRequests(props?: MetricOptions): Metric

Metric for the conditional check failed requests this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConsumedReadCapacityUnits`

public metricConsumedReadCapacityUnits(props?: MetricOptions): Metric

Metric for the consumed read capacity units this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConsumedWriteCapacityUnits`

public metricConsumedWriteCapacityUnits(props?: MetricOptions): Metric

Metric for the consumed write capacity units this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSuccessfulRequestLatency`

public metricSuccessfulRequestLatency(props?: MetricOptions): Metric

Metric for the successful request latency this table.

By default, the metric will be calculated as an average over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSystemErrors`

public metricSystemErrors(props?: MetricOptions): Metric

Metric for the system errors this table.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSystemErrorsForOperations`

public metricSystemErrorsForOperations(props?: SystemErrorsForOperationsMetricOptions): IMetric

Metric for the system errors this table.

This will sum errors across all possible operations. Note that by default, each individual metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_dynamodb.SystemErrorsForOperationsMetricOptions

`metricThrottledRequests`

public metricThrottledRequests(props?: MetricOptions): Metric

How many requests are throttled on this table.

Default: sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottledRequestsForOperation`

public metricThrottledRequestsForOperation(operation: string, props?: MetricOptions): Metric

How many requests are throttled on this table, for the given operation.

Default: sum over 5 minutes

`operation`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottledRequestsForOperations`

public metricThrottledRequestsForOperations(props?: OperationsMetricOptions): IMetric

How many requests are throttled on this table.

This will sum errors across all possible operations. Note that by default, each individual metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_dynamodb.OperationsMetricOptions

`metricUserErrors`

public metricUserErrors(props?: MetricOptions): Metric

Metric for the user errors.

Note that this metric reports user errors across all the tables in the account and region the table resides in.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addGlobalSecondaryIndex`

public addGlobalSecondaryIndex(props: GlobalSecondaryIndexProps): void

Add a global secondary index of table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.GlobalSecondaryIndexProps

the property of global secondary index.

`addLocalSecondaryIndex`

public addLocalSecondaryIndex(props: LocalSecondaryIndexProps): void

Add a local secondary index of table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.LocalSecondaryIndexProps

the property of local secondary index.

`autoScaleGlobalSecondaryIndexReadCapacity`

public autoScaleGlobalSecondaryIndexReadCapacity(indexName: string, props: EnableScalingProps): IScalableTableAttribute

Enable read capacity scaling for the given GSI.

`indexName`^Required

Type: string

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleGlobalSecondaryIndexWriteCapacity`

public autoScaleGlobalSecondaryIndexWriteCapacity(indexName: string, props: EnableScalingProps): IScalableTableAttribute

Enable write capacity scaling for the given GSI.

`indexName`^Required

Type: string

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleReadCapacity`

public autoScaleReadCapacity(props: EnableScalingProps): IScalableTableAttribute

Enable read capacity scaling for this table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleWriteCapacity`

public autoScaleWriteCapacity(props: EnableScalingProps): IScalableTableAttribute

Enable write capacity scaling for this table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`schema`

public schema(indexName?: string): SchemaOptions

Get schema attributes of table or index.

`indexName`^Optional

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`fromTableArn`	Creates a Table construct that represents an external table via table arn.
`fromTableAttributes`	Creates a Table construct that represents an external table.
`fromTableName`	Creates a Table construct that represents an external table via table name.

`isConstruct`

import { AgentTable } from '@cdklabs/genai-idp'

AgentTable.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { AgentTable } from '@cdklabs/genai-idp'

AgentTable.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { AgentTable } from '@cdklabs/genai-idp'

AgentTable.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`fromTableArn`

import { AgentTable } from '@cdklabs/genai-idp'

AgentTable.fromTableArn(scope: Construct, id: string, tableArn: string)

Creates a Table construct that represents an external table via table arn.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`tableArn`^Required

Type: string

The table's ARN.

`fromTableAttributes`

import { AgentTable } from '@cdklabs/genai-idp'

AgentTable.fromTableAttributes(scope: Construct, id: string, attrs: TableAttributes)

Creates a Table construct that represents an external table.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`attrs`^Required

Type: aws-cdk-lib.aws_dynamodb.TableAttributes

A TableAttributes object.

`fromTableName`

import { AgentTable } from '@cdklabs/genai-idp'

AgentTable.fromTableName(scope: Construct, id: string, tableName: string)

Creates a Table construct that represents an external table via table name.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`tableName`^Required

Type: string

The table's name.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`tableArn`	`string`	Arn of the dynamodb table.
`tableName`	`string`	Table name of the dynamodb table.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	KMS encryption key, if this table uses a customer-managed encryption key.
`tableStreamArn`	`string`	ARN of the table's stream, if there is one.
`resourcePolicy`	`aws-cdk-lib.aws_iam.PolicyDocument`	Resource policy to assign to DynamoDB Table.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`tableArn`^Required

public readonly tableArn: string;

Type: string

Arn of the dynamodb table.

`tableName`^Required

public readonly tableName: string;

Type: string

Table name of the dynamodb table.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

KMS encryption key, if this table uses a customer-managed encryption key.

`tableStreamArn`^Optional

public readonly tableStreamArn: string;

Type: string

ARN of the table's stream, if there is one.

`resourcePolicy`^Optional

public readonly resourcePolicy: PolicyDocument;

Type: aws-cdk-lib.aws_iam.PolicyDocument
Default: No resource policy statements are added to the created table.

Resource policy to assign to DynamoDB Table.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

CognitoUpdaterHitlFunction

Implements: aws-cdk-lib.aws_lambda.IFunction

A Lambda function that updates Cognito configuration for HITL workflows.

This function resolves circular dependency issues between SageMaker A2I resources and Cognito configuration by updating the Cognito User Pool Client with the necessary settings for A2I integration after the workteam has been created.

Initializers

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

new CognitoUpdaterHitlFunction(scope: Construct, id: string, props: CognitoUpdaterHitlFunctionProps)

Name	Type	Description
`scope`	`constructs.Construct`	The construct scope.
`id`	`string`	The construct ID.
`props`	`CognitoUpdaterHitlFunctionProps`	Configuration properties for the function.

`scope`^Required

Type: constructs.Construct

The construct scope.

`id`^Required

Type: string

The construct ID.

`props`^Required

Type: CognitoUpdaterHitlFunctionProps

Configuration properties for the function.

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addEventSource`	Adds an event source to this function.
`addEventSourceMapping`	Adds an event source that maps to this AWS Lambda function.
`addFunctionUrl`	Adds a url to this lambda function.
`addPermission`	Adds a permission to the Lambda resource policy.
`addToRolePolicy`	Adds a statement to the IAM role assumed by the instance.
`configureAsyncInvoke`	Configures options for asynchronous invocation.
`considerWarningOnInvokeFunctionPermissions`	A warning will be added to functions under the following conditions: - permissions that include `lambda:InvokeFunction` are added to the unqualified function.
`grantInvoke`	Grant the given identity permissions to invoke this Lambda.
`grantInvokeCompositePrincipal`	Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.
`grantInvokeLatestVersion`	Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.
`grantInvokeUrl`	Grant the given identity permissions to invoke this Lambda Function URL.
`grantInvokeVersion`	Grant the given identity permissions to invoke the given version of this Lambda.
`metric`	Return the given named metric for this Function.
`metricDuration`	How long execution of this Lambda takes.
`metricErrors`	How many invocations of this Lambda fail.
`metricInvocations`	How often this Lambda is invoked.
`metricThrottles`	How often this Lambda is throttled.
`addAlias`	Defines an alias for this function.
`addEnvironment`	Adds an environment variable to this Lambda function.
`addLayers`	Adds one or more Lambda Layers to this Lambda function.
`invalidateVersionBasedOn`	Mix additional information into the hash of the Version object.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addEventSource`

public addEventSource(source: IEventSource): void

Adds an event source to this function.

Event sources are implemented in the aws-cdk-lib/aws-lambda-event-sources module.

The following example adds an SQS Queue as an event source:

import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
myFunction.addEventSource(new SqsEventSource(myQueue));

`source`^Required

Type: aws-cdk-lib.aws_lambda.IEventSource

`addEventSourceMapping`

public addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping

Adds an event source that maps to this AWS Lambda function.

`id`^Required

Type: string

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventSourceMappingOptions

`addFunctionUrl`

public addFunctionUrl(options?: FunctionUrlOptions): FunctionUrl

Adds a url to this lambda function.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.FunctionUrlOptions

`addPermission`

public addPermission(id: string, permission: Permission): void

Adds a permission to the Lambda resource policy.

`id`^Required

Type: string

The id for the permission construct.

`permission`^Required

Type: aws-cdk-lib.aws_lambda.Permission

The permission to grant to this Lambda function.

`addToRolePolicy`

public addToRolePolicy(statement: PolicyStatement): void

Adds a statement to the IAM role assumed by the instance.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

`configureAsyncInvoke`

public configureAsyncInvoke(options: EventInvokeConfigOptions): void

Configures options for asynchronous invocation.

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventInvokeConfigOptions

`considerWarningOnInvokeFunctionPermissions`

public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string): void

A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function.

function.currentVersion is invoked before or after the permission is created.

This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.

`scope`^Required

Type: constructs.Construct

`action`^Required

Type: string

`grantInvoke`

public grantInvoke(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeCompositePrincipal`

public grantInvokeCompositePrincipal(compositePrincipal: CompositePrincipal): Grant[]

Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.

`compositePrincipal`^Required

Type: aws-cdk-lib.aws_iam.CompositePrincipal

`grantInvokeLatestVersion`

public grantInvokeLatestVersion(grantee: IGrantable): Grant

Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeUrl`

public grantInvokeUrl(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda Function URL.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeVersion`

public grantInvokeVersion(grantee: IGrantable, version: IVersion): Grant

Grant the given identity permissions to invoke the given version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`version`^Required

Type: aws-cdk-lib.aws_lambda.IVersion

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Function.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricDuration`

public metricDuration(props?: MetricOptions): Metric

How long execution of this Lambda takes.

Average over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricErrors`

public metricErrors(props?: MetricOptions): Metric

How many invocations of this Lambda fail.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricInvocations`

public metricInvocations(props?: MetricOptions): Metric

How often this Lambda is invoked.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottles`

public metricThrottles(props?: MetricOptions): Metric

How often this Lambda is throttled.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addAlias`

public addAlias(aliasName: string, options?: AliasOptions): Alias

Defines an alias for this function.

The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment.

declare const fn: lambda.Function;

fn.addAlias('Live');

// Is equivalent to

new lambda.Alias(this, 'AliasLive', {
  aliasName: 'Live',
  version: fn.currentVersion,
});

`aliasName`^Required

Type: string

The name of the alias.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.AliasOptions

Alias options.

`addEnvironment`

public addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function

Adds an environment variable to this Lambda function.

If this is a ref to a Lambda function, this operation results in a no-op.

`key`^Required

Type: string

The environment variable key.

`value`^Required

Type: string

The environment variable's value.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.EnvironmentOptions

Environment variable options.

`addLayers`

public addLayers(layers: ...ILayerVersion[]): void

Adds one or more Lambda Layers to this Lambda function.

`layers`^Required

Type: ...aws-cdk-lib.aws_lambda.ILayerVersion[]

the layers to be added.

`invalidateVersionBasedOn`

public invalidateVersionBasedOn(x: string): void

Mix additional information into the hash of the Version object.

The Lambda Function construct does its best to automatically create a new Version when anything about the Function changes (its code, its layers, any of the other properties).

However, you can sometimes source information from places that the CDK cannot look into, like the deploy-time values of SSM parameters. In those cases, the CDK would not force the creation of a new Version object when it actually should.

This method can be used to invalidate the current Version object. Pass in any string into this method, and make sure the string changes when you know a new Version needs to be created.

This method may be called more than once.

`x`^Required

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`classifyVersionProperty`	Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource.
`fromFunctionArn`	Import a lambda function into the CDK using its ARN.
`fromFunctionAttributes`	Creates a Lambda function object which represents a function not defined within this stack.
`fromFunctionName`	Import a lambda function into the CDK using its name.
`metricAll`	Return the given named metric for this Lambda.
`metricAllConcurrentExecutions`	Metric for the number of concurrent executions across all Lambdas.
`metricAllDuration`	Metric for the Duration executing all Lambdas.
`metricAllErrors`	Metric for the number of Errors executing all Lambdas.
`metricAllInvocations`	Metric for the number of invocations of all Lambdas.
`metricAllThrottles`	Metric for the number of throttled invocations of all Lambdas.
`metricAllUnreservedConcurrentExecutions`	Metric for the number of unreserved concurrent executions across all Lambdas.

`isConstruct`

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

CognitoUpdaterHitlFunction.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

CognitoUpdaterHitlFunction.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

CognitoUpdaterHitlFunction.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`classifyVersionProperty`

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

CognitoUpdaterHitlFunction.classifyVersionProperty(propertyName: string, locked: boolean)

Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource.

See 'currentVersion' section in the module README for more details.

`propertyName`^Required

Type: string

The property to classify.

`locked`^Required

Type: boolean

whether the property should be associated to the version or not.

`fromFunctionArn`

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

CognitoUpdaterHitlFunction.fromFunctionArn(scope: Construct, id: string, functionArn: string)

Import a lambda function into the CDK using its ARN.

For Function.addPermissions() to work on this imported lambda, make sure that is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionArn`^Required

Type: string

`fromFunctionAttributes`

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

CognitoUpdaterHitlFunction.fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes)

Creates a Lambda function object which represents a function not defined within this stack.

For Function.addPermissions() to work on this imported lambda, set the sameEnvironment property to true if this imported lambda is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

The parent construct.

`id`^Required

Type: string

The name of the lambda construct.

`attrs`^Required

Type: aws-cdk-lib.aws_lambda.FunctionAttributes

the attributes of the function to import.

`fromFunctionName`

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

CognitoUpdaterHitlFunction.fromFunctionName(scope: Construct, id: string, functionName: string)

Import a lambda function into the CDK using its name.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionName`^Required

Type: string

`metricAll`

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

CognitoUpdaterHitlFunction.metricAll(metricName: string, props?: MetricOptions)

Return the given named metric for this Lambda.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllConcurrentExecutions`

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

CognitoUpdaterHitlFunction.metricAllConcurrentExecutions(props?: MetricOptions)

Metric for the number of concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllDuration`

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

CognitoUpdaterHitlFunction.metricAllDuration(props?: MetricOptions)

Metric for the Duration executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllErrors`

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

CognitoUpdaterHitlFunction.metricAllErrors(props?: MetricOptions)

Metric for the number of Errors executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllInvocations`

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

CognitoUpdaterHitlFunction.metricAllInvocations(props?: MetricOptions)

Metric for the number of invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllThrottles`

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

CognitoUpdaterHitlFunction.metricAllThrottles(props?: MetricOptions)

Metric for the number of throttled invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllUnreservedConcurrentExecutions`

import { CognitoUpdaterHitlFunction } from '@cdklabs/genai-idp'

CognitoUpdaterHitlFunction.metricAllUnreservedConcurrentExecutions(props?: MetricOptions)

Metric for the number of unreserved concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
`connections`	`aws-cdk-lib.aws_ec2.Connections`	Access the Connections object.
`functionArn`	`string`	ARN of this function.
`functionName`	`string`	Name of this function.
`grantPrincipal`	`aws-cdk-lib.aws_iam.IPrincipal`	The principal this Lambda Function is running as.
`isBoundToVpc`	`boolean`	Whether or not this Lambda function was bound to a VPC.
`latestVersion`	`aws-cdk-lib.aws_lambda.IVersion`	The `$LATEST` version of this function.
`permissionsNode`	`constructs.Node`	The construct node where permissions are attached.
`resourceArnsForGrantInvoke`	`string[]`	The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().
`role`	`aws-cdk-lib.aws_iam.IRole`	Execution role associated with this function.
`currentVersion`	`aws-cdk-lib.aws_lambda.Version`	Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The LogGroup where the Lambda function's logs are made available.
`runtime`	`aws-cdk-lib.aws_lambda.Runtime`	The runtime configured for this lambda.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).
`timeout`	`aws-cdk-lib.Duration`	The timeout configured for this lambda.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`architecture`^Required

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture

The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).

`connections`^Required

public readonly connections: Connections;

Type: aws-cdk-lib.aws_ec2.Connections

Access the Connections object.

Will fail if not a VPC-enabled Lambda Function

`functionArn`^Required

public readonly functionArn: string;

Type: string

ARN of this function.

`functionName`^Required

public readonly functionName: string;

Type: string

Name of this function.

`grantPrincipal`^Required

public readonly grantPrincipal: IPrincipal;

Type: aws-cdk-lib.aws_iam.IPrincipal

The principal this Lambda Function is running as.

`isBoundToVpc`^Required

public readonly isBoundToVpc: boolean;

Type: boolean

Whether or not this Lambda function was bound to a VPC.

If this is is false, trying to access the connections object will fail.

`latestVersion`^Required

public readonly latestVersion: IVersion;

Type: aws-cdk-lib.aws_lambda.IVersion

The $LATEST version of this function.

Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.

To obtain a reference to an explicit version which references the current function configuration, use lambdaFunction.currentVersion instead.

`permissionsNode`^Required

public readonly permissionsNode: Node;

Type: constructs.Node

The construct node where permissions are attached.

`resourceArnsForGrantInvoke`^Required

public readonly resourceArnsForGrantInvoke: string[];

Type: string[]

The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole

Execution role associated with this function.

`currentVersion`^Required

public readonly currentVersion: Version;

Type: aws-cdk-lib.aws_lambda.Version

Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.

You can specify options for this version using the currentVersionOptions prop when initializing the lambda.Function.

`logGroup`^Required

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup

The LogGroup where the Lambda function's logs are made available.

If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention period (never expire, by default).

Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.

`runtime`^Required

public readonly runtime: Runtime;

Type: aws-cdk-lib.aws_lambda.Runtime

The runtime configured for this lambda.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue

The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic

The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).

`timeout`^Optional

public readonly timeout: Duration;

Type: aws-cdk-lib.Duration

The timeout configured for this lambda.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

ConcurrencyTable

Implements: IConcurrencyTable

A DynamoDB table for managing concurrency limits in document processing.

This construct creates a table with a custom resource that initializes concurrency counters, allowing the system to control how many documents are processed simultaneously to prevent resource exhaustion.

Initializers

import { ConcurrencyTable } from '@cdklabs/genai-idp'

new ConcurrencyTable(scope: Construct, id: string, props?: FixedKeyTableProps)

Name	Type	Description
`scope`	`constructs.Construct`	The construct scope.
`id`	`string`	The construct ID.
`props`	`FixedKeyTableProps`	Configuration properties for the DynamoDB table.

`scope`^Required

Type: constructs.Construct

The construct scope.

`id`^Required

Type: string

The construct ID.

`props`^Optional

Type: FixedKeyTableProps

Configuration properties for the DynamoDB table.

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addToResourcePolicy`	Adds a statement to the resource policy associated with this file system.
`grant`	Adds an IAM policy statement associated with this table to an IAM principal's policy.
`grantFullAccess`	Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.
`grantReadData`	Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.
`grantReadWriteData`	Permits an IAM principal to all data read/write operations to this table.
`grantStream`	Adds an IAM policy statement associated with this table's stream to an IAM principal's policy.
`grantStreamRead`	Permits an IAM principal all stream data read operations for this table's stream: DescribeStream, GetRecords, GetShardIterator, ListStreams.
`grantTableListStreams`	Permits an IAM Principal to list streams attached to current dynamodb table.
`grantWriteData`	Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.
`metric`	Return the given named metric for this Table.
`metricConditionalCheckFailedRequests`	Metric for the conditional check failed requests this table.
`metricConsumedReadCapacityUnits`	Metric for the consumed read capacity units this table.
`metricConsumedWriteCapacityUnits`	Metric for the consumed write capacity units this table.
`metricSuccessfulRequestLatency`	Metric for the successful request latency this table.
`metricSystemErrors`	Metric for the system errors this table.
`metricSystemErrorsForOperations`	Metric for the system errors this table.
`metricThrottledRequests`	How many requests are throttled on this table.
`metricThrottledRequestsForOperation`	How many requests are throttled on this table, for the given operation.
`metricThrottledRequestsForOperations`	How many requests are throttled on this table.
`metricUserErrors`	Metric for the user errors.
`addGlobalSecondaryIndex`	Add a global secondary index of table.
`addLocalSecondaryIndex`	Add a local secondary index of table.
`autoScaleGlobalSecondaryIndexReadCapacity`	Enable read capacity scaling for the given GSI.
`autoScaleGlobalSecondaryIndexWriteCapacity`	Enable write capacity scaling for the given GSI.
`autoScaleReadCapacity`	Enable read capacity scaling for this table.
`autoScaleWriteCapacity`	Enable write capacity scaling for this table.
`schema`	Get schema attributes of table or index.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addToResourcePolicy`

public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult

Adds a statement to the resource policy associated with this file system.

A resource policy will be automatically created upon the first call to addToResourcePolicy.

Note that this does not work with imported file systems.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

The policy statement to add.

`grant`

public grant(grantee: IGrantable, actions: ...string[]): Grant

Adds an IAM policy statement associated with this table to an IAM principal's policy.

If encryptionKey is present, appropriate grants to the key needs to be added separately using the table.encryptionKey.grant* methods.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`actions`^Required

Type: ...string[]

The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...).

`grantFullAccess`

public grantFullAccess(grantee: IGrantable): Grant

Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantReadData`

public grantReadData(grantee: IGrantable): Grant

Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantReadWriteData`

public grantReadWriteData(grantee: IGrantable): Grant

Permits an IAM principal to all data read/write operations to this table.

BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantStream`

public grantStream(grantee: IGrantable, actions: ...string[]): Grant

Adds an IAM policy statement associated with this table's stream to an IAM principal's policy.

If encryptionKey is present, appropriate grants to the key needs to be added separately using the table.encryptionKey.grant* methods.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`actions`^Required

Type: ...string[]

The set of actions to allow (i.e. "dynamodb:DescribeStream", "dynamodb:GetRecords", ...).

`grantStreamRead`

public grantStreamRead(grantee: IGrantable): Grant

Permits an IAM principal all stream data read operations for this table's stream: DescribeStream, GetRecords, GetShardIterator, ListStreams.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantTableListStreams`

public grantTableListStreams(grantee: IGrantable): Grant

Permits an IAM Principal to list streams attached to current dynamodb table.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`grantWriteData`

public grantWriteData(grantee: IGrantable): Grant

Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConditionalCheckFailedRequests`

public metricConditionalCheckFailedRequests(props?: MetricOptions): Metric

Metric for the conditional check failed requests this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConsumedReadCapacityUnits`

public metricConsumedReadCapacityUnits(props?: MetricOptions): Metric

Metric for the consumed read capacity units this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConsumedWriteCapacityUnits`

public metricConsumedWriteCapacityUnits(props?: MetricOptions): Metric

Metric for the consumed write capacity units this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSuccessfulRequestLatency`

public metricSuccessfulRequestLatency(props?: MetricOptions): Metric

Metric for the successful request latency this table.

By default, the metric will be calculated as an average over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSystemErrors`

public metricSystemErrors(props?: MetricOptions): Metric

Metric for the system errors this table.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSystemErrorsForOperations`

public metricSystemErrorsForOperations(props?: SystemErrorsForOperationsMetricOptions): IMetric

Metric for the system errors this table.

This will sum errors across all possible operations. Note that by default, each individual metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_dynamodb.SystemErrorsForOperationsMetricOptions

`metricThrottledRequests`

public metricThrottledRequests(props?: MetricOptions): Metric

How many requests are throttled on this table.

Default: sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottledRequestsForOperation`

public metricThrottledRequestsForOperation(operation: string, props?: MetricOptions): Metric

How many requests are throttled on this table, for the given operation.

Default: sum over 5 minutes

`operation`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottledRequestsForOperations`

public metricThrottledRequestsForOperations(props?: OperationsMetricOptions): IMetric

How many requests are throttled on this table.

This will sum errors across all possible operations. Note that by default, each individual metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_dynamodb.OperationsMetricOptions

`metricUserErrors`

public metricUserErrors(props?: MetricOptions): Metric

Metric for the user errors.

Note that this metric reports user errors across all the tables in the account and region the table resides in.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addGlobalSecondaryIndex`

public addGlobalSecondaryIndex(props: GlobalSecondaryIndexProps): void

Add a global secondary index of table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.GlobalSecondaryIndexProps

the property of global secondary index.

`addLocalSecondaryIndex`

public addLocalSecondaryIndex(props: LocalSecondaryIndexProps): void

Add a local secondary index of table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.LocalSecondaryIndexProps

the property of local secondary index.

`autoScaleGlobalSecondaryIndexReadCapacity`

public autoScaleGlobalSecondaryIndexReadCapacity(indexName: string, props: EnableScalingProps): IScalableTableAttribute

Enable read capacity scaling for the given GSI.

`indexName`^Required

Type: string

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleGlobalSecondaryIndexWriteCapacity`

public autoScaleGlobalSecondaryIndexWriteCapacity(indexName: string, props: EnableScalingProps): IScalableTableAttribute

Enable write capacity scaling for the given GSI.

`indexName`^Required

Type: string

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleReadCapacity`

public autoScaleReadCapacity(props: EnableScalingProps): IScalableTableAttribute

Enable read capacity scaling for this table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleWriteCapacity`

public autoScaleWriteCapacity(props: EnableScalingProps): IScalableTableAttribute

Enable write capacity scaling for this table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`schema`

public schema(indexName?: string): SchemaOptions

Get schema attributes of table or index.

`indexName`^Optional

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`fromTableArn`	Creates a Table construct that represents an external table via table arn.
`fromTableAttributes`	Creates a Table construct that represents an external table.
`fromTableName`	Creates a Table construct that represents an external table via table name.

`isConstruct`

import { ConcurrencyTable } from '@cdklabs/genai-idp'

ConcurrencyTable.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { ConcurrencyTable } from '@cdklabs/genai-idp'

ConcurrencyTable.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { ConcurrencyTable } from '@cdklabs/genai-idp'

ConcurrencyTable.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`fromTableArn`

import { ConcurrencyTable } from '@cdklabs/genai-idp'

ConcurrencyTable.fromTableArn(scope: Construct, id: string, tableArn: string)

Creates a Table construct that represents an external table via table arn.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`tableArn`^Required

Type: string

The table's ARN.

`fromTableAttributes`

import { ConcurrencyTable } from '@cdklabs/genai-idp'

ConcurrencyTable.fromTableAttributes(scope: Construct, id: string, attrs: TableAttributes)

Creates a Table construct that represents an external table.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`attrs`^Required

Type: aws-cdk-lib.aws_dynamodb.TableAttributes

A TableAttributes object.

`fromTableName`

import { ConcurrencyTable } from '@cdklabs/genai-idp'

ConcurrencyTable.fromTableName(scope: Construct, id: string, tableName: string)

Creates a Table construct that represents an external table via table name.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`tableName`^Required

Type: string

The table's name.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`tableArn`	`string`	Arn of the dynamodb table.
`tableName`	`string`	Table name of the dynamodb table.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	KMS encryption key, if this table uses a customer-managed encryption key.
`tableStreamArn`	`string`	ARN of the table's stream, if there is one.
`resourcePolicy`	`aws-cdk-lib.aws_iam.PolicyDocument`	Resource policy to assign to DynamoDB Table.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`tableArn`^Required

public readonly tableArn: string;

Type: string

Arn of the dynamodb table.

`tableName`^Required

public readonly tableName: string;

Type: string

Table name of the dynamodb table.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

KMS encryption key, if this table uses a customer-managed encryption key.

`tableStreamArn`^Optional

public readonly tableStreamArn: string;

Type: string

ARN of the table's stream, if there is one.

`resourcePolicy`^Optional

public readonly resourcePolicy: PolicyDocument;

Type: aws-cdk-lib.aws_iam.PolicyDocument
Default: No resource policy statements are added to the created table.

Resource policy to assign to DynamoDB Table.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

ConfigurationTable

Implements: IConfigurationTable

A DynamoDB table for storing configuration settings for the document processing solution.

This table uses a fixed partition key "Configuration" to store various configuration items such as extraction schemas, evaluation settings, and system parameters. It provides a centralized location for managing configuration that can be accessed by multiple components of the solution.

Configuration items stored in this table can include: - Document extraction schemas and templates - Model parameters and prompt configurations - Evaluation criteria and thresholds - UI settings and customizations - Processing workflow configurations

Initializers

import { ConfigurationTable } from '@cdklabs/genai-idp'

new ConfigurationTable(scope: Construct, id: string, props?: FixedKeyTableProps)

Name	Type	Description
`scope`	`constructs.Construct`	The construct scope.
`id`	`string`	The construct ID.
`props`	`FixedKeyTableProps`	Configuration properties for the DynamoDB table.

`scope`^Required

Type: constructs.Construct

The construct scope.

`id`^Required

Type: string

The construct ID.

`props`^Optional

Type: FixedKeyTableProps

Configuration properties for the DynamoDB table.

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addToResourcePolicy`	Adds a statement to the resource policy associated with this file system.
`grant`	Adds an IAM policy statement associated with this table to an IAM principal's policy.
`grantFullAccess`	Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.
`grantReadData`	Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.
`grantReadWriteData`	Permits an IAM principal to all data read/write operations to this table.
`grantStream`	Adds an IAM policy statement associated with this table's stream to an IAM principal's policy.
`grantStreamRead`	Permits an IAM principal all stream data read operations for this table's stream: DescribeStream, GetRecords, GetShardIterator, ListStreams.
`grantTableListStreams`	Permits an IAM Principal to list streams attached to current dynamodb table.
`grantWriteData`	Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.
`metric`	Return the given named metric for this Table.
`metricConditionalCheckFailedRequests`	Metric for the conditional check failed requests this table.
`metricConsumedReadCapacityUnits`	Metric for the consumed read capacity units this table.
`metricConsumedWriteCapacityUnits`	Metric for the consumed write capacity units this table.
`metricSuccessfulRequestLatency`	Metric for the successful request latency this table.
`metricSystemErrors`	Metric for the system errors this table.
`metricSystemErrorsForOperations`	Metric for the system errors this table.
`metricThrottledRequests`	How many requests are throttled on this table.
`metricThrottledRequestsForOperation`	How many requests are throttled on this table, for the given operation.
`metricThrottledRequestsForOperations`	How many requests are throttled on this table.
`metricUserErrors`	Metric for the user errors.
`addGlobalSecondaryIndex`	Add a global secondary index of table.
`addLocalSecondaryIndex`	Add a local secondary index of table.
`autoScaleGlobalSecondaryIndexReadCapacity`	Enable read capacity scaling for the given GSI.
`autoScaleGlobalSecondaryIndexWriteCapacity`	Enable write capacity scaling for the given GSI.
`autoScaleReadCapacity`	Enable read capacity scaling for this table.
`autoScaleWriteCapacity`	Enable write capacity scaling for this table.
`schema`	Get schema attributes of table or index.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addToResourcePolicy`

public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult

Adds a statement to the resource policy associated with this file system.

A resource policy will be automatically created upon the first call to addToResourcePolicy.

Note that this does not work with imported file systems.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

The policy statement to add.

`grant`

public grant(grantee: IGrantable, actions: ...string[]): Grant

Adds an IAM policy statement associated with this table to an IAM principal's policy.

If encryptionKey is present, appropriate grants to the key needs to be added separately using the table.encryptionKey.grant* methods.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`actions`^Required

Type: ...string[]

The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...).

`grantFullAccess`

public grantFullAccess(grantee: IGrantable): Grant

Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantReadData`

public grantReadData(grantee: IGrantable): Grant

Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantReadWriteData`

public grantReadWriteData(grantee: IGrantable): Grant

Permits an IAM principal to all data read/write operations to this table.

BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantStream`

public grantStream(grantee: IGrantable, actions: ...string[]): Grant

Adds an IAM policy statement associated with this table's stream to an IAM principal's policy.

If encryptionKey is present, appropriate grants to the key needs to be added separately using the table.encryptionKey.grant* methods.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`actions`^Required

Type: ...string[]

The set of actions to allow (i.e. "dynamodb:DescribeStream", "dynamodb:GetRecords", ...).

`grantStreamRead`

public grantStreamRead(grantee: IGrantable): Grant

Permits an IAM principal all stream data read operations for this table's stream: DescribeStream, GetRecords, GetShardIterator, ListStreams.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantTableListStreams`

public grantTableListStreams(grantee: IGrantable): Grant

Permits an IAM Principal to list streams attached to current dynamodb table.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`grantWriteData`

public grantWriteData(grantee: IGrantable): Grant

Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConditionalCheckFailedRequests`

public metricConditionalCheckFailedRequests(props?: MetricOptions): Metric

Metric for the conditional check failed requests this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConsumedReadCapacityUnits`

public metricConsumedReadCapacityUnits(props?: MetricOptions): Metric

Metric for the consumed read capacity units this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConsumedWriteCapacityUnits`

public metricConsumedWriteCapacityUnits(props?: MetricOptions): Metric

Metric for the consumed write capacity units this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSuccessfulRequestLatency`

public metricSuccessfulRequestLatency(props?: MetricOptions): Metric

Metric for the successful request latency this table.

By default, the metric will be calculated as an average over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSystemErrors`

public metricSystemErrors(props?: MetricOptions): Metric

Metric for the system errors this table.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSystemErrorsForOperations`

public metricSystemErrorsForOperations(props?: SystemErrorsForOperationsMetricOptions): IMetric

Metric for the system errors this table.

This will sum errors across all possible operations. Note that by default, each individual metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_dynamodb.SystemErrorsForOperationsMetricOptions

`metricThrottledRequests`

public metricThrottledRequests(props?: MetricOptions): Metric

How many requests are throttled on this table.

Default: sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottledRequestsForOperation`

public metricThrottledRequestsForOperation(operation: string, props?: MetricOptions): Metric

How many requests are throttled on this table, for the given operation.

Default: sum over 5 minutes

`operation`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottledRequestsForOperations`

public metricThrottledRequestsForOperations(props?: OperationsMetricOptions): IMetric

How many requests are throttled on this table.

This will sum errors across all possible operations. Note that by default, each individual metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_dynamodb.OperationsMetricOptions

`metricUserErrors`

public metricUserErrors(props?: MetricOptions): Metric

Metric for the user errors.

Note that this metric reports user errors across all the tables in the account and region the table resides in.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addGlobalSecondaryIndex`

public addGlobalSecondaryIndex(props: GlobalSecondaryIndexProps): void

Add a global secondary index of table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.GlobalSecondaryIndexProps

the property of global secondary index.

`addLocalSecondaryIndex`

public addLocalSecondaryIndex(props: LocalSecondaryIndexProps): void

Add a local secondary index of table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.LocalSecondaryIndexProps

the property of local secondary index.

`autoScaleGlobalSecondaryIndexReadCapacity`

public autoScaleGlobalSecondaryIndexReadCapacity(indexName: string, props: EnableScalingProps): IScalableTableAttribute

Enable read capacity scaling for the given GSI.

`indexName`^Required

Type: string

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleGlobalSecondaryIndexWriteCapacity`

public autoScaleGlobalSecondaryIndexWriteCapacity(indexName: string, props: EnableScalingProps): IScalableTableAttribute

Enable write capacity scaling for the given GSI.

`indexName`^Required

Type: string

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleReadCapacity`

public autoScaleReadCapacity(props: EnableScalingProps): IScalableTableAttribute

Enable read capacity scaling for this table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleWriteCapacity`

public autoScaleWriteCapacity(props: EnableScalingProps): IScalableTableAttribute

Enable write capacity scaling for this table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`schema`

public schema(indexName?: string): SchemaOptions

Get schema attributes of table or index.

`indexName`^Optional

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`fromTableArn`	Creates a Table construct that represents an external table via table arn.
`fromTableAttributes`	Creates a Table construct that represents an external table.
`fromTableName`	Creates a Table construct that represents an external table via table name.

`isConstruct`

import { ConfigurationTable } from '@cdklabs/genai-idp'

ConfigurationTable.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { ConfigurationTable } from '@cdklabs/genai-idp'

ConfigurationTable.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { ConfigurationTable } from '@cdklabs/genai-idp'

ConfigurationTable.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`fromTableArn`

import { ConfigurationTable } from '@cdklabs/genai-idp'

ConfigurationTable.fromTableArn(scope: Construct, id: string, tableArn: string)

Creates a Table construct that represents an external table via table arn.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`tableArn`^Required

Type: string

The table's ARN.

`fromTableAttributes`

import { ConfigurationTable } from '@cdklabs/genai-idp'

ConfigurationTable.fromTableAttributes(scope: Construct, id: string, attrs: TableAttributes)

Creates a Table construct that represents an external table.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`attrs`^Required

Type: aws-cdk-lib.aws_dynamodb.TableAttributes

A TableAttributes object.

`fromTableName`

import { ConfigurationTable } from '@cdklabs/genai-idp'

ConfigurationTable.fromTableName(scope: Construct, id: string, tableName: string)

Creates a Table construct that represents an external table via table name.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`tableName`^Required

Type: string

The table's name.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`tableArn`	`string`	Arn of the dynamodb table.
`tableName`	`string`	Table name of the dynamodb table.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	KMS encryption key, if this table uses a customer-managed encryption key.
`tableStreamArn`	`string`	ARN of the table's stream, if there is one.
`resourcePolicy`	`aws-cdk-lib.aws_iam.PolicyDocument`	Resource policy to assign to DynamoDB Table.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`tableArn`^Required

public readonly tableArn: string;

Type: string

Arn of the dynamodb table.

`tableName`^Required

public readonly tableName: string;

Type: string

Table name of the dynamodb table.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

KMS encryption key, if this table uses a customer-managed encryption key.

`tableStreamArn`^Optional

public readonly tableStreamArn: string;

Type: string

ARN of the table's stream, if there is one.

`resourcePolicy`^Optional

public readonly resourcePolicy: PolicyDocument;

Type: aws-cdk-lib.aws_iam.PolicyDocument
Default: No resource policy statements are added to the created table.

Resource policy to assign to DynamoDB Table.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

CreateA2IResourcesFunction

Implements: aws-cdk-lib.aws_lambda.IFunction

A Lambda function that creates and manages Amazon A2I (Augmented AI) resources.

This function handles the complete A2I lifecycle including: - Create: Flow Definition and Human Task UI - Update: Flow Definition and Human Task UI (delete old, create new) - Delete: Comprehensive cleanup with verification and wait logic

The function is designed as a CloudFormation custom resource handler and manages SageMaker A2I resources for human-in-the-loop workflows.

Initializers

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

new CreateA2IResourcesFunction(scope: Construct, id: string, props: CreateA2IResourcesFunctionProps)

Name	Type	Description
`scope`	`constructs.Construct`	The construct scope.
`id`	`string`	The construct ID.
`props`	`CreateA2IResourcesFunctionProps`	Configuration properties for the function.

`scope`^Required

Type: constructs.Construct

The construct scope.

`id`^Required

Type: string

The construct ID.

`props`^Required

Type: CreateA2IResourcesFunctionProps

Configuration properties for the function.

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addEventSource`	Adds an event source to this function.
`addEventSourceMapping`	Adds an event source that maps to this AWS Lambda function.
`addFunctionUrl`	Adds a url to this lambda function.
`addPermission`	Adds a permission to the Lambda resource policy.
`addToRolePolicy`	Adds a statement to the IAM role assumed by the instance.
`configureAsyncInvoke`	Configures options for asynchronous invocation.
`considerWarningOnInvokeFunctionPermissions`	A warning will be added to functions under the following conditions: - permissions that include `lambda:InvokeFunction` are added to the unqualified function.
`grantInvoke`	Grant the given identity permissions to invoke this Lambda.
`grantInvokeCompositePrincipal`	Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.
`grantInvokeLatestVersion`	Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.
`grantInvokeUrl`	Grant the given identity permissions to invoke this Lambda Function URL.
`grantInvokeVersion`	Grant the given identity permissions to invoke the given version of this Lambda.
`metric`	Return the given named metric for this Function.
`metricDuration`	How long execution of this Lambda takes.
`metricErrors`	How many invocations of this Lambda fail.
`metricInvocations`	How often this Lambda is invoked.
`metricThrottles`	How often this Lambda is throttled.
`addAlias`	Defines an alias for this function.
`addEnvironment`	Adds an environment variable to this Lambda function.
`addLayers`	Adds one or more Lambda Layers to this Lambda function.
`invalidateVersionBasedOn`	Mix additional information into the hash of the Version object.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addEventSource`

public addEventSource(source: IEventSource): void

Adds an event source to this function.

Event sources are implemented in the aws-cdk-lib/aws-lambda-event-sources module.

The following example adds an SQS Queue as an event source:

import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
myFunction.addEventSource(new SqsEventSource(myQueue));

`source`^Required

Type: aws-cdk-lib.aws_lambda.IEventSource

`addEventSourceMapping`

public addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping

Adds an event source that maps to this AWS Lambda function.

`id`^Required

Type: string

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventSourceMappingOptions

`addFunctionUrl`

public addFunctionUrl(options?: FunctionUrlOptions): FunctionUrl

Adds a url to this lambda function.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.FunctionUrlOptions

`addPermission`

public addPermission(id: string, permission: Permission): void

Adds a permission to the Lambda resource policy.

`id`^Required

Type: string

The id for the permission construct.

`permission`^Required

Type: aws-cdk-lib.aws_lambda.Permission

The permission to grant to this Lambda function.

`addToRolePolicy`

public addToRolePolicy(statement: PolicyStatement): void

Adds a statement to the IAM role assumed by the instance.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

`configureAsyncInvoke`

public configureAsyncInvoke(options: EventInvokeConfigOptions): void

Configures options for asynchronous invocation.

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventInvokeConfigOptions

`considerWarningOnInvokeFunctionPermissions`

public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string): void

A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function.

function.currentVersion is invoked before or after the permission is created.

This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.

`scope`^Required

Type: constructs.Construct

`action`^Required

Type: string

`grantInvoke`

public grantInvoke(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeCompositePrincipal`

public grantInvokeCompositePrincipal(compositePrincipal: CompositePrincipal): Grant[]

Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.

`compositePrincipal`^Required

Type: aws-cdk-lib.aws_iam.CompositePrincipal

`grantInvokeLatestVersion`

public grantInvokeLatestVersion(grantee: IGrantable): Grant

Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeUrl`

public grantInvokeUrl(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda Function URL.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeVersion`

public grantInvokeVersion(grantee: IGrantable, version: IVersion): Grant

Grant the given identity permissions to invoke the given version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`version`^Required

Type: aws-cdk-lib.aws_lambda.IVersion

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Function.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricDuration`

public metricDuration(props?: MetricOptions): Metric

How long execution of this Lambda takes.

Average over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricErrors`

public metricErrors(props?: MetricOptions): Metric

How many invocations of this Lambda fail.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricInvocations`

public metricInvocations(props?: MetricOptions): Metric

How often this Lambda is invoked.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottles`

public metricThrottles(props?: MetricOptions): Metric

How often this Lambda is throttled.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addAlias`

public addAlias(aliasName: string, options?: AliasOptions): Alias

Defines an alias for this function.

The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment.

declare const fn: lambda.Function;

fn.addAlias('Live');

// Is equivalent to

new lambda.Alias(this, 'AliasLive', {
  aliasName: 'Live',
  version: fn.currentVersion,
});

`aliasName`^Required

Type: string

The name of the alias.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.AliasOptions

Alias options.

`addEnvironment`

public addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function

Adds an environment variable to this Lambda function.

If this is a ref to a Lambda function, this operation results in a no-op.

`key`^Required

Type: string

The environment variable key.

`value`^Required

Type: string

The environment variable's value.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.EnvironmentOptions

Environment variable options.

`addLayers`

public addLayers(layers: ...ILayerVersion[]): void

Adds one or more Lambda Layers to this Lambda function.

`layers`^Required

Type: ...aws-cdk-lib.aws_lambda.ILayerVersion[]

the layers to be added.

`invalidateVersionBasedOn`

public invalidateVersionBasedOn(x: string): void

Mix additional information into the hash of the Version object.

The Lambda Function construct does its best to automatically create a new Version when anything about the Function changes (its code, its layers, any of the other properties).

However, you can sometimes source information from places that the CDK cannot look into, like the deploy-time values of SSM parameters. In those cases, the CDK would not force the creation of a new Version object when it actually should.

This method can be used to invalidate the current Version object. Pass in any string into this method, and make sure the string changes when you know a new Version needs to be created.

This method may be called more than once.

`x`^Required

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`classifyVersionProperty`	Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource.
`fromFunctionArn`	Import a lambda function into the CDK using its ARN.
`fromFunctionAttributes`	Creates a Lambda function object which represents a function not defined within this stack.
`fromFunctionName`	Import a lambda function into the CDK using its name.
`metricAll`	Return the given named metric for this Lambda.
`metricAllConcurrentExecutions`	Metric for the number of concurrent executions across all Lambdas.
`metricAllDuration`	Metric for the Duration executing all Lambdas.
`metricAllErrors`	Metric for the number of Errors executing all Lambdas.
`metricAllInvocations`	Metric for the number of invocations of all Lambdas.
`metricAllThrottles`	Metric for the number of throttled invocations of all Lambdas.
`metricAllUnreservedConcurrentExecutions`	Metric for the number of unreserved concurrent executions across all Lambdas.

`isConstruct`

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

CreateA2IResourcesFunction.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

CreateA2IResourcesFunction.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

CreateA2IResourcesFunction.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`classifyVersionProperty`

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

CreateA2IResourcesFunction.classifyVersionProperty(propertyName: string, locked: boolean)

Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource.

See 'currentVersion' section in the module README for more details.

`propertyName`^Required

Type: string

The property to classify.

`locked`^Required

Type: boolean

whether the property should be associated to the version or not.

`fromFunctionArn`

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

CreateA2IResourcesFunction.fromFunctionArn(scope: Construct, id: string, functionArn: string)

Import a lambda function into the CDK using its ARN.

For Function.addPermissions() to work on this imported lambda, make sure that is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionArn`^Required

Type: string

`fromFunctionAttributes`

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

CreateA2IResourcesFunction.fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes)

Creates a Lambda function object which represents a function not defined within this stack.

For Function.addPermissions() to work on this imported lambda, set the sameEnvironment property to true if this imported lambda is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

The parent construct.

`id`^Required

Type: string

The name of the lambda construct.

`attrs`^Required

Type: aws-cdk-lib.aws_lambda.FunctionAttributes

the attributes of the function to import.

`fromFunctionName`

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

CreateA2IResourcesFunction.fromFunctionName(scope: Construct, id: string, functionName: string)

Import a lambda function into the CDK using its name.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionName`^Required

Type: string

`metricAll`

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

CreateA2IResourcesFunction.metricAll(metricName: string, props?: MetricOptions)

Return the given named metric for this Lambda.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllConcurrentExecutions`

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

CreateA2IResourcesFunction.metricAllConcurrentExecutions(props?: MetricOptions)

Metric for the number of concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllDuration`

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

CreateA2IResourcesFunction.metricAllDuration(props?: MetricOptions)

Metric for the Duration executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllErrors`

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

CreateA2IResourcesFunction.metricAllErrors(props?: MetricOptions)

Metric for the number of Errors executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllInvocations`

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

CreateA2IResourcesFunction.metricAllInvocations(props?: MetricOptions)

Metric for the number of invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllThrottles`

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

CreateA2IResourcesFunction.metricAllThrottles(props?: MetricOptions)

Metric for the number of throttled invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllUnreservedConcurrentExecutions`

import { CreateA2IResourcesFunction } from '@cdklabs/genai-idp'

CreateA2IResourcesFunction.metricAllUnreservedConcurrentExecutions(props?: MetricOptions)

Metric for the number of unreserved concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
`connections`	`aws-cdk-lib.aws_ec2.Connections`	Access the Connections object.
`functionArn`	`string`	ARN of this function.
`functionName`	`string`	Name of this function.
`grantPrincipal`	`aws-cdk-lib.aws_iam.IPrincipal`	The principal this Lambda Function is running as.
`isBoundToVpc`	`boolean`	Whether or not this Lambda function was bound to a VPC.
`latestVersion`	`aws-cdk-lib.aws_lambda.IVersion`	The `$LATEST` version of this function.
`permissionsNode`	`constructs.Node`	The construct node where permissions are attached.
`resourceArnsForGrantInvoke`	`string[]`	The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().
`role`	`aws-cdk-lib.aws_iam.IRole`	Execution role associated with this function.
`currentVersion`	`aws-cdk-lib.aws_lambda.Version`	Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The LogGroup where the Lambda function's logs are made available.
`runtime`	`aws-cdk-lib.aws_lambda.Runtime`	The runtime configured for this lambda.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).
`timeout`	`aws-cdk-lib.Duration`	The timeout configured for this lambda.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`architecture`^Required

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture

The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).

`connections`^Required

public readonly connections: Connections;

Type: aws-cdk-lib.aws_ec2.Connections

Access the Connections object.

Will fail if not a VPC-enabled Lambda Function

`functionArn`^Required

public readonly functionArn: string;

Type: string

ARN of this function.

`functionName`^Required

public readonly functionName: string;

Type: string

Name of this function.

`grantPrincipal`^Required

public readonly grantPrincipal: IPrincipal;

Type: aws-cdk-lib.aws_iam.IPrincipal

The principal this Lambda Function is running as.

`isBoundToVpc`^Required

public readonly isBoundToVpc: boolean;

Type: boolean

Whether or not this Lambda function was bound to a VPC.

If this is is false, trying to access the connections object will fail.

`latestVersion`^Required

public readonly latestVersion: IVersion;

Type: aws-cdk-lib.aws_lambda.IVersion

The $LATEST version of this function.

Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.

To obtain a reference to an explicit version which references the current function configuration, use lambdaFunction.currentVersion instead.

`permissionsNode`^Required

public readonly permissionsNode: Node;

Type: constructs.Node

The construct node where permissions are attached.

`resourceArnsForGrantInvoke`^Required

public readonly resourceArnsForGrantInvoke: string[];

Type: string[]

The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole

Execution role associated with this function.

`currentVersion`^Required

public readonly currentVersion: Version;

Type: aws-cdk-lib.aws_lambda.Version

Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.

You can specify options for this version using the currentVersionOptions prop when initializing the lambda.Function.

`logGroup`^Required

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup

The LogGroup where the Lambda function's logs are made available.

If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention period (never expire, by default).

Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.

`runtime`^Required

public readonly runtime: Runtime;

Type: aws-cdk-lib.aws_lambda.Runtime

The runtime configured for this lambda.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue

The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic

The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).

`timeout`^Optional

public readonly timeout: Duration;

Type: aws-cdk-lib.Duration

The timeout configured for this lambda.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

CustomPromptGenerator

Implements: ICustomPromptGenerator

Custom prompt generator construct for injecting business logic into document processing.

This construct creates a Lambda function that can be used by Pattern 2 and Pattern 3 processors to customize prompts based on document content, business rules, or external system integrations.

The Lambda function receives template placeholders including: - DOCUMENT_TEXT: Extracted text from the document - DOCUMENT_CLASS: Classification result - ATTRIBUTE_NAMES_AND_DESCRIPTIONS: Schema information - DOCUMENT_IMAGE: URI-based image reference for JSON serialization

Key features: - Scoped IAM permissions requiring GENAIIDP-* function naming convention - Comprehensive error handling with fail-fast behavior - JSON serialization support for all object types - Complete observability with detailed logging

Initializers

import { CustomPromptGenerator } from '@cdklabs/genai-idp'

new CustomPromptGenerator(scope: Construct, id: string, props: CustomPromptGeneratorProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`CustomPromptGeneratorProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Required

Type: CustomPromptGeneratorProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.

`toString`

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.

`isConstruct`

import { CustomPromptGenerator } from '@cdklabs/genai-idp'

CustomPromptGenerator.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`generatorFunction`	`aws-cdk-lib.aws_lambda.IFunction`	The Lambda function that implements the custom prompt generation logic.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`generatorFunction`^Required

public readonly generatorFunction: IFunction;

Type: aws-cdk-lib.aws_lambda.IFunction

The Lambda function that implements the custom prompt generation logic.

This function receives template placeholders and returns customized prompts.

CustomPromptGeneratorFunction

Lambda function for custom prompt generation.

This function implements custom business logic for prompt generation in document processing workflows. It receives template placeholders and returns customized prompts based on document content, business rules, or external integrations.

Key features: - Template placeholder support (DOCUMENT_TEXT, DOCUMENT_CLASS, etc.) - Business rule integration - External system connectivity - Fail-fast error handling - Comprehensive logging and observability

Initializers

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

new CustomPromptGeneratorFunction(scope: Construct, id: string, props: CustomPromptGeneratorFunctionProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`CustomPromptGeneratorFunctionProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Required

Type: CustomPromptGeneratorFunctionProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addEventSource`	Adds an event source to this function.
`addEventSourceMapping`	Adds an event source that maps to this AWS Lambda function.
`addFunctionUrl`	Adds a url to this lambda function.
`addPermission`	Adds a permission to the Lambda resource policy.
`addToRolePolicy`	Adds a statement to the IAM role assumed by the instance.
`configureAsyncInvoke`	Configures options for asynchronous invocation.
`considerWarningOnInvokeFunctionPermissions`	A warning will be added to functions under the following conditions: - permissions that include `lambda:InvokeFunction` are added to the unqualified function.
`grantInvoke`	Grant the given identity permissions to invoke this Lambda.
`grantInvokeCompositePrincipal`	Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.
`grantInvokeLatestVersion`	Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.
`grantInvokeUrl`	Grant the given identity permissions to invoke this Lambda Function URL.
`grantInvokeVersion`	Grant the given identity permissions to invoke the given version of this Lambda.
`metric`	Return the given named metric for this Function.
`metricDuration`	How long execution of this Lambda takes.
`metricErrors`	How many invocations of this Lambda fail.
`metricInvocations`	How often this Lambda is invoked.
`metricThrottles`	How often this Lambda is throttled.
`addAlias`	Defines an alias for this function.
`addEnvironment`	Adds an environment variable to this Lambda function.
`addLayers`	Adds one or more Lambda Layers to this Lambda function.
`invalidateVersionBasedOn`	Mix additional information into the hash of the Version object.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addEventSource`

public addEventSource(source: IEventSource): void

Adds an event source to this function.

Event sources are implemented in the aws-cdk-lib/aws-lambda-event-sources module.

The following example adds an SQS Queue as an event source:

import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
myFunction.addEventSource(new SqsEventSource(myQueue));

`source`^Required

Type: aws-cdk-lib.aws_lambda.IEventSource

`addEventSourceMapping`

public addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping

Adds an event source that maps to this AWS Lambda function.

`id`^Required

Type: string

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventSourceMappingOptions

`addFunctionUrl`

public addFunctionUrl(options?: FunctionUrlOptions): FunctionUrl

Adds a url to this lambda function.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.FunctionUrlOptions

`addPermission`

public addPermission(id: string, permission: Permission): void

Adds a permission to the Lambda resource policy.

`id`^Required

Type: string

The id for the permission construct.

`permission`^Required

Type: aws-cdk-lib.aws_lambda.Permission

The permission to grant to this Lambda function.

`addToRolePolicy`

public addToRolePolicy(statement: PolicyStatement): void

Adds a statement to the IAM role assumed by the instance.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

`configureAsyncInvoke`

public configureAsyncInvoke(options: EventInvokeConfigOptions): void

Configures options for asynchronous invocation.

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventInvokeConfigOptions

`considerWarningOnInvokeFunctionPermissions`

public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string): void

A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function.

function.currentVersion is invoked before or after the permission is created.

This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.

`scope`^Required

Type: constructs.Construct

`action`^Required

Type: string

`grantInvoke`

public grantInvoke(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeCompositePrincipal`

public grantInvokeCompositePrincipal(compositePrincipal: CompositePrincipal): Grant[]

Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.

`compositePrincipal`^Required

Type: aws-cdk-lib.aws_iam.CompositePrincipal

`grantInvokeLatestVersion`

public grantInvokeLatestVersion(grantee: IGrantable): Grant

Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeUrl`

public grantInvokeUrl(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda Function URL.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeVersion`

public grantInvokeVersion(grantee: IGrantable, version: IVersion): Grant

Grant the given identity permissions to invoke the given version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`version`^Required

Type: aws-cdk-lib.aws_lambda.IVersion

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Function.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricDuration`

public metricDuration(props?: MetricOptions): Metric

How long execution of this Lambda takes.

Average over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricErrors`

public metricErrors(props?: MetricOptions): Metric

How many invocations of this Lambda fail.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricInvocations`

public metricInvocations(props?: MetricOptions): Metric

How often this Lambda is invoked.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottles`

public metricThrottles(props?: MetricOptions): Metric

How often this Lambda is throttled.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addAlias`

public addAlias(aliasName: string, options?: AliasOptions): Alias

Defines an alias for this function.

The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment.

declare const fn: lambda.Function;

fn.addAlias('Live');

// Is equivalent to

new lambda.Alias(this, 'AliasLive', {
  aliasName: 'Live',
  version: fn.currentVersion,
});

`aliasName`^Required

Type: string

The name of the alias.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.AliasOptions

Alias options.

`addEnvironment`

public addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function

Adds an environment variable to this Lambda function.

If this is a ref to a Lambda function, this operation results in a no-op.

`key`^Required

Type: string

The environment variable key.

`value`^Required

Type: string

The environment variable's value.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.EnvironmentOptions

Environment variable options.

`addLayers`

public addLayers(layers: ...ILayerVersion[]): void

Adds one or more Lambda Layers to this Lambda function.

`layers`^Required

Type: ...aws-cdk-lib.aws_lambda.ILayerVersion[]

the layers to be added.

`invalidateVersionBasedOn`

public invalidateVersionBasedOn(x: string): void

Mix additional information into the hash of the Version object.

The Lambda Function construct does its best to automatically create a new Version when anything about the Function changes (its code, its layers, any of the other properties).

However, you can sometimes source information from places that the CDK cannot look into, like the deploy-time values of SSM parameters. In those cases, the CDK would not force the creation of a new Version object when it actually should.

This method can be used to invalidate the current Version object. Pass in any string into this method, and make sure the string changes when you know a new Version needs to be created.

This method may be called more than once.

`x`^Required

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`classifyVersionProperty`	Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource.
`fromFunctionArn`	Import a lambda function into the CDK using its ARN.
`fromFunctionAttributes`	Creates a Lambda function object which represents a function not defined within this stack.
`fromFunctionName`	Import a lambda function into the CDK using its name.
`metricAll`	Return the given named metric for this Lambda.
`metricAllConcurrentExecutions`	Metric for the number of concurrent executions across all Lambdas.
`metricAllDuration`	Metric for the Duration executing all Lambdas.
`metricAllErrors`	Metric for the number of Errors executing all Lambdas.
`metricAllInvocations`	Metric for the number of invocations of all Lambdas.
`metricAllThrottles`	Metric for the number of throttled invocations of all Lambdas.
`metricAllUnreservedConcurrentExecutions`	Metric for the number of unreserved concurrent executions across all Lambdas.

`isConstruct`

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

CustomPromptGeneratorFunction.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

CustomPromptGeneratorFunction.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

CustomPromptGeneratorFunction.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`classifyVersionProperty`

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

CustomPromptGeneratorFunction.classifyVersionProperty(propertyName: string, locked: boolean)

Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource.

See 'currentVersion' section in the module README for more details.

`propertyName`^Required

Type: string

The property to classify.

`locked`^Required

Type: boolean

whether the property should be associated to the version or not.

`fromFunctionArn`

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

CustomPromptGeneratorFunction.fromFunctionArn(scope: Construct, id: string, functionArn: string)

Import a lambda function into the CDK using its ARN.

For Function.addPermissions() to work on this imported lambda, make sure that is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionArn`^Required

Type: string

`fromFunctionAttributes`

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

CustomPromptGeneratorFunction.fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes)

Creates a Lambda function object which represents a function not defined within this stack.

For Function.addPermissions() to work on this imported lambda, set the sameEnvironment property to true if this imported lambda is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

The parent construct.

`id`^Required

Type: string

The name of the lambda construct.

`attrs`^Required

Type: aws-cdk-lib.aws_lambda.FunctionAttributes

the attributes of the function to import.

`fromFunctionName`

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

CustomPromptGeneratorFunction.fromFunctionName(scope: Construct, id: string, functionName: string)

Import a lambda function into the CDK using its name.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionName`^Required

Type: string

`metricAll`

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

CustomPromptGeneratorFunction.metricAll(metricName: string, props?: MetricOptions)

Return the given named metric for this Lambda.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllConcurrentExecutions`

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

CustomPromptGeneratorFunction.metricAllConcurrentExecutions(props?: MetricOptions)

Metric for the number of concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllDuration`

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

CustomPromptGeneratorFunction.metricAllDuration(props?: MetricOptions)

Metric for the Duration executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllErrors`

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

CustomPromptGeneratorFunction.metricAllErrors(props?: MetricOptions)

Metric for the number of Errors executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllInvocations`

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

CustomPromptGeneratorFunction.metricAllInvocations(props?: MetricOptions)

Metric for the number of invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllThrottles`

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

CustomPromptGeneratorFunction.metricAllThrottles(props?: MetricOptions)

Metric for the number of throttled invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllUnreservedConcurrentExecutions`

import { CustomPromptGeneratorFunction } from '@cdklabs/genai-idp'

CustomPromptGeneratorFunction.metricAllUnreservedConcurrentExecutions(props?: MetricOptions)

Metric for the number of unreserved concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
`connections`	`aws-cdk-lib.aws_ec2.Connections`	Access the Connections object.
`functionArn`	`string`	ARN of this function.
`functionName`	`string`	Name of this function.
`grantPrincipal`	`aws-cdk-lib.aws_iam.IPrincipal`	The principal this Lambda Function is running as.
`isBoundToVpc`	`boolean`	Whether or not this Lambda function was bound to a VPC.
`latestVersion`	`aws-cdk-lib.aws_lambda.IVersion`	The `$LATEST` version of this function.
`permissionsNode`	`constructs.Node`	The construct node where permissions are attached.
`resourceArnsForGrantInvoke`	`string[]`	The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().
`role`	`aws-cdk-lib.aws_iam.IRole`	Execution role associated with this function.
`currentVersion`	`aws-cdk-lib.aws_lambda.Version`	Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The LogGroup where the Lambda function's logs are made available.
`runtime`	`aws-cdk-lib.aws_lambda.Runtime`	The runtime configured for this lambda.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).
`timeout`	`aws-cdk-lib.Duration`	The timeout configured for this lambda.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`architecture`^Required

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture

The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).

`connections`^Required

public readonly connections: Connections;

Type: aws-cdk-lib.aws_ec2.Connections

Access the Connections object.

Will fail if not a VPC-enabled Lambda Function

`functionArn`^Required

public readonly functionArn: string;

Type: string

ARN of this function.

`functionName`^Required

public readonly functionName: string;

Type: string

Name of this function.

`grantPrincipal`^Required

public readonly grantPrincipal: IPrincipal;

Type: aws-cdk-lib.aws_iam.IPrincipal

The principal this Lambda Function is running as.

`isBoundToVpc`^Required

public readonly isBoundToVpc: boolean;

Type: boolean

Whether or not this Lambda function was bound to a VPC.

If this is is false, trying to access the connections object will fail.

`latestVersion`^Required

public readonly latestVersion: IVersion;

Type: aws-cdk-lib.aws_lambda.IVersion

The $LATEST version of this function.

Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.

To obtain a reference to an explicit version which references the current function configuration, use lambdaFunction.currentVersion instead.

`permissionsNode`^Required

public readonly permissionsNode: Node;

Type: constructs.Node

The construct node where permissions are attached.

`resourceArnsForGrantInvoke`^Required

public readonly resourceArnsForGrantInvoke: string[];

Type: string[]

The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole

Execution role associated with this function.

`currentVersion`^Required

public readonly currentVersion: Version;

Type: aws-cdk-lib.aws_lambda.Version

Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.

You can specify options for this version using the currentVersionOptions prop when initializing the lambda.Function.

`logGroup`^Required

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup

The LogGroup where the Lambda function's logs are made available.

If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention period (never expire, by default).

Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.

`runtime`^Required

public readonly runtime: Runtime;

Type: aws-cdk-lib.aws_lambda.Runtime

The runtime configured for this lambda.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue

The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic

The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).

`timeout`^Optional

public readonly timeout: Duration;

Type: aws-cdk-lib.Duration

The timeout configured for this lambda.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

DiscoveryProcessorFunction

A Lambda function that processes discovery jobs from SQS queue.

This function analyzes documents to identify structure, field types, and organizational patterns for automated configuration generation.

Initializers

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

new DiscoveryProcessorFunction(scope: Construct, id: string, props: DiscoveryProcessorFunctionProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`DiscoveryProcessorFunctionProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Required

Type: DiscoveryProcessorFunctionProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addEventSource`	Adds an event source to this function.
`addEventSourceMapping`	Adds an event source that maps to this AWS Lambda function.
`addFunctionUrl`	Adds a url to this lambda function.
`addPermission`	Adds a permission to the Lambda resource policy.
`addToRolePolicy`	Adds a statement to the IAM role assumed by the instance.
`configureAsyncInvoke`	Configures options for asynchronous invocation.
`considerWarningOnInvokeFunctionPermissions`	A warning will be added to functions under the following conditions: - permissions that include `lambda:InvokeFunction` are added to the unqualified function.
`grantInvoke`	Grant the given identity permissions to invoke this Lambda.
`grantInvokeCompositePrincipal`	Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.
`grantInvokeLatestVersion`	Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.
`grantInvokeUrl`	Grant the given identity permissions to invoke this Lambda Function URL.
`grantInvokeVersion`	Grant the given identity permissions to invoke the given version of this Lambda.
`metric`	Return the given named metric for this Function.
`metricDuration`	How long execution of this Lambda takes.
`metricErrors`	How many invocations of this Lambda fail.
`metricInvocations`	How often this Lambda is invoked.
`metricThrottles`	How often this Lambda is throttled.
`addAlias`	Defines an alias for this function.
`addEnvironment`	Adds an environment variable to this Lambda function.
`addLayers`	Adds one or more Lambda Layers to this Lambda function.
`invalidateVersionBasedOn`	Mix additional information into the hash of the Version object.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addEventSource`

public addEventSource(source: IEventSource): void

Adds an event source to this function.

Event sources are implemented in the aws-cdk-lib/aws-lambda-event-sources module.

The following example adds an SQS Queue as an event source:

import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
myFunction.addEventSource(new SqsEventSource(myQueue));

`source`^Required

Type: aws-cdk-lib.aws_lambda.IEventSource

`addEventSourceMapping`

public addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping

Adds an event source that maps to this AWS Lambda function.

`id`^Required

Type: string

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventSourceMappingOptions

`addFunctionUrl`

public addFunctionUrl(options?: FunctionUrlOptions): FunctionUrl

Adds a url to this lambda function.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.FunctionUrlOptions

`addPermission`

public addPermission(id: string, permission: Permission): void

Adds a permission to the Lambda resource policy.

`id`^Required

Type: string

The id for the permission construct.

`permission`^Required

Type: aws-cdk-lib.aws_lambda.Permission

The permission to grant to this Lambda function.

`addToRolePolicy`

public addToRolePolicy(statement: PolicyStatement): void

Adds a statement to the IAM role assumed by the instance.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

`configureAsyncInvoke`

public configureAsyncInvoke(options: EventInvokeConfigOptions): void

Configures options for asynchronous invocation.

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventInvokeConfigOptions

`considerWarningOnInvokeFunctionPermissions`

public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string): void

A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function.

function.currentVersion is invoked before or after the permission is created.

This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.

`scope`^Required

Type: constructs.Construct

`action`^Required

Type: string

`grantInvoke`

public grantInvoke(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeCompositePrincipal`

public grantInvokeCompositePrincipal(compositePrincipal: CompositePrincipal): Grant[]

Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.

`compositePrincipal`^Required

Type: aws-cdk-lib.aws_iam.CompositePrincipal

`grantInvokeLatestVersion`

public grantInvokeLatestVersion(grantee: IGrantable): Grant

Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeUrl`

public grantInvokeUrl(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda Function URL.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeVersion`

public grantInvokeVersion(grantee: IGrantable, version: IVersion): Grant

Grant the given identity permissions to invoke the given version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`version`^Required

Type: aws-cdk-lib.aws_lambda.IVersion

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Function.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricDuration`

public metricDuration(props?: MetricOptions): Metric

How long execution of this Lambda takes.

Average over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricErrors`

public metricErrors(props?: MetricOptions): Metric

How many invocations of this Lambda fail.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricInvocations`

public metricInvocations(props?: MetricOptions): Metric

How often this Lambda is invoked.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottles`

public metricThrottles(props?: MetricOptions): Metric

How often this Lambda is throttled.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addAlias`

public addAlias(aliasName: string, options?: AliasOptions): Alias

Defines an alias for this function.

The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment.

declare const fn: lambda.Function;

fn.addAlias('Live');

// Is equivalent to

new lambda.Alias(this, 'AliasLive', {
  aliasName: 'Live',
  version: fn.currentVersion,
});

`aliasName`^Required

Type: string

The name of the alias.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.AliasOptions

Alias options.

`addEnvironment`

public addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function

Adds an environment variable to this Lambda function.

If this is a ref to a Lambda function, this operation results in a no-op.

`key`^Required

Type: string

The environment variable key.

`value`^Required

Type: string

The environment variable's value.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.EnvironmentOptions

Environment variable options.

`addLayers`

public addLayers(layers: ...ILayerVersion[]): void

Adds one or more Lambda Layers to this Lambda function.

`layers`^Required

Type: ...aws-cdk-lib.aws_lambda.ILayerVersion[]

the layers to be added.

`invalidateVersionBasedOn`

public invalidateVersionBasedOn(x: string): void

Mix additional information into the hash of the Version object.

The Lambda Function construct does its best to automatically create a new Version when anything about the Function changes (its code, its layers, any of the other properties).

However, you can sometimes source information from places that the CDK cannot look into, like the deploy-time values of SSM parameters. In those cases, the CDK would not force the creation of a new Version object when it actually should.

This method can be used to invalidate the current Version object. Pass in any string into this method, and make sure the string changes when you know a new Version needs to be created.

This method may be called more than once.

`x`^Required

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`classifyVersionProperty`	Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource.
`fromFunctionArn`	Import a lambda function into the CDK using its ARN.
`fromFunctionAttributes`	Creates a Lambda function object which represents a function not defined within this stack.
`fromFunctionName`	Import a lambda function into the CDK using its name.
`metricAll`	Return the given named metric for this Lambda.
`metricAllConcurrentExecutions`	Metric for the number of concurrent executions across all Lambdas.
`metricAllDuration`	Metric for the Duration executing all Lambdas.
`metricAllErrors`	Metric for the number of Errors executing all Lambdas.
`metricAllInvocations`	Metric for the number of invocations of all Lambdas.
`metricAllThrottles`	Metric for the number of throttled invocations of all Lambdas.
`metricAllUnreservedConcurrentExecutions`	Metric for the number of unreserved concurrent executions across all Lambdas.

`isConstruct`

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

DiscoveryProcessorFunction.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

DiscoveryProcessorFunction.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

DiscoveryProcessorFunction.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`classifyVersionProperty`

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

DiscoveryProcessorFunction.classifyVersionProperty(propertyName: string, locked: boolean)

Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource.

See 'currentVersion' section in the module README for more details.

`propertyName`^Required

Type: string

The property to classify.

`locked`^Required

Type: boolean

whether the property should be associated to the version or not.

`fromFunctionArn`

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

DiscoveryProcessorFunction.fromFunctionArn(scope: Construct, id: string, functionArn: string)

Import a lambda function into the CDK using its ARN.

For Function.addPermissions() to work on this imported lambda, make sure that is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionArn`^Required

Type: string

`fromFunctionAttributes`

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

DiscoveryProcessorFunction.fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes)

Creates a Lambda function object which represents a function not defined within this stack.

For Function.addPermissions() to work on this imported lambda, set the sameEnvironment property to true if this imported lambda is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

The parent construct.

`id`^Required

Type: string

The name of the lambda construct.

`attrs`^Required

Type: aws-cdk-lib.aws_lambda.FunctionAttributes

the attributes of the function to import.

`fromFunctionName`

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

DiscoveryProcessorFunction.fromFunctionName(scope: Construct, id: string, functionName: string)

Import a lambda function into the CDK using its name.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionName`^Required

Type: string

`metricAll`

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

DiscoveryProcessorFunction.metricAll(metricName: string, props?: MetricOptions)

Return the given named metric for this Lambda.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllConcurrentExecutions`

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

DiscoveryProcessorFunction.metricAllConcurrentExecutions(props?: MetricOptions)

Metric for the number of concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllDuration`

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

DiscoveryProcessorFunction.metricAllDuration(props?: MetricOptions)

Metric for the Duration executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllErrors`

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

DiscoveryProcessorFunction.metricAllErrors(props?: MetricOptions)

Metric for the number of Errors executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllInvocations`

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

DiscoveryProcessorFunction.metricAllInvocations(props?: MetricOptions)

Metric for the number of invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllThrottles`

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

DiscoveryProcessorFunction.metricAllThrottles(props?: MetricOptions)

Metric for the number of throttled invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllUnreservedConcurrentExecutions`

import { DiscoveryProcessorFunction } from '@cdklabs/genai-idp'

DiscoveryProcessorFunction.metricAllUnreservedConcurrentExecutions(props?: MetricOptions)

Metric for the number of unreserved concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
`connections`	`aws-cdk-lib.aws_ec2.Connections`	Access the Connections object.
`functionArn`	`string`	ARN of this function.
`functionName`	`string`	Name of this function.
`grantPrincipal`	`aws-cdk-lib.aws_iam.IPrincipal`	The principal this Lambda Function is running as.
`isBoundToVpc`	`boolean`	Whether or not this Lambda function was bound to a VPC.
`latestVersion`	`aws-cdk-lib.aws_lambda.IVersion`	The `$LATEST` version of this function.
`permissionsNode`	`constructs.Node`	The construct node where permissions are attached.
`resourceArnsForGrantInvoke`	`string[]`	The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().
`role`	`aws-cdk-lib.aws_iam.IRole`	Execution role associated with this function.
`currentVersion`	`aws-cdk-lib.aws_lambda.Version`	Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The LogGroup where the Lambda function's logs are made available.
`runtime`	`aws-cdk-lib.aws_lambda.Runtime`	The runtime configured for this lambda.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).
`timeout`	`aws-cdk-lib.Duration`	The timeout configured for this lambda.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`architecture`^Required

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture

The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).

`connections`^Required

public readonly connections: Connections;

Type: aws-cdk-lib.aws_ec2.Connections

Access the Connections object.

Will fail if not a VPC-enabled Lambda Function

`functionArn`^Required

public readonly functionArn: string;

Type: string

ARN of this function.

`functionName`^Required

public readonly functionName: string;

Type: string

Name of this function.

`grantPrincipal`^Required

public readonly grantPrincipal: IPrincipal;

Type: aws-cdk-lib.aws_iam.IPrincipal

The principal this Lambda Function is running as.

`isBoundToVpc`^Required

public readonly isBoundToVpc: boolean;

Type: boolean

Whether or not this Lambda function was bound to a VPC.

If this is is false, trying to access the connections object will fail.

`latestVersion`^Required

public readonly latestVersion: IVersion;

Type: aws-cdk-lib.aws_lambda.IVersion

The $LATEST version of this function.

Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.

To obtain a reference to an explicit version which references the current function configuration, use lambdaFunction.currentVersion instead.

`permissionsNode`^Required

public readonly permissionsNode: Node;

Type: constructs.Node

The construct node where permissions are attached.

`resourceArnsForGrantInvoke`^Required

public readonly resourceArnsForGrantInvoke: string[];

Type: string[]

The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole

Execution role associated with this function.

`currentVersion`^Required

public readonly currentVersion: Version;

Type: aws-cdk-lib.aws_lambda.Version

Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.

You can specify options for this version using the currentVersionOptions prop when initializing the lambda.Function.

`logGroup`^Required

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup

The LogGroup where the Lambda function's logs are made available.

If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention period (never expire, by default).

Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.

`runtime`^Required

public readonly runtime: Runtime;

Type: aws-cdk-lib.aws_lambda.Runtime

The runtime configured for this lambda.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue

The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic

The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).

`timeout`^Optional

public readonly timeout: Duration;

Type: aws-cdk-lib.Duration

The timeout configured for this lambda.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

DiscoveryQueue

Implements: IDiscoveryQueue

An SQS queue for processing discovery jobs asynchronously.

This construct creates a queue that receives discovery job messages and triggers Lambda processing for document analysis.

Initializers

import { DiscoveryQueue } from '@cdklabs/genai-idp'

new DiscoveryQueue(scope: Construct, id: string, props?: DiscoveryQueueProps)

Name	Type	Description
`scope`	`constructs.Construct`	The construct scope.
`id`	`string`	The construct ID.
`props`	`DiscoveryQueueProps`	Configuration properties for the SQS queue.

`scope`^Required

Type: constructs.Construct

The construct scope.

`id`^Required

Type: string

The construct ID.

`props`^Optional

Type: DiscoveryQueueProps

Configuration properties for the SQS queue.

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addToResourcePolicy`	Adds a statement to the IAM resource policy associated with this queue.
`grant`	Grant the actions defined in queueActions to the identity Principal given on this SQS queue resource.
`grantConsumeMessages`	Grant permissions to consume messages from a queue.
`grantPurge`	Grant an IAM principal permissions to purge all messages from the queue.
`grantSendMessages`	Grant access to send messages to a queue to the given identity.
`metric`	Return the given named metric for this Queue.
`metricApproximateAgeOfOldestMessage`	The approximate age of the oldest non-deleted message in the queue.
`metricApproximateNumberOfMessagesDelayed`	The number of messages in the queue that are delayed and not available for reading immediately.
`metricApproximateNumberOfMessagesNotVisible`	The number of messages that are in flight.
`metricApproximateNumberOfMessagesVisible`	The number of messages available for retrieval from the queue.
`metricNumberOfEmptyReceives`	The number of ReceiveMessage API calls that did not return a message.
`metricNumberOfMessagesDeleted`	The number of messages deleted from the queue.
`metricNumberOfMessagesReceived`	The number of messages returned by calls to the ReceiveMessage action.
`metricNumberOfMessagesSent`	The number of messages added to a queue.
`metricSentMessageSize`	The size of messages added to a queue.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addToResourcePolicy`

public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult

Adds a statement to the IAM resource policy associated with this queue.

If this queue was created in this stack (new Queue), a queue policy will be automatically created upon the first call to addToPolicy. If the queue is imported (Queue.import), then this is a no-op.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

`grant`

public grant(grantee: IGrantable, actions: ...string[]): Grant

Grant the actions defined in queueActions to the identity Principal given on this SQS queue resource.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

Principal to grant right to.

`actions`^Required

Type: ...string[]

The actions to grant.

`grantConsumeMessages`

public grantConsumeMessages(grantee: IGrantable): Grant

Grant permissions to consume messages from a queue.

This will grant the following permissions:

sqs:ChangeMessageVisibility
sqs:DeleteMessage
sqs:ReceiveMessage
sqs:GetQueueAttributes
sqs:GetQueueUrl

If encryption is used, permission to use the key to decrypt the contents of the queue will also be granted to the same principal.

This will grant the following KMS permissions:

kms:Decrypt

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

Principal to grant consume rights to.

`grantPurge`

public grantPurge(grantee: IGrantable): Grant

Grant an IAM principal permissions to purge all messages from the queue.

This will grant the following permissions:

sqs:PurgeQueue
sqs:GetQueueAttributes
sqs:GetQueueUrl

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

Principal to grant send rights to.

`grantSendMessages`

public grantSendMessages(grantee: IGrantable): Grant

Grant access to send messages to a queue to the given identity.

This will grant the following permissions:

sqs:SendMessage
sqs:GetQueueAttributes
sqs:GetQueueUrl

If encryption is used, permission to use the key to encrypt/decrypt the contents of the queue will also be granted to the same principal.

This will grant the following KMS permissions:

kms:Decrypt
kms:Encrypt
kms:ReEncrypt*
kms:GenerateDataKey*

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

Principal to grant send rights to.

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Queue.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricApproximateAgeOfOldestMessage`

public metricApproximateAgeOfOldestMessage(props?: MetricOptions): Metric

The approximate age of the oldest non-deleted message in the queue.

Maximum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricApproximateNumberOfMessagesDelayed`

public metricApproximateNumberOfMessagesDelayed(props?: MetricOptions): Metric

The number of messages in the queue that are delayed and not available for reading immediately.

Maximum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricApproximateNumberOfMessagesNotVisible`

public metricApproximateNumberOfMessagesNotVisible(props?: MetricOptions): Metric

The number of messages that are in flight.

Maximum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricApproximateNumberOfMessagesVisible`

public metricApproximateNumberOfMessagesVisible(props?: MetricOptions): Metric

The number of messages available for retrieval from the queue.

Maximum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricNumberOfEmptyReceives`

public metricNumberOfEmptyReceives(props?: MetricOptions): Metric

The number of ReceiveMessage API calls that did not return a message.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricNumberOfMessagesDeleted`

public metricNumberOfMessagesDeleted(props?: MetricOptions): Metric

The number of messages deleted from the queue.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricNumberOfMessagesReceived`

public metricNumberOfMessagesReceived(props?: MetricOptions): Metric

The number of messages returned by calls to the ReceiveMessage action.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricNumberOfMessagesSent`

public metricNumberOfMessagesSent(props?: MetricOptions): Metric

The number of messages added to a queue.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSentMessageSize`

public metricSentMessageSize(props?: MetricOptions): Metric

The size of messages added to a queue.

Average over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`fromQueueArn`	Import an existing SQS queue provided an ARN.
`fromQueueAttributes`	Import an existing queue.

`isConstruct`

import { DiscoveryQueue } from '@cdklabs/genai-idp'

DiscoveryQueue.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { DiscoveryQueue } from '@cdklabs/genai-idp'

DiscoveryQueue.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { DiscoveryQueue } from '@cdklabs/genai-idp'

DiscoveryQueue.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`fromQueueArn`

import { DiscoveryQueue } from '@cdklabs/genai-idp'

DiscoveryQueue.fromQueueArn(scope: Construct, id: string, queueArn: string)

Import an existing SQS queue provided an ARN.

`scope`^Required

Type: constructs.Construct

The parent creating construct.

`id`^Required

Type: string

The construct's name.

`queueArn`^Required

Type: string

queue ARN (i.e. arn:aws:sqs:us-east-2:444455556666:queue1).

`fromQueueAttributes`

import { DiscoveryQueue } from '@cdklabs/genai-idp'

DiscoveryQueue.fromQueueAttributes(scope: Construct, id: string, attrs: QueueAttributes)

Import an existing queue.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`attrs`^Required

Type: aws-cdk-lib.aws_sqs.QueueAttributes

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`fifo`	`boolean`	Whether this queue is an Amazon SQS FIFO queue.
`queueArn`	`string`	The ARN of this queue.
`queueName`	`string`	The name of this queue.
`queueUrl`	`string`	The URL of this queue.
`encryptionMasterKey`	`aws-cdk-lib.aws_kms.IKey`	If this queue is encrypted, this is the KMS key.
`encryptionType`	`aws-cdk-lib.aws_sqs.QueueEncryption`	Whether the contents of the queue are encrypted, and by what type of key.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.DeadLetterQueue`	If this queue is configured with a dead-letter queue, this is the dead-letter queue settings.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`fifo`^Required

public readonly fifo: boolean;

Type: boolean

Whether this queue is an Amazon SQS FIFO queue.

If false, this is a standard queue.

`queueArn`^Required

public readonly queueArn: string;

Type: string

The ARN of this queue.

`queueName`^Required

public readonly queueName: string;

Type: string

The name of this queue.

`queueUrl`^Required

public readonly queueUrl: string;

Type: string

The URL of this queue.

`encryptionMasterKey`^Optional

public readonly encryptionMasterKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

If this queue is encrypted, this is the KMS key.

`encryptionType`^Optional

public readonly encryptionType: QueueEncryption;

Type: aws-cdk-lib.aws_sqs.QueueEncryption

Whether the contents of the queue are encrypted, and by what type of key.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: DeadLetterQueue;

Type: aws-cdk-lib.aws_sqs.DeadLetterQueue

If this queue is configured with a dead-letter queue, this is the dead-letter queue settings.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

DiscoveryTable

Implements: IDiscoveryTable

A DynamoDB table for tracking discovery jobs.

This construct creates a table that stores discovery job information including status, document keys, and processing metadata.

Initializers

import { DiscoveryTable } from '@cdklabs/genai-idp'

new DiscoveryTable(scope: Construct, id: string, props?: FixedKeyTableProps)

Name	Type	Description
`scope`	`constructs.Construct`	The construct scope.
`id`	`string`	The construct ID.
`props`	`FixedKeyTableProps`	Configuration properties for the DynamoDB table.

`scope`^Required

Type: constructs.Construct

The construct scope.

`id`^Required

Type: string

The construct ID.

`props`^Optional

Type: FixedKeyTableProps

Configuration properties for the DynamoDB table.

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addToResourcePolicy`	Adds a statement to the resource policy associated with this file system.
`grant`	Adds an IAM policy statement associated with this table to an IAM principal's policy.
`grantFullAccess`	Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.
`grantReadData`	Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.
`grantReadWriteData`	Permits an IAM principal to all data read/write operations to this table.
`grantStream`	Adds an IAM policy statement associated with this table's stream to an IAM principal's policy.
`grantStreamRead`	Permits an IAM principal all stream data read operations for this table's stream: DescribeStream, GetRecords, GetShardIterator, ListStreams.
`grantTableListStreams`	Permits an IAM Principal to list streams attached to current dynamodb table.
`grantWriteData`	Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.
`metric`	Return the given named metric for this Table.
`metricConditionalCheckFailedRequests`	Metric for the conditional check failed requests this table.
`metricConsumedReadCapacityUnits`	Metric for the consumed read capacity units this table.
`metricConsumedWriteCapacityUnits`	Metric for the consumed write capacity units this table.
`metricSuccessfulRequestLatency`	Metric for the successful request latency this table.
`metricSystemErrors`	Metric for the system errors this table.
`metricSystemErrorsForOperations`	Metric for the system errors this table.
`metricThrottledRequests`	How many requests are throttled on this table.
`metricThrottledRequestsForOperation`	How many requests are throttled on this table, for the given operation.
`metricThrottledRequestsForOperations`	How many requests are throttled on this table.
`metricUserErrors`	Metric for the user errors.
`addGlobalSecondaryIndex`	Add a global secondary index of table.
`addLocalSecondaryIndex`	Add a local secondary index of table.
`autoScaleGlobalSecondaryIndexReadCapacity`	Enable read capacity scaling for the given GSI.
`autoScaleGlobalSecondaryIndexWriteCapacity`	Enable write capacity scaling for the given GSI.
`autoScaleReadCapacity`	Enable read capacity scaling for this table.
`autoScaleWriteCapacity`	Enable write capacity scaling for this table.
`schema`	Get schema attributes of table or index.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addToResourcePolicy`

public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult

Adds a statement to the resource policy associated with this file system.

A resource policy will be automatically created upon the first call to addToResourcePolicy.

Note that this does not work with imported file systems.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

The policy statement to add.

`grant`

public grant(grantee: IGrantable, actions: ...string[]): Grant

Adds an IAM policy statement associated with this table to an IAM principal's policy.

If encryptionKey is present, appropriate grants to the key needs to be added separately using the table.encryptionKey.grant* methods.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`actions`^Required

Type: ...string[]

The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...).

`grantFullAccess`

public grantFullAccess(grantee: IGrantable): Grant

Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantReadData`

public grantReadData(grantee: IGrantable): Grant

Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantReadWriteData`

public grantReadWriteData(grantee: IGrantable): Grant

Permits an IAM principal to all data read/write operations to this table.

BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantStream`

public grantStream(grantee: IGrantable, actions: ...string[]): Grant

Adds an IAM policy statement associated with this table's stream to an IAM principal's policy.

If encryptionKey is present, appropriate grants to the key needs to be added separately using the table.encryptionKey.grant* methods.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`actions`^Required

Type: ...string[]

The set of actions to allow (i.e. "dynamodb:DescribeStream", "dynamodb:GetRecords", ...).

`grantStreamRead`

public grantStreamRead(grantee: IGrantable): Grant

Permits an IAM principal all stream data read operations for this table's stream: DescribeStream, GetRecords, GetShardIterator, ListStreams.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantTableListStreams`

public grantTableListStreams(grantee: IGrantable): Grant

Permits an IAM Principal to list streams attached to current dynamodb table.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`grantWriteData`

public grantWriteData(grantee: IGrantable): Grant

Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConditionalCheckFailedRequests`

public metricConditionalCheckFailedRequests(props?: MetricOptions): Metric

Metric for the conditional check failed requests this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConsumedReadCapacityUnits`

public metricConsumedReadCapacityUnits(props?: MetricOptions): Metric

Metric for the consumed read capacity units this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConsumedWriteCapacityUnits`

public metricConsumedWriteCapacityUnits(props?: MetricOptions): Metric

Metric for the consumed write capacity units this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSuccessfulRequestLatency`

public metricSuccessfulRequestLatency(props?: MetricOptions): Metric

Metric for the successful request latency this table.

By default, the metric will be calculated as an average over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSystemErrors`

public metricSystemErrors(props?: MetricOptions): Metric

Metric for the system errors this table.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSystemErrorsForOperations`

public metricSystemErrorsForOperations(props?: SystemErrorsForOperationsMetricOptions): IMetric

Metric for the system errors this table.

This will sum errors across all possible operations. Note that by default, each individual metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_dynamodb.SystemErrorsForOperationsMetricOptions

`metricThrottledRequests`

public metricThrottledRequests(props?: MetricOptions): Metric

How many requests are throttled on this table.

Default: sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottledRequestsForOperation`

public metricThrottledRequestsForOperation(operation: string, props?: MetricOptions): Metric

How many requests are throttled on this table, for the given operation.

Default: sum over 5 minutes

`operation`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottledRequestsForOperations`

public metricThrottledRequestsForOperations(props?: OperationsMetricOptions): IMetric

How many requests are throttled on this table.

This will sum errors across all possible operations. Note that by default, each individual metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_dynamodb.OperationsMetricOptions

`metricUserErrors`

public metricUserErrors(props?: MetricOptions): Metric

Metric for the user errors.

Note that this metric reports user errors across all the tables in the account and region the table resides in.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addGlobalSecondaryIndex`

public addGlobalSecondaryIndex(props: GlobalSecondaryIndexProps): void

Add a global secondary index of table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.GlobalSecondaryIndexProps

the property of global secondary index.

`addLocalSecondaryIndex`

public addLocalSecondaryIndex(props: LocalSecondaryIndexProps): void

Add a local secondary index of table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.LocalSecondaryIndexProps

the property of local secondary index.

`autoScaleGlobalSecondaryIndexReadCapacity`

public autoScaleGlobalSecondaryIndexReadCapacity(indexName: string, props: EnableScalingProps): IScalableTableAttribute

Enable read capacity scaling for the given GSI.

`indexName`^Required

Type: string

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleGlobalSecondaryIndexWriteCapacity`

public autoScaleGlobalSecondaryIndexWriteCapacity(indexName: string, props: EnableScalingProps): IScalableTableAttribute

Enable write capacity scaling for the given GSI.

`indexName`^Required

Type: string

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleReadCapacity`

public autoScaleReadCapacity(props: EnableScalingProps): IScalableTableAttribute

Enable read capacity scaling for this table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleWriteCapacity`

public autoScaleWriteCapacity(props: EnableScalingProps): IScalableTableAttribute

Enable write capacity scaling for this table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`schema`

public schema(indexName?: string): SchemaOptions

Get schema attributes of table or index.

`indexName`^Optional

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`fromTableArn`	Creates a Table construct that represents an external table via table arn.
`fromTableAttributes`	Creates a Table construct that represents an external table.
`fromTableName`	Creates a Table construct that represents an external table via table name.

`isConstruct`

import { DiscoveryTable } from '@cdklabs/genai-idp'

DiscoveryTable.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { DiscoveryTable } from '@cdklabs/genai-idp'

DiscoveryTable.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { DiscoveryTable } from '@cdklabs/genai-idp'

DiscoveryTable.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`fromTableArn`

import { DiscoveryTable } from '@cdklabs/genai-idp'

DiscoveryTable.fromTableArn(scope: Construct, id: string, tableArn: string)

Creates a Table construct that represents an external table via table arn.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`tableArn`^Required

Type: string

The table's ARN.

`fromTableAttributes`

import { DiscoveryTable } from '@cdklabs/genai-idp'

DiscoveryTable.fromTableAttributes(scope: Construct, id: string, attrs: TableAttributes)

Creates a Table construct that represents an external table.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`attrs`^Required

Type: aws-cdk-lib.aws_dynamodb.TableAttributes

A TableAttributes object.

`fromTableName`

import { DiscoveryTable } from '@cdklabs/genai-idp'

DiscoveryTable.fromTableName(scope: Construct, id: string, tableName: string)

Creates a Table construct that represents an external table via table name.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`tableName`^Required

Type: string

The table's name.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`tableArn`	`string`	Arn of the dynamodb table.
`tableName`	`string`	Table name of the dynamodb table.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	KMS encryption key, if this table uses a customer-managed encryption key.
`tableStreamArn`	`string`	ARN of the table's stream, if there is one.
`resourcePolicy`	`aws-cdk-lib.aws_iam.PolicyDocument`	Resource policy to assign to DynamoDB Table.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`tableArn`^Required

public readonly tableArn: string;

Type: string

Arn of the dynamodb table.

`tableName`^Required

public readonly tableName: string;

Type: string

Table name of the dynamodb table.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

KMS encryption key, if this table uses a customer-managed encryption key.

`tableStreamArn`^Optional

public readonly tableStreamArn: string;

Type: string

ARN of the table's stream, if there is one.

`resourcePolicy`^Optional

public readonly resourcePolicy: PolicyDocument;

Type: aws-cdk-lib.aws_iam.PolicyDocument
Default: No resource policy statements are added to the created table.

Resource policy to assign to DynamoDB Table.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

DiscoveryUploadResolverFunction

A Lambda function that handles discovery document uploads via GraphQL API.

This function generates presigned URLs for document uploads and creates discovery job entries in the tracking table.

Initializers

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

new DiscoveryUploadResolverFunction(scope: Construct, id: string, props: DiscoveryUploadResolverFunctionProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`DiscoveryUploadResolverFunctionProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Required

Type: DiscoveryUploadResolverFunctionProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addEventSource`	Adds an event source to this function.
`addEventSourceMapping`	Adds an event source that maps to this AWS Lambda function.
`addFunctionUrl`	Adds a url to this lambda function.
`addPermission`	Adds a permission to the Lambda resource policy.
`addToRolePolicy`	Adds a statement to the IAM role assumed by the instance.
`configureAsyncInvoke`	Configures options for asynchronous invocation.
`considerWarningOnInvokeFunctionPermissions`	A warning will be added to functions under the following conditions: - permissions that include `lambda:InvokeFunction` are added to the unqualified function.
`grantInvoke`	Grant the given identity permissions to invoke this Lambda.
`grantInvokeCompositePrincipal`	Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.
`grantInvokeLatestVersion`	Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.
`grantInvokeUrl`	Grant the given identity permissions to invoke this Lambda Function URL.
`grantInvokeVersion`	Grant the given identity permissions to invoke the given version of this Lambda.
`metric`	Return the given named metric for this Function.
`metricDuration`	How long execution of this Lambda takes.
`metricErrors`	How many invocations of this Lambda fail.
`metricInvocations`	How often this Lambda is invoked.
`metricThrottles`	How often this Lambda is throttled.
`addAlias`	Defines an alias for this function.
`addEnvironment`	Adds an environment variable to this Lambda function.
`addLayers`	Adds one or more Lambda Layers to this Lambda function.
`invalidateVersionBasedOn`	Mix additional information into the hash of the Version object.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addEventSource`

public addEventSource(source: IEventSource): void

Adds an event source to this function.

Event sources are implemented in the aws-cdk-lib/aws-lambda-event-sources module.

The following example adds an SQS Queue as an event source:

import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
myFunction.addEventSource(new SqsEventSource(myQueue));

`source`^Required

Type: aws-cdk-lib.aws_lambda.IEventSource

`addEventSourceMapping`

public addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping

Adds an event source that maps to this AWS Lambda function.

`id`^Required

Type: string

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventSourceMappingOptions

`addFunctionUrl`

public addFunctionUrl(options?: FunctionUrlOptions): FunctionUrl

Adds a url to this lambda function.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.FunctionUrlOptions

`addPermission`

public addPermission(id: string, permission: Permission): void

Adds a permission to the Lambda resource policy.

`id`^Required

Type: string

The id for the permission construct.

`permission`^Required

Type: aws-cdk-lib.aws_lambda.Permission

The permission to grant to this Lambda function.

`addToRolePolicy`

public addToRolePolicy(statement: PolicyStatement): void

Adds a statement to the IAM role assumed by the instance.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

`configureAsyncInvoke`

public configureAsyncInvoke(options: EventInvokeConfigOptions): void

Configures options for asynchronous invocation.

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventInvokeConfigOptions

`considerWarningOnInvokeFunctionPermissions`

public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string): void

A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function.

function.currentVersion is invoked before or after the permission is created.

This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.

`scope`^Required

Type: constructs.Construct

`action`^Required

Type: string

`grantInvoke`

public grantInvoke(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeCompositePrincipal`

public grantInvokeCompositePrincipal(compositePrincipal: CompositePrincipal): Grant[]

Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.

`compositePrincipal`^Required

Type: aws-cdk-lib.aws_iam.CompositePrincipal

`grantInvokeLatestVersion`

public grantInvokeLatestVersion(grantee: IGrantable): Grant

Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeUrl`

public grantInvokeUrl(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda Function URL.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeVersion`

public grantInvokeVersion(grantee: IGrantable, version: IVersion): Grant

Grant the given identity permissions to invoke the given version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`version`^Required

Type: aws-cdk-lib.aws_lambda.IVersion

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Function.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricDuration`

public metricDuration(props?: MetricOptions): Metric

How long execution of this Lambda takes.

Average over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricErrors`

public metricErrors(props?: MetricOptions): Metric

How many invocations of this Lambda fail.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricInvocations`

public metricInvocations(props?: MetricOptions): Metric

How often this Lambda is invoked.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottles`

public metricThrottles(props?: MetricOptions): Metric

How often this Lambda is throttled.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addAlias`

public addAlias(aliasName: string, options?: AliasOptions): Alias

Defines an alias for this function.

The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment.

declare const fn: lambda.Function;

fn.addAlias('Live');

// Is equivalent to

new lambda.Alias(this, 'AliasLive', {
  aliasName: 'Live',
  version: fn.currentVersion,
});

`aliasName`^Required

Type: string

The name of the alias.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.AliasOptions

Alias options.

`addEnvironment`

public addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function

Adds an environment variable to this Lambda function.

If this is a ref to a Lambda function, this operation results in a no-op.

`key`^Required

Type: string

The environment variable key.

`value`^Required

Type: string

The environment variable's value.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.EnvironmentOptions

Environment variable options.

`addLayers`

public addLayers(layers: ...ILayerVersion[]): void

Adds one or more Lambda Layers to this Lambda function.

`layers`^Required

Type: ...aws-cdk-lib.aws_lambda.ILayerVersion[]

the layers to be added.

`invalidateVersionBasedOn`

public invalidateVersionBasedOn(x: string): void

Mix additional information into the hash of the Version object.

The Lambda Function construct does its best to automatically create a new Version when anything about the Function changes (its code, its layers, any of the other properties).

However, you can sometimes source information from places that the CDK cannot look into, like the deploy-time values of SSM parameters. In those cases, the CDK would not force the creation of a new Version object when it actually should.

This method can be used to invalidate the current Version object. Pass in any string into this method, and make sure the string changes when you know a new Version needs to be created.

This method may be called more than once.

`x`^Required

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`classifyVersionProperty`	Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource.
`fromFunctionArn`	Import a lambda function into the CDK using its ARN.
`fromFunctionAttributes`	Creates a Lambda function object which represents a function not defined within this stack.
`fromFunctionName`	Import a lambda function into the CDK using its name.
`metricAll`	Return the given named metric for this Lambda.
`metricAllConcurrentExecutions`	Metric for the number of concurrent executions across all Lambdas.
`metricAllDuration`	Metric for the Duration executing all Lambdas.
`metricAllErrors`	Metric for the number of Errors executing all Lambdas.
`metricAllInvocations`	Metric for the number of invocations of all Lambdas.
`metricAllThrottles`	Metric for the number of throttled invocations of all Lambdas.
`metricAllUnreservedConcurrentExecutions`	Metric for the number of unreserved concurrent executions across all Lambdas.

`isConstruct`

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

DiscoveryUploadResolverFunction.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

DiscoveryUploadResolverFunction.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

DiscoveryUploadResolverFunction.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`classifyVersionProperty`

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

DiscoveryUploadResolverFunction.classifyVersionProperty(propertyName: string, locked: boolean)

Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource.

See 'currentVersion' section in the module README for more details.

`propertyName`^Required

Type: string

The property to classify.

`locked`^Required

Type: boolean

whether the property should be associated to the version or not.

`fromFunctionArn`

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

DiscoveryUploadResolverFunction.fromFunctionArn(scope: Construct, id: string, functionArn: string)

Import a lambda function into the CDK using its ARN.

For Function.addPermissions() to work on this imported lambda, make sure that is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionArn`^Required

Type: string

`fromFunctionAttributes`

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

DiscoveryUploadResolverFunction.fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes)

Creates a Lambda function object which represents a function not defined within this stack.

For Function.addPermissions() to work on this imported lambda, set the sameEnvironment property to true if this imported lambda is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

The parent construct.

`id`^Required

Type: string

The name of the lambda construct.

`attrs`^Required

Type: aws-cdk-lib.aws_lambda.FunctionAttributes

the attributes of the function to import.

`fromFunctionName`

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

DiscoveryUploadResolverFunction.fromFunctionName(scope: Construct, id: string, functionName: string)

Import a lambda function into the CDK using its name.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionName`^Required

Type: string

`metricAll`

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

DiscoveryUploadResolverFunction.metricAll(metricName: string, props?: MetricOptions)

Return the given named metric for this Lambda.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllConcurrentExecutions`

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

DiscoveryUploadResolverFunction.metricAllConcurrentExecutions(props?: MetricOptions)

Metric for the number of concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllDuration`

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

DiscoveryUploadResolverFunction.metricAllDuration(props?: MetricOptions)

Metric for the Duration executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllErrors`

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

DiscoveryUploadResolverFunction.metricAllErrors(props?: MetricOptions)

Metric for the number of Errors executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllInvocations`

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

DiscoveryUploadResolverFunction.metricAllInvocations(props?: MetricOptions)

Metric for the number of invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllThrottles`

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

DiscoveryUploadResolverFunction.metricAllThrottles(props?: MetricOptions)

Metric for the number of throttled invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllUnreservedConcurrentExecutions`

import { DiscoveryUploadResolverFunction } from '@cdklabs/genai-idp'

DiscoveryUploadResolverFunction.metricAllUnreservedConcurrentExecutions(props?: MetricOptions)

Metric for the number of unreserved concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
`connections`	`aws-cdk-lib.aws_ec2.Connections`	Access the Connections object.
`functionArn`	`string`	ARN of this function.
`functionName`	`string`	Name of this function.
`grantPrincipal`	`aws-cdk-lib.aws_iam.IPrincipal`	The principal this Lambda Function is running as.
`isBoundToVpc`	`boolean`	Whether or not this Lambda function was bound to a VPC.
`latestVersion`	`aws-cdk-lib.aws_lambda.IVersion`	The `$LATEST` version of this function.
`permissionsNode`	`constructs.Node`	The construct node where permissions are attached.
`resourceArnsForGrantInvoke`	`string[]`	The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().
`role`	`aws-cdk-lib.aws_iam.IRole`	Execution role associated with this function.
`currentVersion`	`aws-cdk-lib.aws_lambda.Version`	Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The LogGroup where the Lambda function's logs are made available.
`runtime`	`aws-cdk-lib.aws_lambda.Runtime`	The runtime configured for this lambda.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).
`timeout`	`aws-cdk-lib.Duration`	The timeout configured for this lambda.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`architecture`^Required

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture

The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).

`connections`^Required

public readonly connections: Connections;

Type: aws-cdk-lib.aws_ec2.Connections

Access the Connections object.

Will fail if not a VPC-enabled Lambda Function

`functionArn`^Required

public readonly functionArn: string;

Type: string

ARN of this function.

`functionName`^Required

public readonly functionName: string;

Type: string

Name of this function.

`grantPrincipal`^Required

public readonly grantPrincipal: IPrincipal;

Type: aws-cdk-lib.aws_iam.IPrincipal

The principal this Lambda Function is running as.

`isBoundToVpc`^Required

public readonly isBoundToVpc: boolean;

Type: boolean

Whether or not this Lambda function was bound to a VPC.

If this is is false, trying to access the connections object will fail.

`latestVersion`^Required

public readonly latestVersion: IVersion;

Type: aws-cdk-lib.aws_lambda.IVersion

The $LATEST version of this function.

Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.

To obtain a reference to an explicit version which references the current function configuration, use lambdaFunction.currentVersion instead.

`permissionsNode`^Required

public readonly permissionsNode: Node;

Type: constructs.Node

The construct node where permissions are attached.

`resourceArnsForGrantInvoke`^Required

public readonly resourceArnsForGrantInvoke: string[];

Type: string[]

The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole

Execution role associated with this function.

`currentVersion`^Required

public readonly currentVersion: Version;

Type: aws-cdk-lib.aws_lambda.Version

Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.

You can specify options for this version using the currentVersionOptions prop when initializing the lambda.Function.

`logGroup`^Required

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup

The LogGroup where the Lambda function's logs are made available.

If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention period (never expire, by default).

Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.

`runtime`^Required

public readonly runtime: Runtime;

Type: aws-cdk-lib.aws_lambda.Runtime

The runtime configured for this lambda.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue

The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic

The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).

`timeout`^Optional

public readonly timeout: Duration;

Type: aws-cdk-lib.Duration

The timeout configured for this lambda.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

DocumentDiscovery

Implements: IDocumentDiscovery

A construct that provides document discovery capabilities.

This construct creates the infrastructure needed for automated document analysis and configuration generation, including DynamoDB table, SQS queue, and Lambda functions for processing discovery jobs.

Initializers

import { DocumentDiscovery } from '@cdklabs/genai-idp'

new DocumentDiscovery(scope: Construct, id: string, props: DocumentDiscoveryProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`DocumentDiscoveryProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Required

Type: DocumentDiscoveryProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`initializeFunctions`	Initialize the Lambda functions with API URL.

`toString`

public toString(): string

Returns a string representation of this construct.

`initializeFunctions`

public initializeFunctions(api: IProcessingEnvironmentApi, configurationTable: IConfigurationTable, encryptionKey?: IKey, logLevel?: LogLevel, logRetention?: RetentionDays, vpcConfiguration?: VpcConfiguration): DocumentDiscoveryFunctions

Initialize the Lambda functions with API URL.

Called by ProcessingEnvironmentApi when adding document discovery.

`api`^Required

Type: IProcessingEnvironmentApi

`configurationTable`^Required

Type: IConfigurationTable

`encryptionKey`^Optional

Type: aws-cdk-lib.aws_kms.IKey

`logLevel`^Optional

Type: LogLevel

`logRetention`^Optional

Type: aws-cdk-lib.aws_logs.RetentionDays

`vpcConfiguration`^Optional

Type: VpcConfiguration

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.

`isConstruct`

import { DocumentDiscovery } from '@cdklabs/genai-idp'

DocumentDiscovery.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`discoveryBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket for document discovery uploads.
`discoveryQueue`	`IDiscoveryQueue`	The SQS queue for processing discovery jobs asynchronously.
`discoveryTable`	`IDiscoveryTable`	The DynamoDB table that tracks discovery job status and metadata.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`discoveryBucket`^Required

public readonly discoveryBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket for document discovery uploads.

`discoveryQueue`^Required

public readonly discoveryQueue: IDiscoveryQueue;

Type: IDiscoveryQueue

The SQS queue for processing discovery jobs asynchronously.

`discoveryTable`^Required

public readonly discoveryTable: IDiscoveryTable;

Type: IDiscoveryTable

The DynamoDB table that tracks discovery job status and metadata.

GetWorkforceUrlFunction

Implements: aws-cdk-lib.aws_lambda.IFunction

A Lambda function that retrieves workforce portal URLs for HITL workflows.

This function is designed as a CloudFormation custom resource handler that retrieves the SageMaker workforce portal URL for human reviewers to access documents that require manual review and correction.

Initializers

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

new GetWorkforceUrlFunction(scope: Construct, id: string, props: GetWorkforceUrlFunctionProps)

Name	Type	Description
`scope`	`constructs.Construct`	The construct scope.
`id`	`string`	The construct ID.
`props`	`GetWorkforceUrlFunctionProps`	Configuration properties for the function.

`scope`^Required

Type: constructs.Construct

The construct scope.

`id`^Required

Type: string

The construct ID.

`props`^Required

Type: GetWorkforceUrlFunctionProps

Configuration properties for the function.

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addEventSource`	Adds an event source to this function.
`addEventSourceMapping`	Adds an event source that maps to this AWS Lambda function.
`addFunctionUrl`	Adds a url to this lambda function.
`addPermission`	Adds a permission to the Lambda resource policy.
`addToRolePolicy`	Adds a statement to the IAM role assumed by the instance.
`configureAsyncInvoke`	Configures options for asynchronous invocation.
`considerWarningOnInvokeFunctionPermissions`	A warning will be added to functions under the following conditions: - permissions that include `lambda:InvokeFunction` are added to the unqualified function.
`grantInvoke`	Grant the given identity permissions to invoke this Lambda.
`grantInvokeCompositePrincipal`	Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.
`grantInvokeLatestVersion`	Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.
`grantInvokeUrl`	Grant the given identity permissions to invoke this Lambda Function URL.
`grantInvokeVersion`	Grant the given identity permissions to invoke the given version of this Lambda.
`metric`	Return the given named metric for this Function.
`metricDuration`	How long execution of this Lambda takes.
`metricErrors`	How many invocations of this Lambda fail.
`metricInvocations`	How often this Lambda is invoked.
`metricThrottles`	How often this Lambda is throttled.
`addAlias`	Defines an alias for this function.
`addEnvironment`	Adds an environment variable to this Lambda function.
`addLayers`	Adds one or more Lambda Layers to this Lambda function.
`invalidateVersionBasedOn`	Mix additional information into the hash of the Version object.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addEventSource`

public addEventSource(source: IEventSource): void

Adds an event source to this function.

Event sources are implemented in the aws-cdk-lib/aws-lambda-event-sources module.

The following example adds an SQS Queue as an event source:

import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
myFunction.addEventSource(new SqsEventSource(myQueue));

`source`^Required

Type: aws-cdk-lib.aws_lambda.IEventSource

`addEventSourceMapping`

public addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping

Adds an event source that maps to this AWS Lambda function.

`id`^Required

Type: string

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventSourceMappingOptions

`addFunctionUrl`

public addFunctionUrl(options?: FunctionUrlOptions): FunctionUrl

Adds a url to this lambda function.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.FunctionUrlOptions

`addPermission`

public addPermission(id: string, permission: Permission): void

Adds a permission to the Lambda resource policy.

`id`^Required

Type: string

The id for the permission construct.

`permission`^Required

Type: aws-cdk-lib.aws_lambda.Permission

The permission to grant to this Lambda function.

`addToRolePolicy`

public addToRolePolicy(statement: PolicyStatement): void

Adds a statement to the IAM role assumed by the instance.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

`configureAsyncInvoke`

public configureAsyncInvoke(options: EventInvokeConfigOptions): void

Configures options for asynchronous invocation.

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventInvokeConfigOptions

`considerWarningOnInvokeFunctionPermissions`

public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string): void

A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function.

function.currentVersion is invoked before or after the permission is created.

This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.

`scope`^Required

Type: constructs.Construct

`action`^Required

Type: string

`grantInvoke`

public grantInvoke(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeCompositePrincipal`

public grantInvokeCompositePrincipal(compositePrincipal: CompositePrincipal): Grant[]

Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.

`compositePrincipal`^Required

Type: aws-cdk-lib.aws_iam.CompositePrincipal

`grantInvokeLatestVersion`

public grantInvokeLatestVersion(grantee: IGrantable): Grant

Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeUrl`

public grantInvokeUrl(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda Function URL.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeVersion`

public grantInvokeVersion(grantee: IGrantable, version: IVersion): Grant

Grant the given identity permissions to invoke the given version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`version`^Required

Type: aws-cdk-lib.aws_lambda.IVersion

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Function.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricDuration`

public metricDuration(props?: MetricOptions): Metric

How long execution of this Lambda takes.

Average over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricErrors`

public metricErrors(props?: MetricOptions): Metric

How many invocations of this Lambda fail.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricInvocations`

public metricInvocations(props?: MetricOptions): Metric

How often this Lambda is invoked.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottles`

public metricThrottles(props?: MetricOptions): Metric

How often this Lambda is throttled.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addAlias`

public addAlias(aliasName: string, options?: AliasOptions): Alias

Defines an alias for this function.

The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment.

declare const fn: lambda.Function;

fn.addAlias('Live');

// Is equivalent to

new lambda.Alias(this, 'AliasLive', {
  aliasName: 'Live',
  version: fn.currentVersion,
});

`aliasName`^Required

Type: string

The name of the alias.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.AliasOptions

Alias options.

`addEnvironment`

public addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function

Adds an environment variable to this Lambda function.

If this is a ref to a Lambda function, this operation results in a no-op.

`key`^Required

Type: string

The environment variable key.

`value`^Required

Type: string

The environment variable's value.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.EnvironmentOptions

Environment variable options.

`addLayers`

public addLayers(layers: ...ILayerVersion[]): void

Adds one or more Lambda Layers to this Lambda function.

`layers`^Required

Type: ...aws-cdk-lib.aws_lambda.ILayerVersion[]

the layers to be added.

`invalidateVersionBasedOn`

public invalidateVersionBasedOn(x: string): void

Mix additional information into the hash of the Version object.

The Lambda Function construct does its best to automatically create a new Version when anything about the Function changes (its code, its layers, any of the other properties).

However, you can sometimes source information from places that the CDK cannot look into, like the deploy-time values of SSM parameters. In those cases, the CDK would not force the creation of a new Version object when it actually should.

This method can be used to invalidate the current Version object. Pass in any string into this method, and make sure the string changes when you know a new Version needs to be created.

This method may be called more than once.

`x`^Required

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`classifyVersionProperty`	Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource.
`fromFunctionArn`	Import a lambda function into the CDK using its ARN.
`fromFunctionAttributes`	Creates a Lambda function object which represents a function not defined within this stack.
`fromFunctionName`	Import a lambda function into the CDK using its name.
`metricAll`	Return the given named metric for this Lambda.
`metricAllConcurrentExecutions`	Metric for the number of concurrent executions across all Lambdas.
`metricAllDuration`	Metric for the Duration executing all Lambdas.
`metricAllErrors`	Metric for the number of Errors executing all Lambdas.
`metricAllInvocations`	Metric for the number of invocations of all Lambdas.
`metricAllThrottles`	Metric for the number of throttled invocations of all Lambdas.
`metricAllUnreservedConcurrentExecutions`	Metric for the number of unreserved concurrent executions across all Lambdas.

`isConstruct`

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

GetWorkforceUrlFunction.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

GetWorkforceUrlFunction.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

GetWorkforceUrlFunction.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`classifyVersionProperty`

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

GetWorkforceUrlFunction.classifyVersionProperty(propertyName: string, locked: boolean)

Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource.

See 'currentVersion' section in the module README for more details.

`propertyName`^Required

Type: string

The property to classify.

`locked`^Required

Type: boolean

whether the property should be associated to the version or not.

`fromFunctionArn`

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

GetWorkforceUrlFunction.fromFunctionArn(scope: Construct, id: string, functionArn: string)

Import a lambda function into the CDK using its ARN.

For Function.addPermissions() to work on this imported lambda, make sure that is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionArn`^Required

Type: string

`fromFunctionAttributes`

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

GetWorkforceUrlFunction.fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes)

Creates a Lambda function object which represents a function not defined within this stack.

For Function.addPermissions() to work on this imported lambda, set the sameEnvironment property to true if this imported lambda is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

The parent construct.

`id`^Required

Type: string

The name of the lambda construct.

`attrs`^Required

Type: aws-cdk-lib.aws_lambda.FunctionAttributes

the attributes of the function to import.

`fromFunctionName`

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

GetWorkforceUrlFunction.fromFunctionName(scope: Construct, id: string, functionName: string)

Import a lambda function into the CDK using its name.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionName`^Required

Type: string

`metricAll`

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

GetWorkforceUrlFunction.metricAll(metricName: string, props?: MetricOptions)

Return the given named metric for this Lambda.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllConcurrentExecutions`

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

GetWorkforceUrlFunction.metricAllConcurrentExecutions(props?: MetricOptions)

Metric for the number of concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllDuration`

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

GetWorkforceUrlFunction.metricAllDuration(props?: MetricOptions)

Metric for the Duration executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllErrors`

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

GetWorkforceUrlFunction.metricAllErrors(props?: MetricOptions)

Metric for the number of Errors executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllInvocations`

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

GetWorkforceUrlFunction.metricAllInvocations(props?: MetricOptions)

Metric for the number of invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllThrottles`

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

GetWorkforceUrlFunction.metricAllThrottles(props?: MetricOptions)

Metric for the number of throttled invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllUnreservedConcurrentExecutions`

import { GetWorkforceUrlFunction } from '@cdklabs/genai-idp'

GetWorkforceUrlFunction.metricAllUnreservedConcurrentExecutions(props?: MetricOptions)

Metric for the number of unreserved concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
`connections`	`aws-cdk-lib.aws_ec2.Connections`	Access the Connections object.
`functionArn`	`string`	ARN of this function.
`functionName`	`string`	Name of this function.
`grantPrincipal`	`aws-cdk-lib.aws_iam.IPrincipal`	The principal this Lambda Function is running as.
`isBoundToVpc`	`boolean`	Whether or not this Lambda function was bound to a VPC.
`latestVersion`	`aws-cdk-lib.aws_lambda.IVersion`	The `$LATEST` version of this function.
`permissionsNode`	`constructs.Node`	The construct node where permissions are attached.
`resourceArnsForGrantInvoke`	`string[]`	The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().
`role`	`aws-cdk-lib.aws_iam.IRole`	Execution role associated with this function.
`currentVersion`	`aws-cdk-lib.aws_lambda.Version`	Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The LogGroup where the Lambda function's logs are made available.
`runtime`	`aws-cdk-lib.aws_lambda.Runtime`	The runtime configured for this lambda.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).
`timeout`	`aws-cdk-lib.Duration`	The timeout configured for this lambda.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`architecture`^Required

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture

The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).

`connections`^Required

public readonly connections: Connections;

Type: aws-cdk-lib.aws_ec2.Connections

Access the Connections object.

Will fail if not a VPC-enabled Lambda Function

`functionArn`^Required

public readonly functionArn: string;

Type: string

ARN of this function.

`functionName`^Required

public readonly functionName: string;

Type: string

Name of this function.

`grantPrincipal`^Required

public readonly grantPrincipal: IPrincipal;

Type: aws-cdk-lib.aws_iam.IPrincipal

The principal this Lambda Function is running as.

`isBoundToVpc`^Required

public readonly isBoundToVpc: boolean;

Type: boolean

Whether or not this Lambda function was bound to a VPC.

If this is is false, trying to access the connections object will fail.

`latestVersion`^Required

public readonly latestVersion: IVersion;

Type: aws-cdk-lib.aws_lambda.IVersion

The $LATEST version of this function.

Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.

To obtain a reference to an explicit version which references the current function configuration, use lambdaFunction.currentVersion instead.

`permissionsNode`^Required

public readonly permissionsNode: Node;

Type: constructs.Node

The construct node where permissions are attached.

`resourceArnsForGrantInvoke`^Required

public readonly resourceArnsForGrantInvoke: string[];

Type: string[]

The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole

Execution role associated with this function.

`currentVersion`^Required

public readonly currentVersion: Version;

Type: aws-cdk-lib.aws_lambda.Version

Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.

You can specify options for this version using the currentVersionOptions prop when initializing the lambda.Function.

`logGroup`^Required

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup

The LogGroup where the Lambda function's logs are made available.

If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention period (never expire, by default).

Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.

`runtime`^Required

public readonly runtime: Runtime;

Type: aws-cdk-lib.aws_lambda.Runtime

The runtime configured for this lambda.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue

The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic

The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).

`timeout`^Optional

public readonly timeout: Duration;

Type: aws-cdk-lib.Duration

The timeout configured for this lambda.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

HitlEnvironment

Implements: IHitlEnvironment

A construct that sets up the Human-in-the-Loop (HITL) environment for document processing.

This construct creates and manages all the necessary components for HITL workflows: - SageMaker workteam for human reviewers - Cognito User Pool Client for A2I integration - A2I Flow Definition and Human Task UI management - Workforce portal URL retrieval

The HITL environment enables human review of documents that fall below confidence thresholds or require manual verification.

Initializers

import { HitlEnvironment } from '@cdklabs/genai-idp'

new HitlEnvironment(scope: Construct, id: string, props: HitlEnvironmentProps)

Name	Type	Description
`scope`	`constructs.Construct`	The construct scope.
`id`	`string`	The construct ID.
`props`	`HitlEnvironmentProps`	Configuration properties for the HITL environment.

`scope`^Required

Type: constructs.Construct

The construct scope.

`id`^Required

Type: string

The construct ID.

`props`^Required

Type: HitlEnvironmentProps

Configuration properties for the HITL environment.

Methods

Name	Description
`toString`	Returns a string representation of this construct.

`toString`

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.

`isConstruct`

import { HitlEnvironment } from '@cdklabs/genai-idp'

HitlEnvironment.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`flowDefinitionRole`	`aws-cdk-lib.aws_iam.Role`	The IAM role for A2I Flow Definition.
`labelingConsoleUrl`	`string`	The labeling console URL for SageMaker Ground Truth.
`userPoolClient`	`aws-cdk-lib.aws_cognito.IUserPoolClient`	The Cognito User Pool Client for A2I integration.
`workforcePortalUrl`	`string`	The workforce portal URL for human reviewers.
`workteam`	`IWorkteam`	The SageMaker workteam for HITL tasks.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`flowDefinitionRole`^Required

public readonly flowDefinitionRole: Role;

Type: aws-cdk-lib.aws_iam.Role

The IAM role for A2I Flow Definition.

`labelingConsoleUrl`^Required

public readonly labelingConsoleUrl: string;

Type: string

The labeling console URL for SageMaker Ground Truth.

`userPoolClient`^Required

public readonly userPoolClient: IUserPoolClient;

Type: aws-cdk-lib.aws_cognito.IUserPoolClient

The Cognito User Pool Client for A2I integration.

`workforcePortalUrl`^Required

public readonly workforcePortalUrl: string;

Type: string

The workforce portal URL for human reviewers.

`workteam`^Required

public readonly workteam: IWorkteam;

Type: IWorkteam

The SageMaker workteam for HITL tasks.

ListAvailableAgentsFunction

Lambda function for listing available analytics agents.

This function returns a list of available agents including both built-in analytics agents and any configured external MCP agents.

Initializers

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

new ListAvailableAgentsFunction(scope: Construct, id: string, props: ListAvailableAgentsFunctionProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`ListAvailableAgentsFunctionProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Required

Type: ListAvailableAgentsFunctionProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addEventSource`	Adds an event source to this function.
`addEventSourceMapping`	Adds an event source that maps to this AWS Lambda function.
`addFunctionUrl`	Adds a url to this lambda function.
`addPermission`	Adds a permission to the Lambda resource policy.
`addToRolePolicy`	Adds a statement to the IAM role assumed by the instance.
`configureAsyncInvoke`	Configures options for asynchronous invocation.
`considerWarningOnInvokeFunctionPermissions`	A warning will be added to functions under the following conditions: - permissions that include `lambda:InvokeFunction` are added to the unqualified function.
`grantInvoke`	Grant the given identity permissions to invoke this Lambda.
`grantInvokeCompositePrincipal`	Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.
`grantInvokeLatestVersion`	Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.
`grantInvokeUrl`	Grant the given identity permissions to invoke this Lambda Function URL.
`grantInvokeVersion`	Grant the given identity permissions to invoke the given version of this Lambda.
`metric`	Return the given named metric for this Function.
`metricDuration`	How long execution of this Lambda takes.
`metricErrors`	How many invocations of this Lambda fail.
`metricInvocations`	How often this Lambda is invoked.
`metricThrottles`	How often this Lambda is throttled.
`addAlias`	Defines an alias for this function.
`addEnvironment`	Adds an environment variable to this Lambda function.
`addLayers`	Adds one or more Lambda Layers to this Lambda function.
`invalidateVersionBasedOn`	Mix additional information into the hash of the Version object.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addEventSource`

public addEventSource(source: IEventSource): void

Adds an event source to this function.

Event sources are implemented in the aws-cdk-lib/aws-lambda-event-sources module.

The following example adds an SQS Queue as an event source:

import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
myFunction.addEventSource(new SqsEventSource(myQueue));

`source`^Required

Type: aws-cdk-lib.aws_lambda.IEventSource

`addEventSourceMapping`

public addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping

Adds an event source that maps to this AWS Lambda function.

`id`^Required

Type: string

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventSourceMappingOptions

`addFunctionUrl`

public addFunctionUrl(options?: FunctionUrlOptions): FunctionUrl

Adds a url to this lambda function.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.FunctionUrlOptions

`addPermission`

public addPermission(id: string, permission: Permission): void

Adds a permission to the Lambda resource policy.

`id`^Required

Type: string

The id for the permission construct.

`permission`^Required

Type: aws-cdk-lib.aws_lambda.Permission

The permission to grant to this Lambda function.

`addToRolePolicy`

public addToRolePolicy(statement: PolicyStatement): void

Adds a statement to the IAM role assumed by the instance.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

`configureAsyncInvoke`

public configureAsyncInvoke(options: EventInvokeConfigOptions): void

Configures options for asynchronous invocation.

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventInvokeConfigOptions

`considerWarningOnInvokeFunctionPermissions`

public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string): void

A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function.

function.currentVersion is invoked before or after the permission is created.

This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.

`scope`^Required

Type: constructs.Construct

`action`^Required

Type: string

`grantInvoke`

public grantInvoke(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeCompositePrincipal`

public grantInvokeCompositePrincipal(compositePrincipal: CompositePrincipal): Grant[]

Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.

`compositePrincipal`^Required

Type: aws-cdk-lib.aws_iam.CompositePrincipal

`grantInvokeLatestVersion`

public grantInvokeLatestVersion(grantee: IGrantable): Grant

Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeUrl`

public grantInvokeUrl(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda Function URL.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeVersion`

public grantInvokeVersion(grantee: IGrantable, version: IVersion): Grant

Grant the given identity permissions to invoke the given version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`version`^Required

Type: aws-cdk-lib.aws_lambda.IVersion

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Function.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricDuration`

public metricDuration(props?: MetricOptions): Metric

How long execution of this Lambda takes.

Average over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricErrors`

public metricErrors(props?: MetricOptions): Metric

How many invocations of this Lambda fail.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricInvocations`

public metricInvocations(props?: MetricOptions): Metric

How often this Lambda is invoked.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottles`

public metricThrottles(props?: MetricOptions): Metric

How often this Lambda is throttled.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addAlias`

public addAlias(aliasName: string, options?: AliasOptions): Alias

Defines an alias for this function.

The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment.

declare const fn: lambda.Function;

fn.addAlias('Live');

// Is equivalent to

new lambda.Alias(this, 'AliasLive', {
  aliasName: 'Live',
  version: fn.currentVersion,
});

`aliasName`^Required

Type: string

The name of the alias.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.AliasOptions

Alias options.

`addEnvironment`

public addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function

Adds an environment variable to this Lambda function.

If this is a ref to a Lambda function, this operation results in a no-op.

`key`^Required

Type: string

The environment variable key.

`value`^Required

Type: string

The environment variable's value.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.EnvironmentOptions

Environment variable options.

`addLayers`

public addLayers(layers: ...ILayerVersion[]): void

Adds one or more Lambda Layers to this Lambda function.

`layers`^Required

Type: ...aws-cdk-lib.aws_lambda.ILayerVersion[]

the layers to be added.

`invalidateVersionBasedOn`

public invalidateVersionBasedOn(x: string): void

Mix additional information into the hash of the Version object.

The Lambda Function construct does its best to automatically create a new Version when anything about the Function changes (its code, its layers, any of the other properties).

However, you can sometimes source information from places that the CDK cannot look into, like the deploy-time values of SSM parameters. In those cases, the CDK would not force the creation of a new Version object when it actually should.

This method can be used to invalidate the current Version object. Pass in any string into this method, and make sure the string changes when you know a new Version needs to be created.

This method may be called more than once.

`x`^Required

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`classifyVersionProperty`	Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource.
`fromFunctionArn`	Import a lambda function into the CDK using its ARN.
`fromFunctionAttributes`	Creates a Lambda function object which represents a function not defined within this stack.
`fromFunctionName`	Import a lambda function into the CDK using its name.
`metricAll`	Return the given named metric for this Lambda.
`metricAllConcurrentExecutions`	Metric for the number of concurrent executions across all Lambdas.
`metricAllDuration`	Metric for the Duration executing all Lambdas.
`metricAllErrors`	Metric for the number of Errors executing all Lambdas.
`metricAllInvocations`	Metric for the number of invocations of all Lambdas.
`metricAllThrottles`	Metric for the number of throttled invocations of all Lambdas.
`metricAllUnreservedConcurrentExecutions`	Metric for the number of unreserved concurrent executions across all Lambdas.

`isConstruct`

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

ListAvailableAgentsFunction.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

ListAvailableAgentsFunction.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

ListAvailableAgentsFunction.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`classifyVersionProperty`

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

ListAvailableAgentsFunction.classifyVersionProperty(propertyName: string, locked: boolean)

Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource.

See 'currentVersion' section in the module README for more details.

`propertyName`^Required

Type: string

The property to classify.

`locked`^Required

Type: boolean

whether the property should be associated to the version or not.

`fromFunctionArn`

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

ListAvailableAgentsFunction.fromFunctionArn(scope: Construct, id: string, functionArn: string)

Import a lambda function into the CDK using its ARN.

For Function.addPermissions() to work on this imported lambda, make sure that is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionArn`^Required

Type: string

`fromFunctionAttributes`

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

ListAvailableAgentsFunction.fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes)

Creates a Lambda function object which represents a function not defined within this stack.

For Function.addPermissions() to work on this imported lambda, set the sameEnvironment property to true if this imported lambda is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

The parent construct.

`id`^Required

Type: string

The name of the lambda construct.

`attrs`^Required

Type: aws-cdk-lib.aws_lambda.FunctionAttributes

the attributes of the function to import.

`fromFunctionName`

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

ListAvailableAgentsFunction.fromFunctionName(scope: Construct, id: string, functionName: string)

Import a lambda function into the CDK using its name.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionName`^Required

Type: string

`metricAll`

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

ListAvailableAgentsFunction.metricAll(metricName: string, props?: MetricOptions)

Return the given named metric for this Lambda.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllConcurrentExecutions`

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

ListAvailableAgentsFunction.metricAllConcurrentExecutions(props?: MetricOptions)

Metric for the number of concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllDuration`

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

ListAvailableAgentsFunction.metricAllDuration(props?: MetricOptions)

Metric for the Duration executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllErrors`

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

ListAvailableAgentsFunction.metricAllErrors(props?: MetricOptions)

Metric for the number of Errors executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllInvocations`

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

ListAvailableAgentsFunction.metricAllInvocations(props?: MetricOptions)

Metric for the number of invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllThrottles`

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

ListAvailableAgentsFunction.metricAllThrottles(props?: MetricOptions)

Metric for the number of throttled invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllUnreservedConcurrentExecutions`

import { ListAvailableAgentsFunction } from '@cdklabs/genai-idp'

ListAvailableAgentsFunction.metricAllUnreservedConcurrentExecutions(props?: MetricOptions)

Metric for the number of unreserved concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
`connections`	`aws-cdk-lib.aws_ec2.Connections`	Access the Connections object.
`functionArn`	`string`	ARN of this function.
`functionName`	`string`	Name of this function.
`grantPrincipal`	`aws-cdk-lib.aws_iam.IPrincipal`	The principal this Lambda Function is running as.
`isBoundToVpc`	`boolean`	Whether or not this Lambda function was bound to a VPC.
`latestVersion`	`aws-cdk-lib.aws_lambda.IVersion`	The `$LATEST` version of this function.
`permissionsNode`	`constructs.Node`	The construct node where permissions are attached.
`resourceArnsForGrantInvoke`	`string[]`	The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().
`role`	`aws-cdk-lib.aws_iam.IRole`	Execution role associated with this function.
`currentVersion`	`aws-cdk-lib.aws_lambda.Version`	Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The LogGroup where the Lambda function's logs are made available.
`runtime`	`aws-cdk-lib.aws_lambda.Runtime`	The runtime configured for this lambda.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).
`timeout`	`aws-cdk-lib.Duration`	The timeout configured for this lambda.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`architecture`^Required

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture

The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).

`connections`^Required

public readonly connections: Connections;

Type: aws-cdk-lib.aws_ec2.Connections

Access the Connections object.

Will fail if not a VPC-enabled Lambda Function

`functionArn`^Required

public readonly functionArn: string;

Type: string

ARN of this function.

`functionName`^Required

public readonly functionName: string;

Type: string

Name of this function.

`grantPrincipal`^Required

public readonly grantPrincipal: IPrincipal;

Type: aws-cdk-lib.aws_iam.IPrincipal

The principal this Lambda Function is running as.

`isBoundToVpc`^Required

public readonly isBoundToVpc: boolean;

Type: boolean

Whether or not this Lambda function was bound to a VPC.

If this is is false, trying to access the connections object will fail.

`latestVersion`^Required

public readonly latestVersion: IVersion;

Type: aws-cdk-lib.aws_lambda.IVersion

The $LATEST version of this function.

Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.

To obtain a reference to an explicit version which references the current function configuration, use lambdaFunction.currentVersion instead.

`permissionsNode`^Required

public readonly permissionsNode: Node;

Type: constructs.Node

The construct node where permissions are attached.

`resourceArnsForGrantInvoke`^Required

public readonly resourceArnsForGrantInvoke: string[];

Type: string[]

The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole

Execution role associated with this function.

`currentVersion`^Required

public readonly currentVersion: Version;

Type: aws-cdk-lib.aws_lambda.Version

Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.

You can specify options for this version using the currentVersionOptions prop when initializing the lambda.Function.

`logGroup`^Required

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup

The LogGroup where the Lambda function's logs are made available.

If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention period (never expire, by default).

Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.

`runtime`^Required

public readonly runtime: Runtime;

Type: aws-cdk-lib.aws_lambda.Runtime

The runtime configured for this lambda.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue

The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic

The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).

`timeout`^Optional

public readonly timeout: Duration;

Type: aws-cdk-lib.Duration

The timeout configured for this lambda.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

ProcessingEnvironment

Implements: IProcessingEnvironment

Core infrastructure for the Intelligent Document Processing solution.

This construct orchestrates the end-to-end document processing workflow, from document ingestion to structured data extraction and result tracking. It provides the shared infrastructure and services that all document processor patterns use, including:

S3 buckets for document storage
DynamoDB tables for tracking and configuration
SQS queues for document processing
Lambda functions for workflow orchestration
CloudWatch metrics and logs for monitoring
GraphQL API for client interactions

The ProcessingEnvironment is designed to be pattern-agnostic, providing the foundation that specific document processor implementations build upon.

Initializers

import { ProcessingEnvironment } from '@cdklabs/genai-idp'

new ProcessingEnvironment(scope: Construct, id: string, props: ProcessingEnvironmentProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`ProcessingEnvironmentProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Required

Type: ProcessingEnvironmentProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`attach`	Attaches a document processor to this processing environment.
`metricQueueLatency`	Creates a CloudWatch metric for queue latency.
`metricTotalLatency`	Creates a CloudWatch metric for total processing latency.
`metricWorkflowLatency`	Creates a CloudWatch metric for workflow latency.

`toString`

public toString(): string

Returns a string representation of this construct.

`attach`

public attach(processor: IDocumentProcessor, options?: DocumentProcessorAttachmentOptions): void

Attaches a document processor to this processing environment.

Sets up the necessary event triggers, permissions, and integrations to enable the processor to work with this environment.

`processor`^Required

Type: IDocumentProcessor

`options`^Optional

Type: DocumentProcessorAttachmentOptions

`metricQueueLatency`

public metricQueueLatency(props?: MetricOptions): Metric

Creates a CloudWatch metric for queue latency.

Measures the time from when a document is queued to when workflow processing starts.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Optional metric configuration properties.

`metricTotalLatency`

public metricTotalLatency(props?: MetricOptions): Metric

Creates a CloudWatch metric for total processing latency.

Measures the end-to-end time from document queuing to completion.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Optional metric configuration properties.

`metricWorkflowLatency`

public metricWorkflowLatency(props?: MetricOptions): Metric

Creates a CloudWatch metric for workflow latency.

Measures the time from when workflow processing starts to completion.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Optional metric configuration properties.

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.

`isConstruct`

import { ProcessingEnvironment } from '@cdklabs/genai-idp'

ProcessingEnvironment.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`configurationFunction`	`aws-cdk-lib.aws_lambda.IFunction`	The Lambda function that updates configuration settings.
`configurationTable`	`IConfigurationTable`	The DynamoDB table that stores configuration settings.
`inputBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket where source documents to be processed are stored.
`logLevel`	`LogLevel`	The log level for document processing components.
`metricNamespace`	`string`	The namespace for CloudWatch metrics emitted by the document processing system.
`outputBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket where processed documents and extraction results are stored.
`trackingTable`	`ITrackingTable`	The DynamoDB table that tracks document processing status and metadata.
`workingBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket used for temporary storage during document processing.
`api`	`IProcessingEnvironmentApi`	Optional ProcessingEnvironmentApi for progress notifications.
`documentDiscovery`	`IDocumentDiscovery`	Optional document discovery system for automated configuration generation.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS key used for encrypting sensitive data in the processing environment.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The retention period for CloudWatch logs generated by document processing components.
`reportingEnvironment`	`IReportingEnvironment`	Optional reporting environment for analytics and evaluation capabilities.
`saveReportingDataFunction`	`aws-cdk-lib.aws_lambda.IFunction`	Optional Lambda function that saves reporting data to the reporting bucket.
`vpcConfiguration`	`VpcConfiguration`	Optional VPC configuration for document processing components.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`configurationFunction`^Required

public readonly configurationFunction: IFunction;

Type: aws-cdk-lib.aws_lambda.IFunction

The Lambda function that updates configuration settings.

Used to initialize and update configuration during deployment and runtime.

`configurationTable`^Required

public readonly configurationTable: IConfigurationTable;

Type: IConfigurationTable

The DynamoDB table that stores configuration settings.

Contains document schemas, extraction parameters, and other system-wide settings.

`inputBucket`^Required

public readonly inputBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where source documents to be processed are stored.

This bucket is monitored for new document uploads to trigger processing.

`logLevel`^Required

public readonly logLevel: LogLevel;

Type: LogLevel

The log level for document processing components.

Controls the verbosity of logs generated during document processing.

`metricNamespace`^Required

public readonly metricNamespace: string;

Type: string

The namespace for CloudWatch metrics emitted by the document processing system.

Used to organize and identify metrics related to document processing.

`outputBucket`^Required

public readonly outputBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where processed documents and extraction results are stored.

Contains the structured data output and processing artifacts.

`trackingTable`^Required

public readonly trackingTable: ITrackingTable;

Type: ITrackingTable

The DynamoDB table that tracks document processing status and metadata.

Stores information about documents being processed, including status and results.

`workingBucket`^Required

public readonly workingBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket used for temporary storage during document processing.

Contains intermediate processing artifacts and working files.

`api`^Optional

public readonly api: IProcessingEnvironmentApi;

Type: IProcessingEnvironmentApi

Optional ProcessingEnvironmentApi for progress notifications.

When provided, functions will use GraphQL mutations to update document status.

`documentDiscovery`^Optional

public readonly documentDiscovery: IDocumentDiscovery;

Type: IDocumentDiscovery

Optional document discovery system for automated configuration generation.

When provided, enables discovery job processing, status tracking, and UI upload functionality.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS key used for encrypting sensitive data in the processing environment.

When provided, ensures that document content and metadata are encrypted at rest.

`logRetention`^Optional

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays

The retention period for CloudWatch logs generated by document processing components.

Controls how long system logs are kept for troubleshooting and auditing.

`reportingEnvironment`^Optional

public readonly reportingEnvironment: IReportingEnvironment;

Type: IReportingEnvironment

Optional reporting environment for analytics and evaluation capabilities.

When provided, enables storage and querying of evaluation metrics and processing analytics.

`saveReportingDataFunction`^Optional

public readonly saveReportingDataFunction: IFunction;

Type: aws-cdk-lib.aws_lambda.IFunction

Optional Lambda function that saves reporting data to the reporting bucket.

Available when a reporting environment is provided.

`vpcConfiguration`^Optional

public readonly vpcConfiguration: VpcConfiguration;

Type: VpcConfiguration

Optional VPC configuration for document processing components.

When provided, deploys processing components within a VPC with specified settings.

ProcessingEnvironmentApi

Implements: IProcessingEnvironmentApi

A construct that provides a GraphQL API for tracking and managing document processing.

The ProcessingEnvironmentApi creates an AppSync GraphQL API with resolvers for: - Querying document status and metadata - Managing document processing (delete, reprocess) - Accessing document contents and extraction results - Uploading new documents for processing - Copying documents to baseline for evaluation - Querying document knowledge base (if configured)

It integrates with the processing environment's resources including DynamoDB tables, S3 buckets, and optional knowledge base to provide a comprehensive interface for monitoring and managing the document processing workflow.

Initializers

import { ProcessingEnvironmentApi } from '@cdklabs/genai-idp'

new ProcessingEnvironmentApi(scope: Construct, id: string, props: ProcessingEnvironmentApiProps)

Name	Type	Description
`scope`	`constructs.Construct`	The construct scope.
`id`	`string`	The construct ID.
`props`	`ProcessingEnvironmentApiProps`	Configuration properties for the API.

`scope`^Required

Type: constructs.Construct

The construct scope.

`id`^Required

Type: string

The construct ID.

`props`^Required

Type: ProcessingEnvironmentApiProps

Configuration properties for the API.

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addDynamoDbDataSource`	add a new DynamoDB data source to this API.
`addElasticsearchDataSource`	add a new elasticsearch data source to this API.
`addEventBridgeDataSource`	Add an EventBridge data source to this api.
`addHttpDataSource`	add a new http data source to this API.
`addLambdaDataSource`	add a new Lambda data source to this API.
`addNoneDataSource`	add a new dummy data source to this API.
`addOpenSearchDataSource`	add a new OpenSearch data source to this API.
`addRdsDataSource`	add a new Rds data source to this API.
`addRdsDataSourceV2`	add a new Rds data source to this API.
`addSchemaDependency`	Add schema dependency to a given construct.
`createResolver`	creates a new resolver for this datasource and API using the given properties.
`grant`	Adds an IAM policy statement associated with this GraphQLApi to an IAM principal's policy.
`grantMutation`	Adds an IAM policy statement for Mutation access to this GraphQLApi to an IAM principal's policy.
`grantQuery`	Adds an IAM policy statement for Query access to this GraphQLApi to an IAM principal's policy.
`grantSubscription`	Adds an IAM policy statement for Subscription access to this GraphQLApi to an IAM principal's policy.
`addEnvironmentVariable`	Add an environment variable to the construct.
`addAgentAnalytics`	Add Agent Analytics capabilities to the GraphQL API.
`addChatWithDocument`	Add Chat with Document capabilities to the GraphQL API.
`addConfigurationTable`	Add configuration table data sources and resolvers to the GraphQL API.
`addDocumentDiscovery`	Add Document Discovery capabilities to the GraphQL API.
`addEvaluation`	Add evaluation capabilities to the GraphQL API.
`addKnowledgeBase`	Add knowledge base querying capabilities to the GraphQL API.
`addStateMachine`	Add Step Functions resolvers and monitoring for the GraphQL API.
`addTrackingTable`	Add tracking table data sources and resolvers to the GraphQL API.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addDynamoDbDataSource`

public addDynamoDbDataSource(id: string, table: ITable, options?: DataSourceOptions): DynamoDbDataSource

add a new DynamoDB data source to this API.

`id`^Required

Type: string

The data source's id.

`table`^Required

Type: aws-cdk-lib.aws_dynamodb.ITable

The DynamoDB table backing this data source.

`options`^Optional

Type: aws-cdk-lib.aws_appsync.DataSourceOptions

The optional configuration for this data source.

`addElasticsearchDataSource`

public addElasticsearchDataSource(id: string, domain: IDomain, options?: DataSourceOptions): ElasticsearchDataSource

add a new elasticsearch data source to this API.

`id`^Required

Type: string

The data source's id.

`domain`^Required

Type: aws-cdk-lib.aws_elasticsearch.IDomain

The elasticsearch domain for this data source.

`options`^Optional

Type: aws-cdk-lib.aws_appsync.DataSourceOptions

The optional configuration for this data source.

`addEventBridgeDataSource`

public addEventBridgeDataSource(id: string, eventBus: IEventBus, options?: DataSourceOptions): EventBridgeDataSource

Add an EventBridge data source to this api.

`id`^Required

Type: string

The data source's id.

`eventBus`^Required

Type: aws-cdk-lib.aws_events.IEventBus

The EventBridge EventBus on which to put events.

`options`^Optional

Type: aws-cdk-lib.aws_appsync.DataSourceOptions

The optional configuration for this data source.

`addHttpDataSource`

public addHttpDataSource(id: string, endpoint: string, options?: HttpDataSourceOptions): HttpDataSource

add a new http data source to this API.

`id`^Required

Type: string

The data source's id.

`endpoint`^Required

Type: string

The http endpoint.

`options`^Optional

Type: aws-cdk-lib.aws_appsync.HttpDataSourceOptions

The optional configuration for this data source.

`addLambdaDataSource`

public addLambdaDataSource(id: string, lambdaFunction: IFunction, options?: DataSourceOptions): LambdaDataSource

add a new Lambda data source to this API.

`id`^Required

Type: string

The data source's id.

`lambdaFunction`^Required

Type: aws-cdk-lib.aws_lambda.IFunction

The Lambda function to call to interact with this data source.

`options`^Optional

Type: aws-cdk-lib.aws_appsync.DataSourceOptions

The optional configuration for this data source.

`addNoneDataSource`

public addNoneDataSource(id: string, options?: DataSourceOptions): NoneDataSource

add a new dummy data source to this API.

Useful for pipeline resolvers and for backend changes that don't require a data source.

`id`^Required

Type: string

The data source's id.

`options`^Optional

Type: aws-cdk-lib.aws_appsync.DataSourceOptions

The optional configuration for this data source.

`addOpenSearchDataSource`

public addOpenSearchDataSource(id: string, domain: IDomain, options?: DataSourceOptions): OpenSearchDataSource

add a new OpenSearch data source to this API.

`id`^Required

Type: string

The data source's id.

`domain`^Required

Type: aws-cdk-lib.aws_opensearchservice.IDomain

The OpenSearch domain for this data source.

`options`^Optional

Type: aws-cdk-lib.aws_appsync.DataSourceOptions

The optional configuration for this data source.

`addRdsDataSource`

public addRdsDataSource(id: string, serverlessCluster: IServerlessCluster, secretStore: ISecret, databaseName?: string, options?: DataSourceOptions): RdsDataSource

add a new Rds data source to this API.

`id`^Required

Type: string

The data source's id.

`serverlessCluster`^Required

Type: aws-cdk-lib.aws_rds.IServerlessCluster

The serverless cluster to interact with this data source.

`secretStore`^Required

Type: aws-cdk-lib.aws_secretsmanager.ISecret

The secret store that contains the username and password for the serverless cluster.

`databaseName`^Optional

Type: string

The optional name of the database to use within the cluster.

`options`^Optional

Type: aws-cdk-lib.aws_appsync.DataSourceOptions

The optional configuration for this data source.

`addRdsDataSourceV2`

public addRdsDataSourceV2(id: string, serverlessCluster: IDatabaseCluster, secretStore: ISecret, databaseName?: string, options?: DataSourceOptions): RdsDataSource

add a new Rds data source to this API.

`id`^Required

Type: string

The data source's id.

`serverlessCluster`^Required

Type: aws-cdk-lib.aws_rds.IDatabaseCluster

The serverless V2 cluster to interact with this data source.

`secretStore`^Required

Type: aws-cdk-lib.aws_secretsmanager.ISecret

The secret store that contains the username and password for the serverless cluster.

`databaseName`^Optional

Type: string

The optional name of the database to use within the cluster.

`options`^Optional

Type: aws-cdk-lib.aws_appsync.DataSourceOptions

The optional configuration for this data source.

`addSchemaDependency`

public addSchemaDependency(construct: CfnResource): boolean

Add schema dependency to a given construct.

`construct`^Required

Type: aws-cdk-lib.CfnResource

the dependee.

`createResolver`

public createResolver(id: string, props: ExtendedResolverProps): Resolver

creates a new resolver for this datasource and API using the given properties.

`id`^Required

Type: string

`props`^Required

Type: aws-cdk-lib.aws_appsync.ExtendedResolverProps

`grant`

public grant(grantee: IGrantable, resources: IamResource, actions: ...string[]): Grant

Adds an IAM policy statement associated with this GraphQLApi to an IAM principal's policy.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal.

`resources`^Required

Type: aws-cdk-lib.aws_appsync.IamResource

The set of resources to allow (i.e. ...:[region]:[accountId]:apis/GraphQLId/...).

`actions`^Required

Type: ...string[]

The actions that should be granted to the principal (i.e. appsync:graphql ).

`grantMutation`

public grantMutation(grantee: IGrantable, fields: ...string[]): Grant

Adds an IAM policy statement for Mutation access to this GraphQLApi to an IAM principal's policy.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal.

`fields`^Required

Type: ...string[]

The fields to grant access to that are Mutations (leave blank for all).

`grantQuery`

public grantQuery(grantee: IGrantable, fields: ...string[]): Grant

Adds an IAM policy statement for Query access to this GraphQLApi to an IAM principal's policy.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal.

`fields`^Required

Type: ...string[]

The fields to grant access to that are Queries (leave blank for all).

`grantSubscription`

public grantSubscription(grantee: IGrantable, fields: ...string[]): Grant

Adds an IAM policy statement for Subscription access to this GraphQLApi to an IAM principal's policy.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal.

`fields`^Required

Type: ...string[]

The fields to grant access to that are Subscriptions (leave blank for all).

`addEnvironmentVariable`

public addEnvironmentVariable(key: string, value: string): void

Add an environment variable to the construct.

`key`^Required

Type: string

`value`^Required

Type: string

`addAgentAnalytics`

public addAgentAnalytics(trackingTable: ITrackingTable, model: IInvokable, reportingEnvironment: IReportingEnvironment, externalMcpAgentsSecret?: ISecret, guardrail?: IGuardrail): void

Add Agent Analytics capabilities to the GraphQL API.

This method adds AI-powered analytics functionality that enables natural language querying of processed document data. It creates the necessary resolvers and data sources for agent analytics workflows including database discovery, SQL query generation, and interactive visualizations.

Example

// Add agent analytics after API creation
api.addAgentAnalytics(
  trackingTable,
  myAnalyticsModel,
  reportingDatabase,
  athenaBucket
);

`trackingTable`^Required

Type: ITrackingTable

The DynamoDB table that tracks document processing status.

`model`^Required

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IInvokable

The foundation model or inference profile for analytics queries.

`reportingEnvironment`^Required

Type: IReportingEnvironment

The reporting environment that the analytics will be run for.

`externalMcpAgentsSecret`^Optional

Type: aws-cdk-lib.aws_secretsmanager.ISecret

Optional Secrets Manager secret for external MCP agents.

`guardrail`^Optional

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IGuardrail

Optional Bedrock guardrail for content filtering.

`addChatWithDocument`

public addChatWithDocument(knowledgeBase: IKnowledgeBase, chatModel: IInvokable, guardrail?: IGuardrail): void

Add Chat with Document capabilities to the GraphQL API.

This method adds natural language conversation functionality about processed documents by combining document context from the knowledge base with conversational AI. It maintains conversation history and provides contextual responses.

Example

// Add chat with document after API creation
api.addChatWithDocument(
  knowledgeBase,
  chatModel,
  myGuardrail
);

`knowledgeBase`^Required

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IKnowledgeBase

The Bedrock knowledge base for document context.

`chatModel`^Required

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IInvokable

The invokable model for chat functionality.

`guardrail`^Optional

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IGuardrail

Optional Bedrock guardrail for content filtering.

`addConfigurationTable`

public addConfigurationTable(configurationTable: IConfigurationTable): void

Add configuration table data sources and resolvers to the GraphQL API.

This method adds configuration management functionality including: - Querying configuration settings - Updating configuration parameters - Managing document schemas and extraction parameters

Example

// Add configuration table functionality after API creation
api.addConfigurationTable(myConfigurationTable);

`configurationTable`^Required

Type: IConfigurationTable

The DynamoDB table that stores configuration settings.

`addDocumentDiscovery`

public addDocumentDiscovery(documentDiscovery: IDocumentDiscovery): void

Add Document Discovery capabilities to the GraphQL API.

This method adds document discovery functionality including automated document analysis and configuration generation capabilities.

`documentDiscovery`^Required

Type: IDocumentDiscovery

The document discovery construct with table, queue, and functions.

`addEvaluation`

public addEvaluation(evaluationBaselineBucket: IBucket): void

Add evaluation capabilities to the GraphQL API.

This method adds document evaluation functionality, including the ability to copy documents to a baseline bucket for evaluation purposes. It creates the necessary resolvers and data sources for evaluation workflows.

Example

// Add evaluation functionality after API creation
api.addEvaluation(myEvaluationBaselineBucket);

`evaluationBaselineBucket`^Required

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket for storing evaluation baseline documents.

`addKnowledgeBase`

public addKnowledgeBase(knowledgeBase: IKnowledgeBase, knowledgeBaseModel: IInvokable, knowledgeBaseGuardrail?: IGuardrail): void

Add knowledge base querying capabilities to the GraphQL API.

This method adds natural language querying functionality for processed documents using Amazon Bedrock knowledge base. It creates the necessary resolvers and data sources to enable document querying through the GraphQL API.

Example

// Add knowledge base functionality after API creation
api.addKnowledgeBase(
  myKnowledgeBase,
  bedrock.BedrockFoundationModel.AMAZON_NOVA_PRO_V1_0,
  myGuardrail
);

`knowledgeBase`^Required

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IKnowledgeBase

The Amazon Bedrock knowledge base for document querying.

`knowledgeBaseModel`^Required

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IInvokable

The invokable model to use for knowledge base queries.

`knowledgeBaseGuardrail`^Optional

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IGuardrail

Optional Bedrock guardrail to apply to model interactions.

`addStateMachine`

public addStateMachine(stateMachine: IStateMachine): void

Add Step Functions resolvers and monitoring for the GraphQL API.

This method adds Step Functions execution monitoring capabilities to the API, including query resolvers, mutation resolvers, and automatic subscription publishing. It can be called after the API has been created to add Step Functions functionality for the specified state machine.

Example

// Add state machine monitoring after API creation
api.addStateMachine(myStateMachine);

`stateMachine`^Required

Type: aws-cdk-lib.aws_stepfunctions.IStateMachine

The Step Functions state machine to monitor.

`addTrackingTable`

public addTrackingTable(trackingTable: ITrackingTable, inputBucket: IBucket, outputBucket: IBucket): void

Add tracking table data sources and resolvers to the GraphQL API.

This method adds all tracking table related functionality including: - Document creation and management - Document status tracking - Document listing and querying - Document metadata management - Document deletion (from tracking table and S3 buckets)

Example

// Add tracking table functionality after API creation
api.addTrackingTable(myTrackingTable, inputBucket, outputBucket);

`trackingTable`^Required

Type: ITrackingTable

The DynamoDB table that tracks document processing status and metadata.

`inputBucket`^Required

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where source documents are stored.

`outputBucket`^Required

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where processed documents are stored.

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`fromGraphqlApiAttributes`	Import a GraphQL API through this function.

`isConstruct`

import { ProcessingEnvironmentApi } from '@cdklabs/genai-idp'

ProcessingEnvironmentApi.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { ProcessingEnvironmentApi } from '@cdklabs/genai-idp'

ProcessingEnvironmentApi.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { ProcessingEnvironmentApi } from '@cdklabs/genai-idp'

ProcessingEnvironmentApi.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`fromGraphqlApiAttributes`

import { ProcessingEnvironmentApi } from '@cdklabs/genai-idp'

ProcessingEnvironmentApi.fromGraphqlApiAttributes(scope: Construct, id: string, attrs: GraphqlApiAttributes)

Import a GraphQL API through this function.

`scope`^Required

Type: constructs.Construct

scope.

`id`^Required

Type: string

id.

`attrs`^Required

Type: aws-cdk-lib.aws_appsync.GraphqlApiAttributes

GraphQL API Attributes of an API.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`apiId`	`string`	an unique AWS AppSync GraphQL API identifier i.e. 'lxz775lwdrgcndgz3nurvac7oa'.
`arn`	`string`	the ARN of the API.
`graphQLEndpointArn`	`string`	The GraphQL endpoint ARN.
`modes`	`aws-cdk-lib.aws_appsync.AuthorizationType[]`	The Authorization Types for this GraphQL Api.
`visibility`	`aws-cdk-lib.aws_appsync.Visibility`	the visibility of the API.
`appSyncDomainName`	`string`	The AppSyncDomainName of the associated custom domain.
`graphqlUrl`	`string`	the URL of the endpoint created by AppSync.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	the CloudWatch Log Group for this API.
`name`	`string`	the name of the API.
`schema`	`aws-cdk-lib.aws_appsync.ISchema`	the schema attached to this api (only available for GraphQL APIs, not available for merged APIs).
`apiKey`	`string`	the configured API key, if present.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`apiId`^Required

public readonly apiId: string;

Type: string

an unique AWS AppSync GraphQL API identifier i.e. 'lxz775lwdrgcndgz3nurvac7oa'.

`arn`^Required

public readonly arn: string;

Type: string

the ARN of the API.

`graphQLEndpointArn`^Required

public readonly graphQLEndpointArn: string;

Type: string

The GraphQL endpoint ARN.

`modes`^Required

public readonly modes: AuthorizationType[];

Type: aws-cdk-lib.aws_appsync.AuthorizationType[]

The Authorization Types for this GraphQL Api.

`visibility`^Required

public readonly visibility: Visibility;

Type: aws-cdk-lib.aws_appsync.Visibility

the visibility of the API.

`appSyncDomainName`^Required

public readonly appSyncDomainName: string;

Type: string

The AppSyncDomainName of the associated custom domain.

`graphqlUrl`^Required

public readonly graphqlUrl: string;

Type: string

the URL of the endpoint created by AppSync.

`logGroup`^Required

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup

the CloudWatch Log Group for this API.

`name`^Required

public readonly name: string;

Type: string

the name of the API.

`schema`^Required

public readonly schema: ISchema;

Type: aws-cdk-lib.aws_appsync.ISchema

the schema attached to this api (only available for GraphQL APIs, not available for merged APIs).

`apiKey`^Optional

public readonly apiKey: string;

Type: string
Default: no api key

the configured API key, if present.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

ReportingEnvironment

Implements: IReportingEnvironment

A construct that creates the reporting table structure for document processing analytics.

This construct focuses on creating the Glue table schema for evaluation metrics, using provided S3 bucket and Glue database resources. It creates: - Document-level evaluation metrics table - Section-level evaluation metrics table - Attribute-level evaluation metrics table - Metering data table

All tables are properly partitioned for efficient querying with Amazon Athena.

Initializers

import { ReportingEnvironment } from '@cdklabs/genai-idp'

new ReportingEnvironment(scope: Construct, id: string, props: ReportingEnvironmentProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`ReportingEnvironmentProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Required

Type: ReportingEnvironmentProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.

`toString`

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.

`isConstruct`

import { ReportingEnvironment } from '@cdklabs/genai-idp'

ReportingEnvironment.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`attributeEvaluationsTable`	`@aws-cdk/aws-glue-alpha.S3Table`	The Glue table for attribute-level evaluation metrics.
`documentEvaluationsTable`	`@aws-cdk/aws-glue-alpha.S3Table`	The Glue table for document-level evaluation metrics.
`meteringTable`	`@aws-cdk/aws-glue-alpha.S3Table`	The Glue table for metering data.
`reportingBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket where evaluation metrics and reporting data are stored in Parquet format.
`reportingDatabase`	`@aws-cdk/aws-glue-alpha.Database`	The AWS Glue database containing tables for evaluation metrics.
`sectionEvaluationsTable`	`@aws-cdk/aws-glue-alpha.S3Table`	The Glue table for section-level evaluation metrics.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`attributeEvaluationsTable`^Required

public readonly attributeEvaluationsTable: S3Table;

Type: @aws-cdk/aws-glue-alpha.S3Table

The Glue table for attribute-level evaluation metrics.

Contains detailed evaluation metrics for individual extracted attributes.

`documentEvaluationsTable`^Required

public readonly documentEvaluationsTable: S3Table;

Type: @aws-cdk/aws-glue-alpha.S3Table

The Glue table for document-level evaluation metrics.

Contains accuracy, precision, recall, F1 score, and other document-level metrics.

`meteringTable`^Required

public readonly meteringTable: S3Table;

Type: @aws-cdk/aws-glue-alpha.S3Table

The Glue table for metering data.

Contains cost and usage metrics for document processing operations.

`reportingBucket`^Required

public readonly reportingBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where evaluation metrics and reporting data are stored in Parquet format.

Contains document-level, section-level, and attribute-level evaluation metrics.

`reportingDatabase`^Required

public readonly reportingDatabase: Database;

Type: @aws-cdk/aws-glue-alpha.Database

The AWS Glue database containing tables for evaluation metrics.

Provides a structured catalog for querying evaluation data with Amazon Athena.

`sectionEvaluationsTable`^Required

public readonly sectionEvaluationsTable: S3Table;

Type: @aws-cdk/aws-glue-alpha.S3Table

The Glue table for section-level evaluation metrics.

Contains evaluation metrics for individual sections within documents.

SaveReportingDataFunction

Implements: aws-cdk-lib.aws_lambda.IFunction

A Lambda function that saves document evaluation data to the reporting bucket in Parquet format.

This function is responsible for: - Converting document processing metrics to Parquet format - Saving evaluation data to the reporting bucket with proper partitioning - Supporting document-level, section-level, and attribute-level metrics - Enabling analytics and business intelligence through structured data storage

The function is typically invoked by other Lambda functions (evaluation_function, workflow_tracker) to persist processing metrics and evaluation results for later analysis with Amazon Athena.

Initializers

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

new SaveReportingDataFunction(scope: Construct, id: string, props: SaveReportingDataFunctionProps)

Name	Type	Description
`scope`	`constructs.Construct`	The construct scope.
`id`	`string`	The construct ID.
`props`	`SaveReportingDataFunctionProps`	Configuration properties for the function.

`scope`^Required

Type: constructs.Construct

The construct scope.

`id`^Required

Type: string

The construct ID.

`props`^Required

Type: SaveReportingDataFunctionProps

Configuration properties for the function.

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addEventSource`	Adds an event source to this function.
`addEventSourceMapping`	Adds an event source that maps to this AWS Lambda function.
`addFunctionUrl`	Adds a url to this lambda function.
`addPermission`	Adds a permission to the Lambda resource policy.
`addToRolePolicy`	Adds a statement to the IAM role assumed by the instance.
`configureAsyncInvoke`	Configures options for asynchronous invocation.
`considerWarningOnInvokeFunctionPermissions`	A warning will be added to functions under the following conditions: - permissions that include `lambda:InvokeFunction` are added to the unqualified function.
`grantInvoke`	Grant the given identity permissions to invoke this Lambda.
`grantInvokeCompositePrincipal`	Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.
`grantInvokeLatestVersion`	Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.
`grantInvokeUrl`	Grant the given identity permissions to invoke this Lambda Function URL.
`grantInvokeVersion`	Grant the given identity permissions to invoke the given version of this Lambda.
`metric`	Return the given named metric for this Function.
`metricDuration`	How long execution of this Lambda takes.
`metricErrors`	How many invocations of this Lambda fail.
`metricInvocations`	How often this Lambda is invoked.
`metricThrottles`	How often this Lambda is throttled.
`addAlias`	Defines an alias for this function.
`addEnvironment`	Adds an environment variable to this Lambda function.
`addLayers`	Adds one or more Lambda Layers to this Lambda function.
`invalidateVersionBasedOn`	Mix additional information into the hash of the Version object.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addEventSource`

public addEventSource(source: IEventSource): void

Adds an event source to this function.

Event sources are implemented in the aws-cdk-lib/aws-lambda-event-sources module.

The following example adds an SQS Queue as an event source:

import { SqsEventSource } from 'aws-cdk-lib/aws-lambda-event-sources';
myFunction.addEventSource(new SqsEventSource(myQueue));

`source`^Required

Type: aws-cdk-lib.aws_lambda.IEventSource

`addEventSourceMapping`

public addEventSourceMapping(id: string, options: EventSourceMappingOptions): EventSourceMapping

Adds an event source that maps to this AWS Lambda function.

`id`^Required

Type: string

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventSourceMappingOptions

`addFunctionUrl`

public addFunctionUrl(options?: FunctionUrlOptions): FunctionUrl

Adds a url to this lambda function.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.FunctionUrlOptions

`addPermission`

public addPermission(id: string, permission: Permission): void

Adds a permission to the Lambda resource policy.

`id`^Required

Type: string

The id for the permission construct.

`permission`^Required

Type: aws-cdk-lib.aws_lambda.Permission

The permission to grant to this Lambda function.

`addToRolePolicy`

public addToRolePolicy(statement: PolicyStatement): void

Adds a statement to the IAM role assumed by the instance.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

`configureAsyncInvoke`

public configureAsyncInvoke(options: EventInvokeConfigOptions): void

Configures options for asynchronous invocation.

`options`^Required

Type: aws-cdk-lib.aws_lambda.EventInvokeConfigOptions

`considerWarningOnInvokeFunctionPermissions`

public considerWarningOnInvokeFunctionPermissions(scope: Construct, action: string): void

A warning will be added to functions under the following conditions: - permissions that include lambda:InvokeFunction are added to the unqualified function.

function.currentVersion is invoked before or after the permission is created.

This applies only to permissions on Lambda functions, not versions or aliases. This function is overridden as a noOp for QualifiedFunctionBase.

`scope`^Required

Type: constructs.Construct

`action`^Required

Type: string

`grantInvoke`

public grantInvoke(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeCompositePrincipal`

public grantInvokeCompositePrincipal(compositePrincipal: CompositePrincipal): Grant[]

Grant multiple principals the ability to invoke this Lambda via CompositePrincipal.

`compositePrincipal`^Required

Type: aws-cdk-lib.aws_iam.CompositePrincipal

`grantInvokeLatestVersion`

public grantInvokeLatestVersion(grantee: IGrantable): Grant

Grant the given identity permissions to invoke the $LATEST version or unqualified version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeUrl`

public grantInvokeUrl(grantee: IGrantable): Grant

Grant the given identity permissions to invoke this Lambda Function URL.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantInvokeVersion`

public grantInvokeVersion(grantee: IGrantable, version: IVersion): Grant

Grant the given identity permissions to invoke the given version of this Lambda.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`version`^Required

Type: aws-cdk-lib.aws_lambda.IVersion

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Function.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricDuration`

public metricDuration(props?: MetricOptions): Metric

How long execution of this Lambda takes.

Average over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricErrors`

public metricErrors(props?: MetricOptions): Metric

How many invocations of this Lambda fail.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricInvocations`

public metricInvocations(props?: MetricOptions): Metric

How often this Lambda is invoked.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottles`

public metricThrottles(props?: MetricOptions): Metric

How often this Lambda is throttled.

Sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addAlias`

public addAlias(aliasName: string, options?: AliasOptions): Alias

Defines an alias for this function.

The alias will automatically be updated to point to the latest version of the function as it is being updated during a deployment.

declare const fn: lambda.Function;

fn.addAlias('Live');

// Is equivalent to

new lambda.Alias(this, 'AliasLive', {
  aliasName: 'Live',
  version: fn.currentVersion,
});

`aliasName`^Required

Type: string

The name of the alias.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.AliasOptions

Alias options.

`addEnvironment`

public addEnvironment(key: string, value: string, options?: EnvironmentOptions): Function

Adds an environment variable to this Lambda function.

If this is a ref to a Lambda function, this operation results in a no-op.

`key`^Required

Type: string

The environment variable key.

`value`^Required

Type: string

The environment variable's value.

`options`^Optional

Type: aws-cdk-lib.aws_lambda.EnvironmentOptions

Environment variable options.

`addLayers`

public addLayers(layers: ...ILayerVersion[]): void

Adds one or more Lambda Layers to this Lambda function.

`layers`^Required

Type: ...aws-cdk-lib.aws_lambda.ILayerVersion[]

the layers to be added.

`invalidateVersionBasedOn`

public invalidateVersionBasedOn(x: string): void

Mix additional information into the hash of the Version object.

The Lambda Function construct does its best to automatically create a new Version when anything about the Function changes (its code, its layers, any of the other properties).

However, you can sometimes source information from places that the CDK cannot look into, like the deploy-time values of SSM parameters. In those cases, the CDK would not force the creation of a new Version object when it actually should.

This method can be used to invalidate the current Version object. Pass in any string into this method, and make sure the string changes when you know a new Version needs to be created.

This method may be called more than once.

`x`^Required

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`classifyVersionProperty`	Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource.
`fromFunctionArn`	Import a lambda function into the CDK using its ARN.
`fromFunctionAttributes`	Creates a Lambda function object which represents a function not defined within this stack.
`fromFunctionName`	Import a lambda function into the CDK using its name.
`metricAll`	Return the given named metric for this Lambda.
`metricAllConcurrentExecutions`	Metric for the number of concurrent executions across all Lambdas.
`metricAllDuration`	Metric for the Duration executing all Lambdas.
`metricAllErrors`	Metric for the number of Errors executing all Lambdas.
`metricAllInvocations`	Metric for the number of invocations of all Lambdas.
`metricAllThrottles`	Metric for the number of throttled invocations of all Lambdas.
`metricAllUnreservedConcurrentExecutions`	Metric for the number of unreserved concurrent executions across all Lambdas.

`isConstruct`

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

SaveReportingDataFunction.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

SaveReportingDataFunction.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

SaveReportingDataFunction.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`classifyVersionProperty`

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

SaveReportingDataFunction.classifyVersionProperty(propertyName: string, locked: boolean)

Record whether specific properties in the AWS::Lambda::Function resource should also be associated to the Version resource.

See 'currentVersion' section in the module README for more details.

`propertyName`^Required

Type: string

The property to classify.

`locked`^Required

Type: boolean

whether the property should be associated to the version or not.

`fromFunctionArn`

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

SaveReportingDataFunction.fromFunctionArn(scope: Construct, id: string, functionArn: string)

Import a lambda function into the CDK using its ARN.

For Function.addPermissions() to work on this imported lambda, make sure that is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionArn`^Required

Type: string

`fromFunctionAttributes`

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

SaveReportingDataFunction.fromFunctionAttributes(scope: Construct, id: string, attrs: FunctionAttributes)

Creates a Lambda function object which represents a function not defined within this stack.

For Function.addPermissions() to work on this imported lambda, set the sameEnvironment property to true if this imported lambda is in the same account and region as the stack you are importing it into.

`scope`^Required

Type: constructs.Construct

The parent construct.

`id`^Required

Type: string

The name of the lambda construct.

`attrs`^Required

Type: aws-cdk-lib.aws_lambda.FunctionAttributes

the attributes of the function to import.

`fromFunctionName`

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

SaveReportingDataFunction.fromFunctionName(scope: Construct, id: string, functionName: string)

Import a lambda function into the CDK using its name.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`functionName`^Required

Type: string

`metricAll`

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

SaveReportingDataFunction.metricAll(metricName: string, props?: MetricOptions)

Return the given named metric for this Lambda.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllConcurrentExecutions`

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

SaveReportingDataFunction.metricAllConcurrentExecutions(props?: MetricOptions)

Metric for the number of concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllDuration`

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

SaveReportingDataFunction.metricAllDuration(props?: MetricOptions)

Metric for the Duration executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllErrors`

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

SaveReportingDataFunction.metricAllErrors(props?: MetricOptions)

Metric for the number of Errors executing all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllInvocations`

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

SaveReportingDataFunction.metricAllInvocations(props?: MetricOptions)

Metric for the number of invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllThrottles`

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

SaveReportingDataFunction.metricAllThrottles(props?: MetricOptions)

Metric for the number of throttled invocations of all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricAllUnreservedConcurrentExecutions`

import { SaveReportingDataFunction } from '@cdklabs/genai-idp'

SaveReportingDataFunction.metricAllUnreservedConcurrentExecutions(props?: MetricOptions)

Metric for the number of unreserved concurrent executions across all Lambdas.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
`connections`	`aws-cdk-lib.aws_ec2.Connections`	Access the Connections object.
`functionArn`	`string`	ARN of this function.
`functionName`	`string`	Name of this function.
`grantPrincipal`	`aws-cdk-lib.aws_iam.IPrincipal`	The principal this Lambda Function is running as.
`isBoundToVpc`	`boolean`	Whether or not this Lambda function was bound to a VPC.
`latestVersion`	`aws-cdk-lib.aws_lambda.IVersion`	The `$LATEST` version of this function.
`permissionsNode`	`constructs.Node`	The construct node where permissions are attached.
`resourceArnsForGrantInvoke`	`string[]`	The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().
`role`	`aws-cdk-lib.aws_iam.IRole`	Execution role associated with this function.
`currentVersion`	`aws-cdk-lib.aws_lambda.Version`	Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The LogGroup where the Lambda function's logs are made available.
`runtime`	`aws-cdk-lib.aws_lambda.Runtime`	The runtime configured for this lambda.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).
`timeout`	`aws-cdk-lib.Duration`	The timeout configured for this lambda.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`architecture`^Required

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture

The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).

`connections`^Required

public readonly connections: Connections;

Type: aws-cdk-lib.aws_ec2.Connections

Access the Connections object.

Will fail if not a VPC-enabled Lambda Function

`functionArn`^Required

public readonly functionArn: string;

Type: string

ARN of this function.

`functionName`^Required

public readonly functionName: string;

Type: string

Name of this function.

`grantPrincipal`^Required

public readonly grantPrincipal: IPrincipal;

Type: aws-cdk-lib.aws_iam.IPrincipal

The principal this Lambda Function is running as.

`isBoundToVpc`^Required

public readonly isBoundToVpc: boolean;

Type: boolean

Whether or not this Lambda function was bound to a VPC.

If this is is false, trying to access the connections object will fail.

`latestVersion`^Required

public readonly latestVersion: IVersion;

Type: aws-cdk-lib.aws_lambda.IVersion

The $LATEST version of this function.

Note that this is reference to a non-specific AWS Lambda version, which means the function this version refers to can return different results in different invocations.

To obtain a reference to an explicit version which references the current function configuration, use lambdaFunction.currentVersion instead.

`permissionsNode`^Required

public readonly permissionsNode: Node;

Type: constructs.Node

The construct node where permissions are attached.

`resourceArnsForGrantInvoke`^Required

public readonly resourceArnsForGrantInvoke: string[];

Type: string[]

The ARN(s) to put into the resource field of the generated IAM policy for grantInvoke().

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole

Execution role associated with this function.

`currentVersion`^Required

public readonly currentVersion: Version;

Type: aws-cdk-lib.aws_lambda.Version

Returns a lambda.Version which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.

You can specify options for this version using the currentVersionOptions prop when initializing the lambda.Function.

`logGroup`^Required

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup

The LogGroup where the Lambda function's logs are made available.

If either logRetention is set or this property is called, a CloudFormation custom resource is added to the stack that pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention period (never expire, by default).

Further, if the log group already exists and the logRetention is not set, the custom resource will reset the log retention to never expire even if it was configured with a different value.

`runtime`^Required

public readonly runtime: Runtime;

Type: aws-cdk-lib.aws_lambda.Runtime

The runtime configured for this lambda.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue

The DLQ (as queue) associated with this Lambda Function (this is an optional attribute).

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic

The DLQ (as topic) associated with this Lambda Function (this is an optional attribute).

`timeout`^Optional

public readonly timeout: Duration;

Type: aws-cdk-lib.Duration

The timeout configured for this lambda.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

TrackingTable

Implements: ITrackingTable

A DynamoDB table for tracking document processing status and results.

This table uses a composite key (PK, SK) to efficiently store and query information about documents being processed, including their current status, processing history, and extraction results. The table design supports various access patterns needed for monitoring and reporting on document processing activities.

Initializers

import { TrackingTable } from '@cdklabs/genai-idp'

new TrackingTable(scope: Construct, id: string, props?: FixedKeyTableProps)

Name	Type	Description
`scope`	`constructs.Construct`	The construct scope.
`id`	`string`	The construct ID.
`props`	`FixedKeyTableProps`	Configuration properties for the DynamoDB table.

`scope`^Required

Type: constructs.Construct

The construct scope.

`id`^Required

Type: string

The construct ID.

`props`^Optional

Type: FixedKeyTableProps

Configuration properties for the DynamoDB table.

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`addToResourcePolicy`	Adds a statement to the resource policy associated with this file system.
`grant`	Adds an IAM policy statement associated with this table to an IAM principal's policy.
`grantFullAccess`	Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.
`grantReadData`	Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.
`grantReadWriteData`	Permits an IAM principal to all data read/write operations to this table.
`grantStream`	Adds an IAM policy statement associated with this table's stream to an IAM principal's policy.
`grantStreamRead`	Permits an IAM principal all stream data read operations for this table's stream: DescribeStream, GetRecords, GetShardIterator, ListStreams.
`grantTableListStreams`	Permits an IAM Principal to list streams attached to current dynamodb table.
`grantWriteData`	Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.
`metric`	Return the given named metric for this Table.
`metricConditionalCheckFailedRequests`	Metric for the conditional check failed requests this table.
`metricConsumedReadCapacityUnits`	Metric for the consumed read capacity units this table.
`metricConsumedWriteCapacityUnits`	Metric for the consumed write capacity units this table.
`metricSuccessfulRequestLatency`	Metric for the successful request latency this table.
`metricSystemErrors`	Metric for the system errors this table.
`metricSystemErrorsForOperations`	Metric for the system errors this table.
`metricThrottledRequests`	How many requests are throttled on this table.
`metricThrottledRequestsForOperation`	How many requests are throttled on this table, for the given operation.
`metricThrottledRequestsForOperations`	How many requests are throttled on this table.
`metricUserErrors`	Metric for the user errors.
`addGlobalSecondaryIndex`	Add a global secondary index of table.
`addLocalSecondaryIndex`	Add a local secondary index of table.
`autoScaleGlobalSecondaryIndexReadCapacity`	Enable read capacity scaling for the given GSI.
`autoScaleGlobalSecondaryIndexWriteCapacity`	Enable write capacity scaling for the given GSI.
`autoScaleReadCapacity`	Enable read capacity scaling for this table.
`autoScaleWriteCapacity`	Enable write capacity scaling for this table.
`schema`	Get schema attributes of table or index.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`addToResourcePolicy`

public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult

Adds a statement to the resource policy associated with this file system.

A resource policy will be automatically created upon the first call to addToResourcePolicy.

Note that this does not work with imported file systems.

`statement`^Required

Type: aws-cdk-lib.aws_iam.PolicyStatement

The policy statement to add.

`grant`

public grant(grantee: IGrantable, actions: ...string[]): Grant

Adds an IAM policy statement associated with this table to an IAM principal's policy.

If encryptionKey is present, appropriate grants to the key needs to be added separately using the table.encryptionKey.grant* methods.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`actions`^Required

Type: ...string[]

The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...).

`grantFullAccess`

public grantFullAccess(grantee: IGrantable): Grant

Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantReadData`

public grantReadData(grantee: IGrantable): Grant

Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantReadWriteData`

public grantReadWriteData(grantee: IGrantable): Grant

Permits an IAM principal to all data read/write operations to this table.

BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantStream`

public grantStream(grantee: IGrantable, actions: ...string[]): Grant

Adds an IAM policy statement associated with this table's stream to an IAM principal's policy.

If encryptionKey is present, appropriate grants to the key needs to be added separately using the table.encryptionKey.grant* methods.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`actions`^Required

Type: ...string[]

The set of actions to allow (i.e. "dynamodb:DescribeStream", "dynamodb:GetRecords", ...).

`grantStreamRead`

public grantStreamRead(grantee: IGrantable): Grant

Permits an IAM principal all stream data read operations for this table's stream: DescribeStream, GetRecords, GetShardIterator, ListStreams.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`grantTableListStreams`

public grantTableListStreams(grantee: IGrantable): Grant

Permits an IAM Principal to list streams attached to current dynamodb table.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal (no-op if undefined).

`grantWriteData`

public grantWriteData(grantee: IGrantable): Grant

Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

The principal to grant access to.

`metric`

public metric(metricName: string, props?: MetricOptions): Metric

Return the given named metric for this Table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`metricName`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConditionalCheckFailedRequests`

public metricConditionalCheckFailedRequests(props?: MetricOptions): Metric

Metric for the conditional check failed requests this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConsumedReadCapacityUnits`

public metricConsumedReadCapacityUnits(props?: MetricOptions): Metric

Metric for the consumed read capacity units this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricConsumedWriteCapacityUnits`

public metricConsumedWriteCapacityUnits(props?: MetricOptions): Metric

Metric for the consumed write capacity units this table.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSuccessfulRequestLatency`

public metricSuccessfulRequestLatency(props?: MetricOptions): Metric

Metric for the successful request latency this table.

By default, the metric will be calculated as an average over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSystemErrors`

public metricSystemErrors(props?: MetricOptions): Metric

Metric for the system errors this table.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricSystemErrorsForOperations`

public metricSystemErrorsForOperations(props?: SystemErrorsForOperationsMetricOptions): IMetric

Metric for the system errors this table.

This will sum errors across all possible operations. Note that by default, each individual metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_dynamodb.SystemErrorsForOperationsMetricOptions

`metricThrottledRequests`

public metricThrottledRequests(props?: MetricOptions): Metric

How many requests are throttled on this table.

Default: sum over 5 minutes

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottledRequestsForOperation`

public metricThrottledRequestsForOperation(operation: string, props?: MetricOptions): Metric

How many requests are throttled on this table, for the given operation.

Default: sum over 5 minutes

`operation`^Required

Type: string

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`metricThrottledRequestsForOperations`

public metricThrottledRequestsForOperations(props?: OperationsMetricOptions): IMetric

How many requests are throttled on this table.

This will sum errors across all possible operations. Note that by default, each individual metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_dynamodb.OperationsMetricOptions

`metricUserErrors`

public metricUserErrors(props?: MetricOptions): Metric

Metric for the user errors.

Note that this metric reports user errors across all the tables in the account and region the table resides in.

By default, the metric will be calculated as a sum over a period of 5 minutes. You can customize this by using the statistic and period properties.

`props`^Optional

Type: aws-cdk-lib.aws_cloudwatch.MetricOptions

`addGlobalSecondaryIndex`

public addGlobalSecondaryIndex(props: GlobalSecondaryIndexProps): void

Add a global secondary index of table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.GlobalSecondaryIndexProps

the property of global secondary index.

`addLocalSecondaryIndex`

public addLocalSecondaryIndex(props: LocalSecondaryIndexProps): void

Add a local secondary index of table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.LocalSecondaryIndexProps

the property of local secondary index.

`autoScaleGlobalSecondaryIndexReadCapacity`

public autoScaleGlobalSecondaryIndexReadCapacity(indexName: string, props: EnableScalingProps): IScalableTableAttribute

Enable read capacity scaling for the given GSI.

`indexName`^Required

Type: string

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleGlobalSecondaryIndexWriteCapacity`

public autoScaleGlobalSecondaryIndexWriteCapacity(indexName: string, props: EnableScalingProps): IScalableTableAttribute

Enable write capacity scaling for the given GSI.

`indexName`^Required

Type: string

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleReadCapacity`

public autoScaleReadCapacity(props: EnableScalingProps): IScalableTableAttribute

Enable read capacity scaling for this table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`autoScaleWriteCapacity`

public autoScaleWriteCapacity(props: EnableScalingProps): IScalableTableAttribute

Enable write capacity scaling for this table.

`props`^Required

Type: aws-cdk-lib.aws_dynamodb.EnableScalingProps

`schema`

public schema(indexName?: string): SchemaOptions

Get schema attributes of table or index.

`indexName`^Optional

Type: string

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.
`fromTableArn`	Creates a Table construct that represents an external table via table arn.
`fromTableAttributes`	Creates a Table construct that represents an external table.
`fromTableName`	Creates a Table construct that represents an external table via table name.

`isConstruct`

import { TrackingTable } from '@cdklabs/genai-idp'

TrackingTable.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { TrackingTable } from '@cdklabs/genai-idp'

TrackingTable.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { TrackingTable } from '@cdklabs/genai-idp'

TrackingTable.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

`fromTableArn`

import { TrackingTable } from '@cdklabs/genai-idp'

TrackingTable.fromTableArn(scope: Construct, id: string, tableArn: string)

Creates a Table construct that represents an external table via table arn.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`tableArn`^Required

Type: string

The table's ARN.

`fromTableAttributes`

import { TrackingTable } from '@cdklabs/genai-idp'

TrackingTable.fromTableAttributes(scope: Construct, id: string, attrs: TableAttributes)

Creates a Table construct that represents an external table.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`attrs`^Required

Type: aws-cdk-lib.aws_dynamodb.TableAttributes

A TableAttributes object.

`fromTableName`

import { TrackingTable } from '@cdklabs/genai-idp'

TrackingTable.fromTableName(scope: Construct, id: string, tableName: string)

Creates a Table construct that represents an external table via table name.

`scope`^Required

Type: constructs.Construct

The parent creating construct (usually this).

`id`^Required

Type: string

The construct's name.

`tableName`^Required

Type: string

The table's name.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`tableArn`	`string`	Arn of the dynamodb table.
`tableName`	`string`	Table name of the dynamodb table.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	KMS encryption key, if this table uses a customer-managed encryption key.
`tableStreamArn`	`string`	ARN of the table's stream, if there is one.
`resourcePolicy`	`aws-cdk-lib.aws_iam.PolicyDocument`	Resource policy to assign to DynamoDB Table.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`tableArn`^Required

public readonly tableArn: string;

Type: string

Arn of the dynamodb table.

`tableName`^Required

public readonly tableName: string;

Type: string

Table name of the dynamodb table.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

KMS encryption key, if this table uses a customer-managed encryption key.

`tableStreamArn`^Optional

public readonly tableStreamArn: string;

Type: string

ARN of the table's stream, if there is one.

`resourcePolicy`^Optional

public readonly resourcePolicy: PolicyDocument;

Type: aws-cdk-lib.aws_iam.PolicyDocument
Default: No resource policy statements are added to the created table.

Resource policy to assign to DynamoDB Table.

Constants

Name	Type	Description
`PROPERTY_INJECTION_ID`	`string`	Uniquely identifies this class.

`PROPERTY_INJECTION_ID`^Required

public readonly PROPERTY_INJECTION_ID: string;

Type: string

Uniquely identifies this class.

UserIdentity

Implements: IUserIdentity

A construct that manages user authentication and authorization. Provides Cognito resources for user management and secure access to AWS resources.

This construct creates and configures: - A Cognito User Pool for user registration and authentication - A User Pool Client for the web application to interact with Cognito - An Identity Pool that provides temporary AWS credentials to authenticated users

The UserIdentity construct enables secure access to the document processing solution, ensuring that only authorized users can upload documents, view results, and perform administrative actions.

Initializers

import { UserIdentity } from '@cdklabs/genai-idp'

new UserIdentity(scope: Construct, id: string, props?: UserIdentityProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`UserIdentityProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Optional

Type: UserIdentityProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.

`toString`

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.

`isConstruct`

import { UserIdentity } from '@cdklabs/genai-idp'

UserIdentity.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`identityPool`	`aws-cdk-lib.aws_cognito_identitypool.IdentityPool`	The Cognito Identity Pool that provides temporary AWS credentials.
`userPool`	`aws-cdk-lib.aws_cognito.IUserPool`	The Cognito UserPool that stores user identities and credentials.
`userPoolClient`	`aws-cdk-lib.aws_cognito.IUserPoolClient`	The Cognito UserPool Client used by the web application for OAuth flows.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`identityPool`^Required

public readonly identityPool: IdentityPool;

Type: aws-cdk-lib.aws_cognito_identitypool.IdentityPool

The Cognito Identity Pool that provides temporary AWS credentials.

`userPool`^Required

public readonly userPool: IUserPool;

Type: aws-cdk-lib.aws_cognito.IUserPool

The Cognito UserPool that stores user identities and credentials.

`userPoolClient`^Required

public readonly userPoolClient: IUserPoolClient;

Type: aws-cdk-lib.aws_cognito.IUserPoolClient

The Cognito UserPool Client used by the web application for OAuth flows.

WebApplication

Implements: IWebApplication

Initializers

import { WebApplication } from '@cdklabs/genai-idp'

new WebApplication(scope: Construct, id: string, props: WebApplicationProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`WebApplicationProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Required

Type: WebApplicationProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.

`toString`

public toString(): string

Returns a string representation of this construct.

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.

`isConstruct`

import { WebApplication } from '@cdklabs/genai-idp'

WebApplication.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`bucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket where the web application assets are deployed.
`distribution`	`aws-cdk-lib.aws_cloudfront.IDistribution`	The CloudFront distribution that serves the web application.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`bucket`^Required

public readonly bucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where the web application assets are deployed.

Contains the static files for the web UI including HTML, CSS, and JavaScript.

`distribution`^Required

public readonly distribution: IDistribution;

Type: aws-cdk-lib.aws_cloudfront.IDistribution

The CloudFront distribution that serves the web application.

Provides global content delivery with low latency and high performance.

Workteam

Implements: IWorkteam

A construct that creates a SageMaker workteam for Human-in-the-Loop (HITL) workflows.

This construct sets up a private workteam that can be used with Amazon A2I (Augmented AI) for human review tasks. The workteam is integrated with Cognito for authentication and user management.

Initializers

import { Workteam } from '@cdklabs/genai-idp'

new Workteam(scope: Construct, id: string, props: WorkteamProps)

Name	Type	Description
`scope`	`constructs.Construct`	The construct scope.
`id`	`string`	The construct ID.
`props`	`WorkteamProps`	Configuration properties for the workteam.

`scope`^Required

Type: constructs.Construct

The construct scope.

`id`^Required

Type: string

The construct ID.

`props`^Required

Type: WorkteamProps

Configuration properties for the workteam.

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.

`isConstruct`

import { Workteam } from '@cdklabs/genai-idp'

Workteam.isConstruct(x: any)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { Workteam } from '@cdklabs/genai-idp'

Workteam.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { Workteam } from '@cdklabs/genai-idp'

Workteam.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`workteamArn`	`string`	The ARN of the SageMaker workteam.
`workteamName`	`string`	The name of the SageMaker workteam.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`workteamArn`^Required

public readonly workteamArn: string;

Type: string

The ARN of the SageMaker workteam.

`workteamName`^Required

public readonly workteamName: string;

Type: string

The name of the SageMaker workteam.

Structs

AgentAnalyticsProps

Properties for configuring Agent Analytics.

Initializer

import { AgentAnalyticsProps } from '@cdklabs/genai-idp'

const agentAnalyticsProps: AgentAnalyticsProps = { ... }

Properties

Name	Type	Description
`appSyncApiUrl`	`string`	AppSync GraphQL API URL for publishing updates.
`configurationTable`	`IConfigurationTable`	The DynamoDB table that stores configuration settings.
`metricNamespace`	`string`	The namespace for CloudWatch metrics.
`model`	`@cdklabs/generative-ai-cdk-constructs.bedrock.IInvokable`	The foundation model or inference profile to use for document analysis agent.
`reportingEnvironment`	`IReportingEnvironment`	Athena database for analytics queries.
`trackingTable`	`ITrackingTable`	The DynamoDB table that tracks document processing status and metadata.
`dataRetentionDays`	`number`	Data retention period in days.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	The KMS key for encryption.
`externalMcpAgentsSecret`	`aws-cdk-lib.aws_secretsmanager.ISecret`	Optional Secrets Manager secret for external MCP agents.
`guardrail`	`@cdklabs/generative-ai-cdk-constructs.bedrock.IGuardrail`	Optional Bedrock guardrail for content filtering.
`logLevel`	`LogLevel`	Log level for agent analytics functions.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	Log retention period.

`appSyncApiUrl`^Required

public readonly appSyncApiUrl: string;

Type: string

AppSync GraphQL API URL for publishing updates.

`configurationTable`^Required

public readonly configurationTable: IConfigurationTable;

Type: IConfigurationTable

The DynamoDB table that stores configuration settings.

Used by analytics agents to access document schemas and processing parameters.

`metricNamespace`^Required

public readonly metricNamespace: string;

Type: string

The namespace for CloudWatch metrics.

`model`^Required

public readonly model: IInvokable;

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IInvokable
Default: No model specified, must be provided

The foundation model or inference profile to use for document analysis agent.

`reportingEnvironment`^Required

public readonly reportingEnvironment: IReportingEnvironment;

Type: IReportingEnvironment

Athena database for analytics queries.

`trackingTable`^Required

public readonly trackingTable: ITrackingTable;

Type: ITrackingTable

The DynamoDB table that tracks document processing status and metadata.

Used by analytics agents to query processed document data.

`dataRetentionDays`^Optional

public readonly dataRetentionDays: number;

Type: number
Default: 365

Data retention period in days.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

The KMS key for encryption.

`externalMcpAgentsSecret`^Optional

public readonly externalMcpAgentsSecret: ISecret;

Type: aws-cdk-lib.aws_secretsmanager.ISecret
Default: No external MCP agents configured

Optional Secrets Manager secret for external MCP agents.

`guardrail`^Optional

public readonly guardrail: IGuardrail;

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IGuardrail

Optional Bedrock guardrail for content filtering.

When provided, enables guardrail permissions for analytics agents.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel
Default: LogLevel.INFO

Log level for agent analytics functions.

`logRetention`^Optional

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays
Default: logs.RetentionDays.ONE_WEEK

Log retention period.

AgentProcessorFunctionProps

Properties for the Agent Processor function.

Initializer

import { AgentProcessorFunctionProps } from '@cdklabs/genai-idp'

const agentProcessorFunctionProps: AgentProcessorFunctionProps = { ... }

Properties

Name	Type	Description
`adotInstrumentation`	`aws-cdk-lib.aws_lambda.AdotInstrumentationConfig`	Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
`allowAllIpv6Outbound`	`boolean`	Whether to allow the Lambda to send all ipv6 network traffic.
`applicationLogLevel`	`string`	Sets the application log level for the function.
`applicationLogLevelV2`	`aws-cdk-lib.aws_lambda.ApplicationLogLevel`	Sets the application log level for the function.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The system architectures compatible with this lambda function.
`codeSigningConfig`	`aws-cdk-lib.aws_lambda.ICodeSigningConfig`	Code signing config associated with this function.
`currentVersionOptions`	`aws-cdk-lib.aws_lambda.VersionOptions`	Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The SQS queue to use if DLQ is enabled.
`deadLetterQueueEnabled`	`boolean`	Enabled DLQ.
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The SNS topic to use as a DLQ.
`description`	`string`	A description of the function.
`environmentEncryption`	`aws-cdk-lib.aws_kms.IKey`	The AWS KMS key that's used to encrypt your function's environment variables.
`ephemeralStorageSize`	`aws-cdk-lib.Size`	The size of the function’s /tmp directory in MiB.
`events`	`aws-cdk-lib.aws_lambda.IEventSource[]`	Event sources for this function.
`functionName`	`string`	A name for the function.
`initialPolicy`	`aws-cdk-lib.aws_iam.PolicyStatement[]`	Initial policy statements to add to the created Lambda Role.
`insightsVersion`	`aws-cdk-lib.aws_lambda.LambdaInsightsVersion`	Specify the version of CloudWatch Lambda insights to use for monitoring.
`ipv6AllowedForDualStack`	`boolean`	Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
`logFormat`	`string`	Sets the logFormat for the function.
`loggingFormat`	`aws-cdk-lib.aws_lambda.LoggingFormat`	Sets the loggingFormat for the function.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The log group the function sends logs to.
`logRemovalPolicy`	`aws-cdk-lib.RemovalPolicy`	Determine the removal policy of the log group that is auto-created by this construct.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The number of days log events are kept in CloudWatch Logs.
`logRetentionRetryOptions`	`aws-cdk-lib.aws_lambda.LogRetentionRetryOptions`	When log retention is specified, a custom resource attempts to create the CloudWatch log group.
`logRetentionRole`	`aws-cdk-lib.aws_iam.IRole`	The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
`maxEventAge`	`aws-cdk-lib.Duration`	The maximum age of a request that Lambda sends to a function for processing.
`onFailure`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for failed invocations.
`onSuccess`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for successful invocations.
`paramsAndSecrets`	`aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion`	Specify the configuration of Parameters and Secrets Extension.
`profiling`	`boolean`	Enable profiling.
`profilingGroup`	`aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup`	Profiling Group.
`recursiveLoop`	`aws-cdk-lib.aws_lambda.RecursiveLoop`	Sets the Recursive Loop Protection for Lambda Function.
`reservedConcurrentExecutions`	`number`	The maximum of concurrent executions you want to reserve for the function.
`retryAttempts`	`number`	The maximum number of times to retry when the function returns an error.
`role`	`aws-cdk-lib.aws_iam.IRole`	Lambda execution role.
`runtimeManagementMode`	`aws-cdk-lib.aws_lambda.RuntimeManagementMode`	Sets the runtime management configuration for a function's version.
`securityGroups`	`aws-cdk-lib.aws_ec2.ISecurityGroup[]`	The list of security groups to associate with the Lambda's network interfaces.
`snapStart`	`aws-cdk-lib.aws_lambda.SnapStartConf`	Enable SnapStart for Lambda Function.
`systemLogLevel`	`string`	Sets the system log level for the function.
`systemLogLevelV2`	`aws-cdk-lib.aws_lambda.SystemLogLevel`	Sets the system log level for the function.
`tracing`	`aws-cdk-lib.aws_lambda.Tracing`	Enable AWS X-Ray Tracing for Lambda Function.
`vpc`	`aws-cdk-lib.aws_ec2.IVpc`	VPC network to place Lambda network interfaces.
`vpcSubnets`	`aws-cdk-lib.aws_ec2.SubnetSelection`	Where to place the network interfaces within the VPC.
`agentTable`	`aws-cdk-lib.aws_dynamodb.ITable`	The DynamoDB table for agent job tracking.
`appSyncApiUrl`	`string`	AppSync GraphQL API URL for publishing updates.
`athenaBucket`	`aws-cdk-lib.aws_s3.IBucket`	S3 bucket for Athena query results.
`athenaDatabase`	`@aws-cdk/aws-glue-alpha.IDatabase`	Athena database for analytics queries.
`configurationTable`	`IConfigurationTable`	The DynamoDB table that stores configuration settings.
`metricNamespace`	`string`	The namespace for CloudWatch metrics.
`model`	`@cdklabs/generative-ai-cdk-constructs.bedrock.IInvokable`	The foundation model or inference profile to use for document analysis agent.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	The KMS key used for encryption.
`externalMcpAgentsSecret`	`aws-cdk-lib.aws_secretsmanager.ISecret`	Optional Secrets Manager secret for external MCP agents.
`guardrail`	`@cdklabs/generative-ai-cdk-constructs.bedrock.IGuardrail`	Optional Bedrock guardrail for content filtering.
`logLevel`	`LogLevel`	The log level for the function.

`adotInstrumentation`^Optional

public readonly adotInstrumentation: AdotInstrumentationConfig;

Type: aws-cdk-lib.aws_lambda.AdotInstrumentationConfig
Default: No ADOT instrumentation

Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.

`allowAllIpv6Outbound`^Optional

public readonly allowAllIpv6Outbound: boolean;

Type: boolean
Default: false

Whether to allow the Lambda to send all ipv6 network traffic.

If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.

Do not specify this property if the securityGroups or securityGroup property is set. Instead, configure allowAllIpv6Outbound directly on the security group.

`applicationLogLevel`^Optional

Deprecated: Use applicationLogLevelV2 as a property instead.

public readonly applicationLogLevel: string;

Type: string
Default: "INFO"

Sets the application log level for the function.

`applicationLogLevelV2`^Optional

public readonly applicationLogLevelV2: ApplicationLogLevel;

Type: aws-cdk-lib.aws_lambda.ApplicationLogLevel
Default: ApplicationLogLevel.INFO

Sets the application log level for the function.

`architecture`^Optional

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture
Default: Architecture.X86_64

The system architectures compatible with this lambda function.

`codeSigningConfig`^Optional

public readonly codeSigningConfig: ICodeSigningConfig;

Type: aws-cdk-lib.aws_lambda.ICodeSigningConfig
Default: Not Sign the Code

Code signing config associated with this function.

`currentVersionOptions`^Optional

public readonly currentVersionOptions: VersionOptions;

Type: aws-cdk-lib.aws_lambda.VersionOptions
Default: default options as described in VersionOptions

Options for the lambda.Version resource automatically created by the fn.currentVersion method.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue
Default: SQS queue with 14 day retention period if deadLetterQueueEnabled is true

The SQS queue to use if DLQ is enabled.

If SNS topic is desired, specify deadLetterTopic property instead.

`deadLetterQueueEnabled`^Optional

public readonly deadLetterQueueEnabled: boolean;

Type: boolean
Default: false unless deadLetterQueue is set, which implies DLQ is enabled.

Enabled DLQ.

If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic
Default: no SNS topic

The SNS topic to use as a DLQ.

Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.

`description`^Optional

public readonly description: string;

Type: string
Default: No description.

A description of the function.

`environmentEncryption`^Optional

public readonly environmentEncryption: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: AWS Lambda creates and uses an AWS managed customer master key (CMK).

The AWS KMS key that's used to encrypt your function's environment variables.

`ephemeralStorageSize`^Optional

public readonly ephemeralStorageSize: Size;

Type: aws-cdk-lib.Size
Default: 512 MiB

The size of the function’s /tmp directory in MiB.

`events`^Optional

public readonly events: IEventSource[];

Type: aws-cdk-lib.aws_lambda.IEventSource[]
Default: No event sources.

Event sources for this function.

You can also add event sources using addEventSource.

`functionName`^Optional

public readonly functionName: string;

Type: string
Default: AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.

A name for the function.

`initialPolicy`^Optional

public readonly initialPolicy: PolicyStatement[];

Type: aws-cdk-lib.aws_iam.PolicyStatement[]
Default: No policy statements are added to the created Lambda role.

Initial policy statements to add to the created Lambda Role.

You can call addToRolePolicy to the created lambda to add statements post creation.

`insightsVersion`^Optional

public readonly insightsVersion: LambdaInsightsVersion;

Type: aws-cdk-lib.aws_lambda.LambdaInsightsVersion
Default: No Lambda Insights

Specify the version of CloudWatch Lambda insights to use for monitoring.

`ipv6AllowedForDualStack`^Optional

public readonly ipv6AllowedForDualStack: boolean;

Type: boolean
Default: false

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

Only used if 'vpc' is supplied.

`logFormat`^Optional

Deprecated: Use loggingFormat as a property instead.

public readonly logFormat: string;

Type: string
Default: "Text"

Sets the logFormat for the function.

`loggingFormat`^Optional

public readonly loggingFormat: LoggingFormat;

Type: aws-cdk-lib.aws_lambda.LoggingFormat
Default: LoggingFormat.TEXT

Sets the loggingFormat for the function.

`logGroup`^Optional

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup
Default: /aws/lambda/${this.functionName} - default log group created by Lambda

The log group the function sends logs to.

By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/\<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.

Use the logGroup property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.

`logRemovalPolicy`^Optional

Deprecated: use logGroup instead

public readonly logRemovalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.Retain

Determine the removal policy of the log group that is auto-created by this construct.

Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.

`logRetention`^Optional

Deprecated: use logGroup instead

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays
Default: logs.RetentionDays.INFINITE

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to INFINITE.

This is a legacy API and we strongly recommend you move away from it if you can. Instead create a fully customizable log group with logs.LogGroup and use the logGroup property to instruct the Lambda function to send logs to it. Migrating from logRetention to logGroup will cause the name of the log group to change. Users and code and referencing the name verbatim will have to adjust.

In AWS CDK code, you can access the log group name directly from the LogGroup construct:

import * as logs from 'aws-cdk-lib/aws-logs';

declare const myLogGroup: logs.LogGroup;
myLogGroup.logGroupName;

`logRetentionRetryOptions`^Optional

public readonly logRetentionRetryOptions: LogRetentionRetryOptions;

Type: aws-cdk-lib.aws_lambda.LogRetentionRetryOptions
Default: Default AWS SDK retry options.

When log retention is specified, a custom resource attempts to create the CloudWatch log group.

These options control the retry policy when interacting with CloudWatch APIs.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`logRetentionRole`^Optional

public readonly logRetentionRole: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A new role is created.

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`maxEventAge`^Optional

public readonly maxEventAge: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.hours(6)

The maximum age of a request that Lambda sends to a function for processing.

Minimum: 60 seconds Maximum: 6 hours

`onFailure`^Optional

public readonly onFailure: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for failed invocations.

`onSuccess`^Optional

public readonly onSuccess: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for successful invocations.

`paramsAndSecrets`^Optional

public readonly paramsAndSecrets: ParamsAndSecretsLayerVersion;

Type: aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion
Default: No Parameters and Secrets Extension

Specify the configuration of Parameters and Secrets Extension.

`profiling`^Optional

public readonly profiling: boolean;

Type: boolean
Default: No profiling.

Enable profiling.

`profilingGroup`^Optional

public readonly profilingGroup: IProfilingGroup;

Type: aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup
Default: A new profiling group will be created if profiling is set.

Profiling Group.

`recursiveLoop`^Optional

public readonly recursiveLoop: RecursiveLoop;

Type: aws-cdk-lib.aws_lambda.RecursiveLoop
Default: RecursiveLoop.Terminate

Sets the Recursive Loop Protection for Lambda Function.

It lets Lambda detect and terminate unintended recursive loops.

`reservedConcurrentExecutions`^Optional

public readonly reservedConcurrentExecutions: number;

Type: number
Default: No specific limit - account limit.

The maximum of concurrent executions you want to reserve for the function.

`retryAttempts`^Optional

public readonly retryAttempts: number;

Type: number
Default: 2

The maximum number of times to retry when the function returns an error.

Minimum: 0 Maximum: 2

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.

The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.

The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".

`runtimeManagementMode`^Optional

public readonly runtimeManagementMode: RuntimeManagementMode;

Type: aws-cdk-lib.aws_lambda.RuntimeManagementMode
Default: Auto

Sets the runtime management configuration for a function's version.

`securityGroups`^Optional

public readonly securityGroups: ISecurityGroup[];

Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]
Default: If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

The list of security groups to associate with the Lambda's network interfaces.

Only used if 'vpc' is supplied.

`snapStart`^Optional

public readonly snapStart: SnapStartConf;

Type: aws-cdk-lib.aws_lambda.SnapStartConf
Default: No snapstart

Enable SnapStart for Lambda Function.

SnapStart is currently supported for Java 11, Java 17, Python 3.12, Python 3.13, and .NET 8 runtime

`systemLogLevel`^Optional

Deprecated: Use systemLogLevelV2 as a property instead.

public readonly systemLogLevel: string;

Type: string
Default: "INFO"

Sets the system log level for the function.

`systemLogLevelV2`^Optional

public readonly systemLogLevelV2: SystemLogLevel;

Type: aws-cdk-lib.aws_lambda.SystemLogLevel
Default: SystemLogLevel.INFO

Sets the system log level for the function.

`tracing`^Optional

public readonly tracing: Tracing;

Type: aws-cdk-lib.aws_lambda.Tracing
Default: Tracing.Disabled

Enable AWS X-Ray Tracing for Lambda Function.

`vpc`^Optional

public readonly vpc: IVpc;

Type: aws-cdk-lib.aws_ec2.IVpc
Default: Function is not placed within a VPC.

VPC network to place Lambda network interfaces.

Specify this if the Lambda function needs to access resources in a VPC. This is required when vpcSubnets is specified.

`vpcSubnets`^Optional

public readonly vpcSubnets: SubnetSelection;

Type: aws-cdk-lib.aws_ec2.SubnetSelection
Default: the Vpc default strategy if not specified

Where to place the network interfaces within the VPC.

This requires vpc to be specified in order for interfaces to actually be placed in the subnets. If vpc is not specify, this will raise an error.

Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless allowPublicSubnet is set to true).

`agentTable`^Required

public readonly agentTable: ITable;

Type: aws-cdk-lib.aws_dynamodb.ITable

The DynamoDB table for agent job tracking.

`appSyncApiUrl`^Required

public readonly appSyncApiUrl: string;

Type: string

AppSync GraphQL API URL for publishing updates.

`athenaBucket`^Required

public readonly athenaBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

S3 bucket for Athena query results.

`athenaDatabase`^Required

public readonly athenaDatabase: IDatabase;

Type: @aws-cdk/aws-glue-alpha.IDatabase

Athena database for analytics queries.

`configurationTable`^Required

public readonly configurationTable: IConfigurationTable;

Type: IConfigurationTable

The DynamoDB table that stores configuration settings.

Used to access document schemas and processing parameters.

`metricNamespace`^Required

public readonly metricNamespace: string;

Type: string

The namespace for CloudWatch metrics.

`model`^Required

public readonly model: IInvokable;

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IInvokable

The foundation model or inference profile to use for document analysis agent.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

The KMS key used for encryption.

`externalMcpAgentsSecret`^Optional

public readonly externalMcpAgentsSecret: ISecret;

Type: aws-cdk-lib.aws_secretsmanager.ISecret

Optional Secrets Manager secret for external MCP agents.

`guardrail`^Optional

public readonly guardrail: IGuardrail;

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IGuardrail

Optional Bedrock guardrail for content filtering.

When provided, enables guardrail permissions for the agent processor.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel
Default: LogLevel.INFO

The log level for the function.

AgentRequestHandlerFunctionProps

Properties for the Agent Request Handler function.

Initializer

import { AgentRequestHandlerFunctionProps } from '@cdklabs/genai-idp'

const agentRequestHandlerFunctionProps: AgentRequestHandlerFunctionProps = { ... }

Properties

Name	Type	Description
`adotInstrumentation`	`aws-cdk-lib.aws_lambda.AdotInstrumentationConfig`	Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
`allowAllIpv6Outbound`	`boolean`	Whether to allow the Lambda to send all ipv6 network traffic.
`applicationLogLevel`	`string`	Sets the application log level for the function.
`applicationLogLevelV2`	`aws-cdk-lib.aws_lambda.ApplicationLogLevel`	Sets the application log level for the function.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The system architectures compatible with this lambda function.
`codeSigningConfig`	`aws-cdk-lib.aws_lambda.ICodeSigningConfig`	Code signing config associated with this function.
`currentVersionOptions`	`aws-cdk-lib.aws_lambda.VersionOptions`	Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The SQS queue to use if DLQ is enabled.
`deadLetterQueueEnabled`	`boolean`	Enabled DLQ.
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The SNS topic to use as a DLQ.
`description`	`string`	A description of the function.
`environmentEncryption`	`aws-cdk-lib.aws_kms.IKey`	The AWS KMS key that's used to encrypt your function's environment variables.
`ephemeralStorageSize`	`aws-cdk-lib.Size`	The size of the function’s /tmp directory in MiB.
`events`	`aws-cdk-lib.aws_lambda.IEventSource[]`	Event sources for this function.
`functionName`	`string`	A name for the function.
`initialPolicy`	`aws-cdk-lib.aws_iam.PolicyStatement[]`	Initial policy statements to add to the created Lambda Role.
`insightsVersion`	`aws-cdk-lib.aws_lambda.LambdaInsightsVersion`	Specify the version of CloudWatch Lambda insights to use for monitoring.
`ipv6AllowedForDualStack`	`boolean`	Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
`logFormat`	`string`	Sets the logFormat for the function.
`loggingFormat`	`aws-cdk-lib.aws_lambda.LoggingFormat`	Sets the loggingFormat for the function.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The log group the function sends logs to.
`logRemovalPolicy`	`aws-cdk-lib.RemovalPolicy`	Determine the removal policy of the log group that is auto-created by this construct.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The number of days log events are kept in CloudWatch Logs.
`logRetentionRetryOptions`	`aws-cdk-lib.aws_lambda.LogRetentionRetryOptions`	When log retention is specified, a custom resource attempts to create the CloudWatch log group.
`logRetentionRole`	`aws-cdk-lib.aws_iam.IRole`	The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
`maxEventAge`	`aws-cdk-lib.Duration`	The maximum age of a request that Lambda sends to a function for processing.
`onFailure`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for failed invocations.
`onSuccess`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for successful invocations.
`paramsAndSecrets`	`aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion`	Specify the configuration of Parameters and Secrets Extension.
`profiling`	`boolean`	Enable profiling.
`profilingGroup`	`aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup`	Profiling Group.
`recursiveLoop`	`aws-cdk-lib.aws_lambda.RecursiveLoop`	Sets the Recursive Loop Protection for Lambda Function.
`reservedConcurrentExecutions`	`number`	The maximum of concurrent executions you want to reserve for the function.
`retryAttempts`	`number`	The maximum number of times to retry when the function returns an error.
`role`	`aws-cdk-lib.aws_iam.IRole`	Lambda execution role.
`runtimeManagementMode`	`aws-cdk-lib.aws_lambda.RuntimeManagementMode`	Sets the runtime management configuration for a function's version.
`securityGroups`	`aws-cdk-lib.aws_ec2.ISecurityGroup[]`	The list of security groups to associate with the Lambda's network interfaces.
`snapStart`	`aws-cdk-lib.aws_lambda.SnapStartConf`	Enable SnapStart for Lambda Function.
`systemLogLevel`	`string`	Sets the system log level for the function.
`systemLogLevelV2`	`aws-cdk-lib.aws_lambda.SystemLogLevel`	Sets the system log level for the function.
`tracing`	`aws-cdk-lib.aws_lambda.Tracing`	Enable AWS X-Ray Tracing for Lambda Function.
`vpc`	`aws-cdk-lib.aws_ec2.IVpc`	VPC network to place Lambda network interfaces.
`vpcSubnets`	`aws-cdk-lib.aws_ec2.SubnetSelection`	Where to place the network interfaces within the VPC.
`agentProcessorFunction`	`aws-cdk-lib.aws_lambda.IFunction`	The agent processor function to invoke for processing queries.
`agentTable`	`aws-cdk-lib.aws_dynamodb.ITable`	The DynamoDB table for agent job tracking.
`metricNamespace`	`string`	The namespace for CloudWatch metrics.
`dataRetentionDays`	`number`	Data retention period in days.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	The KMS key used for encryption.
`logLevel`	`LogLevel`	The log level for the function.

`adotInstrumentation`^Optional

public readonly adotInstrumentation: AdotInstrumentationConfig;

Type: aws-cdk-lib.aws_lambda.AdotInstrumentationConfig
Default: No ADOT instrumentation

Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.

`allowAllIpv6Outbound`^Optional

public readonly allowAllIpv6Outbound: boolean;

Type: boolean
Default: false

Whether to allow the Lambda to send all ipv6 network traffic.

If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.

Do not specify this property if the securityGroups or securityGroup property is set. Instead, configure allowAllIpv6Outbound directly on the security group.

`applicationLogLevel`^Optional

Deprecated: Use applicationLogLevelV2 as a property instead.

public readonly applicationLogLevel: string;

Type: string
Default: "INFO"

Sets the application log level for the function.

`applicationLogLevelV2`^Optional

public readonly applicationLogLevelV2: ApplicationLogLevel;

Type: aws-cdk-lib.aws_lambda.ApplicationLogLevel
Default: ApplicationLogLevel.INFO

Sets the application log level for the function.

`architecture`^Optional

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture
Default: Architecture.X86_64

The system architectures compatible with this lambda function.

`codeSigningConfig`^Optional

public readonly codeSigningConfig: ICodeSigningConfig;

Type: aws-cdk-lib.aws_lambda.ICodeSigningConfig
Default: Not Sign the Code

Code signing config associated with this function.

`currentVersionOptions`^Optional

public readonly currentVersionOptions: VersionOptions;

Type: aws-cdk-lib.aws_lambda.VersionOptions
Default: default options as described in VersionOptions

Options for the lambda.Version resource automatically created by the fn.currentVersion method.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue
Default: SQS queue with 14 day retention period if deadLetterQueueEnabled is true

The SQS queue to use if DLQ is enabled.

If SNS topic is desired, specify deadLetterTopic property instead.

`deadLetterQueueEnabled`^Optional

public readonly deadLetterQueueEnabled: boolean;

Type: boolean
Default: false unless deadLetterQueue is set, which implies DLQ is enabled.

Enabled DLQ.

If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic
Default: no SNS topic

The SNS topic to use as a DLQ.

Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.

`description`^Optional

public readonly description: string;

Type: string
Default: No description.

A description of the function.

`environmentEncryption`^Optional

public readonly environmentEncryption: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: AWS Lambda creates and uses an AWS managed customer master key (CMK).

The AWS KMS key that's used to encrypt your function's environment variables.

`ephemeralStorageSize`^Optional

public readonly ephemeralStorageSize: Size;

Type: aws-cdk-lib.Size
Default: 512 MiB

The size of the function’s /tmp directory in MiB.

`events`^Optional

public readonly events: IEventSource[];

Type: aws-cdk-lib.aws_lambda.IEventSource[]
Default: No event sources.

Event sources for this function.

You can also add event sources using addEventSource.

`functionName`^Optional

public readonly functionName: string;

Type: string
Default: AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.

A name for the function.

`initialPolicy`^Optional

public readonly initialPolicy: PolicyStatement[];

Type: aws-cdk-lib.aws_iam.PolicyStatement[]
Default: No policy statements are added to the created Lambda role.

Initial policy statements to add to the created Lambda Role.

You can call addToRolePolicy to the created lambda to add statements post creation.

`insightsVersion`^Optional

public readonly insightsVersion: LambdaInsightsVersion;

Type: aws-cdk-lib.aws_lambda.LambdaInsightsVersion
Default: No Lambda Insights

Specify the version of CloudWatch Lambda insights to use for monitoring.

`ipv6AllowedForDualStack`^Optional

public readonly ipv6AllowedForDualStack: boolean;

Type: boolean
Default: false

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

Only used if 'vpc' is supplied.

`logFormat`^Optional

Deprecated: Use loggingFormat as a property instead.

public readonly logFormat: string;

Type: string
Default: "Text"

Sets the logFormat for the function.

`loggingFormat`^Optional

public readonly loggingFormat: LoggingFormat;

Type: aws-cdk-lib.aws_lambda.LoggingFormat
Default: LoggingFormat.TEXT

Sets the loggingFormat for the function.

`logGroup`^Optional

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup
Default: /aws/lambda/${this.functionName} - default log group created by Lambda

The log group the function sends logs to.

By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/\<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.

Use the logGroup property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.

`logRemovalPolicy`^Optional

Deprecated: use logGroup instead

public readonly logRemovalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.Retain

Determine the removal policy of the log group that is auto-created by this construct.

Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.

`logRetention`^Optional

Deprecated: use logGroup instead

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays
Default: logs.RetentionDays.INFINITE

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to INFINITE.

This is a legacy API and we strongly recommend you move away from it if you can. Instead create a fully customizable log group with logs.LogGroup and use the logGroup property to instruct the Lambda function to send logs to it. Migrating from logRetention to logGroup will cause the name of the log group to change. Users and code and referencing the name verbatim will have to adjust.

In AWS CDK code, you can access the log group name directly from the LogGroup construct:

import * as logs from 'aws-cdk-lib/aws-logs';

declare const myLogGroup: logs.LogGroup;
myLogGroup.logGroupName;

`logRetentionRetryOptions`^Optional

public readonly logRetentionRetryOptions: LogRetentionRetryOptions;

Type: aws-cdk-lib.aws_lambda.LogRetentionRetryOptions
Default: Default AWS SDK retry options.

When log retention is specified, a custom resource attempts to create the CloudWatch log group.

These options control the retry policy when interacting with CloudWatch APIs.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`logRetentionRole`^Optional

public readonly logRetentionRole: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A new role is created.

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`maxEventAge`^Optional

public readonly maxEventAge: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.hours(6)

The maximum age of a request that Lambda sends to a function for processing.

Minimum: 60 seconds Maximum: 6 hours

`onFailure`^Optional

public readonly onFailure: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for failed invocations.

`onSuccess`^Optional

public readonly onSuccess: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for successful invocations.

`paramsAndSecrets`^Optional

public readonly paramsAndSecrets: ParamsAndSecretsLayerVersion;

Type: aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion
Default: No Parameters and Secrets Extension

Specify the configuration of Parameters and Secrets Extension.

`profiling`^Optional

public readonly profiling: boolean;

Type: boolean
Default: No profiling.

Enable profiling.

`profilingGroup`^Optional

public readonly profilingGroup: IProfilingGroup;

Type: aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup
Default: A new profiling group will be created if profiling is set.

Profiling Group.

`recursiveLoop`^Optional

public readonly recursiveLoop: RecursiveLoop;

Type: aws-cdk-lib.aws_lambda.RecursiveLoop
Default: RecursiveLoop.Terminate

Sets the Recursive Loop Protection for Lambda Function.

It lets Lambda detect and terminate unintended recursive loops.

`reservedConcurrentExecutions`^Optional

public readonly reservedConcurrentExecutions: number;

Type: number
Default: No specific limit - account limit.

The maximum of concurrent executions you want to reserve for the function.

`retryAttempts`^Optional

public readonly retryAttempts: number;

Type: number
Default: 2

The maximum number of times to retry when the function returns an error.

Minimum: 0 Maximum: 2

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.

The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.

The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".

`runtimeManagementMode`^Optional

public readonly runtimeManagementMode: RuntimeManagementMode;

Type: aws-cdk-lib.aws_lambda.RuntimeManagementMode
Default: Auto

Sets the runtime management configuration for a function's version.

`securityGroups`^Optional

public readonly securityGroups: ISecurityGroup[];

Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]
Default: If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

The list of security groups to associate with the Lambda's network interfaces.

Only used if 'vpc' is supplied.

`snapStart`^Optional

public readonly snapStart: SnapStartConf;

Type: aws-cdk-lib.aws_lambda.SnapStartConf
Default: No snapstart

Enable SnapStart for Lambda Function.

SnapStart is currently supported for Java 11, Java 17, Python 3.12, Python 3.13, and .NET 8 runtime

`systemLogLevel`^Optional

Deprecated: Use systemLogLevelV2 as a property instead.

public readonly systemLogLevel: string;

Type: string
Default: "INFO"

Sets the system log level for the function.

`systemLogLevelV2`^Optional

public readonly systemLogLevelV2: SystemLogLevel;

Type: aws-cdk-lib.aws_lambda.SystemLogLevel
Default: SystemLogLevel.INFO

Sets the system log level for the function.

`tracing`^Optional

public readonly tracing: Tracing;

Type: aws-cdk-lib.aws_lambda.Tracing
Default: Tracing.Disabled

Enable AWS X-Ray Tracing for Lambda Function.

`vpc`^Optional

public readonly vpc: IVpc;

Type: aws-cdk-lib.aws_ec2.IVpc
Default: Function is not placed within a VPC.

VPC network to place Lambda network interfaces.

Specify this if the Lambda function needs to access resources in a VPC. This is required when vpcSubnets is specified.

`vpcSubnets`^Optional

public readonly vpcSubnets: SubnetSelection;

Type: aws-cdk-lib.aws_ec2.SubnetSelection
Default: the Vpc default strategy if not specified

Where to place the network interfaces within the VPC.

This requires vpc to be specified in order for interfaces to actually be placed in the subnets. If vpc is not specify, this will raise an error.

Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless allowPublicSubnet is set to true).

`agentProcessorFunction`^Required

public readonly agentProcessorFunction: IFunction;

Type: aws-cdk-lib.aws_lambda.IFunction

The agent processor function to invoke for processing queries.

`agentTable`^Required

public readonly agentTable: ITable;

Type: aws-cdk-lib.aws_dynamodb.ITable

The DynamoDB table for agent job tracking.

`metricNamespace`^Required

public readonly metricNamespace: string;

Type: string

The namespace for CloudWatch metrics.

`dataRetentionDays`^Optional

public readonly dataRetentionDays: number;

Type: number
Default: 30

Data retention period in days.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

The KMS key used for encryption.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel
Default: LogLevel.INFO

The log level for the function.

CognitoUpdaterHitlFunctionProps

Properties for configuring the CognitoUpdaterHitlFunction.

Initializer

import { CognitoUpdaterHitlFunctionProps } from '@cdklabs/genai-idp'

const cognitoUpdaterHitlFunctionProps: CognitoUpdaterHitlFunctionProps = { ... }

Properties

Name	Type	Description
`adotInstrumentation`	`aws-cdk-lib.aws_lambda.AdotInstrumentationConfig`	Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
`allowAllIpv6Outbound`	`boolean`	Whether to allow the Lambda to send all ipv6 network traffic.
`applicationLogLevel`	`string`	Sets the application log level for the function.
`applicationLogLevelV2`	`aws-cdk-lib.aws_lambda.ApplicationLogLevel`	Sets the application log level for the function.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The system architectures compatible with this lambda function.
`codeSigningConfig`	`aws-cdk-lib.aws_lambda.ICodeSigningConfig`	Code signing config associated with this function.
`currentVersionOptions`	`aws-cdk-lib.aws_lambda.VersionOptions`	Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The SQS queue to use if DLQ is enabled.
`deadLetterQueueEnabled`	`boolean`	Enabled DLQ.
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The SNS topic to use as a DLQ.
`description`	`string`	A description of the function.
`environmentEncryption`	`aws-cdk-lib.aws_kms.IKey`	The AWS KMS key that's used to encrypt your function's environment variables.
`ephemeralStorageSize`	`aws-cdk-lib.Size`	The size of the function’s /tmp directory in MiB.
`events`	`aws-cdk-lib.aws_lambda.IEventSource[]`	Event sources for this function.
`functionName`	`string`	A name for the function.
`initialPolicy`	`aws-cdk-lib.aws_iam.PolicyStatement[]`	Initial policy statements to add to the created Lambda Role.
`insightsVersion`	`aws-cdk-lib.aws_lambda.LambdaInsightsVersion`	Specify the version of CloudWatch Lambda insights to use for monitoring.
`ipv6AllowedForDualStack`	`boolean`	Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
`logFormat`	`string`	Sets the logFormat for the function.
`loggingFormat`	`aws-cdk-lib.aws_lambda.LoggingFormat`	Sets the loggingFormat for the function.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The log group the function sends logs to.
`logRemovalPolicy`	`aws-cdk-lib.RemovalPolicy`	Determine the removal policy of the log group that is auto-created by this construct.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The number of days log events are kept in CloudWatch Logs.
`logRetentionRetryOptions`	`aws-cdk-lib.aws_lambda.LogRetentionRetryOptions`	When log retention is specified, a custom resource attempts to create the CloudWatch log group.
`logRetentionRole`	`aws-cdk-lib.aws_iam.IRole`	The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
`maxEventAge`	`aws-cdk-lib.Duration`	The maximum age of a request that Lambda sends to a function for processing.
`onFailure`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for failed invocations.
`onSuccess`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for successful invocations.
`paramsAndSecrets`	`aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion`	Specify the configuration of Parameters and Secrets Extension.
`profiling`	`boolean`	Enable profiling.
`profilingGroup`	`aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup`	Profiling Group.
`recursiveLoop`	`aws-cdk-lib.aws_lambda.RecursiveLoop`	Sets the Recursive Loop Protection for Lambda Function.
`reservedConcurrentExecutions`	`number`	The maximum of concurrent executions you want to reserve for the function.
`retryAttempts`	`number`	The maximum number of times to retry when the function returns an error.
`role`	`aws-cdk-lib.aws_iam.IRole`	Lambda execution role.
`runtimeManagementMode`	`aws-cdk-lib.aws_lambda.RuntimeManagementMode`	Sets the runtime management configuration for a function's version.
`securityGroups`	`aws-cdk-lib.aws_ec2.ISecurityGroup[]`	The list of security groups to associate with the Lambda's network interfaces.
`snapStart`	`aws-cdk-lib.aws_lambda.SnapStartConf`	Enable SnapStart for Lambda Function.
`systemLogLevel`	`string`	Sets the system log level for the function.
`systemLogLevelV2`	`aws-cdk-lib.aws_lambda.SystemLogLevel`	Sets the system log level for the function.
`tracing`	`aws-cdk-lib.aws_lambda.Tracing`	Enable AWS X-Ray Tracing for Lambda Function.
`vpc`	`aws-cdk-lib.aws_ec2.IVpc`	VPC network to place Lambda network interfaces.
`vpcSubnets`	`aws-cdk-lib.aws_ec2.SubnetSelection`	Where to place the network interfaces within the VPC.
`userPool`	`aws-cdk-lib.aws_cognito.IUserPool`	The Cognito User Pool to update.
`userPoolClient`	`aws-cdk-lib.aws_cognito.IUserPoolClient`	The Cognito User Pool Client for A2I integration.
`workteamName`	`string`	The name of the SageMaker workteam.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS key for encrypting function resources.
`logLevel`	`LogLevel`	The log level for the function.

`adotInstrumentation`^Optional

public readonly adotInstrumentation: AdotInstrumentationConfig;

Type: aws-cdk-lib.aws_lambda.AdotInstrumentationConfig
Default: No ADOT instrumentation

Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.

`allowAllIpv6Outbound`^Optional

public readonly allowAllIpv6Outbound: boolean;

Type: boolean
Default: false

Whether to allow the Lambda to send all ipv6 network traffic.

If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.

Do not specify this property if the securityGroups or securityGroup property is set. Instead, configure allowAllIpv6Outbound directly on the security group.

`applicationLogLevel`^Optional

Deprecated: Use applicationLogLevelV2 as a property instead.

public readonly applicationLogLevel: string;

Type: string
Default: "INFO"

Sets the application log level for the function.

`applicationLogLevelV2`^Optional

public readonly applicationLogLevelV2: ApplicationLogLevel;

Type: aws-cdk-lib.aws_lambda.ApplicationLogLevel
Default: ApplicationLogLevel.INFO

Sets the application log level for the function.

`architecture`^Optional

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture
Default: Architecture.X86_64

The system architectures compatible with this lambda function.

`codeSigningConfig`^Optional

public readonly codeSigningConfig: ICodeSigningConfig;

Type: aws-cdk-lib.aws_lambda.ICodeSigningConfig
Default: Not Sign the Code

Code signing config associated with this function.

`currentVersionOptions`^Optional

public readonly currentVersionOptions: VersionOptions;

Type: aws-cdk-lib.aws_lambda.VersionOptions
Default: default options as described in VersionOptions

Options for the lambda.Version resource automatically created by the fn.currentVersion method.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue
Default: SQS queue with 14 day retention period if deadLetterQueueEnabled is true

The SQS queue to use if DLQ is enabled.

If SNS topic is desired, specify deadLetterTopic property instead.

`deadLetterQueueEnabled`^Optional

public readonly deadLetterQueueEnabled: boolean;

Type: boolean
Default: false unless deadLetterQueue is set, which implies DLQ is enabled.

Enabled DLQ.

If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic
Default: no SNS topic

The SNS topic to use as a DLQ.

Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.

`description`^Optional

public readonly description: string;

Type: string
Default: No description.

A description of the function.

`environmentEncryption`^Optional

public readonly environmentEncryption: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: AWS Lambda creates and uses an AWS managed customer master key (CMK).

The AWS KMS key that's used to encrypt your function's environment variables.

`ephemeralStorageSize`^Optional

public readonly ephemeralStorageSize: Size;

Type: aws-cdk-lib.Size
Default: 512 MiB

The size of the function’s /tmp directory in MiB.

`events`^Optional

public readonly events: IEventSource[];

Type: aws-cdk-lib.aws_lambda.IEventSource[]
Default: No event sources.

Event sources for this function.

You can also add event sources using addEventSource.

`functionName`^Optional

public readonly functionName: string;

Type: string
Default: AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.

A name for the function.

`initialPolicy`^Optional

public readonly initialPolicy: PolicyStatement[];

Type: aws-cdk-lib.aws_iam.PolicyStatement[]
Default: No policy statements are added to the created Lambda role.

Initial policy statements to add to the created Lambda Role.

You can call addToRolePolicy to the created lambda to add statements post creation.

`insightsVersion`^Optional

public readonly insightsVersion: LambdaInsightsVersion;

Type: aws-cdk-lib.aws_lambda.LambdaInsightsVersion
Default: No Lambda Insights

Specify the version of CloudWatch Lambda insights to use for monitoring.

`ipv6AllowedForDualStack`^Optional

public readonly ipv6AllowedForDualStack: boolean;

Type: boolean
Default: false

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

Only used if 'vpc' is supplied.

`logFormat`^Optional

Deprecated: Use loggingFormat as a property instead.

public readonly logFormat: string;

Type: string
Default: "Text"

Sets the logFormat for the function.

`loggingFormat`^Optional

public readonly loggingFormat: LoggingFormat;

Type: aws-cdk-lib.aws_lambda.LoggingFormat
Default: LoggingFormat.TEXT

Sets the loggingFormat for the function.

`logGroup`^Optional

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup
Default: /aws/lambda/${this.functionName} - default log group created by Lambda

The log group the function sends logs to.

By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/\<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.

Use the logGroup property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.

`logRemovalPolicy`^Optional

Deprecated: use logGroup instead

public readonly logRemovalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.Retain

Determine the removal policy of the log group that is auto-created by this construct.

Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.

`logRetention`^Optional

Deprecated: use logGroup instead

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays
Default: logs.RetentionDays.INFINITE

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to INFINITE.

This is a legacy API and we strongly recommend you move away from it if you can. Instead create a fully customizable log group with logs.LogGroup and use the logGroup property to instruct the Lambda function to send logs to it. Migrating from logRetention to logGroup will cause the name of the log group to change. Users and code and referencing the name verbatim will have to adjust.

In AWS CDK code, you can access the log group name directly from the LogGroup construct:

import * as logs from 'aws-cdk-lib/aws-logs';

declare const myLogGroup: logs.LogGroup;
myLogGroup.logGroupName;

`logRetentionRetryOptions`^Optional

public readonly logRetentionRetryOptions: LogRetentionRetryOptions;

Type: aws-cdk-lib.aws_lambda.LogRetentionRetryOptions
Default: Default AWS SDK retry options.

When log retention is specified, a custom resource attempts to create the CloudWatch log group.

These options control the retry policy when interacting with CloudWatch APIs.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`logRetentionRole`^Optional

public readonly logRetentionRole: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A new role is created.

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`maxEventAge`^Optional

public readonly maxEventAge: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.hours(6)

The maximum age of a request that Lambda sends to a function for processing.

Minimum: 60 seconds Maximum: 6 hours

`onFailure`^Optional

public readonly onFailure: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for failed invocations.

`onSuccess`^Optional

public readonly onSuccess: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for successful invocations.

`paramsAndSecrets`^Optional

public readonly paramsAndSecrets: ParamsAndSecretsLayerVersion;

Type: aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion
Default: No Parameters and Secrets Extension

Specify the configuration of Parameters and Secrets Extension.

`profiling`^Optional

public readonly profiling: boolean;

Type: boolean
Default: No profiling.

Enable profiling.

`profilingGroup`^Optional

public readonly profilingGroup: IProfilingGroup;

Type: aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup
Default: A new profiling group will be created if profiling is set.

Profiling Group.

`recursiveLoop`^Optional

public readonly recursiveLoop: RecursiveLoop;

Type: aws-cdk-lib.aws_lambda.RecursiveLoop
Default: RecursiveLoop.Terminate

Sets the Recursive Loop Protection for Lambda Function.

It lets Lambda detect and terminate unintended recursive loops.

`reservedConcurrentExecutions`^Optional

public readonly reservedConcurrentExecutions: number;

Type: number
Default: No specific limit - account limit.

The maximum of concurrent executions you want to reserve for the function.

`retryAttempts`^Optional

public readonly retryAttempts: number;

Type: number
Default: 2

The maximum number of times to retry when the function returns an error.

Minimum: 0 Maximum: 2

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.

The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.

The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".

`runtimeManagementMode`^Optional

public readonly runtimeManagementMode: RuntimeManagementMode;

Type: aws-cdk-lib.aws_lambda.RuntimeManagementMode
Default: Auto

Sets the runtime management configuration for a function's version.

`securityGroups`^Optional

public readonly securityGroups: ISecurityGroup[];

Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]
Default: If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

The list of security groups to associate with the Lambda's network interfaces.

Only used if 'vpc' is supplied.

`snapStart`^Optional

public readonly snapStart: SnapStartConf;

Type: aws-cdk-lib.aws_lambda.SnapStartConf
Default: No snapstart

Enable SnapStart for Lambda Function.

SnapStart is currently supported for Java 11, Java 17, Python 3.12, Python 3.13, and .NET 8 runtime

`systemLogLevel`^Optional

Deprecated: Use systemLogLevelV2 as a property instead.

public readonly systemLogLevel: string;

Type: string
Default: "INFO"

Sets the system log level for the function.

`systemLogLevelV2`^Optional

public readonly systemLogLevelV2: SystemLogLevel;

Type: aws-cdk-lib.aws_lambda.SystemLogLevel
Default: SystemLogLevel.INFO

Sets the system log level for the function.

`tracing`^Optional

public readonly tracing: Tracing;

Type: aws-cdk-lib.aws_lambda.Tracing
Default: Tracing.Disabled

Enable AWS X-Ray Tracing for Lambda Function.

`vpc`^Optional

public readonly vpc: IVpc;

Type: aws-cdk-lib.aws_ec2.IVpc
Default: Function is not placed within a VPC.

VPC network to place Lambda network interfaces.

Specify this if the Lambda function needs to access resources in a VPC. This is required when vpcSubnets is specified.

`vpcSubnets`^Optional

public readonly vpcSubnets: SubnetSelection;

Type: aws-cdk-lib.aws_ec2.SubnetSelection
Default: the Vpc default strategy if not specified

Where to place the network interfaces within the VPC.

This requires vpc to be specified in order for interfaces to actually be placed in the subnets. If vpc is not specify, this will raise an error.

Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless allowPublicSubnet is set to true).

`userPool`^Required

public readonly userPool: IUserPool;

Type: aws-cdk-lib.aws_cognito.IUserPool

The Cognito User Pool to update.

`userPoolClient`^Required

public readonly userPoolClient: IUserPoolClient;

Type: aws-cdk-lib.aws_cognito.IUserPoolClient

The Cognito User Pool Client for A2I integration.

`workteamName`^Required

public readonly workteamName: string;

Type: string

The name of the SageMaker workteam.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS key for encrypting function resources.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel
Default: LogLevel.INFO

The log level for the function.

ConfigurationDefinitionProps

Properties for creating a configuration definition.

Initializer

import { ConfigurationDefinitionProps } from '@cdklabs/genai-idp'

const configurationDefinitionProps: ConfigurationDefinitionProps = { ... }

Properties

Name	Type	Description
`configurationObject`	`{[ key: string ]: any}`	The configuration object to use.
`transforms`	`IConfigurationDefinitionPropertyTransform[]`	Optional transformations to apply to specific properties.

`configurationObject`^Required

public readonly configurationObject: {[ key: string ]: any};

Type: {[ key: string ]: any}

The configuration object to use.

Contains all settings for the document processing pipeline.

`transforms`^Optional

public readonly transforms: IConfigurationDefinitionPropertyTransform[];

Type: IConfigurationDefinitionPropertyTransform[]

Optional transformations to apply to specific properties.

Used to modify configuration values during initialization.

CreateA2IResourcesFunctionProps

Properties for configuring the CreateA2IResourcesFunction.

Initializer

import { CreateA2IResourcesFunctionProps } from '@cdklabs/genai-idp'

const createA2IResourcesFunctionProps: CreateA2IResourcesFunctionProps = { ... }

Properties

Name	Type	Description
`adotInstrumentation`	`aws-cdk-lib.aws_lambda.AdotInstrumentationConfig`	Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
`allowAllIpv6Outbound`	`boolean`	Whether to allow the Lambda to send all ipv6 network traffic.
`applicationLogLevel`	`string`	Sets the application log level for the function.
`applicationLogLevelV2`	`aws-cdk-lib.aws_lambda.ApplicationLogLevel`	Sets the application log level for the function.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The system architectures compatible with this lambda function.
`codeSigningConfig`	`aws-cdk-lib.aws_lambda.ICodeSigningConfig`	Code signing config associated with this function.
`currentVersionOptions`	`aws-cdk-lib.aws_lambda.VersionOptions`	Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The SQS queue to use if DLQ is enabled.
`deadLetterQueueEnabled`	`boolean`	Enabled DLQ.
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The SNS topic to use as a DLQ.
`description`	`string`	A description of the function.
`environmentEncryption`	`aws-cdk-lib.aws_kms.IKey`	The AWS KMS key that's used to encrypt your function's environment variables.
`ephemeralStorageSize`	`aws-cdk-lib.Size`	The size of the function’s /tmp directory in MiB.
`events`	`aws-cdk-lib.aws_lambda.IEventSource[]`	Event sources for this function.
`functionName`	`string`	A name for the function.
`initialPolicy`	`aws-cdk-lib.aws_iam.PolicyStatement[]`	Initial policy statements to add to the created Lambda Role.
`insightsVersion`	`aws-cdk-lib.aws_lambda.LambdaInsightsVersion`	Specify the version of CloudWatch Lambda insights to use for monitoring.
`ipv6AllowedForDualStack`	`boolean`	Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
`logFormat`	`string`	Sets the logFormat for the function.
`loggingFormat`	`aws-cdk-lib.aws_lambda.LoggingFormat`	Sets the loggingFormat for the function.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The log group the function sends logs to.
`logRemovalPolicy`	`aws-cdk-lib.RemovalPolicy`	Determine the removal policy of the log group that is auto-created by this construct.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The number of days log events are kept in CloudWatch Logs.
`logRetentionRetryOptions`	`aws-cdk-lib.aws_lambda.LogRetentionRetryOptions`	When log retention is specified, a custom resource attempts to create the CloudWatch log group.
`logRetentionRole`	`aws-cdk-lib.aws_iam.IRole`	The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
`maxEventAge`	`aws-cdk-lib.Duration`	The maximum age of a request that Lambda sends to a function for processing.
`onFailure`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for failed invocations.
`onSuccess`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for successful invocations.
`paramsAndSecrets`	`aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion`	Specify the configuration of Parameters and Secrets Extension.
`profiling`	`boolean`	Enable profiling.
`profilingGroup`	`aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup`	Profiling Group.
`recursiveLoop`	`aws-cdk-lib.aws_lambda.RecursiveLoop`	Sets the Recursive Loop Protection for Lambda Function.
`reservedConcurrentExecutions`	`number`	The maximum of concurrent executions you want to reserve for the function.
`retryAttempts`	`number`	The maximum number of times to retry when the function returns an error.
`role`	`aws-cdk-lib.aws_iam.IRole`	Lambda execution role.
`runtimeManagementMode`	`aws-cdk-lib.aws_lambda.RuntimeManagementMode`	Sets the runtime management configuration for a function's version.
`securityGroups`	`aws-cdk-lib.aws_ec2.ISecurityGroup[]`	The list of security groups to associate with the Lambda's network interfaces.
`snapStart`	`aws-cdk-lib.aws_lambda.SnapStartConf`	Enable SnapStart for Lambda Function.
`systemLogLevel`	`string`	Sets the system log level for the function.
`systemLogLevelV2`	`aws-cdk-lib.aws_lambda.SystemLogLevel`	Sets the system log level for the function.
`tracing`	`aws-cdk-lib.aws_lambda.Tracing`	Enable AWS X-Ray Tracing for Lambda Function.
`vpc`	`aws-cdk-lib.aws_ec2.IVpc`	VPC network to place Lambda network interfaces.
`vpcSubnets`	`aws-cdk-lib.aws_ec2.SubnetSelection`	Where to place the network interfaces within the VPC.
`flowDefinitionRoleArn`	`string`	The ARN of the IAM role for A2I Flow Definition.
`outputBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket for BDA output storage.
`workteamArn`	`string`	The ARN of the SageMaker workteam for A2I tasks.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS key for encrypting function resources.
`logLevel`	`LogLevel`	The log level for the function.

`adotInstrumentation`^Optional

public readonly adotInstrumentation: AdotInstrumentationConfig;

Type: aws-cdk-lib.aws_lambda.AdotInstrumentationConfig
Default: No ADOT instrumentation

Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.

`allowAllIpv6Outbound`^Optional

public readonly allowAllIpv6Outbound: boolean;

Type: boolean
Default: false

Whether to allow the Lambda to send all ipv6 network traffic.

If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.

Do not specify this property if the securityGroups or securityGroup property is set. Instead, configure allowAllIpv6Outbound directly on the security group.

`applicationLogLevel`^Optional

Deprecated: Use applicationLogLevelV2 as a property instead.

public readonly applicationLogLevel: string;

Type: string
Default: "INFO"

Sets the application log level for the function.

`applicationLogLevelV2`^Optional

public readonly applicationLogLevelV2: ApplicationLogLevel;

Type: aws-cdk-lib.aws_lambda.ApplicationLogLevel
Default: ApplicationLogLevel.INFO

Sets the application log level for the function.

`architecture`^Optional

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture
Default: Architecture.X86_64

The system architectures compatible with this lambda function.

`codeSigningConfig`^Optional

public readonly codeSigningConfig: ICodeSigningConfig;

Type: aws-cdk-lib.aws_lambda.ICodeSigningConfig
Default: Not Sign the Code

Code signing config associated with this function.

`currentVersionOptions`^Optional

public readonly currentVersionOptions: VersionOptions;

Type: aws-cdk-lib.aws_lambda.VersionOptions
Default: default options as described in VersionOptions

Options for the lambda.Version resource automatically created by the fn.currentVersion method.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue
Default: SQS queue with 14 day retention period if deadLetterQueueEnabled is true

The SQS queue to use if DLQ is enabled.

If SNS topic is desired, specify deadLetterTopic property instead.

`deadLetterQueueEnabled`^Optional

public readonly deadLetterQueueEnabled: boolean;

Type: boolean
Default: false unless deadLetterQueue is set, which implies DLQ is enabled.

Enabled DLQ.

If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic
Default: no SNS topic

The SNS topic to use as a DLQ.

Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.

`description`^Optional

public readonly description: string;

Type: string
Default: No description.

A description of the function.

`environmentEncryption`^Optional

public readonly environmentEncryption: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: AWS Lambda creates and uses an AWS managed customer master key (CMK).

The AWS KMS key that's used to encrypt your function's environment variables.

`ephemeralStorageSize`^Optional

public readonly ephemeralStorageSize: Size;

Type: aws-cdk-lib.Size
Default: 512 MiB

The size of the function’s /tmp directory in MiB.

`events`^Optional

public readonly events: IEventSource[];

Type: aws-cdk-lib.aws_lambda.IEventSource[]
Default: No event sources.

Event sources for this function.

You can also add event sources using addEventSource.

`functionName`^Optional

public readonly functionName: string;

Type: string
Default: AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.

A name for the function.

`initialPolicy`^Optional

public readonly initialPolicy: PolicyStatement[];

Type: aws-cdk-lib.aws_iam.PolicyStatement[]
Default: No policy statements are added to the created Lambda role.

Initial policy statements to add to the created Lambda Role.

You can call addToRolePolicy to the created lambda to add statements post creation.

`insightsVersion`^Optional

public readonly insightsVersion: LambdaInsightsVersion;

Type: aws-cdk-lib.aws_lambda.LambdaInsightsVersion
Default: No Lambda Insights

Specify the version of CloudWatch Lambda insights to use for monitoring.

`ipv6AllowedForDualStack`^Optional

public readonly ipv6AllowedForDualStack: boolean;

Type: boolean
Default: false

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

Only used if 'vpc' is supplied.

`logFormat`^Optional

Deprecated: Use loggingFormat as a property instead.

public readonly logFormat: string;

Type: string
Default: "Text"

Sets the logFormat for the function.

`loggingFormat`^Optional

public readonly loggingFormat: LoggingFormat;

Type: aws-cdk-lib.aws_lambda.LoggingFormat
Default: LoggingFormat.TEXT

Sets the loggingFormat for the function.

`logGroup`^Optional

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup
Default: /aws/lambda/${this.functionName} - default log group created by Lambda

The log group the function sends logs to.

By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/\<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.

Use the logGroup property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.

`logRemovalPolicy`^Optional

Deprecated: use logGroup instead

public readonly logRemovalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.Retain

Determine the removal policy of the log group that is auto-created by this construct.

Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.

`logRetention`^Optional

Deprecated: use logGroup instead

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays
Default: logs.RetentionDays.INFINITE

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to INFINITE.

This is a legacy API and we strongly recommend you move away from it if you can. Instead create a fully customizable log group with logs.LogGroup and use the logGroup property to instruct the Lambda function to send logs to it. Migrating from logRetention to logGroup will cause the name of the log group to change. Users and code and referencing the name verbatim will have to adjust.

In AWS CDK code, you can access the log group name directly from the LogGroup construct:

import * as logs from 'aws-cdk-lib/aws-logs';

declare const myLogGroup: logs.LogGroup;
myLogGroup.logGroupName;

`logRetentionRetryOptions`^Optional

public readonly logRetentionRetryOptions: LogRetentionRetryOptions;

Type: aws-cdk-lib.aws_lambda.LogRetentionRetryOptions
Default: Default AWS SDK retry options.

When log retention is specified, a custom resource attempts to create the CloudWatch log group.

These options control the retry policy when interacting with CloudWatch APIs.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`logRetentionRole`^Optional

public readonly logRetentionRole: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A new role is created.

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`maxEventAge`^Optional

public readonly maxEventAge: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.hours(6)

The maximum age of a request that Lambda sends to a function for processing.

Minimum: 60 seconds Maximum: 6 hours

`onFailure`^Optional

public readonly onFailure: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for failed invocations.

`onSuccess`^Optional

public readonly onSuccess: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for successful invocations.

`paramsAndSecrets`^Optional

public readonly paramsAndSecrets: ParamsAndSecretsLayerVersion;

Type: aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion
Default: No Parameters and Secrets Extension

Specify the configuration of Parameters and Secrets Extension.

`profiling`^Optional

public readonly profiling: boolean;

Type: boolean
Default: No profiling.

Enable profiling.

`profilingGroup`^Optional

public readonly profilingGroup: IProfilingGroup;

Type: aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup
Default: A new profiling group will be created if profiling is set.

Profiling Group.

`recursiveLoop`^Optional

public readonly recursiveLoop: RecursiveLoop;

Type: aws-cdk-lib.aws_lambda.RecursiveLoop
Default: RecursiveLoop.Terminate

Sets the Recursive Loop Protection for Lambda Function.

It lets Lambda detect and terminate unintended recursive loops.

`reservedConcurrentExecutions`^Optional

public readonly reservedConcurrentExecutions: number;

Type: number
Default: No specific limit - account limit.

The maximum of concurrent executions you want to reserve for the function.

`retryAttempts`^Optional

public readonly retryAttempts: number;

Type: number
Default: 2

The maximum number of times to retry when the function returns an error.

Minimum: 0 Maximum: 2

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.

The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.

The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".

`runtimeManagementMode`^Optional

public readonly runtimeManagementMode: RuntimeManagementMode;

Type: aws-cdk-lib.aws_lambda.RuntimeManagementMode
Default: Auto

Sets the runtime management configuration for a function's version.

`securityGroups`^Optional

public readonly securityGroups: ISecurityGroup[];

Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]
Default: If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

The list of security groups to associate with the Lambda's network interfaces.

Only used if 'vpc' is supplied.

`snapStart`^Optional

public readonly snapStart: SnapStartConf;

Type: aws-cdk-lib.aws_lambda.SnapStartConf
Default: No snapstart

Enable SnapStart for Lambda Function.

SnapStart is currently supported for Java 11, Java 17, Python 3.12, Python 3.13, and .NET 8 runtime

`systemLogLevel`^Optional

Deprecated: Use systemLogLevelV2 as a property instead.

public readonly systemLogLevel: string;

Type: string
Default: "INFO"

Sets the system log level for the function.

`systemLogLevelV2`^Optional

public readonly systemLogLevelV2: SystemLogLevel;

Type: aws-cdk-lib.aws_lambda.SystemLogLevel
Default: SystemLogLevel.INFO

Sets the system log level for the function.

`tracing`^Optional

public readonly tracing: Tracing;

Type: aws-cdk-lib.aws_lambda.Tracing
Default: Tracing.Disabled

Enable AWS X-Ray Tracing for Lambda Function.

`vpc`^Optional

public readonly vpc: IVpc;

Type: aws-cdk-lib.aws_ec2.IVpc
Default: Function is not placed within a VPC.

VPC network to place Lambda network interfaces.

Specify this if the Lambda function needs to access resources in a VPC. This is required when vpcSubnets is specified.

`vpcSubnets`^Optional

public readonly vpcSubnets: SubnetSelection;

Type: aws-cdk-lib.aws_ec2.SubnetSelection
Default: the Vpc default strategy if not specified

Where to place the network interfaces within the VPC.

This requires vpc to be specified in order for interfaces to actually be placed in the subnets. If vpc is not specify, this will raise an error.

Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless allowPublicSubnet is set to true).

`flowDefinitionRoleArn`^Required

public readonly flowDefinitionRoleArn: string;

Type: string

The ARN of the IAM role for A2I Flow Definition.

`outputBucket`^Required

public readonly outputBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket for BDA output storage.

`workteamArn`^Required

public readonly workteamArn: string;

Type: string

The ARN of the SageMaker workteam for A2I tasks.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS key for encrypting function resources.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel
Default: LogLevel.INFO

The log level for the function.

CustomPromptGeneratorFunctionProps

Properties for the Custom Prompt Generator function.

This function provides custom business logic injection for document processing workflows in Patterns 2 and 3, enabling dynamic prompt customization based on document content, business rules, or external system integrations.

Initializer

import { CustomPromptGeneratorFunctionProps } from '@cdklabs/genai-idp'

const customPromptGeneratorFunctionProps: CustomPromptGeneratorFunctionProps = { ... }

Properties

Name	Type	Description
`adotInstrumentation`	`aws-cdk-lib.aws_lambda.AdotInstrumentationConfig`	Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
`allowAllIpv6Outbound`	`boolean`	Whether to allow the Lambda to send all ipv6 network traffic.
`applicationLogLevel`	`string`	Sets the application log level for the function.
`applicationLogLevelV2`	`aws-cdk-lib.aws_lambda.ApplicationLogLevel`	Sets the application log level for the function.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The system architectures compatible with this lambda function.
`codeSigningConfig`	`aws-cdk-lib.aws_lambda.ICodeSigningConfig`	Code signing config associated with this function.
`currentVersionOptions`	`aws-cdk-lib.aws_lambda.VersionOptions`	Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The SQS queue to use if DLQ is enabled.
`deadLetterQueueEnabled`	`boolean`	Enabled DLQ.
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The SNS topic to use as a DLQ.
`description`	`string`	A description of the function.
`environmentEncryption`	`aws-cdk-lib.aws_kms.IKey`	The AWS KMS key that's used to encrypt your function's environment variables.
`ephemeralStorageSize`	`aws-cdk-lib.Size`	The size of the function’s /tmp directory in MiB.
`events`	`aws-cdk-lib.aws_lambda.IEventSource[]`	Event sources for this function.
`functionName`	`string`	A name for the function.
`initialPolicy`	`aws-cdk-lib.aws_iam.PolicyStatement[]`	Initial policy statements to add to the created Lambda Role.
`insightsVersion`	`aws-cdk-lib.aws_lambda.LambdaInsightsVersion`	Specify the version of CloudWatch Lambda insights to use for monitoring.
`ipv6AllowedForDualStack`	`boolean`	Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
`logFormat`	`string`	Sets the logFormat for the function.
`loggingFormat`	`aws-cdk-lib.aws_lambda.LoggingFormat`	Sets the loggingFormat for the function.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The log group the function sends logs to.
`logRemovalPolicy`	`aws-cdk-lib.RemovalPolicy`	Determine the removal policy of the log group that is auto-created by this construct.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The number of days log events are kept in CloudWatch Logs.
`logRetentionRetryOptions`	`aws-cdk-lib.aws_lambda.LogRetentionRetryOptions`	When log retention is specified, a custom resource attempts to create the CloudWatch log group.
`logRetentionRole`	`aws-cdk-lib.aws_iam.IRole`	The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
`maxEventAge`	`aws-cdk-lib.Duration`	The maximum age of a request that Lambda sends to a function for processing.
`onFailure`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for failed invocations.
`onSuccess`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for successful invocations.
`paramsAndSecrets`	`aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion`	Specify the configuration of Parameters and Secrets Extension.
`profiling`	`boolean`	Enable profiling.
`profilingGroup`	`aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup`	Profiling Group.
`recursiveLoop`	`aws-cdk-lib.aws_lambda.RecursiveLoop`	Sets the Recursive Loop Protection for Lambda Function.
`reservedConcurrentExecutions`	`number`	The maximum of concurrent executions you want to reserve for the function.
`retryAttempts`	`number`	The maximum number of times to retry when the function returns an error.
`role`	`aws-cdk-lib.aws_iam.IRole`	Lambda execution role.
`runtimeManagementMode`	`aws-cdk-lib.aws_lambda.RuntimeManagementMode`	Sets the runtime management configuration for a function's version.
`securityGroups`	`aws-cdk-lib.aws_ec2.ISecurityGroup[]`	The list of security groups to associate with the Lambda's network interfaces.
`snapStart`	`aws-cdk-lib.aws_lambda.SnapStartConf`	Enable SnapStart for Lambda Function.
`systemLogLevel`	`string`	Sets the system log level for the function.
`systemLogLevelV2`	`aws-cdk-lib.aws_lambda.SystemLogLevel`	Sets the system log level for the function.
`tracing`	`aws-cdk-lib.aws_lambda.Tracing`	Enable AWS X-Ray Tracing for Lambda Function.
`vpc`	`aws-cdk-lib.aws_ec2.IVpc`	VPC network to place Lambda network interfaces.
`vpcSubnets`	`aws-cdk-lib.aws_ec2.SubnetSelection`	Where to place the network interfaces within the VPC.
`configurationTable`	`IConfigurationTable`	The DynamoDB table containing configuration data.
`inputBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket where source documents are stored.
`metricNamespace`	`string`	The namespace for CloudWatch metrics emitted by the function.
`outputBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket where processed documents are stored.
`trackingTable`	`ITrackingTable`	The DynamoDB table that tracks document processing status and metadata.
`workingBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket for temporary working files during processing.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	The KMS key used for encryption.
`logLevel`	`LogLevel`	The log level for the function.

`adotInstrumentation`^Optional

public readonly adotInstrumentation: AdotInstrumentationConfig;

Type: aws-cdk-lib.aws_lambda.AdotInstrumentationConfig
Default: No ADOT instrumentation

Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.

`allowAllIpv6Outbound`^Optional

public readonly allowAllIpv6Outbound: boolean;

Type: boolean
Default: false

Whether to allow the Lambda to send all ipv6 network traffic.

If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.

Do not specify this property if the securityGroups or securityGroup property is set. Instead, configure allowAllIpv6Outbound directly on the security group.

`applicationLogLevel`^Optional

Deprecated: Use applicationLogLevelV2 as a property instead.

public readonly applicationLogLevel: string;

Type: string
Default: "INFO"

Sets the application log level for the function.

`applicationLogLevelV2`^Optional

public readonly applicationLogLevelV2: ApplicationLogLevel;

Type: aws-cdk-lib.aws_lambda.ApplicationLogLevel
Default: ApplicationLogLevel.INFO

Sets the application log level for the function.

`architecture`^Optional

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture
Default: Architecture.X86_64

The system architectures compatible with this lambda function.

`codeSigningConfig`^Optional

public readonly codeSigningConfig: ICodeSigningConfig;

Type: aws-cdk-lib.aws_lambda.ICodeSigningConfig
Default: Not Sign the Code

Code signing config associated with this function.

`currentVersionOptions`^Optional

public readonly currentVersionOptions: VersionOptions;

Type: aws-cdk-lib.aws_lambda.VersionOptions
Default: default options as described in VersionOptions

Options for the lambda.Version resource automatically created by the fn.currentVersion method.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue
Default: SQS queue with 14 day retention period if deadLetterQueueEnabled is true

The SQS queue to use if DLQ is enabled.

If SNS topic is desired, specify deadLetterTopic property instead.

`deadLetterQueueEnabled`^Optional

public readonly deadLetterQueueEnabled: boolean;

Type: boolean
Default: false unless deadLetterQueue is set, which implies DLQ is enabled.

Enabled DLQ.

If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic
Default: no SNS topic

The SNS topic to use as a DLQ.

Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.

`description`^Optional

public readonly description: string;

Type: string
Default: No description.

A description of the function.

`environmentEncryption`^Optional

public readonly environmentEncryption: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: AWS Lambda creates and uses an AWS managed customer master key (CMK).

The AWS KMS key that's used to encrypt your function's environment variables.

`ephemeralStorageSize`^Optional

public readonly ephemeralStorageSize: Size;

Type: aws-cdk-lib.Size
Default: 512 MiB

The size of the function’s /tmp directory in MiB.

`events`^Optional

public readonly events: IEventSource[];

Type: aws-cdk-lib.aws_lambda.IEventSource[]
Default: No event sources.

Event sources for this function.

You can also add event sources using addEventSource.

`functionName`^Optional

public readonly functionName: string;

Type: string
Default: AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.

A name for the function.

`initialPolicy`^Optional

public readonly initialPolicy: PolicyStatement[];

Type: aws-cdk-lib.aws_iam.PolicyStatement[]
Default: No policy statements are added to the created Lambda role.

Initial policy statements to add to the created Lambda Role.

You can call addToRolePolicy to the created lambda to add statements post creation.

`insightsVersion`^Optional

public readonly insightsVersion: LambdaInsightsVersion;

Type: aws-cdk-lib.aws_lambda.LambdaInsightsVersion
Default: No Lambda Insights

Specify the version of CloudWatch Lambda insights to use for monitoring.

`ipv6AllowedForDualStack`^Optional

public readonly ipv6AllowedForDualStack: boolean;

Type: boolean
Default: false

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

Only used if 'vpc' is supplied.

`logFormat`^Optional

Deprecated: Use loggingFormat as a property instead.

public readonly logFormat: string;

Type: string
Default: "Text"

Sets the logFormat for the function.

`loggingFormat`^Optional

public readonly loggingFormat: LoggingFormat;

Type: aws-cdk-lib.aws_lambda.LoggingFormat
Default: LoggingFormat.TEXT

Sets the loggingFormat for the function.

`logGroup`^Optional

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup
Default: /aws/lambda/${this.functionName} - default log group created by Lambda

The log group the function sends logs to.

By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/\<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.

Use the logGroup property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.

`logRemovalPolicy`^Optional

Deprecated: use logGroup instead

public readonly logRemovalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.Retain

Determine the removal policy of the log group that is auto-created by this construct.

Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.

`logRetention`^Optional

Deprecated: use logGroup instead

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays
Default: logs.RetentionDays.INFINITE

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to INFINITE.

This is a legacy API and we strongly recommend you move away from it if you can. Instead create a fully customizable log group with logs.LogGroup and use the logGroup property to instruct the Lambda function to send logs to it. Migrating from logRetention to logGroup will cause the name of the log group to change. Users and code and referencing the name verbatim will have to adjust.

In AWS CDK code, you can access the log group name directly from the LogGroup construct:

import * as logs from 'aws-cdk-lib/aws-logs';

declare const myLogGroup: logs.LogGroup;
myLogGroup.logGroupName;

`logRetentionRetryOptions`^Optional

public readonly logRetentionRetryOptions: LogRetentionRetryOptions;

Type: aws-cdk-lib.aws_lambda.LogRetentionRetryOptions
Default: Default AWS SDK retry options.

When log retention is specified, a custom resource attempts to create the CloudWatch log group.

These options control the retry policy when interacting with CloudWatch APIs.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`logRetentionRole`^Optional

public readonly logRetentionRole: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A new role is created.

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`maxEventAge`^Optional

public readonly maxEventAge: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.hours(6)

The maximum age of a request that Lambda sends to a function for processing.

Minimum: 60 seconds Maximum: 6 hours

`onFailure`^Optional

public readonly onFailure: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for failed invocations.

`onSuccess`^Optional

public readonly onSuccess: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for successful invocations.

`paramsAndSecrets`^Optional

public readonly paramsAndSecrets: ParamsAndSecretsLayerVersion;

Type: aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion
Default: No Parameters and Secrets Extension

Specify the configuration of Parameters and Secrets Extension.

`profiling`^Optional

public readonly profiling: boolean;

Type: boolean
Default: No profiling.

Enable profiling.

`profilingGroup`^Optional

public readonly profilingGroup: IProfilingGroup;

Type: aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup
Default: A new profiling group will be created if profiling is set.

Profiling Group.

`recursiveLoop`^Optional

public readonly recursiveLoop: RecursiveLoop;

Type: aws-cdk-lib.aws_lambda.RecursiveLoop
Default: RecursiveLoop.Terminate

Sets the Recursive Loop Protection for Lambda Function.

It lets Lambda detect and terminate unintended recursive loops.

`reservedConcurrentExecutions`^Optional

public readonly reservedConcurrentExecutions: number;

Type: number
Default: No specific limit - account limit.

The maximum of concurrent executions you want to reserve for the function.

`retryAttempts`^Optional

public readonly retryAttempts: number;

Type: number
Default: 2

The maximum number of times to retry when the function returns an error.

Minimum: 0 Maximum: 2

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.

The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.

The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".

`runtimeManagementMode`^Optional

public readonly runtimeManagementMode: RuntimeManagementMode;

Type: aws-cdk-lib.aws_lambda.RuntimeManagementMode
Default: Auto

Sets the runtime management configuration for a function's version.

`securityGroups`^Optional

public readonly securityGroups: ISecurityGroup[];

Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]
Default: If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

The list of security groups to associate with the Lambda's network interfaces.

Only used if 'vpc' is supplied.

`snapStart`^Optional

public readonly snapStart: SnapStartConf;

Type: aws-cdk-lib.aws_lambda.SnapStartConf
Default: No snapstart

Enable SnapStart for Lambda Function.

SnapStart is currently supported for Java 11, Java 17, Python 3.12, Python 3.13, and .NET 8 runtime

`systemLogLevel`^Optional

Deprecated: Use systemLogLevelV2 as a property instead.

public readonly systemLogLevel: string;

Type: string
Default: "INFO"

Sets the system log level for the function.

`systemLogLevelV2`^Optional

public readonly systemLogLevelV2: SystemLogLevel;

Type: aws-cdk-lib.aws_lambda.SystemLogLevel
Default: SystemLogLevel.INFO

Sets the system log level for the function.

`tracing`^Optional

public readonly tracing: Tracing;

Type: aws-cdk-lib.aws_lambda.Tracing
Default: Tracing.Disabled

Enable AWS X-Ray Tracing for Lambda Function.

`vpc`^Optional

public readonly vpc: IVpc;

Type: aws-cdk-lib.aws_ec2.IVpc
Default: Function is not placed within a VPC.

VPC network to place Lambda network interfaces.

Specify this if the Lambda function needs to access resources in a VPC. This is required when vpcSubnets is specified.

`vpcSubnets`^Optional

public readonly vpcSubnets: SubnetSelection;

Type: aws-cdk-lib.aws_ec2.SubnetSelection
Default: the Vpc default strategy if not specified

Where to place the network interfaces within the VPC.

This requires vpc to be specified in order for interfaces to actually be placed in the subnets. If vpc is not specify, this will raise an error.

Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless allowPublicSubnet is set to true).

`configurationTable`^Required

public readonly configurationTable: IConfigurationTable;

Type: IConfigurationTable

The DynamoDB table containing configuration data.

Used to load customer-specific configurations and business rules.

`inputBucket`^Required

public readonly inputBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where source documents are stored.

Used to access document content for prompt customization.

`metricNamespace`^Required

public readonly metricNamespace: string;

Type: string

The namespace for CloudWatch metrics emitted by the function.

Used to organize and identify metrics related to custom prompt generation.

`outputBucket`^Required

public readonly outputBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where processed documents are stored.

Used to store customized prompts and processing artifacts.

`trackingTable`^Required

public readonly trackingTable: ITrackingTable;

Type: ITrackingTable

The DynamoDB table that tracks document processing status and metadata.

Used to access document context and processing history.

`workingBucket`^Required

public readonly workingBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket for temporary working files during processing.

Used for intermediate prompt generation artifacts.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

The KMS key used for encryption.

Applied to all encrypted resources and operations.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel
Default: LogLevel.INFO

The log level for the function.

Controls the verbosity of logs generated during prompt customization.

CustomPromptGeneratorProps

Properties for configuring a custom prompt generator.

Initializer

import { CustomPromptGeneratorProps } from '@cdklabs/genai-idp'

const customPromptGeneratorProps: CustomPromptGeneratorProps = { ... }

Properties

Name	Type	Description
`environment`	`IProcessingEnvironment`	The processing environment that provides shared infrastructure and services.

`environment`^Required

public readonly environment: IProcessingEnvironment;

Type: IProcessingEnvironment

The processing environment that provides shared infrastructure and services.

DiscoveryProcessorFunctionProps

Properties for configuring the DiscoveryProcessorFunction.

Initializer

import { DiscoveryProcessorFunctionProps } from '@cdklabs/genai-idp'

const discoveryProcessorFunctionProps: DiscoveryProcessorFunctionProps = { ... }

Properties

Name	Type	Description
`adotInstrumentation`	`aws-cdk-lib.aws_lambda.AdotInstrumentationConfig`	Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
`allowAllIpv6Outbound`	`boolean`	Whether to allow the Lambda to send all ipv6 network traffic.
`applicationLogLevel`	`string`	Sets the application log level for the function.
`applicationLogLevelV2`	`aws-cdk-lib.aws_lambda.ApplicationLogLevel`	Sets the application log level for the function.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The system architectures compatible with this lambda function.
`codeSigningConfig`	`aws-cdk-lib.aws_lambda.ICodeSigningConfig`	Code signing config associated with this function.
`currentVersionOptions`	`aws-cdk-lib.aws_lambda.VersionOptions`	Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The SQS queue to use if DLQ is enabled.
`deadLetterQueueEnabled`	`boolean`	Enabled DLQ.
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The SNS topic to use as a DLQ.
`description`	`string`	A description of the function.
`environmentEncryption`	`aws-cdk-lib.aws_kms.IKey`	The AWS KMS key that's used to encrypt your function's environment variables.
`ephemeralStorageSize`	`aws-cdk-lib.Size`	The size of the function’s /tmp directory in MiB.
`events`	`aws-cdk-lib.aws_lambda.IEventSource[]`	Event sources for this function.
`functionName`	`string`	A name for the function.
`initialPolicy`	`aws-cdk-lib.aws_iam.PolicyStatement[]`	Initial policy statements to add to the created Lambda Role.
`insightsVersion`	`aws-cdk-lib.aws_lambda.LambdaInsightsVersion`	Specify the version of CloudWatch Lambda insights to use for monitoring.
`ipv6AllowedForDualStack`	`boolean`	Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
`logFormat`	`string`	Sets the logFormat for the function.
`loggingFormat`	`aws-cdk-lib.aws_lambda.LoggingFormat`	Sets the loggingFormat for the function.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The log group the function sends logs to.
`logRemovalPolicy`	`aws-cdk-lib.RemovalPolicy`	Determine the removal policy of the log group that is auto-created by this construct.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The number of days log events are kept in CloudWatch Logs.
`logRetentionRetryOptions`	`aws-cdk-lib.aws_lambda.LogRetentionRetryOptions`	When log retention is specified, a custom resource attempts to create the CloudWatch log group.
`logRetentionRole`	`aws-cdk-lib.aws_iam.IRole`	The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
`maxEventAge`	`aws-cdk-lib.Duration`	The maximum age of a request that Lambda sends to a function for processing.
`onFailure`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for failed invocations.
`onSuccess`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for successful invocations.
`paramsAndSecrets`	`aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion`	Specify the configuration of Parameters and Secrets Extension.
`profiling`	`boolean`	Enable profiling.
`profilingGroup`	`aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup`	Profiling Group.
`recursiveLoop`	`aws-cdk-lib.aws_lambda.RecursiveLoop`	Sets the Recursive Loop Protection for Lambda Function.
`reservedConcurrentExecutions`	`number`	The maximum of concurrent executions you want to reserve for the function.
`retryAttempts`	`number`	The maximum number of times to retry when the function returns an error.
`role`	`aws-cdk-lib.aws_iam.IRole`	Lambda execution role.
`runtimeManagementMode`	`aws-cdk-lib.aws_lambda.RuntimeManagementMode`	Sets the runtime management configuration for a function's version.
`securityGroups`	`aws-cdk-lib.aws_ec2.ISecurityGroup[]`	The list of security groups to associate with the Lambda's network interfaces.
`snapStart`	`aws-cdk-lib.aws_lambda.SnapStartConf`	Enable SnapStart for Lambda Function.
`systemLogLevel`	`string`	Sets the system log level for the function.
`systemLogLevelV2`	`aws-cdk-lib.aws_lambda.SystemLogLevel`	Sets the system log level for the function.
`tracing`	`aws-cdk-lib.aws_lambda.Tracing`	Enable AWS X-Ray Tracing for Lambda Function.
`vpc`	`aws-cdk-lib.aws_ec2.IVpc`	VPC network to place Lambda network interfaces.
`vpcSubnets`	`aws-cdk-lib.aws_ec2.SubnetSelection`	Where to place the network interfaces within the VPC.
`configurationTable`	`IConfigurationTable`	The configuration table for storing discovery results.
`discoveryBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket for discovery document uploads.
`discoveryQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The discovery processing queue.
`discoveryTable`	`IDiscoveryTable`	The discovery tracking table.
`api`	`IProcessingEnvironmentApi`	Optional ProcessingEnvironmentApi for progress notifications.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS key for encrypting function resources.
`logLevel`	`LogLevel`	The log level for the function.

`adotInstrumentation`^Optional

public readonly adotInstrumentation: AdotInstrumentationConfig;

Type: aws-cdk-lib.aws_lambda.AdotInstrumentationConfig
Default: No ADOT instrumentation

Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.

`allowAllIpv6Outbound`^Optional

public readonly allowAllIpv6Outbound: boolean;

Type: boolean
Default: false

Whether to allow the Lambda to send all ipv6 network traffic.

If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.

Do not specify this property if the securityGroups or securityGroup property is set. Instead, configure allowAllIpv6Outbound directly on the security group.

`applicationLogLevel`^Optional

Deprecated: Use applicationLogLevelV2 as a property instead.

public readonly applicationLogLevel: string;

Type: string
Default: "INFO"

Sets the application log level for the function.

`applicationLogLevelV2`^Optional

public readonly applicationLogLevelV2: ApplicationLogLevel;

Type: aws-cdk-lib.aws_lambda.ApplicationLogLevel
Default: ApplicationLogLevel.INFO

Sets the application log level for the function.

`architecture`^Optional

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture
Default: Architecture.X86_64

The system architectures compatible with this lambda function.

`codeSigningConfig`^Optional

public readonly codeSigningConfig: ICodeSigningConfig;

Type: aws-cdk-lib.aws_lambda.ICodeSigningConfig
Default: Not Sign the Code

Code signing config associated with this function.

`currentVersionOptions`^Optional

public readonly currentVersionOptions: VersionOptions;

Type: aws-cdk-lib.aws_lambda.VersionOptions
Default: default options as described in VersionOptions

Options for the lambda.Version resource automatically created by the fn.currentVersion method.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue
Default: SQS queue with 14 day retention period if deadLetterQueueEnabled is true

The SQS queue to use if DLQ is enabled.

If SNS topic is desired, specify deadLetterTopic property instead.

`deadLetterQueueEnabled`^Optional

public readonly deadLetterQueueEnabled: boolean;

Type: boolean
Default: false unless deadLetterQueue is set, which implies DLQ is enabled.

Enabled DLQ.

If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic
Default: no SNS topic

The SNS topic to use as a DLQ.

Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.

`description`^Optional

public readonly description: string;

Type: string
Default: No description.

A description of the function.

`environmentEncryption`^Optional

public readonly environmentEncryption: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: AWS Lambda creates and uses an AWS managed customer master key (CMK).

The AWS KMS key that's used to encrypt your function's environment variables.

`ephemeralStorageSize`^Optional

public readonly ephemeralStorageSize: Size;

Type: aws-cdk-lib.Size
Default: 512 MiB

The size of the function’s /tmp directory in MiB.

`events`^Optional

public readonly events: IEventSource[];

Type: aws-cdk-lib.aws_lambda.IEventSource[]
Default: No event sources.

Event sources for this function.

You can also add event sources using addEventSource.

`functionName`^Optional

public readonly functionName: string;

Type: string
Default: AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.

A name for the function.

`initialPolicy`^Optional

public readonly initialPolicy: PolicyStatement[];

Type: aws-cdk-lib.aws_iam.PolicyStatement[]
Default: No policy statements are added to the created Lambda role.

Initial policy statements to add to the created Lambda Role.

You can call addToRolePolicy to the created lambda to add statements post creation.

`insightsVersion`^Optional

public readonly insightsVersion: LambdaInsightsVersion;

Type: aws-cdk-lib.aws_lambda.LambdaInsightsVersion
Default: No Lambda Insights

Specify the version of CloudWatch Lambda insights to use for monitoring.

`ipv6AllowedForDualStack`^Optional

public readonly ipv6AllowedForDualStack: boolean;

Type: boolean
Default: false

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

Only used if 'vpc' is supplied.

`logFormat`^Optional

Deprecated: Use loggingFormat as a property instead.

public readonly logFormat: string;

Type: string
Default: "Text"

Sets the logFormat for the function.

`loggingFormat`^Optional

public readonly loggingFormat: LoggingFormat;

Type: aws-cdk-lib.aws_lambda.LoggingFormat
Default: LoggingFormat.TEXT

Sets the loggingFormat for the function.

`logGroup`^Optional

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup
Default: /aws/lambda/${this.functionName} - default log group created by Lambda

The log group the function sends logs to.

By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/\<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.

Use the logGroup property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.

`logRemovalPolicy`^Optional

Deprecated: use logGroup instead

public readonly logRemovalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.Retain

Determine the removal policy of the log group that is auto-created by this construct.

Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.

`logRetention`^Optional

Deprecated: use logGroup instead

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays
Default: logs.RetentionDays.INFINITE

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to INFINITE.

This is a legacy API and we strongly recommend you move away from it if you can. Instead create a fully customizable log group with logs.LogGroup and use the logGroup property to instruct the Lambda function to send logs to it. Migrating from logRetention to logGroup will cause the name of the log group to change. Users and code and referencing the name verbatim will have to adjust.

In AWS CDK code, you can access the log group name directly from the LogGroup construct:

import * as logs from 'aws-cdk-lib/aws-logs';

declare const myLogGroup: logs.LogGroup;
myLogGroup.logGroupName;

`logRetentionRetryOptions`^Optional

public readonly logRetentionRetryOptions: LogRetentionRetryOptions;

Type: aws-cdk-lib.aws_lambda.LogRetentionRetryOptions
Default: Default AWS SDK retry options.

When log retention is specified, a custom resource attempts to create the CloudWatch log group.

These options control the retry policy when interacting with CloudWatch APIs.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`logRetentionRole`^Optional

public readonly logRetentionRole: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A new role is created.

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`maxEventAge`^Optional

public readonly maxEventAge: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.hours(6)

The maximum age of a request that Lambda sends to a function for processing.

Minimum: 60 seconds Maximum: 6 hours

`onFailure`^Optional

public readonly onFailure: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for failed invocations.

`onSuccess`^Optional

public readonly onSuccess: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for successful invocations.

`paramsAndSecrets`^Optional

public readonly paramsAndSecrets: ParamsAndSecretsLayerVersion;

Type: aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion
Default: No Parameters and Secrets Extension

Specify the configuration of Parameters and Secrets Extension.

`profiling`^Optional

public readonly profiling: boolean;

Type: boolean
Default: No profiling.

Enable profiling.

`profilingGroup`^Optional

public readonly profilingGroup: IProfilingGroup;

Type: aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup
Default: A new profiling group will be created if profiling is set.

Profiling Group.

`recursiveLoop`^Optional

public readonly recursiveLoop: RecursiveLoop;

Type: aws-cdk-lib.aws_lambda.RecursiveLoop
Default: RecursiveLoop.Terminate

Sets the Recursive Loop Protection for Lambda Function.

It lets Lambda detect and terminate unintended recursive loops.

`reservedConcurrentExecutions`^Optional

public readonly reservedConcurrentExecutions: number;

Type: number
Default: No specific limit - account limit.

The maximum of concurrent executions you want to reserve for the function.

`retryAttempts`^Optional

public readonly retryAttempts: number;

Type: number
Default: 2

The maximum number of times to retry when the function returns an error.

Minimum: 0 Maximum: 2

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.

The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.

The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".

`runtimeManagementMode`^Optional

public readonly runtimeManagementMode: RuntimeManagementMode;

Type: aws-cdk-lib.aws_lambda.RuntimeManagementMode
Default: Auto

Sets the runtime management configuration for a function's version.

`securityGroups`^Optional

public readonly securityGroups: ISecurityGroup[];

Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]
Default: If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

The list of security groups to associate with the Lambda's network interfaces.

Only used if 'vpc' is supplied.

`snapStart`^Optional

public readonly snapStart: SnapStartConf;

Type: aws-cdk-lib.aws_lambda.SnapStartConf
Default: No snapstart

Enable SnapStart for Lambda Function.

SnapStart is currently supported for Java 11, Java 17, Python 3.12, Python 3.13, and .NET 8 runtime

`systemLogLevel`^Optional

Deprecated: Use systemLogLevelV2 as a property instead.

public readonly systemLogLevel: string;

Type: string
Default: "INFO"

Sets the system log level for the function.

`systemLogLevelV2`^Optional

public readonly systemLogLevelV2: SystemLogLevel;

Type: aws-cdk-lib.aws_lambda.SystemLogLevel
Default: SystemLogLevel.INFO

Sets the system log level for the function.

`tracing`^Optional

public readonly tracing: Tracing;

Type: aws-cdk-lib.aws_lambda.Tracing
Default: Tracing.Disabled

Enable AWS X-Ray Tracing for Lambda Function.

`vpc`^Optional

public readonly vpc: IVpc;

Type: aws-cdk-lib.aws_ec2.IVpc
Default: Function is not placed within a VPC.

VPC network to place Lambda network interfaces.

Specify this if the Lambda function needs to access resources in a VPC. This is required when vpcSubnets is specified.

`vpcSubnets`^Optional

public readonly vpcSubnets: SubnetSelection;

Type: aws-cdk-lib.aws_ec2.SubnetSelection
Default: the Vpc default strategy if not specified

Where to place the network interfaces within the VPC.

This requires vpc to be specified in order for interfaces to actually be placed in the subnets. If vpc is not specify, this will raise an error.

Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless allowPublicSubnet is set to true).

`configurationTable`^Required

public readonly configurationTable: IConfigurationTable;

Type: IConfigurationTable

The configuration table for storing discovery results.

`discoveryBucket`^Required

public readonly discoveryBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket for discovery document uploads.

`discoveryQueue`^Required

public readonly discoveryQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue

The discovery processing queue.

`discoveryTable`^Required

public readonly discoveryTable: IDiscoveryTable;

Type: IDiscoveryTable

The discovery tracking table.

`api`^Optional

public readonly api: IProcessingEnvironmentApi;

Type: IProcessingEnvironmentApi

Optional ProcessingEnvironmentApi for progress notifications.

When provided, the function will use GraphQL mutations to update document status.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS key for encrypting function resources.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel

The log level for the function.

DiscoveryQueueProps

Properties for configuring the DiscoveryQueue construct.

Initializer

import { DiscoveryQueueProps } from '@cdklabs/genai-idp'

const discoveryQueueProps: DiscoveryQueueProps = { ... }

Properties

Name	Type	Description
`contentBasedDeduplication`	`boolean`	Specifies whether to enable content-based deduplication.
`dataKeyReuse`	`aws-cdk-lib.Duration`	The length of time that Amazon SQS reuses a data key before calling KMS again.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.DeadLetterQueue`	Send messages to this queue if they were unsuccessfully dequeued a number of times.
`deduplicationScope`	`aws-cdk-lib.aws_sqs.DeduplicationScope`	For high throughput for FIFO queues, specifies whether message deduplication occurs at the message group or queue level.
`deliveryDelay`	`aws-cdk-lib.Duration`	The time in seconds that the delivery of all messages in the queue is delayed.
`encryption`	`aws-cdk-lib.aws_sqs.QueueEncryption`	Whether the contents of the queue are encrypted, and by what type of key.
`encryptionMasterKey`	`aws-cdk-lib.aws_kms.IKey`	External KMS key to use for queue encryption.
`enforceSSL`	`boolean`	Enforce encryption of data in transit.
`fifo`	`boolean`	Whether this a first-in-first-out (FIFO) queue.
`fifoThroughputLimit`	`aws-cdk-lib.aws_sqs.FifoThroughputLimit`	For high throughput for FIFO queues, specifies whether the FIFO queue throughput quota applies to the entire queue or per message group.
`maxMessageSizeBytes`	`number`	The limit of how many bytes that a message can contain before Amazon SQS rejects it.
`queueName`	`string`	A name for the queue.
`receiveMessageWaitTime`	`aws-cdk-lib.Duration`	Default wait time for ReceiveMessage calls.
`redriveAllowPolicy`	`aws-cdk-lib.aws_sqs.RedriveAllowPolicy`	The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues.
`removalPolicy`	`aws-cdk-lib.RemovalPolicy`	Policy to apply when the queue is removed from the stack.
`retentionPeriod`	`aws-cdk-lib.Duration`	The number of seconds that Amazon SQS retains a message.
`visibilityTimeout`	`aws-cdk-lib.Duration`	Timeout of processing a single message.

`contentBasedDeduplication`^Optional

public readonly contentBasedDeduplication: boolean;

Type: boolean
Default: false

Specifies whether to enable content-based deduplication.

During the deduplication interval (5 minutes), Amazon SQS treats messages that are sent with identical content (excluding attributes) as duplicates and delivers only one copy of the message.

If you don't enable content-based deduplication and you want to deduplicate messages, provide an explicit deduplication ID in your SendMessage() call.

(Only applies to FIFO queues.)

`dataKeyReuse`^Optional

public readonly dataKeyReuse: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.minutes(5)

The length of time that Amazon SQS reuses a data key before calling KMS again.

The value must be an integer between 60 (1 minute) and 86,400 (24 hours). The default is 300 (5 minutes).

`deadLetterQueue`^Optional

public readonly deadLetterQueue: DeadLetterQueue;

Type: aws-cdk-lib.aws_sqs.DeadLetterQueue
Default: no dead-letter queue

Send messages to this queue if they were unsuccessfully dequeued a number of times.

`deduplicationScope`^Optional

public readonly deduplicationScope: DeduplicationScope;

Type: aws-cdk-lib.aws_sqs.DeduplicationScope
Default: DeduplicationScope.QUEUE

For high throughput for FIFO queues, specifies whether message deduplication occurs at the message group or queue level.

(Only applies to FIFO queues.)

`deliveryDelay`^Optional

public readonly deliveryDelay: Duration;

Type: aws-cdk-lib.Duration
Default: 0

The time in seconds that the delivery of all messages in the queue is delayed.

You can specify an integer value of 0 to 900 (15 minutes). The default value is 0.

`encryption`^Optional

public readonly encryption: QueueEncryption;

Type: aws-cdk-lib.aws_sqs.QueueEncryption
Default: SQS_MANAGED (SSE-SQS) for newly created queues

Whether the contents of the queue are encrypted, and by what type of key.

Be aware that encryption is not available in all regions, please see the docs for current availability details.

`encryptionMasterKey`^Optional

public readonly encryptionMasterKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: If encryption is set to KMS and not specified, a key will be created.

External KMS key to use for queue encryption.

Individual messages will be encrypted using data keys. The data keys in turn will be encrypted using this key, and reused for a maximum of dataKeyReuseSecs seconds.

If the 'encryptionMasterKey' property is set, 'encryption' type will be implicitly set to "KMS".

`enforceSSL`^Optional

public readonly enforceSSL: boolean;

Type: boolean
Default: false

Enforce encryption of data in transit.

`fifo`^Optional

public readonly fifo: boolean;

Type: boolean
Default: false, unless queueName ends in '.fifo' or 'contentBasedDeduplication' is true.

Whether this a first-in-first-out (FIFO) queue.

`fifoThroughputLimit`^Optional

public readonly fifoThroughputLimit: FifoThroughputLimit;

Type: aws-cdk-lib.aws_sqs.FifoThroughputLimit
Default: FifoThroughputLimit.PER_QUEUE

For high throughput for FIFO queues, specifies whether the FIFO queue throughput quota applies to the entire queue or per message group.

(Only applies to FIFO queues.)

`maxMessageSizeBytes`^Optional

public readonly maxMessageSizeBytes: number;

Type: number
Default: 1MiB

The limit of how many bytes that a message can contain before Amazon SQS rejects it.

You can specify an integer value from 1024 bytes (1 KiB) to 1048576 bytes (1 MiB). The default value is 1048576 (1 MiB).

`queueName`^Optional

public readonly queueName: string;

Type: string
Default: CloudFormation-generated name

A name for the queue.

If specified and this is a FIFO queue, must end in the string '.fifo'.

`receiveMessageWaitTime`^Optional

public readonly receiveMessageWaitTime: Duration;

Type: aws-cdk-lib.Duration
Default: 0

Default wait time for ReceiveMessage calls.

Does not wait if set to 0, otherwise waits this amount of seconds by default for messages to arrive.

For more information, see Amazon SQS Long Poll.

`redriveAllowPolicy`^Optional

public readonly redriveAllowPolicy: RedriveAllowPolicy;

Type: aws-cdk-lib.aws_sqs.RedriveAllowPolicy
Default: All source queues can designate this queue as their dead-letter queue.

The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues.

`removalPolicy`^Optional

public readonly removalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.DESTROY

Policy to apply when the queue is removed from the stack.

Even though queues are technically stateful, their contents are transient and it is common to add and remove Queues while rearchitecting your application. The default is therefore DESTROY. Change it to RETAIN if the messages are so valuable that accidentally losing them would be unacceptable.

`retentionPeriod`^Optional

public readonly retentionPeriod: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.days(4)

The number of seconds that Amazon SQS retains a message.

You can specify an integer value from 60 seconds (1 minute) to 1209600 seconds (14 days). The default value is 345600 seconds (4 days).

`visibilityTimeout`^Optional

public readonly visibilityTimeout: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.seconds(30)

Timeout of processing a single message.

After dequeuing, the processor has this much time to handle the message and delete it from the queue before it becomes visible again for dequeueing by another processor.

Values must be from 0 to 43200 seconds (12 hours). If you don't specify a value, AWS CloudFormation uses the default value of 30 seconds.

DiscoveryUploadResolverFunctionProps

Properties for configuring the DiscoveryUploadResolverFunction.

Initializer

import { DiscoveryUploadResolverFunctionProps } from '@cdklabs/genai-idp'

const discoveryUploadResolverFunctionProps: DiscoveryUploadResolverFunctionProps = { ... }

Properties

Name	Type	Description
`adotInstrumentation`	`aws-cdk-lib.aws_lambda.AdotInstrumentationConfig`	Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
`allowAllIpv6Outbound`	`boolean`	Whether to allow the Lambda to send all ipv6 network traffic.
`applicationLogLevel`	`string`	Sets the application log level for the function.
`applicationLogLevelV2`	`aws-cdk-lib.aws_lambda.ApplicationLogLevel`	Sets the application log level for the function.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The system architectures compatible with this lambda function.
`codeSigningConfig`	`aws-cdk-lib.aws_lambda.ICodeSigningConfig`	Code signing config associated with this function.
`currentVersionOptions`	`aws-cdk-lib.aws_lambda.VersionOptions`	Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The SQS queue to use if DLQ is enabled.
`deadLetterQueueEnabled`	`boolean`	Enabled DLQ.
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The SNS topic to use as a DLQ.
`description`	`string`	A description of the function.
`environmentEncryption`	`aws-cdk-lib.aws_kms.IKey`	The AWS KMS key that's used to encrypt your function's environment variables.
`ephemeralStorageSize`	`aws-cdk-lib.Size`	The size of the function’s /tmp directory in MiB.
`events`	`aws-cdk-lib.aws_lambda.IEventSource[]`	Event sources for this function.
`functionName`	`string`	A name for the function.
`initialPolicy`	`aws-cdk-lib.aws_iam.PolicyStatement[]`	Initial policy statements to add to the created Lambda Role.
`insightsVersion`	`aws-cdk-lib.aws_lambda.LambdaInsightsVersion`	Specify the version of CloudWatch Lambda insights to use for monitoring.
`ipv6AllowedForDualStack`	`boolean`	Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
`logFormat`	`string`	Sets the logFormat for the function.
`loggingFormat`	`aws-cdk-lib.aws_lambda.LoggingFormat`	Sets the loggingFormat for the function.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The log group the function sends logs to.
`logRemovalPolicy`	`aws-cdk-lib.RemovalPolicy`	Determine the removal policy of the log group that is auto-created by this construct.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The number of days log events are kept in CloudWatch Logs.
`logRetentionRetryOptions`	`aws-cdk-lib.aws_lambda.LogRetentionRetryOptions`	When log retention is specified, a custom resource attempts to create the CloudWatch log group.
`logRetentionRole`	`aws-cdk-lib.aws_iam.IRole`	The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
`maxEventAge`	`aws-cdk-lib.Duration`	The maximum age of a request that Lambda sends to a function for processing.
`onFailure`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for failed invocations.
`onSuccess`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for successful invocations.
`paramsAndSecrets`	`aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion`	Specify the configuration of Parameters and Secrets Extension.
`profiling`	`boolean`	Enable profiling.
`profilingGroup`	`aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup`	Profiling Group.
`recursiveLoop`	`aws-cdk-lib.aws_lambda.RecursiveLoop`	Sets the Recursive Loop Protection for Lambda Function.
`reservedConcurrentExecutions`	`number`	The maximum of concurrent executions you want to reserve for the function.
`retryAttempts`	`number`	The maximum number of times to retry when the function returns an error.
`role`	`aws-cdk-lib.aws_iam.IRole`	Lambda execution role.
`runtimeManagementMode`	`aws-cdk-lib.aws_lambda.RuntimeManagementMode`	Sets the runtime management configuration for a function's version.
`securityGroups`	`aws-cdk-lib.aws_ec2.ISecurityGroup[]`	The list of security groups to associate with the Lambda's network interfaces.
`snapStart`	`aws-cdk-lib.aws_lambda.SnapStartConf`	Enable SnapStart for Lambda Function.
`systemLogLevel`	`string`	Sets the system log level for the function.
`systemLogLevelV2`	`aws-cdk-lib.aws_lambda.SystemLogLevel`	Sets the system log level for the function.
`tracing`	`aws-cdk-lib.aws_lambda.Tracing`	Enable AWS X-Ray Tracing for Lambda Function.
`vpc`	`aws-cdk-lib.aws_ec2.IVpc`	VPC network to place Lambda network interfaces.
`vpcSubnets`	`aws-cdk-lib.aws_ec2.SubnetSelection`	Where to place the network interfaces within the VPC.
`discoveryBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket for discovery document uploads.
`discoveryQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The discovery processing queue.
`discoveryTable`	`IDiscoveryTable`	The discovery tracking table.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS key for encrypting function resources.
`logLevel`	`LogLevel`	The log level for the function.

`adotInstrumentation`^Optional

public readonly adotInstrumentation: AdotInstrumentationConfig;

Type: aws-cdk-lib.aws_lambda.AdotInstrumentationConfig
Default: No ADOT instrumentation

Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.

`allowAllIpv6Outbound`^Optional

public readonly allowAllIpv6Outbound: boolean;

Type: boolean
Default: false

Whether to allow the Lambda to send all ipv6 network traffic.

If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.

Do not specify this property if the securityGroups or securityGroup property is set. Instead, configure allowAllIpv6Outbound directly on the security group.

`applicationLogLevel`^Optional

Deprecated: Use applicationLogLevelV2 as a property instead.

public readonly applicationLogLevel: string;

Type: string
Default: "INFO"

Sets the application log level for the function.

`applicationLogLevelV2`^Optional

public readonly applicationLogLevelV2: ApplicationLogLevel;

Type: aws-cdk-lib.aws_lambda.ApplicationLogLevel
Default: ApplicationLogLevel.INFO

Sets the application log level for the function.

`architecture`^Optional

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture
Default: Architecture.X86_64

The system architectures compatible with this lambda function.

`codeSigningConfig`^Optional

public readonly codeSigningConfig: ICodeSigningConfig;

Type: aws-cdk-lib.aws_lambda.ICodeSigningConfig
Default: Not Sign the Code

Code signing config associated with this function.

`currentVersionOptions`^Optional

public readonly currentVersionOptions: VersionOptions;

Type: aws-cdk-lib.aws_lambda.VersionOptions
Default: default options as described in VersionOptions

Options for the lambda.Version resource automatically created by the fn.currentVersion method.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue
Default: SQS queue with 14 day retention period if deadLetterQueueEnabled is true

The SQS queue to use if DLQ is enabled.

If SNS topic is desired, specify deadLetterTopic property instead.

`deadLetterQueueEnabled`^Optional

public readonly deadLetterQueueEnabled: boolean;

Type: boolean
Default: false unless deadLetterQueue is set, which implies DLQ is enabled.

Enabled DLQ.

If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic
Default: no SNS topic

The SNS topic to use as a DLQ.

Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.

`description`^Optional

public readonly description: string;

Type: string
Default: No description.

A description of the function.

`environmentEncryption`^Optional

public readonly environmentEncryption: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: AWS Lambda creates and uses an AWS managed customer master key (CMK).

The AWS KMS key that's used to encrypt your function's environment variables.

`ephemeralStorageSize`^Optional

public readonly ephemeralStorageSize: Size;

Type: aws-cdk-lib.Size
Default: 512 MiB

The size of the function’s /tmp directory in MiB.

`events`^Optional

public readonly events: IEventSource[];

Type: aws-cdk-lib.aws_lambda.IEventSource[]
Default: No event sources.

Event sources for this function.

You can also add event sources using addEventSource.

`functionName`^Optional

public readonly functionName: string;

Type: string
Default: AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.

A name for the function.

`initialPolicy`^Optional

public readonly initialPolicy: PolicyStatement[];

Type: aws-cdk-lib.aws_iam.PolicyStatement[]
Default: No policy statements are added to the created Lambda role.

Initial policy statements to add to the created Lambda Role.

You can call addToRolePolicy to the created lambda to add statements post creation.

`insightsVersion`^Optional

public readonly insightsVersion: LambdaInsightsVersion;

Type: aws-cdk-lib.aws_lambda.LambdaInsightsVersion
Default: No Lambda Insights

Specify the version of CloudWatch Lambda insights to use for monitoring.

`ipv6AllowedForDualStack`^Optional

public readonly ipv6AllowedForDualStack: boolean;

Type: boolean
Default: false

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

Only used if 'vpc' is supplied.

`logFormat`^Optional

Deprecated: Use loggingFormat as a property instead.

public readonly logFormat: string;

Type: string
Default: "Text"

Sets the logFormat for the function.

`loggingFormat`^Optional

public readonly loggingFormat: LoggingFormat;

Type: aws-cdk-lib.aws_lambda.LoggingFormat
Default: LoggingFormat.TEXT

Sets the loggingFormat for the function.

`logGroup`^Optional

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup
Default: /aws/lambda/${this.functionName} - default log group created by Lambda

The log group the function sends logs to.

By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/\<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.

Use the logGroup property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.

`logRemovalPolicy`^Optional

Deprecated: use logGroup instead

public readonly logRemovalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.Retain

Determine the removal policy of the log group that is auto-created by this construct.

Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.

`logRetention`^Optional

Deprecated: use logGroup instead

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays
Default: logs.RetentionDays.INFINITE

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to INFINITE.

This is a legacy API and we strongly recommend you move away from it if you can. Instead create a fully customizable log group with logs.LogGroup and use the logGroup property to instruct the Lambda function to send logs to it. Migrating from logRetention to logGroup will cause the name of the log group to change. Users and code and referencing the name verbatim will have to adjust.

In AWS CDK code, you can access the log group name directly from the LogGroup construct:

import * as logs from 'aws-cdk-lib/aws-logs';

declare const myLogGroup: logs.LogGroup;
myLogGroup.logGroupName;

`logRetentionRetryOptions`^Optional

public readonly logRetentionRetryOptions: LogRetentionRetryOptions;

Type: aws-cdk-lib.aws_lambda.LogRetentionRetryOptions
Default: Default AWS SDK retry options.

When log retention is specified, a custom resource attempts to create the CloudWatch log group.

These options control the retry policy when interacting with CloudWatch APIs.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`logRetentionRole`^Optional

public readonly logRetentionRole: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A new role is created.

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`maxEventAge`^Optional

public readonly maxEventAge: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.hours(6)

The maximum age of a request that Lambda sends to a function for processing.

Minimum: 60 seconds Maximum: 6 hours

`onFailure`^Optional

public readonly onFailure: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for failed invocations.

`onSuccess`^Optional

public readonly onSuccess: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for successful invocations.

`paramsAndSecrets`^Optional

public readonly paramsAndSecrets: ParamsAndSecretsLayerVersion;

Type: aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion
Default: No Parameters and Secrets Extension

Specify the configuration of Parameters and Secrets Extension.

`profiling`^Optional

public readonly profiling: boolean;

Type: boolean
Default: No profiling.

Enable profiling.

`profilingGroup`^Optional

public readonly profilingGroup: IProfilingGroup;

Type: aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup
Default: A new profiling group will be created if profiling is set.

Profiling Group.

`recursiveLoop`^Optional

public readonly recursiveLoop: RecursiveLoop;

Type: aws-cdk-lib.aws_lambda.RecursiveLoop
Default: RecursiveLoop.Terminate

Sets the Recursive Loop Protection for Lambda Function.

It lets Lambda detect and terminate unintended recursive loops.

`reservedConcurrentExecutions`^Optional

public readonly reservedConcurrentExecutions: number;

Type: number
Default: No specific limit - account limit.

The maximum of concurrent executions you want to reserve for the function.

`retryAttempts`^Optional

public readonly retryAttempts: number;

Type: number
Default: 2

The maximum number of times to retry when the function returns an error.

Minimum: 0 Maximum: 2

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.

The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.

The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".

`runtimeManagementMode`^Optional

public readonly runtimeManagementMode: RuntimeManagementMode;

Type: aws-cdk-lib.aws_lambda.RuntimeManagementMode
Default: Auto

Sets the runtime management configuration for a function's version.

`securityGroups`^Optional

public readonly securityGroups: ISecurityGroup[];

Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]
Default: If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

The list of security groups to associate with the Lambda's network interfaces.

Only used if 'vpc' is supplied.

`snapStart`^Optional

public readonly snapStart: SnapStartConf;

Type: aws-cdk-lib.aws_lambda.SnapStartConf
Default: No snapstart

Enable SnapStart for Lambda Function.

SnapStart is currently supported for Java 11, Java 17, Python 3.12, Python 3.13, and .NET 8 runtime

`systemLogLevel`^Optional

Deprecated: Use systemLogLevelV2 as a property instead.

public readonly systemLogLevel: string;

Type: string
Default: "INFO"

Sets the system log level for the function.

`systemLogLevelV2`^Optional

public readonly systemLogLevelV2: SystemLogLevel;

Type: aws-cdk-lib.aws_lambda.SystemLogLevel
Default: SystemLogLevel.INFO

Sets the system log level for the function.

`tracing`^Optional

public readonly tracing: Tracing;

Type: aws-cdk-lib.aws_lambda.Tracing
Default: Tracing.Disabled

Enable AWS X-Ray Tracing for Lambda Function.

`vpc`^Optional

public readonly vpc: IVpc;

Type: aws-cdk-lib.aws_ec2.IVpc
Default: Function is not placed within a VPC.

VPC network to place Lambda network interfaces.

Specify this if the Lambda function needs to access resources in a VPC. This is required when vpcSubnets is specified.

`vpcSubnets`^Optional

public readonly vpcSubnets: SubnetSelection;

Type: aws-cdk-lib.aws_ec2.SubnetSelection
Default: the Vpc default strategy if not specified

Where to place the network interfaces within the VPC.

This requires vpc to be specified in order for interfaces to actually be placed in the subnets. If vpc is not specify, this will raise an error.

Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless allowPublicSubnet is set to true).

`discoveryBucket`^Required

public readonly discoveryBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket for discovery document uploads.

`discoveryQueue`^Required

public readonly discoveryQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue

The discovery processing queue.

`discoveryTable`^Required

public readonly discoveryTable: IDiscoveryTable;

Type: IDiscoveryTable

The discovery tracking table.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS key for encrypting function resources.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel

The log level for the function.

DocumentDiscoveryFunctions

Result of initializing DocumentDiscovery functions.

Initializer

import { DocumentDiscoveryFunctions } from '@cdklabs/genai-idp'

const documentDiscoveryFunctions: DocumentDiscoveryFunctions = { ... }

Properties

Name	Type	Description
`processorFunction`	`DiscoveryProcessorFunction`	The Lambda function that processes discovery jobs.
`uploadResolverFunction`	`DiscoveryUploadResolverFunction`	The Lambda function that handles discovery document uploads.

`processorFunction`^Required

public readonly processorFunction: DiscoveryProcessorFunction;

Type: DiscoveryProcessorFunction

The Lambda function that processes discovery jobs.

`uploadResolverFunction`^Required

public readonly uploadResolverFunction: DiscoveryUploadResolverFunction;

Type: DiscoveryUploadResolverFunction

The Lambda function that handles discovery document uploads.

DocumentDiscoveryProps

Properties for configuring the DocumentDiscovery construct.

Initializer

import { DocumentDiscoveryProps } from '@cdklabs/genai-idp'

const documentDiscoveryProps: DocumentDiscoveryProps = { ... }

Properties

Name	Type	Description
`discoveryBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket for document discovery uploads.
`discoveryTable`	`IDiscoveryTable`	Optional properties for the discovery table.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS key for encrypting resources.
`logLevel`	`LogLevel`	The log level for Lambda functions.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The retention period for CloudWatch logs.
`vpcConfiguration`	`VpcConfiguration`	Optional VPC configuration for Lambda functions.

`discoveryBucket`^Required

public readonly discoveryBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket for document discovery uploads.

`discoveryTable`^Optional

public readonly discoveryTable: IDiscoveryTable;

Type: IDiscoveryTable

Optional properties for the discovery table.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS key for encrypting resources.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel

The log level for Lambda functions.

`logRetention`^Optional

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays

The retention period for CloudWatch logs.

`vpcConfiguration`^Optional

public readonly vpcConfiguration: VpcConfiguration;

Type: VpcConfiguration

Optional VPC configuration for Lambda functions.

DocumentProcessorAttachmentOptions

Initializer

import { DocumentProcessorAttachmentOptions } from '@cdklabs/genai-idp'

const documentProcessorAttachmentOptions: DocumentProcessorAttachmentOptions = { ... }

Properties

Name	Type	Description
`evaluationBucket`	`aws-cdk-lib.aws_s3.IBucket`	No description.
`evaluationModel`	`@cdklabs/generative-ai-cdk-constructs.bedrock.IInvokable`	No description.
`prefix`	`string`	No description.

`evaluationBucket`^Optional

public readonly evaluationBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

`evaluationModel`^Optional

public readonly evaluationModel: IInvokable;

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IInvokable

`prefix`^Optional

public readonly prefix: string;

Type: string

DocumentProcessorProps

Properties required to configure a document processor implementation.

Document processors are responsible for extracting structured data from unstructured documents using various AI/ML services and processing patterns.

The GenAI IDP Accelerator provides multiple processor implementations to handle different document processing scenarios, from standard forms to complex specialized documents.

Initializer

import { DocumentProcessorProps } from '@cdklabs/genai-idp'

const documentProcessorProps: DocumentProcessorProps = { ... }

Properties

Name	Type	Description
`environment`	`IProcessingEnvironment`	The processing environment that provides shared infrastructure and services.
`maxProcessingConcurrency`	`number`	The maximum number of documents that can be processed concurrently.

`environment`^Required

public readonly environment: IProcessingEnvironment;

Type: IProcessingEnvironment

The processing environment that provides shared infrastructure and services.

Contains input/output buckets, tracking tables, API endpoints, and other resources needed for document processing operations.

`maxProcessingConcurrency`^Optional

public readonly maxProcessingConcurrency: number;

Type: number
Default: 100 concurrent workflows

The maximum number of documents that can be processed concurrently.

Controls the throughput and resource utilization of the document processing system.

FixedKeyTableProps

Properties for a DynamoDB Table that has a predefined, fixed partitionKey, sortKey, and timeToLiveAttribute.

Initializer

import { FixedKeyTableProps } from '@cdklabs/genai-idp'

const fixedKeyTableProps: FixedKeyTableProps = { ... }

Properties

Name	Type	Description
`billingMode`	`aws-cdk-lib.aws_dynamodb.BillingMode`	Specify how you are charged for read and write throughput and how you manage capacity.
`contributorInsightsEnabled`	`boolean`	Whether CloudWatch contributor insights is enabled.
`contributorInsightsSpecification`	`aws-cdk-lib.aws_dynamodb.ContributorInsightsSpecification`	Whether CloudWatch contributor insights is enabled and what mode is selected.
`deletionProtection`	`boolean`	Enables deletion protection for the table.
`encryption`	`aws-cdk-lib.aws_dynamodb.TableEncryption`	Whether server-side encryption with an AWS managed customer master key is enabled.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	External KMS key to use for table encryption.
`importSource`	`aws-cdk-lib.aws_dynamodb.ImportSourceSpecification`	The properties of data being imported from the S3 bucket source to the table.
`kinesisPrecisionTimestamp`	`aws-cdk-lib.aws_dynamodb.ApproximateCreationDateTimePrecision`	Kinesis Data Stream approximate creation timestamp precision.
`kinesisStream`	`aws-cdk-lib.aws_kinesis.IStream`	Kinesis Data Stream to capture item-level changes for the table.
`maxReadRequestUnits`	`number`	The maximum read request units for the table.
`maxWriteRequestUnits`	`number`	The write request units for the table.
`pointInTimeRecovery`	`boolean`	Whether point-in-time recovery is enabled.
`pointInTimeRecoverySpecification`	`aws-cdk-lib.aws_dynamodb.PointInTimeRecoverySpecification`	Whether point-in-time recovery is enabled and recoveryPeriodInDays is set.
`readCapacity`	`number`	The read capacity for the table. Careful if you add Global Secondary Indexes, as those will share the table's provisioned throughput.
`removalPolicy`	`aws-cdk-lib.RemovalPolicy`	The removal policy to apply to the DynamoDB Table.
`replicaRemovalPolicy`	`aws-cdk-lib.RemovalPolicy`	The removal policy to apply to the DynamoDB replica tables.
`replicationRegions`	`string[]`	Regions where replica tables will be created.
`replicationTimeout`	`aws-cdk-lib.Duration`	The timeout for a table replication operation in a single region.
`resourcePolicy`	`aws-cdk-lib.aws_iam.PolicyDocument`	Resource policy to assign to table.
`stream`	`aws-cdk-lib.aws_dynamodb.StreamViewType`	When an item in the table is modified, StreamViewType determines what information is written to the stream for this table.
`tableClass`	`aws-cdk-lib.aws_dynamodb.TableClass`	Specify the table class.
`tableName`	`string`	Enforces a particular physical table name.
`waitForReplicationToFinish`	`boolean`	[WARNING: Use this flag with caution, misusing this flag may cause deleting existing replicas, refer to the detailed documentation for more information] Indicates whether CloudFormation stack waits for replication to finish.
`warmThroughput`	`aws-cdk-lib.aws_dynamodb.WarmThroughput`	Specify values to pre-warm you DynamoDB Table Warm Throughput feature is not available for Global Table replicas using the `Table` construct.
`writeCapacity`	`number`	The write capacity for the table. Careful if you add Global Secondary Indexes, as those will share the table's provisioned throughput.

`billingMode`^Optional

public readonly billingMode: BillingMode;

Type: aws-cdk-lib.aws_dynamodb.BillingMode
Default: PROVISIONED if replicationRegions is not specified, PAY_PER_REQUEST otherwise

Specify how you are charged for read and write throughput and how you manage capacity.

`contributorInsightsEnabled`^Optional

Deprecated: use `contributorInsightsSpecification instead

public readonly contributorInsightsEnabled: boolean;

Type: boolean
Default: false

Whether CloudWatch contributor insights is enabled.

`contributorInsightsSpecification`^Optional

public readonly contributorInsightsSpecification: ContributorInsightsSpecification;

Type: aws-cdk-lib.aws_dynamodb.ContributorInsightsSpecification
Default: contributor insights is not enabled

Whether CloudWatch contributor insights is enabled and what mode is selected.

`deletionProtection`^Optional

public readonly deletionProtection: boolean;

Type: boolean
Default: false

Enables deletion protection for the table.

`encryption`^Optional

public readonly encryption: TableEncryption;

Type: aws-cdk-lib.aws_dynamodb.TableEncryption
Default: The table is encrypted with an encryption key managed by DynamoDB, and you are not charged any fee for using it.

Whether server-side encryption with an AWS managed customer master key is enabled.

This property cannot be set if serverSideEncryption is set.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: If encryption is set to TableEncryption.CUSTOMER_MANAGED and this property is undefined, a new KMS key will be created and associated with this table. If encryption and this property are both undefined, then the table is encrypted with an encryption key managed by DynamoDB, and you are not charged any fee for using it.

External KMS key to use for table encryption.

This property can only be set if encryption is set to TableEncryption.CUSTOMER_MANAGED.

`importSource`^Optional

public readonly importSource: ImportSourceSpecification;

Type: aws-cdk-lib.aws_dynamodb.ImportSourceSpecification
Default: no data import from the S3 bucket

The properties of data being imported from the S3 bucket source to the table.

`kinesisPrecisionTimestamp`^Optional

public readonly kinesisPrecisionTimestamp: ApproximateCreationDateTimePrecision;

Type: aws-cdk-lib.aws_dynamodb.ApproximateCreationDateTimePrecision
Default: ApproximateCreationDateTimePrecision.MICROSECOND

Kinesis Data Stream approximate creation timestamp precision.

`kinesisStream`^Optional

public readonly kinesisStream: IStream;

Type: aws-cdk-lib.aws_kinesis.IStream
Default: no Kinesis Data Stream

Kinesis Data Stream to capture item-level changes for the table.

`maxReadRequestUnits`^Optional

public readonly maxReadRequestUnits: number;

Type: number
Default: on-demand throughput is disabled

The maximum read request units for the table.

Careful if you add Global Secondary Indexes, as those will share the table's maximum on-demand throughput.

Can only be provided if billingMode is PAY_PER_REQUEST.

`maxWriteRequestUnits`^Optional

public readonly maxWriteRequestUnits: number;

Type: number
Default: on-demand throughput is disabled

The write request units for the table.

Careful if you add Global Secondary Indexes, as those will share the table's maximum on-demand throughput.

Can only be provided if billingMode is PAY_PER_REQUEST.

`pointInTimeRecovery`^Optional

Deprecated: use pointInTimeRecoverySpecification instead

public readonly pointInTimeRecovery: boolean;

Type: boolean
Default: false - point in time recovery is not enabled.

Whether point-in-time recovery is enabled.

`pointInTimeRecoverySpecification`^Optional

public readonly pointInTimeRecoverySpecification: PointInTimeRecoverySpecification;

Type: aws-cdk-lib.aws_dynamodb.PointInTimeRecoverySpecification
Default: point in time recovery is not enabled.

Whether point-in-time recovery is enabled and recoveryPeriodInDays is set.

`readCapacity`^Optional

public readonly readCapacity: number;

Type: number
Default: 5

The read capacity for the table. Careful if you add Global Secondary Indexes, as those will share the table's provisioned throughput.

Can only be provided if billingMode is Provisioned.

`removalPolicy`^Optional

public readonly removalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.RETAIN

The removal policy to apply to the DynamoDB Table.

`replicaRemovalPolicy`^Optional

public readonly replicaRemovalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: undefined - use DynamoDB Table's removal policy

The removal policy to apply to the DynamoDB replica tables.

`replicationRegions`^Optional

public readonly replicationRegions: string[];

Type: string[]
Default: no replica tables are created

Regions where replica tables will be created.

`replicationTimeout`^Optional

public readonly replicationTimeout: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.minutes(30)

The timeout for a table replication operation in a single region.

`resourcePolicy`^Optional

public readonly resourcePolicy: PolicyDocument;

Type: aws-cdk-lib.aws_iam.PolicyDocument
Default: No resource policy statement

Resource policy to assign to table.

`stream`^Optional

public readonly stream: StreamViewType;

Type: aws-cdk-lib.aws_dynamodb.StreamViewType
Default: streams are disabled unless replicationRegions is specified

When an item in the table is modified, StreamViewType determines what information is written to the stream for this table.

`tableClass`^Optional

public readonly tableClass: TableClass;

Type: aws-cdk-lib.aws_dynamodb.TableClass
Default: STANDARD

Specify the table class.

`tableName`^Optional

public readonly tableName: string;

Type: string
Default:

Enforces a particular physical table name.

`waitForReplicationToFinish`^Optional

public readonly waitForReplicationToFinish: boolean;

Type: boolean
Default: true

[WARNING: Use this flag with caution, misusing this flag may cause deleting existing replicas, refer to the detailed documentation for more information] Indicates whether CloudFormation stack waits for replication to finish.

If set to false, the CloudFormation resource will mark the resource as created and replication will be completed asynchronously. This property is ignored if replicationRegions property is not set.

WARNING: DO NOT UNSET this property if adding/removing multiple replicationRegions in one deployment, as CloudFormation only supports one region replication at a time. CDK overcomes this limitation by waiting for replication to finish before starting new replicationRegion.

If the custom resource which handles replication has a physical resource ID with the format region instead of tablename-region (this would happen if the custom resource hasn't received an event since v1.91.0), DO NOT SET this property to false without making a change to the table name. This will cause the existing replicas to be deleted.

`warmThroughput`^Optional

public readonly warmThroughput: WarmThroughput;

Type: aws-cdk-lib.aws_dynamodb.WarmThroughput
Default: warm throughput is not configured

Specify values to pre-warm you DynamoDB Table Warm Throughput feature is not available for Global Table replicas using the Table construct.

To enable Warm Throughput, use the TableV2 construct instead.

`writeCapacity`^Optional

public readonly writeCapacity: number;

Type: number
Default: 5

The write capacity for the table. Careful if you add Global Secondary Indexes, as those will share the table's provisioned throughput.

Can only be provided if billingMode is Provisioned.

GetWorkforceUrlFunctionProps

Properties for configuring the GetWorkforceUrlFunction.

Initializer

import { GetWorkforceUrlFunctionProps } from '@cdklabs/genai-idp'

const getWorkforceUrlFunctionProps: GetWorkforceUrlFunctionProps = { ... }

Properties

Name	Type	Description
`adotInstrumentation`	`aws-cdk-lib.aws_lambda.AdotInstrumentationConfig`	Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
`allowAllIpv6Outbound`	`boolean`	Whether to allow the Lambda to send all ipv6 network traffic.
`applicationLogLevel`	`string`	Sets the application log level for the function.
`applicationLogLevelV2`	`aws-cdk-lib.aws_lambda.ApplicationLogLevel`	Sets the application log level for the function.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The system architectures compatible with this lambda function.
`codeSigningConfig`	`aws-cdk-lib.aws_lambda.ICodeSigningConfig`	Code signing config associated with this function.
`currentVersionOptions`	`aws-cdk-lib.aws_lambda.VersionOptions`	Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The SQS queue to use if DLQ is enabled.
`deadLetterQueueEnabled`	`boolean`	Enabled DLQ.
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The SNS topic to use as a DLQ.
`description`	`string`	A description of the function.
`environmentEncryption`	`aws-cdk-lib.aws_kms.IKey`	The AWS KMS key that's used to encrypt your function's environment variables.
`ephemeralStorageSize`	`aws-cdk-lib.Size`	The size of the function’s /tmp directory in MiB.
`events`	`aws-cdk-lib.aws_lambda.IEventSource[]`	Event sources for this function.
`functionName`	`string`	A name for the function.
`initialPolicy`	`aws-cdk-lib.aws_iam.PolicyStatement[]`	Initial policy statements to add to the created Lambda Role.
`insightsVersion`	`aws-cdk-lib.aws_lambda.LambdaInsightsVersion`	Specify the version of CloudWatch Lambda insights to use for monitoring.
`ipv6AllowedForDualStack`	`boolean`	Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
`logFormat`	`string`	Sets the logFormat for the function.
`loggingFormat`	`aws-cdk-lib.aws_lambda.LoggingFormat`	Sets the loggingFormat for the function.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The log group the function sends logs to.
`logRemovalPolicy`	`aws-cdk-lib.RemovalPolicy`	Determine the removal policy of the log group that is auto-created by this construct.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The number of days log events are kept in CloudWatch Logs.
`logRetentionRetryOptions`	`aws-cdk-lib.aws_lambda.LogRetentionRetryOptions`	When log retention is specified, a custom resource attempts to create the CloudWatch log group.
`logRetentionRole`	`aws-cdk-lib.aws_iam.IRole`	The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
`maxEventAge`	`aws-cdk-lib.Duration`	The maximum age of a request that Lambda sends to a function for processing.
`onFailure`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for failed invocations.
`onSuccess`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for successful invocations.
`paramsAndSecrets`	`aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion`	Specify the configuration of Parameters and Secrets Extension.
`profiling`	`boolean`	Enable profiling.
`profilingGroup`	`aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup`	Profiling Group.
`recursiveLoop`	`aws-cdk-lib.aws_lambda.RecursiveLoop`	Sets the Recursive Loop Protection for Lambda Function.
`reservedConcurrentExecutions`	`number`	The maximum of concurrent executions you want to reserve for the function.
`retryAttempts`	`number`	The maximum number of times to retry when the function returns an error.
`role`	`aws-cdk-lib.aws_iam.IRole`	Lambda execution role.
`runtimeManagementMode`	`aws-cdk-lib.aws_lambda.RuntimeManagementMode`	Sets the runtime management configuration for a function's version.
`securityGroups`	`aws-cdk-lib.aws_ec2.ISecurityGroup[]`	The list of security groups to associate with the Lambda's network interfaces.
`snapStart`	`aws-cdk-lib.aws_lambda.SnapStartConf`	Enable SnapStart for Lambda Function.
`systemLogLevel`	`string`	Sets the system log level for the function.
`systemLogLevelV2`	`aws-cdk-lib.aws_lambda.SystemLogLevel`	Sets the system log level for the function.
`tracing`	`aws-cdk-lib.aws_lambda.Tracing`	Enable AWS X-Ray Tracing for Lambda Function.
`vpc`	`aws-cdk-lib.aws_ec2.IVpc`	VPC network to place Lambda network interfaces.
`vpcSubnets`	`aws-cdk-lib.aws_ec2.SubnetSelection`	Where to place the network interfaces within the VPC.
`workteamName`	`string`	The name of the SageMaker workteam.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS key for encrypting function resources.
`existingPrivateWorkforceArn`	`string`	Optional existing private workforce ARN.
`logLevel`	`LogLevel`	The log level for the function.

`adotInstrumentation`^Optional

public readonly adotInstrumentation: AdotInstrumentationConfig;

Type: aws-cdk-lib.aws_lambda.AdotInstrumentationConfig
Default: No ADOT instrumentation

Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.

`allowAllIpv6Outbound`^Optional

public readonly allowAllIpv6Outbound: boolean;

Type: boolean
Default: false

Whether to allow the Lambda to send all ipv6 network traffic.

If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.

Do not specify this property if the securityGroups or securityGroup property is set. Instead, configure allowAllIpv6Outbound directly on the security group.

`applicationLogLevel`^Optional

Deprecated: Use applicationLogLevelV2 as a property instead.

public readonly applicationLogLevel: string;

Type: string
Default: "INFO"

Sets the application log level for the function.

`applicationLogLevelV2`^Optional

public readonly applicationLogLevelV2: ApplicationLogLevel;

Type: aws-cdk-lib.aws_lambda.ApplicationLogLevel
Default: ApplicationLogLevel.INFO

Sets the application log level for the function.

`architecture`^Optional

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture
Default: Architecture.X86_64

The system architectures compatible with this lambda function.

`codeSigningConfig`^Optional

public readonly codeSigningConfig: ICodeSigningConfig;

Type: aws-cdk-lib.aws_lambda.ICodeSigningConfig
Default: Not Sign the Code

Code signing config associated with this function.

`currentVersionOptions`^Optional

public readonly currentVersionOptions: VersionOptions;

Type: aws-cdk-lib.aws_lambda.VersionOptions
Default: default options as described in VersionOptions

Options for the lambda.Version resource automatically created by the fn.currentVersion method.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue
Default: SQS queue with 14 day retention period if deadLetterQueueEnabled is true

The SQS queue to use if DLQ is enabled.

If SNS topic is desired, specify deadLetterTopic property instead.

`deadLetterQueueEnabled`^Optional

public readonly deadLetterQueueEnabled: boolean;

Type: boolean
Default: false unless deadLetterQueue is set, which implies DLQ is enabled.

Enabled DLQ.

If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic
Default: no SNS topic

The SNS topic to use as a DLQ.

Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.

`description`^Optional

public readonly description: string;

Type: string
Default: No description.

A description of the function.

`environmentEncryption`^Optional

public readonly environmentEncryption: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: AWS Lambda creates and uses an AWS managed customer master key (CMK).

The AWS KMS key that's used to encrypt your function's environment variables.

`ephemeralStorageSize`^Optional

public readonly ephemeralStorageSize: Size;

Type: aws-cdk-lib.Size
Default: 512 MiB

The size of the function’s /tmp directory in MiB.

`events`^Optional

public readonly events: IEventSource[];

Type: aws-cdk-lib.aws_lambda.IEventSource[]
Default: No event sources.

Event sources for this function.

You can also add event sources using addEventSource.

`functionName`^Optional

public readonly functionName: string;

Type: string
Default: AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.

A name for the function.

`initialPolicy`^Optional

public readonly initialPolicy: PolicyStatement[];

Type: aws-cdk-lib.aws_iam.PolicyStatement[]
Default: No policy statements are added to the created Lambda role.

Initial policy statements to add to the created Lambda Role.

You can call addToRolePolicy to the created lambda to add statements post creation.

`insightsVersion`^Optional

public readonly insightsVersion: LambdaInsightsVersion;

Type: aws-cdk-lib.aws_lambda.LambdaInsightsVersion
Default: No Lambda Insights

Specify the version of CloudWatch Lambda insights to use for monitoring.

`ipv6AllowedForDualStack`^Optional

public readonly ipv6AllowedForDualStack: boolean;

Type: boolean
Default: false

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

Only used if 'vpc' is supplied.

`logFormat`^Optional

Deprecated: Use loggingFormat as a property instead.

public readonly logFormat: string;

Type: string
Default: "Text"

Sets the logFormat for the function.

`loggingFormat`^Optional

public readonly loggingFormat: LoggingFormat;

Type: aws-cdk-lib.aws_lambda.LoggingFormat
Default: LoggingFormat.TEXT

Sets the loggingFormat for the function.

`logGroup`^Optional

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup
Default: /aws/lambda/${this.functionName} - default log group created by Lambda

The log group the function sends logs to.

By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/\<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.

Use the logGroup property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.

`logRemovalPolicy`^Optional

Deprecated: use logGroup instead

public readonly logRemovalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.Retain

Determine the removal policy of the log group that is auto-created by this construct.

Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.

`logRetention`^Optional

Deprecated: use logGroup instead

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays
Default: logs.RetentionDays.INFINITE

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to INFINITE.

This is a legacy API and we strongly recommend you move away from it if you can. Instead create a fully customizable log group with logs.LogGroup and use the logGroup property to instruct the Lambda function to send logs to it. Migrating from logRetention to logGroup will cause the name of the log group to change. Users and code and referencing the name verbatim will have to adjust.

In AWS CDK code, you can access the log group name directly from the LogGroup construct:

import * as logs from 'aws-cdk-lib/aws-logs';

declare const myLogGroup: logs.LogGroup;
myLogGroup.logGroupName;

`logRetentionRetryOptions`^Optional

public readonly logRetentionRetryOptions: LogRetentionRetryOptions;

Type: aws-cdk-lib.aws_lambda.LogRetentionRetryOptions
Default: Default AWS SDK retry options.

When log retention is specified, a custom resource attempts to create the CloudWatch log group.

These options control the retry policy when interacting with CloudWatch APIs.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`logRetentionRole`^Optional

public readonly logRetentionRole: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A new role is created.

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`maxEventAge`^Optional

public readonly maxEventAge: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.hours(6)

The maximum age of a request that Lambda sends to a function for processing.

Minimum: 60 seconds Maximum: 6 hours

`onFailure`^Optional

public readonly onFailure: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for failed invocations.

`onSuccess`^Optional

public readonly onSuccess: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for successful invocations.

`paramsAndSecrets`^Optional

public readonly paramsAndSecrets: ParamsAndSecretsLayerVersion;

Type: aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion
Default: No Parameters and Secrets Extension

Specify the configuration of Parameters and Secrets Extension.

`profiling`^Optional

public readonly profiling: boolean;

Type: boolean
Default: No profiling.

Enable profiling.

`profilingGroup`^Optional

public readonly profilingGroup: IProfilingGroup;

Type: aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup
Default: A new profiling group will be created if profiling is set.

Profiling Group.

`recursiveLoop`^Optional

public readonly recursiveLoop: RecursiveLoop;

Type: aws-cdk-lib.aws_lambda.RecursiveLoop
Default: RecursiveLoop.Terminate

Sets the Recursive Loop Protection for Lambda Function.

It lets Lambda detect and terminate unintended recursive loops.

`reservedConcurrentExecutions`^Optional

public readonly reservedConcurrentExecutions: number;

Type: number
Default: No specific limit - account limit.

The maximum of concurrent executions you want to reserve for the function.

`retryAttempts`^Optional

public readonly retryAttempts: number;

Type: number
Default: 2

The maximum number of times to retry when the function returns an error.

Minimum: 0 Maximum: 2

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.

The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.

The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".

`runtimeManagementMode`^Optional

public readonly runtimeManagementMode: RuntimeManagementMode;

Type: aws-cdk-lib.aws_lambda.RuntimeManagementMode
Default: Auto

Sets the runtime management configuration for a function's version.

`securityGroups`^Optional

public readonly securityGroups: ISecurityGroup[];

Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]
Default: If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

The list of security groups to associate with the Lambda's network interfaces.

Only used if 'vpc' is supplied.

`snapStart`^Optional

public readonly snapStart: SnapStartConf;

Type: aws-cdk-lib.aws_lambda.SnapStartConf
Default: No snapstart

Enable SnapStart for Lambda Function.

SnapStart is currently supported for Java 11, Java 17, Python 3.12, Python 3.13, and .NET 8 runtime

`systemLogLevel`^Optional

Deprecated: Use systemLogLevelV2 as a property instead.

public readonly systemLogLevel: string;

Type: string
Default: "INFO"

Sets the system log level for the function.

`systemLogLevelV2`^Optional

public readonly systemLogLevelV2: SystemLogLevel;

Type: aws-cdk-lib.aws_lambda.SystemLogLevel
Default: SystemLogLevel.INFO

Sets the system log level for the function.

`tracing`^Optional

public readonly tracing: Tracing;

Type: aws-cdk-lib.aws_lambda.Tracing
Default: Tracing.Disabled

Enable AWS X-Ray Tracing for Lambda Function.

`vpc`^Optional

public readonly vpc: IVpc;

Type: aws-cdk-lib.aws_ec2.IVpc
Default: Function is not placed within a VPC.

VPC network to place Lambda network interfaces.

Specify this if the Lambda function needs to access resources in a VPC. This is required when vpcSubnets is specified.

`vpcSubnets`^Optional

public readonly vpcSubnets: SubnetSelection;

Type: aws-cdk-lib.aws_ec2.SubnetSelection
Default: the Vpc default strategy if not specified

Where to place the network interfaces within the VPC.

This requires vpc to be specified in order for interfaces to actually be placed in the subnets. If vpc is not specify, this will raise an error.

Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless allowPublicSubnet is set to true).

`workteamName`^Required

public readonly workteamName: string;

Type: string

The name of the SageMaker workteam.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS key for encrypting function resources.

`existingPrivateWorkforceArn`^Optional

public readonly existingPrivateWorkforceArn: string;

Type: string

Optional existing private workforce ARN.

When provided, the function will use this workforce instead of the workteam name.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel
Default: LogLevel.INFO

The log level for the function.

HitlEnvironmentProps

Properties for configuring the HITL environment.

Initializer

import { HitlEnvironmentProps } from '@cdklabs/genai-idp'

const hitlEnvironmentProps: HitlEnvironmentProps = { ... }

Properties

Name	Type	Description
`outputBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket for BDA output storage.
`userGroup`	`aws-cdk-lib.aws_cognito.CfnUserPoolGroup`	The Cognito User Group that contains the human reviewers.
`userPool`	`aws-cdk-lib.aws_cognito.IUserPool`	The Cognito User Pool for authentication.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS key for encrypting HITL resources.
`existingPrivateWorkforceArn`	`string`	Optional existing private workforce ARN to use instead of creating a new workteam.
`logLevel`	`LogLevel`	The log level for HITL functions.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The retention period for CloudWatch logs.
`vpcConfiguration`	`VpcConfiguration`	Optional VPC configuration for HITL functions.

`outputBucket`^Required

public readonly outputBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket for BDA output storage.

`userGroup`^Required

public readonly userGroup: CfnUserPoolGroup;

Type: aws-cdk-lib.aws_cognito.CfnUserPoolGroup

The Cognito User Group that contains the human reviewers.

`userPool`^Required

public readonly userPool: IUserPool;

Type: aws-cdk-lib.aws_cognito.IUserPool

The Cognito User Pool for authentication.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS key for encrypting HITL resources.

`existingPrivateWorkforceArn`^Optional

public readonly existingPrivateWorkforceArn: string;

Type: string

Optional existing private workforce ARN to use instead of creating a new workteam.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel
Default: LogLevel.INFO

The log level for HITL functions.

`logRetention`^Optional

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays
Default: logs.RetentionDays.ONE_WEEK

The retention period for CloudWatch logs.

`vpcConfiguration`^Optional

public readonly vpcConfiguration: VpcConfiguration;

Type: VpcConfiguration

Optional VPC configuration for HITL functions.

IdpPythonFunctionOptions

Options for a Python Lambda function.

Initializer

import { IdpPythonFunctionOptions } from '@cdklabs/genai-idp'

const idpPythonFunctionOptions: IdpPythonFunctionOptions = { ... }

Properties

Name	Type	Description
`adotInstrumentation`	`aws-cdk-lib.aws_lambda.AdotInstrumentationConfig`	Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
`allowAllIpv6Outbound`	`boolean`	Whether to allow the Lambda to send all ipv6 network traffic.
`applicationLogLevel`	`string`	Sets the application log level for the function.
`applicationLogLevelV2`	`aws-cdk-lib.aws_lambda.ApplicationLogLevel`	Sets the application log level for the function.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The system architectures compatible with this lambda function.
`codeSigningConfig`	`aws-cdk-lib.aws_lambda.ICodeSigningConfig`	Code signing config associated with this function.
`currentVersionOptions`	`aws-cdk-lib.aws_lambda.VersionOptions`	Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The SQS queue to use if DLQ is enabled.
`deadLetterQueueEnabled`	`boolean`	Enabled DLQ.
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The SNS topic to use as a DLQ.
`description`	`string`	A description of the function.
`environmentEncryption`	`aws-cdk-lib.aws_kms.IKey`	The AWS KMS key that's used to encrypt your function's environment variables.
`ephemeralStorageSize`	`aws-cdk-lib.Size`	The size of the function’s /tmp directory in MiB.
`events`	`aws-cdk-lib.aws_lambda.IEventSource[]`	Event sources for this function.
`functionName`	`string`	A name for the function.
`initialPolicy`	`aws-cdk-lib.aws_iam.PolicyStatement[]`	Initial policy statements to add to the created Lambda Role.
`insightsVersion`	`aws-cdk-lib.aws_lambda.LambdaInsightsVersion`	Specify the version of CloudWatch Lambda insights to use for monitoring.
`ipv6AllowedForDualStack`	`boolean`	Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
`logFormat`	`string`	Sets the logFormat for the function.
`loggingFormat`	`aws-cdk-lib.aws_lambda.LoggingFormat`	Sets the loggingFormat for the function.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The log group the function sends logs to.
`logRemovalPolicy`	`aws-cdk-lib.RemovalPolicy`	Determine the removal policy of the log group that is auto-created by this construct.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The number of days log events are kept in CloudWatch Logs.
`logRetentionRetryOptions`	`aws-cdk-lib.aws_lambda.LogRetentionRetryOptions`	When log retention is specified, a custom resource attempts to create the CloudWatch log group.
`logRetentionRole`	`aws-cdk-lib.aws_iam.IRole`	The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
`maxEventAge`	`aws-cdk-lib.Duration`	The maximum age of a request that Lambda sends to a function for processing.
`onFailure`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for failed invocations.
`onSuccess`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for successful invocations.
`paramsAndSecrets`	`aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion`	Specify the configuration of Parameters and Secrets Extension.
`profiling`	`boolean`	Enable profiling.
`profilingGroup`	`aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup`	Profiling Group.
`recursiveLoop`	`aws-cdk-lib.aws_lambda.RecursiveLoop`	Sets the Recursive Loop Protection for Lambda Function.
`reservedConcurrentExecutions`	`number`	The maximum of concurrent executions you want to reserve for the function.
`retryAttempts`	`number`	The maximum number of times to retry when the function returns an error.
`role`	`aws-cdk-lib.aws_iam.IRole`	Lambda execution role.
`runtimeManagementMode`	`aws-cdk-lib.aws_lambda.RuntimeManagementMode`	Sets the runtime management configuration for a function's version.
`securityGroups`	`aws-cdk-lib.aws_ec2.ISecurityGroup[]`	The list of security groups to associate with the Lambda's network interfaces.
`snapStart`	`aws-cdk-lib.aws_lambda.SnapStartConf`	Enable SnapStart for Lambda Function.
`systemLogLevel`	`string`	Sets the system log level for the function.
`systemLogLevelV2`	`aws-cdk-lib.aws_lambda.SystemLogLevel`	Sets the system log level for the function.
`tracing`	`aws-cdk-lib.aws_lambda.Tracing`	Enable AWS X-Ray Tracing for Lambda Function.
`vpc`	`aws-cdk-lib.aws_ec2.IVpc`	VPC network to place Lambda network interfaces.
`vpcSubnets`	`aws-cdk-lib.aws_ec2.SubnetSelection`	Where to place the network interfaces within the VPC.

`adotInstrumentation`^Optional

public readonly adotInstrumentation: AdotInstrumentationConfig;

Type: aws-cdk-lib.aws_lambda.AdotInstrumentationConfig
Default: No ADOT instrumentation

Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.

`allowAllIpv6Outbound`^Optional

public readonly allowAllIpv6Outbound: boolean;

Type: boolean
Default: false

Whether to allow the Lambda to send all ipv6 network traffic.

If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.

Do not specify this property if the securityGroups or securityGroup property is set. Instead, configure allowAllIpv6Outbound directly on the security group.

`applicationLogLevel`^Optional

Deprecated: Use applicationLogLevelV2 as a property instead.

public readonly applicationLogLevel: string;

Type: string
Default: "INFO"

Sets the application log level for the function.

`applicationLogLevelV2`^Optional

public readonly applicationLogLevelV2: ApplicationLogLevel;

Type: aws-cdk-lib.aws_lambda.ApplicationLogLevel
Default: ApplicationLogLevel.INFO

Sets the application log level for the function.

`architecture`^Optional

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture
Default: Architecture.X86_64

The system architectures compatible with this lambda function.

`codeSigningConfig`^Optional

public readonly codeSigningConfig: ICodeSigningConfig;

Type: aws-cdk-lib.aws_lambda.ICodeSigningConfig
Default: Not Sign the Code

Code signing config associated with this function.

`currentVersionOptions`^Optional

public readonly currentVersionOptions: VersionOptions;

Type: aws-cdk-lib.aws_lambda.VersionOptions
Default: default options as described in VersionOptions

Options for the lambda.Version resource automatically created by the fn.currentVersion method.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue
Default: SQS queue with 14 day retention period if deadLetterQueueEnabled is true

The SQS queue to use if DLQ is enabled.

If SNS topic is desired, specify deadLetterTopic property instead.

`deadLetterQueueEnabled`^Optional

public readonly deadLetterQueueEnabled: boolean;

Type: boolean
Default: false unless deadLetterQueue is set, which implies DLQ is enabled.

Enabled DLQ.

If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic
Default: no SNS topic

The SNS topic to use as a DLQ.

Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.

`description`^Optional

public readonly description: string;

Type: string
Default: No description.

A description of the function.

`environmentEncryption`^Optional

public readonly environmentEncryption: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: AWS Lambda creates and uses an AWS managed customer master key (CMK).

The AWS KMS key that's used to encrypt your function's environment variables.

`ephemeralStorageSize`^Optional

public readonly ephemeralStorageSize: Size;

Type: aws-cdk-lib.Size
Default: 512 MiB

The size of the function’s /tmp directory in MiB.

`events`^Optional

public readonly events: IEventSource[];

Type: aws-cdk-lib.aws_lambda.IEventSource[]
Default: No event sources.

Event sources for this function.

You can also add event sources using addEventSource.

`functionName`^Optional

public readonly functionName: string;

Type: string
Default: AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.

A name for the function.

`initialPolicy`^Optional

public readonly initialPolicy: PolicyStatement[];

Type: aws-cdk-lib.aws_iam.PolicyStatement[]
Default: No policy statements are added to the created Lambda role.

Initial policy statements to add to the created Lambda Role.

You can call addToRolePolicy to the created lambda to add statements post creation.

`insightsVersion`^Optional

public readonly insightsVersion: LambdaInsightsVersion;

Type: aws-cdk-lib.aws_lambda.LambdaInsightsVersion
Default: No Lambda Insights

Specify the version of CloudWatch Lambda insights to use for monitoring.

`ipv6AllowedForDualStack`^Optional

public readonly ipv6AllowedForDualStack: boolean;

Type: boolean
Default: false

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

Only used if 'vpc' is supplied.

`logFormat`^Optional

Deprecated: Use loggingFormat as a property instead.

public readonly logFormat: string;

Type: string
Default: "Text"

Sets the logFormat for the function.

`loggingFormat`^Optional

public readonly loggingFormat: LoggingFormat;

Type: aws-cdk-lib.aws_lambda.LoggingFormat
Default: LoggingFormat.TEXT

Sets the loggingFormat for the function.

`logGroup`^Optional

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup
Default: /aws/lambda/${this.functionName} - default log group created by Lambda

The log group the function sends logs to.

By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/\<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.

Use the logGroup property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.

`logRemovalPolicy`^Optional

Deprecated: use logGroup instead

public readonly logRemovalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.Retain

Determine the removal policy of the log group that is auto-created by this construct.

Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.

`logRetention`^Optional

Deprecated: use logGroup instead

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays
Default: logs.RetentionDays.INFINITE

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to INFINITE.

This is a legacy API and we strongly recommend you move away from it if you can. Instead create a fully customizable log group with logs.LogGroup and use the logGroup property to instruct the Lambda function to send logs to it. Migrating from logRetention to logGroup will cause the name of the log group to change. Users and code and referencing the name verbatim will have to adjust.

In AWS CDK code, you can access the log group name directly from the LogGroup construct:

import * as logs from 'aws-cdk-lib/aws-logs';

declare const myLogGroup: logs.LogGroup;
myLogGroup.logGroupName;

`logRetentionRetryOptions`^Optional

public readonly logRetentionRetryOptions: LogRetentionRetryOptions;

Type: aws-cdk-lib.aws_lambda.LogRetentionRetryOptions
Default: Default AWS SDK retry options.

When log retention is specified, a custom resource attempts to create the CloudWatch log group.

These options control the retry policy when interacting with CloudWatch APIs.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`logRetentionRole`^Optional

public readonly logRetentionRole: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A new role is created.

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`maxEventAge`^Optional

public readonly maxEventAge: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.hours(6)

The maximum age of a request that Lambda sends to a function for processing.

Minimum: 60 seconds Maximum: 6 hours

`onFailure`^Optional

public readonly onFailure: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for failed invocations.

`onSuccess`^Optional

public readonly onSuccess: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for successful invocations.

`paramsAndSecrets`^Optional

public readonly paramsAndSecrets: ParamsAndSecretsLayerVersion;

Type: aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion
Default: No Parameters and Secrets Extension

Specify the configuration of Parameters and Secrets Extension.

`profiling`^Optional

public readonly profiling: boolean;

Type: boolean
Default: No profiling.

Enable profiling.

`profilingGroup`^Optional

public readonly profilingGroup: IProfilingGroup;

Type: aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup
Default: A new profiling group will be created if profiling is set.

Profiling Group.

`recursiveLoop`^Optional

public readonly recursiveLoop: RecursiveLoop;

Type: aws-cdk-lib.aws_lambda.RecursiveLoop
Default: RecursiveLoop.Terminate

Sets the Recursive Loop Protection for Lambda Function.

It lets Lambda detect and terminate unintended recursive loops.

`reservedConcurrentExecutions`^Optional

public readonly reservedConcurrentExecutions: number;

Type: number
Default: No specific limit - account limit.

The maximum of concurrent executions you want to reserve for the function.

`retryAttempts`^Optional

public readonly retryAttempts: number;

Type: number
Default: 2

The maximum number of times to retry when the function returns an error.

Minimum: 0 Maximum: 2

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.

The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.

The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".

`runtimeManagementMode`^Optional

public readonly runtimeManagementMode: RuntimeManagementMode;

Type: aws-cdk-lib.aws_lambda.RuntimeManagementMode
Default: Auto

Sets the runtime management configuration for a function's version.

`securityGroups`^Optional

public readonly securityGroups: ISecurityGroup[];

Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]
Default: If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

The list of security groups to associate with the Lambda's network interfaces.

Only used if 'vpc' is supplied.

`snapStart`^Optional

public readonly snapStart: SnapStartConf;

Type: aws-cdk-lib.aws_lambda.SnapStartConf
Default: No snapstart

Enable SnapStart for Lambda Function.

SnapStart is currently supported for Java 11, Java 17, Python 3.12, Python 3.13, and .NET 8 runtime

`systemLogLevel`^Optional

Deprecated: Use systemLogLevelV2 as a property instead.

public readonly systemLogLevel: string;

Type: string
Default: "INFO"

Sets the system log level for the function.

`systemLogLevelV2`^Optional

public readonly systemLogLevelV2: SystemLogLevel;

Type: aws-cdk-lib.aws_lambda.SystemLogLevel
Default: SystemLogLevel.INFO

Sets the system log level for the function.

`tracing`^Optional

public readonly tracing: Tracing;

Type: aws-cdk-lib.aws_lambda.Tracing
Default: Tracing.Disabled

Enable AWS X-Ray Tracing for Lambda Function.

`vpc`^Optional

public readonly vpc: IVpc;

Type: aws-cdk-lib.aws_ec2.IVpc
Default: Function is not placed within a VPC.

VPC network to place Lambda network interfaces.

Specify this if the Lambda function needs to access resources in a VPC. This is required when vpcSubnets is specified.

`vpcSubnets`^Optional

public readonly vpcSubnets: SubnetSelection;

Type: aws-cdk-lib.aws_ec2.SubnetSelection
Default: the Vpc default strategy if not specified

Where to place the network interfaces within the VPC.

This requires vpc to be specified in order for interfaces to actually be placed in the subnets. If vpc is not specify, this will raise an error.

Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless allowPublicSubnet is set to true).

ListAvailableAgentsFunctionProps

Properties for the List Available Agents function.

Initializer

import { ListAvailableAgentsFunctionProps } from '@cdklabs/genai-idp'

const listAvailableAgentsFunctionProps: ListAvailableAgentsFunctionProps = { ... }

Properties

Name	Type	Description
`adotInstrumentation`	`aws-cdk-lib.aws_lambda.AdotInstrumentationConfig`	Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
`allowAllIpv6Outbound`	`boolean`	Whether to allow the Lambda to send all ipv6 network traffic.
`applicationLogLevel`	`string`	Sets the application log level for the function.
`applicationLogLevelV2`	`aws-cdk-lib.aws_lambda.ApplicationLogLevel`	Sets the application log level for the function.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The system architectures compatible with this lambda function.
`codeSigningConfig`	`aws-cdk-lib.aws_lambda.ICodeSigningConfig`	Code signing config associated with this function.
`currentVersionOptions`	`aws-cdk-lib.aws_lambda.VersionOptions`	Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The SQS queue to use if DLQ is enabled.
`deadLetterQueueEnabled`	`boolean`	Enabled DLQ.
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The SNS topic to use as a DLQ.
`description`	`string`	A description of the function.
`environmentEncryption`	`aws-cdk-lib.aws_kms.IKey`	The AWS KMS key that's used to encrypt your function's environment variables.
`ephemeralStorageSize`	`aws-cdk-lib.Size`	The size of the function’s /tmp directory in MiB.
`events`	`aws-cdk-lib.aws_lambda.IEventSource[]`	Event sources for this function.
`functionName`	`string`	A name for the function.
`initialPolicy`	`aws-cdk-lib.aws_iam.PolicyStatement[]`	Initial policy statements to add to the created Lambda Role.
`insightsVersion`	`aws-cdk-lib.aws_lambda.LambdaInsightsVersion`	Specify the version of CloudWatch Lambda insights to use for monitoring.
`ipv6AllowedForDualStack`	`boolean`	Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
`logFormat`	`string`	Sets the logFormat for the function.
`loggingFormat`	`aws-cdk-lib.aws_lambda.LoggingFormat`	Sets the loggingFormat for the function.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The log group the function sends logs to.
`logRemovalPolicy`	`aws-cdk-lib.RemovalPolicy`	Determine the removal policy of the log group that is auto-created by this construct.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The number of days log events are kept in CloudWatch Logs.
`logRetentionRetryOptions`	`aws-cdk-lib.aws_lambda.LogRetentionRetryOptions`	When log retention is specified, a custom resource attempts to create the CloudWatch log group.
`logRetentionRole`	`aws-cdk-lib.aws_iam.IRole`	The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
`maxEventAge`	`aws-cdk-lib.Duration`	The maximum age of a request that Lambda sends to a function for processing.
`onFailure`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for failed invocations.
`onSuccess`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for successful invocations.
`paramsAndSecrets`	`aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion`	Specify the configuration of Parameters and Secrets Extension.
`profiling`	`boolean`	Enable profiling.
`profilingGroup`	`aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup`	Profiling Group.
`recursiveLoop`	`aws-cdk-lib.aws_lambda.RecursiveLoop`	Sets the Recursive Loop Protection for Lambda Function.
`reservedConcurrentExecutions`	`number`	The maximum of concurrent executions you want to reserve for the function.
`retryAttempts`	`number`	The maximum number of times to retry when the function returns an error.
`role`	`aws-cdk-lib.aws_iam.IRole`	Lambda execution role.
`runtimeManagementMode`	`aws-cdk-lib.aws_lambda.RuntimeManagementMode`	Sets the runtime management configuration for a function's version.
`securityGroups`	`aws-cdk-lib.aws_ec2.ISecurityGroup[]`	The list of security groups to associate with the Lambda's network interfaces.
`snapStart`	`aws-cdk-lib.aws_lambda.SnapStartConf`	Enable SnapStart for Lambda Function.
`systemLogLevel`	`string`	Sets the system log level for the function.
`systemLogLevelV2`	`aws-cdk-lib.aws_lambda.SystemLogLevel`	Sets the system log level for the function.
`tracing`	`aws-cdk-lib.aws_lambda.Tracing`	Enable AWS X-Ray Tracing for Lambda Function.
`vpc`	`aws-cdk-lib.aws_ec2.IVpc`	VPC network to place Lambda network interfaces.
`vpcSubnets`	`aws-cdk-lib.aws_ec2.SubnetSelection`	Where to place the network interfaces within the VPC.
`metricNamespace`	`string`	The namespace for CloudWatch metrics.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	The KMS key used for encryption.
`externalMcpAgentsSecret`	`aws-cdk-lib.aws_secretsmanager.ISecret`	Optional Secrets Manager secret for external MCP agents.
`logLevel`	`LogLevel`	The log level for the function.

`adotInstrumentation`^Optional

public readonly adotInstrumentation: AdotInstrumentationConfig;

Type: aws-cdk-lib.aws_lambda.AdotInstrumentationConfig
Default: No ADOT instrumentation

Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.

`allowAllIpv6Outbound`^Optional

public readonly allowAllIpv6Outbound: boolean;

Type: boolean
Default: false

Whether to allow the Lambda to send all ipv6 network traffic.

If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.

Do not specify this property if the securityGroups or securityGroup property is set. Instead, configure allowAllIpv6Outbound directly on the security group.

`applicationLogLevel`^Optional

Deprecated: Use applicationLogLevelV2 as a property instead.

public readonly applicationLogLevel: string;

Type: string
Default: "INFO"

Sets the application log level for the function.

`applicationLogLevelV2`^Optional

public readonly applicationLogLevelV2: ApplicationLogLevel;

Type: aws-cdk-lib.aws_lambda.ApplicationLogLevel
Default: ApplicationLogLevel.INFO

Sets the application log level for the function.

`architecture`^Optional

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture
Default: Architecture.X86_64

The system architectures compatible with this lambda function.

`codeSigningConfig`^Optional

public readonly codeSigningConfig: ICodeSigningConfig;

Type: aws-cdk-lib.aws_lambda.ICodeSigningConfig
Default: Not Sign the Code

Code signing config associated with this function.

`currentVersionOptions`^Optional

public readonly currentVersionOptions: VersionOptions;

Type: aws-cdk-lib.aws_lambda.VersionOptions
Default: default options as described in VersionOptions

Options for the lambda.Version resource automatically created by the fn.currentVersion method.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue
Default: SQS queue with 14 day retention period if deadLetterQueueEnabled is true

The SQS queue to use if DLQ is enabled.

If SNS topic is desired, specify deadLetterTopic property instead.

`deadLetterQueueEnabled`^Optional

public readonly deadLetterQueueEnabled: boolean;

Type: boolean
Default: false unless deadLetterQueue is set, which implies DLQ is enabled.

Enabled DLQ.

If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic
Default: no SNS topic

The SNS topic to use as a DLQ.

Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.

`description`^Optional

public readonly description: string;

Type: string
Default: No description.

A description of the function.

`environmentEncryption`^Optional

public readonly environmentEncryption: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: AWS Lambda creates and uses an AWS managed customer master key (CMK).

The AWS KMS key that's used to encrypt your function's environment variables.

`ephemeralStorageSize`^Optional

public readonly ephemeralStorageSize: Size;

Type: aws-cdk-lib.Size
Default: 512 MiB

The size of the function’s /tmp directory in MiB.

`events`^Optional

public readonly events: IEventSource[];

Type: aws-cdk-lib.aws_lambda.IEventSource[]
Default: No event sources.

Event sources for this function.

You can also add event sources using addEventSource.

`functionName`^Optional

public readonly functionName: string;

Type: string
Default: AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.

A name for the function.

`initialPolicy`^Optional

public readonly initialPolicy: PolicyStatement[];

Type: aws-cdk-lib.aws_iam.PolicyStatement[]
Default: No policy statements are added to the created Lambda role.

Initial policy statements to add to the created Lambda Role.

You can call addToRolePolicy to the created lambda to add statements post creation.

`insightsVersion`^Optional

public readonly insightsVersion: LambdaInsightsVersion;

Type: aws-cdk-lib.aws_lambda.LambdaInsightsVersion
Default: No Lambda Insights

Specify the version of CloudWatch Lambda insights to use for monitoring.

`ipv6AllowedForDualStack`^Optional

public readonly ipv6AllowedForDualStack: boolean;

Type: boolean
Default: false

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

Only used if 'vpc' is supplied.

`logFormat`^Optional

Deprecated: Use loggingFormat as a property instead.

public readonly logFormat: string;

Type: string
Default: "Text"

Sets the logFormat for the function.

`loggingFormat`^Optional

public readonly loggingFormat: LoggingFormat;

Type: aws-cdk-lib.aws_lambda.LoggingFormat
Default: LoggingFormat.TEXT

Sets the loggingFormat for the function.

`logGroup`^Optional

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup
Default: /aws/lambda/${this.functionName} - default log group created by Lambda

The log group the function sends logs to.

By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/\<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.

Use the logGroup property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.

`logRemovalPolicy`^Optional

Deprecated: use logGroup instead

public readonly logRemovalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.Retain

Determine the removal policy of the log group that is auto-created by this construct.

Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.

`logRetention`^Optional

Deprecated: use logGroup instead

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays
Default: logs.RetentionDays.INFINITE

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to INFINITE.

This is a legacy API and we strongly recommend you move away from it if you can. Instead create a fully customizable log group with logs.LogGroup and use the logGroup property to instruct the Lambda function to send logs to it. Migrating from logRetention to logGroup will cause the name of the log group to change. Users and code and referencing the name verbatim will have to adjust.

In AWS CDK code, you can access the log group name directly from the LogGroup construct:

import * as logs from 'aws-cdk-lib/aws-logs';

declare const myLogGroup: logs.LogGroup;
myLogGroup.logGroupName;

`logRetentionRetryOptions`^Optional

public readonly logRetentionRetryOptions: LogRetentionRetryOptions;

Type: aws-cdk-lib.aws_lambda.LogRetentionRetryOptions
Default: Default AWS SDK retry options.

When log retention is specified, a custom resource attempts to create the CloudWatch log group.

These options control the retry policy when interacting with CloudWatch APIs.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`logRetentionRole`^Optional

public readonly logRetentionRole: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A new role is created.

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`maxEventAge`^Optional

public readonly maxEventAge: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.hours(6)

The maximum age of a request that Lambda sends to a function for processing.

Minimum: 60 seconds Maximum: 6 hours

`onFailure`^Optional

public readonly onFailure: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for failed invocations.

`onSuccess`^Optional

public readonly onSuccess: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for successful invocations.

`paramsAndSecrets`^Optional

public readonly paramsAndSecrets: ParamsAndSecretsLayerVersion;

Type: aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion
Default: No Parameters and Secrets Extension

Specify the configuration of Parameters and Secrets Extension.

`profiling`^Optional

public readonly profiling: boolean;

Type: boolean
Default: No profiling.

Enable profiling.

`profilingGroup`^Optional

public readonly profilingGroup: IProfilingGroup;

Type: aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup
Default: A new profiling group will be created if profiling is set.

Profiling Group.

`recursiveLoop`^Optional

public readonly recursiveLoop: RecursiveLoop;

Type: aws-cdk-lib.aws_lambda.RecursiveLoop
Default: RecursiveLoop.Terminate

Sets the Recursive Loop Protection for Lambda Function.

It lets Lambda detect and terminate unintended recursive loops.

`reservedConcurrentExecutions`^Optional

public readonly reservedConcurrentExecutions: number;

Type: number
Default: No specific limit - account limit.

The maximum of concurrent executions you want to reserve for the function.

`retryAttempts`^Optional

public readonly retryAttempts: number;

Type: number
Default: 2

The maximum number of times to retry when the function returns an error.

Minimum: 0 Maximum: 2

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.

The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.

The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".

`runtimeManagementMode`^Optional

public readonly runtimeManagementMode: RuntimeManagementMode;

Type: aws-cdk-lib.aws_lambda.RuntimeManagementMode
Default: Auto

Sets the runtime management configuration for a function's version.

`securityGroups`^Optional

public readonly securityGroups: ISecurityGroup[];

Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]
Default: If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

The list of security groups to associate with the Lambda's network interfaces.

Only used if 'vpc' is supplied.

`snapStart`^Optional

public readonly snapStart: SnapStartConf;

Type: aws-cdk-lib.aws_lambda.SnapStartConf
Default: No snapstart

Enable SnapStart for Lambda Function.

SnapStart is currently supported for Java 11, Java 17, Python 3.12, Python 3.13, and .NET 8 runtime

`systemLogLevel`^Optional

Deprecated: Use systemLogLevelV2 as a property instead.

public readonly systemLogLevel: string;

Type: string
Default: "INFO"

Sets the system log level for the function.

`systemLogLevelV2`^Optional

public readonly systemLogLevelV2: SystemLogLevel;

Type: aws-cdk-lib.aws_lambda.SystemLogLevel
Default: SystemLogLevel.INFO

Sets the system log level for the function.

`tracing`^Optional

public readonly tracing: Tracing;

Type: aws-cdk-lib.aws_lambda.Tracing
Default: Tracing.Disabled

Enable AWS X-Ray Tracing for Lambda Function.

`vpc`^Optional

public readonly vpc: IVpc;

Type: aws-cdk-lib.aws_ec2.IVpc
Default: Function is not placed within a VPC.

VPC network to place Lambda network interfaces.

Specify this if the Lambda function needs to access resources in a VPC. This is required when vpcSubnets is specified.

`vpcSubnets`^Optional

public readonly vpcSubnets: SubnetSelection;

Type: aws-cdk-lib.aws_ec2.SubnetSelection
Default: the Vpc default strategy if not specified

Where to place the network interfaces within the VPC.

This requires vpc to be specified in order for interfaces to actually be placed in the subnets. If vpc is not specify, this will raise an error.

Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless allowPublicSubnet is set to true).

`metricNamespace`^Required

public readonly metricNamespace: string;

Type: string

The namespace for CloudWatch metrics.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

The KMS key used for encryption.

`externalMcpAgentsSecret`^Optional

public readonly externalMcpAgentsSecret: ISecret;

Type: aws-cdk-lib.aws_secretsmanager.ISecret

Optional Secrets Manager secret for external MCP agents.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel
Default: LogLevel.INFO

The log level for the function.

ProcessingEnvironmentApiBaseProps

Properties for a GraphQL API that has a predefined schema.

Initializer

import { ProcessingEnvironmentApiBaseProps } from '@cdklabs/genai-idp'

const processingEnvironmentApiBaseProps: ProcessingEnvironmentApiBaseProps = { ... }

Properties

Name	Type	Description
`authorizationConfig`	`aws-cdk-lib.aws_appsync.AuthorizationConfig`	Optional authorization configuration.
`domainName`	`aws-cdk-lib.aws_appsync.DomainOptions`	The domain name configuration for the GraphQL API.
`environmentVariables`	`{[ key: string ]: string}`	A map containing the list of resources with their properties and environment variables.
`introspectionConfig`	`aws-cdk-lib.aws_appsync.IntrospectionConfig`	A value indicating whether the API to enable (ENABLED) or disable (DISABLED) introspection.
`logConfig`	`aws-cdk-lib.aws_appsync.LogConfig`	Logging configuration for this api.
`name`	`string`	the name of the GraphQL API.
`ownerContact`	`string`	The owner contact information for an API resource.
`queryDepthLimit`	`number`	A number indicating the maximum depth resolvers should be accepted when handling queries.
`resolverCountLimit`	`number`	A number indicating the maximum number of resolvers that should be accepted when handling queries.
`visibility`	`aws-cdk-lib.aws_appsync.Visibility`	A value indicating whether the API is accessible from anywhere (GLOBAL) or can only be access from a VPC (PRIVATE).
`xrayEnabled`	`boolean`	A flag indicating whether or not X-Ray tracing is enabled for the GraphQL API.

`authorizationConfig`^Optional

public readonly authorizationConfig: AuthorizationConfig;

Type: aws-cdk-lib.aws_appsync.AuthorizationConfig
Default: API Key authorization

Optional authorization configuration.

`domainName`^Optional

public readonly domainName: DomainOptions;

Type: aws-cdk-lib.aws_appsync.DomainOptions
Default: no domain name

The domain name configuration for the GraphQL API.

The Route 53 hosted zone and CName DNS record must be configured in addition to this setting to enable custom domain URL

`environmentVariables`^Optional

public readonly environmentVariables: {[ key: string ]: string};

Type: {[ key: string ]: string}
Default: No environment variables.

A map containing the list of resources with their properties and environment variables.

There are a few rules you must follow when creating keys and values: - Keys must begin with a letter. - Keys must be between 2 and 64 characters long. - Keys can only contain letters, numbers, and the underscore character (_). - Values can be up to 512 characters long. - You can configure up to 50 key-value pairs in a GraphQL API.

`introspectionConfig`^Optional

public readonly introspectionConfig: IntrospectionConfig;

Type: aws-cdk-lib.aws_appsync.IntrospectionConfig
Default: IntrospectionConfig.ENABLED

A value indicating whether the API to enable (ENABLED) or disable (DISABLED) introspection.

`logConfig`^Optional

public readonly logConfig: LogConfig;

Type: aws-cdk-lib.aws_appsync.LogConfig
Default: None

Logging configuration for this api.

`name`^Optional

public readonly name: string;

Type: string

the name of the GraphQL API.

`ownerContact`^Optional

public readonly ownerContact: string;

Type: string
Default: No owner contact.

The owner contact information for an API resource.

This field accepts any string input with a length of 0 - 256 characters.

`queryDepthLimit`^Optional

public readonly queryDepthLimit: number;

Type: number
Default: The default value is 0 (or unspecified) which indicates no maximum depth.

A number indicating the maximum depth resolvers should be accepted when handling queries.

Value must be withing range of 0 to 75

`resolverCountLimit`^Optional

public readonly resolverCountLimit: number;

Type: number
Default: The default value is 0 (or unspecified), which will set the limit to 10000

A number indicating the maximum number of resolvers that should be accepted when handling queries.

Value must be withing range of 0 to 10000

`visibility`^Optional

public readonly visibility: Visibility;

Type: aws-cdk-lib.aws_appsync.Visibility
Default: GLOBAL

A value indicating whether the API is accessible from anywhere (GLOBAL) or can only be access from a VPC (PRIVATE).

`xrayEnabled`^Optional

public readonly xrayEnabled: boolean;

Type: boolean
Default: false

A flag indicating whether or not X-Ray tracing is enabled for the GraphQL API.

ProcessingEnvironmentApiProps

Properties for configuring the ProcessingEnvironmentApi construct.

Extends the base properties with additional settings specific to document processing.

Initializer

import { ProcessingEnvironmentApiProps } from '@cdklabs/genai-idp'

const processingEnvironmentApiProps: ProcessingEnvironmentApiProps = { ... }

Properties

Name	Type	Description
`authorizationConfig`	`aws-cdk-lib.aws_appsync.AuthorizationConfig`	Optional authorization configuration.
`domainName`	`aws-cdk-lib.aws_appsync.DomainOptions`	The domain name configuration for the GraphQL API.
`environmentVariables`	`{[ key: string ]: string}`	A map containing the list of resources with their properties and environment variables.
`introspectionConfig`	`aws-cdk-lib.aws_appsync.IntrospectionConfig`	A value indicating whether the API to enable (ENABLED) or disable (DISABLED) introspection.
`logConfig`	`aws-cdk-lib.aws_appsync.LogConfig`	Logging configuration for this api.
`name`	`string`	the name of the GraphQL API.
`ownerContact`	`string`	The owner contact information for an API resource.
`queryDepthLimit`	`number`	A number indicating the maximum depth resolvers should be accepted when handling queries.
`resolverCountLimit`	`number`	A number indicating the maximum number of resolvers that should be accepted when handling queries.
`visibility`	`aws-cdk-lib.aws_appsync.Visibility`	A value indicating whether the API is accessible from anywhere (GLOBAL) or can only be access from a VPC (PRIVATE).
`xrayEnabled`	`boolean`	A flag indicating whether or not X-Ray tracing is enabled for the GraphQL API.
`configurationTable`	`IConfigurationTable`	The DynamoDB table that stores configuration settings.
`inputBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket where source documents to be processed are stored.
`outputBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket where processed documents and extraction results are stored.
`trackingTable`	`ITrackingTable`	The DynamoDB table that tracks document processing status and metadata.
`dataRetentionInDays`	`number`	Data retention period in days for processed documents.
`documentDiscovery`	`IDocumentDiscovery`	Optional document discovery for automated document analysis.
`documentQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The SQS queue for document processing requests.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS key used for encrypting sensitive data in the processing environment.
`evaluationBaselineBucket`	`aws-cdk-lib.aws_s3.IBucket`	Optional S3 bucket name for storing evaluation baseline documents.
`knowledgeBase`	`@cdklabs/generative-ai-cdk-constructs.bedrock.IKnowledgeBase`	Optional knowledge base identifier for document querying capabilities.
`knowledgeBaseGuardrail`	`@cdklabs/generative-ai-cdk-constructs.bedrock.IGuardrail`	Optional Bedrock guardrail to apply to model interactions.
`knowledgeBaseModel`	`@cdklabs/generative-ai-cdk-constructs.bedrock.IInvokable`	Optional invokable model to use for knowledge base queries.
`logLevel`	`LogLevel`	The log level for document processing components.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The retention period for CloudWatch logs generated by document processing components.
`stateMachine`	`aws-cdk-lib.aws_stepfunctions.IStateMachine`	Optional Step Functions state machine for document processing workflow.
`vpcConfiguration`	`VpcConfiguration`	Optional VPC configuration for document processing components.
`workingBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket for working files during document processing.

`authorizationConfig`^Optional

public readonly authorizationConfig: AuthorizationConfig;

Type: aws-cdk-lib.aws_appsync.AuthorizationConfig
Default: API Key authorization

Optional authorization configuration.

`domainName`^Optional

public readonly domainName: DomainOptions;

Type: aws-cdk-lib.aws_appsync.DomainOptions
Default: no domain name

The domain name configuration for the GraphQL API.

The Route 53 hosted zone and CName DNS record must be configured in addition to this setting to enable custom domain URL

`environmentVariables`^Optional

public readonly environmentVariables: {[ key: string ]: string};

Type: {[ key: string ]: string}
Default: No environment variables.

A map containing the list of resources with their properties and environment variables.

There are a few rules you must follow when creating keys and values: - Keys must begin with a letter. - Keys must be between 2 and 64 characters long. - Keys can only contain letters, numbers, and the underscore character (_). - Values can be up to 512 characters long. - You can configure up to 50 key-value pairs in a GraphQL API.

`introspectionConfig`^Optional

public readonly introspectionConfig: IntrospectionConfig;

Type: aws-cdk-lib.aws_appsync.IntrospectionConfig
Default: IntrospectionConfig.ENABLED

A value indicating whether the API to enable (ENABLED) or disable (DISABLED) introspection.

`logConfig`^Optional

public readonly logConfig: LogConfig;

Type: aws-cdk-lib.aws_appsync.LogConfig
Default: None

Logging configuration for this api.

`name`^Optional

public readonly name: string;

Type: string

the name of the GraphQL API.

`ownerContact`^Optional

public readonly ownerContact: string;

Type: string
Default: No owner contact.

The owner contact information for an API resource.

This field accepts any string input with a length of 0 - 256 characters.

`queryDepthLimit`^Optional

public readonly queryDepthLimit: number;

Type: number
Default: The default value is 0 (or unspecified) which indicates no maximum depth.

A number indicating the maximum depth resolvers should be accepted when handling queries.

Value must be withing range of 0 to 75

`resolverCountLimit`^Optional

public readonly resolverCountLimit: number;

Type: number
Default: The default value is 0 (or unspecified), which will set the limit to 10000

A number indicating the maximum number of resolvers that should be accepted when handling queries.

Value must be withing range of 0 to 10000

`visibility`^Optional

public readonly visibility: Visibility;

Type: aws-cdk-lib.aws_appsync.Visibility
Default: GLOBAL

A value indicating whether the API is accessible from anywhere (GLOBAL) or can only be access from a VPC (PRIVATE).

`xrayEnabled`^Optional

public readonly xrayEnabled: boolean;

Type: boolean
Default: false

A flag indicating whether or not X-Ray tracing is enabled for the GraphQL API.

`configurationTable`^Required

public readonly configurationTable: IConfigurationTable;

Type: IConfigurationTable

The DynamoDB table that stores configuration settings.

Contains document schemas, extraction parameters, and other system-wide settings.

`inputBucket`^Required

public readonly inputBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where source documents to be processed are stored.

This bucket is monitored for new document uploads to trigger processing.

`outputBucket`^Required

public readonly outputBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where processed documents and extraction results are stored.

Contains the structured data output and processing artifacts.

`trackingTable`^Required

public readonly trackingTable: ITrackingTable;

Type: ITrackingTable

The DynamoDB table that tracks document processing status and metadata.

Stores information about documents being processed, including status and results.

`dataRetentionInDays`^Optional

public readonly dataRetentionInDays: number;

Type: number

Data retention period in days for processed documents.

Controls how long document data is kept in the system.

`documentDiscovery`^Optional

public readonly documentDiscovery: IDocumentDiscovery;

Type: IDocumentDiscovery

Optional document discovery for automated document analysis.

When provided, enables document discovery capabilities including automated configuration generation and document structure analysis.

`documentQueue`^Optional

public readonly documentQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue

The SQS queue for document processing requests.

Used to queue documents for processing and manage workflow execution.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS key used for encrypting sensitive data in the processing environment.

When provided, ensures that document content and metadata are encrypted at rest.

`evaluationBaselineBucket`^Optional

public readonly evaluationBaselineBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

Optional S3 bucket name for storing evaluation baseline documents.

Used for comparing extraction results against known correct values to measure accuracy and evaluate model performance.

`knowledgeBase`^Optional

public readonly knowledgeBase: IKnowledgeBase;

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IKnowledgeBase

Optional knowledge base identifier for document querying capabilities.

When provided, enables natural language querying of processed documents using the specified Amazon Bedrock knowledge base.

`knowledgeBaseGuardrail`^Optional

public readonly knowledgeBaseGuardrail: IGuardrail;

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IGuardrail

Optional Bedrock guardrail to apply to model interactions.

Helps ensure model outputs adhere to content policies and guidelines by filtering inappropriate content and enforcing usage policies.

`knowledgeBaseModel`^Optional

public readonly knowledgeBaseModel: IInvokable;

Type: @cdklabs/generative-ai-cdk-constructs.bedrock.IInvokable
Default: bedrock.BedrockFoundationModel.AMAZON_NOVA_PRO_V1_0

Optional invokable model to use for knowledge base queries.

Can be a Bedrock foundation model, Bedrock inference profile, or custom model. Enables natural language querying of processed documents when a knowledge base is configured.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel

The log level for document processing components.

Controls the verbosity of logs generated during document processing.

`logRetention`^Optional

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays

The retention period for CloudWatch logs generated by document processing components.

Controls how long system logs are kept for troubleshooting and auditing.

`stateMachine`^Optional

public readonly stateMachine: IStateMachine;

Type: aws-cdk-lib.aws_stepfunctions.IStateMachine

Optional Step Functions state machine for document processing workflow.

When provided, enables querying of execution details and step-by-step processing status through the GraphQL API.

`vpcConfiguration`^Optional

public readonly vpcConfiguration: VpcConfiguration;

Type: VpcConfiguration

Optional VPC configuration for document processing components.

When provided, deploys processing components within a VPC with specified settings.

`workingBucket`^Optional

public readonly workingBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket for working files during document processing.

Used for temporary storage of intermediate processing results.

ProcessingEnvironmentProps

Configuration properties for the Intelligent Document Processing environment.

This construct orchestrates the end-to-end document processing workflow, from document ingestion to structured data extraction and result tracking.

The processing environment provides the shared infrastructure and services that all document processor patterns use, including storage, tracking, API access, and monitoring capabilities.

Initializer

import { ProcessingEnvironmentProps } from '@cdklabs/genai-idp'

const processingEnvironmentProps: ProcessingEnvironmentProps = { ... }

Properties

Name	Type	Description
`inputBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 location where source documents to be processed are stored.
`metricNamespace`	`string`	The namespace for CloudWatch metrics emitted by the document processing system.
`outputBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 location where processed documents and extraction results will be stored.
`workingBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket used for temporary storage during document processing.
`api`	`IProcessingEnvironmentApi`	Optional ProcessingEnvironmentApi for progress notifications.
`concurrencyTable`	`IConcurrencyTable`	The store that manages concurrency limits for document processing.
`configurationTable`	`IConfigurationTable`	Optional DynamoDB table for storing configuration settings.
`dataTrackingRetention`	`aws-cdk-lib.Duration`	The retention period for document tracking data.
`documentDiscovery`	`IDocumentDiscovery`	Optional document discovery construct.
`key`	`aws-cdk-lib.aws_kms.IKey`	The KMS key used for encrypting resources in the document processing workflow.
`logLevel`	`LogLevel`	The log level for the document processing components.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The retention period for CloudWatch logs generated by the document processing components.
`reportingEnvironment`	`IReportingEnvironment`	Optional reporting environment for analytics and evaluation capabilities.
`trackingTable`	`ITrackingTable`	Optional document tracking table.
`vpcConfiguration`	`VpcConfiguration`	Optional VPC configuration for document processing components.

`inputBucket`^Required

public readonly inputBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 location where source documents to be processed are stored.

This bucket will be monitored for new document uploads to trigger processing.

`metricNamespace`^Required

public readonly metricNamespace: string;

Type: string

The namespace for CloudWatch metrics emitted by the document processing system.

Used to organize and identify metrics related to document processing.

`outputBucket`^Required

public readonly outputBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 location where processed documents and extraction results will be stored.

Contains the structured data output and processing artifacts.

`workingBucket`^Required

public readonly workingBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket used for temporary storage during document processing.

Contains intermediate processing artifacts and working files.

`api`^Optional

public readonly api: IProcessingEnvironmentApi;

Type: IProcessingEnvironmentApi

Optional ProcessingEnvironmentApi for progress notifications.

When provided, functions will use GraphQL mutations to update document status and notify clients about processing progress.

`concurrencyTable`^Optional

public readonly concurrencyTable: IConcurrencyTable;

Type: IConcurrencyTable
Default: A new ConcurrencyTable is created

The store that manages concurrency limits for document processing.

Helps prevent overloading the system with too many concurrent document processing tasks.

`configurationTable`^Optional

public readonly configurationTable: IConfigurationTable;

Type: IConfigurationTable

Optional DynamoDB table for storing configuration settings.

When not provided, a new table will be created. Contains document schemas, extraction parameters, and other system-wide settings.

`dataTrackingRetention`^Optional

public readonly dataTrackingRetention: Duration;

Type: aws-cdk-lib.Duration
Default: 365 days

The retention period for document tracking data.

Controls how long document metadata and processing results are kept in the system.

`documentDiscovery`^Optional

public readonly documentDiscovery: IDocumentDiscovery;

Type: IDocumentDiscovery

Optional document discovery construct.

When provided, enables document discovery functionality including UI uploads.

`key`^Optional

public readonly key: IKey;

Type: aws-cdk-lib.aws_kms.IKey

The KMS key used for encrypting resources in the document processing workflow.

Provides encryption for queues, logs, and other sensitive components.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel
Default: LogLevel.INFO

The log level for the document processing components.

Controls the verbosity of logs generated during document processing.

`logRetention`^Optional

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays
Default: RetentionDays.ONE_WEEK

The retention period for CloudWatch logs generated by the document processing components.

Controls how long system logs are kept for troubleshooting and auditing.

`reportingEnvironment`^Optional

public readonly reportingEnvironment: IReportingEnvironment;

Type: IReportingEnvironment

Optional reporting environment for analytics and evaluation capabilities.

When provided, enables storage and querying of evaluation metrics and processing analytics.

`trackingTable`^Optional

public readonly trackingTable: ITrackingTable;

Type: ITrackingTable

Optional document tracking table.

`vpcConfiguration`^Optional

public readonly vpcConfiguration: VpcConfiguration;

Type: VpcConfiguration

Optional VPC configuration for document processing components.

When provided, deploys processing components within a VPC with specified settings.

ReportingEnvironmentProps

Initializer

import { ReportingEnvironmentProps } from '@cdklabs/genai-idp'

const reportingEnvironmentProps: ReportingEnvironmentProps = { ... }

Properties

Name	Type	Description
`reportingBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket where evaluation metrics and reporting data will be stored.
`reportingDatabase`	`@aws-cdk/aws-glue-alpha.Database`	The AWS Glue database where reporting tables will be created.
`crawlerSchedule`	`CrawlerSchedule`	The frequency for the document sections crawler to run.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS key for encrypting Glue crawler resources.

`reportingBucket`^Required

public readonly reportingBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where evaluation metrics and reporting data will be stored.

The construct will create Glue tables that reference this bucket location.

`reportingDatabase`^Required

public readonly reportingDatabase: Database;

Type: @aws-cdk/aws-glue-alpha.Database

The AWS Glue database where reporting tables will be created.

The construct will create tables for document, section, attribute, and metering data.

`crawlerSchedule`^Optional

public readonly crawlerSchedule: CrawlerSchedule;

Type: CrawlerSchedule
Default: CrawlerSchedule.DAILY

The frequency for the document sections crawler to run.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: Uses AWS managed encryption

Optional KMS key for encrypting Glue crawler resources.

SaveReportingDataFunctionProps

Properties for configuring the SaveReportingDataFunction.

Initializer

import { SaveReportingDataFunctionProps } from '@cdklabs/genai-idp'

const saveReportingDataFunctionProps: SaveReportingDataFunctionProps = { ... }

Properties

Name	Type	Description
`adotInstrumentation`	`aws-cdk-lib.aws_lambda.AdotInstrumentationConfig`	Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.
`allowAllIpv6Outbound`	`boolean`	Whether to allow the Lambda to send all ipv6 network traffic.
`applicationLogLevel`	`string`	Sets the application log level for the function.
`applicationLogLevelV2`	`aws-cdk-lib.aws_lambda.ApplicationLogLevel`	Sets the application log level for the function.
`architecture`	`aws-cdk-lib.aws_lambda.Architecture`	The system architectures compatible with this lambda function.
`codeSigningConfig`	`aws-cdk-lib.aws_lambda.ICodeSigningConfig`	Code signing config associated with this function.
`currentVersionOptions`	`aws-cdk-lib.aws_lambda.VersionOptions`	Options for the `lambda.Version` resource automatically created by the `fn.currentVersion` method.
`deadLetterQueue`	`aws-cdk-lib.aws_sqs.IQueue`	The SQS queue to use if DLQ is enabled.
`deadLetterQueueEnabled`	`boolean`	Enabled DLQ.
`deadLetterTopic`	`aws-cdk-lib.aws_sns.ITopic`	The SNS topic to use as a DLQ.
`description`	`string`	A description of the function.
`environmentEncryption`	`aws-cdk-lib.aws_kms.IKey`	The AWS KMS key that's used to encrypt your function's environment variables.
`ephemeralStorageSize`	`aws-cdk-lib.Size`	The size of the function’s /tmp directory in MiB.
`events`	`aws-cdk-lib.aws_lambda.IEventSource[]`	Event sources for this function.
`functionName`	`string`	A name for the function.
`initialPolicy`	`aws-cdk-lib.aws_iam.PolicyStatement[]`	Initial policy statements to add to the created Lambda Role.
`insightsVersion`	`aws-cdk-lib.aws_lambda.LambdaInsightsVersion`	Specify the version of CloudWatch Lambda insights to use for monitoring.
`ipv6AllowedForDualStack`	`boolean`	Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.
`logFormat`	`string`	Sets the logFormat for the function.
`loggingFormat`	`aws-cdk-lib.aws_lambda.LoggingFormat`	Sets the loggingFormat for the function.
`logGroup`	`aws-cdk-lib.aws_logs.ILogGroup`	The log group the function sends logs to.
`logRemovalPolicy`	`aws-cdk-lib.RemovalPolicy`	Determine the removal policy of the log group that is auto-created by this construct.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The number of days log events are kept in CloudWatch Logs.
`logRetentionRetryOptions`	`aws-cdk-lib.aws_lambda.LogRetentionRetryOptions`	When log retention is specified, a custom resource attempts to create the CloudWatch log group.
`logRetentionRole`	`aws-cdk-lib.aws_iam.IRole`	The IAM role for the Lambda function associated with the custom resource that sets the retention policy.
`maxEventAge`	`aws-cdk-lib.Duration`	The maximum age of a request that Lambda sends to a function for processing.
`onFailure`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for failed invocations.
`onSuccess`	`aws-cdk-lib.aws_lambda.IDestination`	The destination for successful invocations.
`paramsAndSecrets`	`aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion`	Specify the configuration of Parameters and Secrets Extension.
`profiling`	`boolean`	Enable profiling.
`profilingGroup`	`aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup`	Profiling Group.
`recursiveLoop`	`aws-cdk-lib.aws_lambda.RecursiveLoop`	Sets the Recursive Loop Protection for Lambda Function.
`reservedConcurrentExecutions`	`number`	The maximum of concurrent executions you want to reserve for the function.
`retryAttempts`	`number`	The maximum number of times to retry when the function returns an error.
`role`	`aws-cdk-lib.aws_iam.IRole`	Lambda execution role.
`runtimeManagementMode`	`aws-cdk-lib.aws_lambda.RuntimeManagementMode`	Sets the runtime management configuration for a function's version.
`securityGroups`	`aws-cdk-lib.aws_ec2.ISecurityGroup[]`	The list of security groups to associate with the Lambda's network interfaces.
`snapStart`	`aws-cdk-lib.aws_lambda.SnapStartConf`	Enable SnapStart for Lambda Function.
`systemLogLevel`	`string`	Sets the system log level for the function.
`systemLogLevelV2`	`aws-cdk-lib.aws_lambda.SystemLogLevel`	Sets the system log level for the function.
`tracing`	`aws-cdk-lib.aws_lambda.Tracing`	Enable AWS X-Ray Tracing for Lambda Function.
`vpc`	`aws-cdk-lib.aws_ec2.IVpc`	VPC network to place Lambda network interfaces.
`vpcSubnets`	`aws-cdk-lib.aws_ec2.SubnetSelection`	Where to place the network interfaces within the VPC.
`metricNamespace`	`string`	The metric namespace for CloudWatch metrics.
`outputBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket containing processed document outputs for reading.
`reportingBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket where reporting data will be saved in Parquet format.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS key for encrypting function resources.
`logLevel`	`LogLevel`	The log level for the function.

`adotInstrumentation`^Optional

public readonly adotInstrumentation: AdotInstrumentationConfig;

Type: aws-cdk-lib.aws_lambda.AdotInstrumentationConfig
Default: No ADOT instrumentation

Specify the configuration of AWS Distro for OpenTelemetry (ADOT) instrumentation.

`allowAllIpv6Outbound`^Optional

public readonly allowAllIpv6Outbound: boolean;

Type: boolean
Default: false

Whether to allow the Lambda to send all ipv6 network traffic.

If set to true, there will only be a single egress rule which allows all outbound ipv6 traffic. If set to false, you must individually add traffic rules to allow the Lambda to connect to network targets using ipv6.

Do not specify this property if the securityGroups or securityGroup property is set. Instead, configure allowAllIpv6Outbound directly on the security group.

`applicationLogLevel`^Optional

Deprecated: Use applicationLogLevelV2 as a property instead.

public readonly applicationLogLevel: string;

Type: string
Default: "INFO"

Sets the application log level for the function.

`applicationLogLevelV2`^Optional

public readonly applicationLogLevelV2: ApplicationLogLevel;

Type: aws-cdk-lib.aws_lambda.ApplicationLogLevel
Default: ApplicationLogLevel.INFO

Sets the application log level for the function.

`architecture`^Optional

public readonly architecture: Architecture;

Type: aws-cdk-lib.aws_lambda.Architecture
Default: Architecture.X86_64

The system architectures compatible with this lambda function.

`codeSigningConfig`^Optional

public readonly codeSigningConfig: ICodeSigningConfig;

Type: aws-cdk-lib.aws_lambda.ICodeSigningConfig
Default: Not Sign the Code

Code signing config associated with this function.

`currentVersionOptions`^Optional

public readonly currentVersionOptions: VersionOptions;

Type: aws-cdk-lib.aws_lambda.VersionOptions
Default: default options as described in VersionOptions

Options for the lambda.Version resource automatically created by the fn.currentVersion method.

`deadLetterQueue`^Optional

public readonly deadLetterQueue: IQueue;

Type: aws-cdk-lib.aws_sqs.IQueue
Default: SQS queue with 14 day retention period if deadLetterQueueEnabled is true

The SQS queue to use if DLQ is enabled.

If SNS topic is desired, specify deadLetterTopic property instead.

`deadLetterQueueEnabled`^Optional

public readonly deadLetterQueueEnabled: boolean;

Type: boolean
Default: false unless deadLetterQueue is set, which implies DLQ is enabled.

Enabled DLQ.

If deadLetterQueue is undefined, an SQS queue with default options will be defined for your Function.

`deadLetterTopic`^Optional

public readonly deadLetterTopic: ITopic;

Type: aws-cdk-lib.aws_sns.ITopic
Default: no SNS topic

The SNS topic to use as a DLQ.

Note that if deadLetterQueueEnabled is set to true, an SQS queue will be created rather than an SNS topic. Using an SNS topic as a DLQ requires this property to be set explicitly.

`description`^Optional

public readonly description: string;

Type: string
Default: No description.

A description of the function.

`environmentEncryption`^Optional

public readonly environmentEncryption: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: AWS Lambda creates and uses an AWS managed customer master key (CMK).

The AWS KMS key that's used to encrypt your function's environment variables.

`ephemeralStorageSize`^Optional

public readonly ephemeralStorageSize: Size;

Type: aws-cdk-lib.Size
Default: 512 MiB

The size of the function’s /tmp directory in MiB.

`events`^Optional

public readonly events: IEventSource[];

Type: aws-cdk-lib.aws_lambda.IEventSource[]
Default: No event sources.

Event sources for this function.

You can also add event sources using addEventSource.

`functionName`^Optional

public readonly functionName: string;

Type: string
Default: AWS CloudFormation generates a unique physical ID and uses that ID for the function's name. For more information, see Name Type.

A name for the function.

`initialPolicy`^Optional

public readonly initialPolicy: PolicyStatement[];

Type: aws-cdk-lib.aws_iam.PolicyStatement[]
Default: No policy statements are added to the created Lambda role.

Initial policy statements to add to the created Lambda Role.

You can call addToRolePolicy to the created lambda to add statements post creation.

`insightsVersion`^Optional

public readonly insightsVersion: LambdaInsightsVersion;

Type: aws-cdk-lib.aws_lambda.LambdaInsightsVersion
Default: No Lambda Insights

Specify the version of CloudWatch Lambda insights to use for monitoring.

`ipv6AllowedForDualStack`^Optional

public readonly ipv6AllowedForDualStack: boolean;

Type: boolean
Default: false

Allows outbound IPv6 traffic on VPC functions that are connected to dual-stack subnets.

Only used if 'vpc' is supplied.

`logFormat`^Optional

Deprecated: Use loggingFormat as a property instead.

public readonly logFormat: string;

Type: string
Default: "Text"

Sets the logFormat for the function.

`loggingFormat`^Optional

public readonly loggingFormat: LoggingFormat;

Type: aws-cdk-lib.aws_lambda.LoggingFormat
Default: LoggingFormat.TEXT

Sets the loggingFormat for the function.

`logGroup`^Optional

public readonly logGroup: ILogGroup;

Type: aws-cdk-lib.aws_logs.ILogGroup
Default: /aws/lambda/${this.functionName} - default log group created by Lambda

The log group the function sends logs to.

By default, Lambda functions send logs to an automatically created default log group named /aws/lambda/\<function name>. However you cannot change the properties of this auto-created log group using the AWS CDK, e.g. you cannot set a different log retention.

Use the logGroup property to create a fully customizable LogGroup ahead of time, and instruct the Lambda function to send logs to it.

Providing a user-controlled log group was rolled out to commercial regions on 2023-11-16. If you are deploying to another type of region, please check regional availability first.

`logRemovalPolicy`^Optional

Deprecated: use logGroup instead

public readonly logRemovalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.Retain

Determine the removal policy of the log group that is auto-created by this construct.

Normally you want to retain the log group so you can diagnose issues from logs even after a deployment that no longer includes the log group. In that case, use the normal date-based retention policy to age out your logs.

`logRetention`^Optional

Deprecated: use logGroup instead

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays
Default: logs.RetentionDays.INFINITE

The number of days log events are kept in CloudWatch Logs.

When updating this property, unsetting it doesn't remove the log retention policy. To remove the retention policy, set the value to INFINITE.

This is a legacy API and we strongly recommend you move away from it if you can. Instead create a fully customizable log group with logs.LogGroup and use the logGroup property to instruct the Lambda function to send logs to it. Migrating from logRetention to logGroup will cause the name of the log group to change. Users and code and referencing the name verbatim will have to adjust.

In AWS CDK code, you can access the log group name directly from the LogGroup construct:

import * as logs from 'aws-cdk-lib/aws-logs';

declare const myLogGroup: logs.LogGroup;
myLogGroup.logGroupName;

`logRetentionRetryOptions`^Optional

public readonly logRetentionRetryOptions: LogRetentionRetryOptions;

Type: aws-cdk-lib.aws_lambda.LogRetentionRetryOptions
Default: Default AWS SDK retry options.

When log retention is specified, a custom resource attempts to create the CloudWatch log group.

These options control the retry policy when interacting with CloudWatch APIs.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`logRetentionRole`^Optional

public readonly logRetentionRole: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A new role is created.

The IAM role for the Lambda function associated with the custom resource that sets the retention policy.

This is a legacy API and we strongly recommend you migrate to logGroup if you can. logGroup allows you to create a fully customizable log group and instruct the Lambda function to send logs to it.

`maxEventAge`^Optional

public readonly maxEventAge: Duration;

Type: aws-cdk-lib.Duration
Default: Duration.hours(6)

The maximum age of a request that Lambda sends to a function for processing.

Minimum: 60 seconds Maximum: 6 hours

`onFailure`^Optional

public readonly onFailure: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for failed invocations.

`onSuccess`^Optional

public readonly onSuccess: IDestination;

Type: aws-cdk-lib.aws_lambda.IDestination
Default: no destination

The destination for successful invocations.

`paramsAndSecrets`^Optional

public readonly paramsAndSecrets: ParamsAndSecretsLayerVersion;

Type: aws-cdk-lib.aws_lambda.ParamsAndSecretsLayerVersion
Default: No Parameters and Secrets Extension

Specify the configuration of Parameters and Secrets Extension.

`profiling`^Optional

public readonly profiling: boolean;

Type: boolean
Default: No profiling.

Enable profiling.

`profilingGroup`^Optional

public readonly profilingGroup: IProfilingGroup;

Type: aws-cdk-lib.aws_codeguruprofiler.IProfilingGroup
Default: A new profiling group will be created if profiling is set.

Profiling Group.

`recursiveLoop`^Optional

public readonly recursiveLoop: RecursiveLoop;

Type: aws-cdk-lib.aws_lambda.RecursiveLoop
Default: RecursiveLoop.Terminate

Sets the Recursive Loop Protection for Lambda Function.

It lets Lambda detect and terminate unintended recursive loops.

`reservedConcurrentExecutions`^Optional

public readonly reservedConcurrentExecutions: number;

Type: number
Default: No specific limit - account limit.

The maximum of concurrent executions you want to reserve for the function.

`retryAttempts`^Optional

public readonly retryAttempts: number;

Type: number
Default: 2

The maximum number of times to retry when the function returns an error.

Minimum: 0 Maximum: 2

`role`^Optional

public readonly role: IRole;

Type: aws-cdk-lib.aws_iam.IRole
Default: A unique role will be generated for this lambda function. Both supplied and generated roles can always be changed by calling addToRolePolicy.

Lambda execution role.

This is the role that will be assumed by the function upon execution. It controls the permissions that the function will have. The Role must be assumable by the 'lambda.amazonaws.com' service principal.

The default Role automatically has permissions granted for Lambda execution. If you provide a Role, you must add the relevant AWS managed policies yourself.

The relevant managed policies are "service-role/AWSLambdaBasicExecutionRole" and "service-role/AWSLambdaVPCAccessExecutionRole".

`runtimeManagementMode`^Optional

public readonly runtimeManagementMode: RuntimeManagementMode;

Type: aws-cdk-lib.aws_lambda.RuntimeManagementMode
Default: Auto

Sets the runtime management configuration for a function's version.

`securityGroups`^Optional

public readonly securityGroups: ISecurityGroup[];

Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]
Default: If the function is placed within a VPC and a security group is not specified, either by this or securityGroup prop, a dedicated security group will be created for this function.

The list of security groups to associate with the Lambda's network interfaces.

Only used if 'vpc' is supplied.

`snapStart`^Optional

public readonly snapStart: SnapStartConf;

Type: aws-cdk-lib.aws_lambda.SnapStartConf
Default: No snapstart

Enable SnapStart for Lambda Function.

SnapStart is currently supported for Java 11, Java 17, Python 3.12, Python 3.13, and .NET 8 runtime

`systemLogLevel`^Optional

Deprecated: Use systemLogLevelV2 as a property instead.

public readonly systemLogLevel: string;

Type: string
Default: "INFO"

Sets the system log level for the function.

`systemLogLevelV2`^Optional

public readonly systemLogLevelV2: SystemLogLevel;

Type: aws-cdk-lib.aws_lambda.SystemLogLevel
Default: SystemLogLevel.INFO

Sets the system log level for the function.

`tracing`^Optional

public readonly tracing: Tracing;

Type: aws-cdk-lib.aws_lambda.Tracing
Default: Tracing.Disabled

Enable AWS X-Ray Tracing for Lambda Function.

`vpc`^Optional

public readonly vpc: IVpc;

Type: aws-cdk-lib.aws_ec2.IVpc
Default: Function is not placed within a VPC.

VPC network to place Lambda network interfaces.

Specify this if the Lambda function needs to access resources in a VPC. This is required when vpcSubnets is specified.

`vpcSubnets`^Optional

public readonly vpcSubnets: SubnetSelection;

Type: aws-cdk-lib.aws_ec2.SubnetSelection
Default: the Vpc default strategy if not specified

Where to place the network interfaces within the VPC.

This requires vpc to be specified in order for interfaces to actually be placed in the subnets. If vpc is not specify, this will raise an error.

Note: Internet access for Lambda Functions requires a NAT Gateway, so picking public subnets is not allowed (unless allowPublicSubnet is set to true).

`metricNamespace`^Required

public readonly metricNamespace: string;

Type: string

The metric namespace for CloudWatch metrics.

`outputBucket`^Required

public readonly outputBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket containing processed document outputs for reading.

`reportingBucket`^Required

public readonly reportingBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where reporting data will be saved in Parquet format.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS key for encrypting function resources.

`logLevel`^Optional

public readonly logLevel: LogLevel;

Type: LogLevel
Default: LogLevel.INFO

The log level for the function.

UserIdentityProps

Properties for configuring the UserIdentity construct.

Initializer

import { UserIdentityProps } from '@cdklabs/genai-idp'

const userIdentityProps: UserIdentityProps = { ... }

Properties

Name	Type	Description
`identityPoolOptions`	`aws-cdk-lib.aws_cognito_identitypool.IdentityPoolProps`	Configuration for the Identity Pool.
`userPool`	`aws-cdk-lib.aws_cognito.IUserPool`	Optional pre-existing Cognito User Pool to use for authentication.

`identityPoolOptions`^Optional

public readonly identityPoolOptions: IdentityPoolProps;

Type: aws-cdk-lib.aws_cognito_identitypool.IdentityPoolProps

Configuration for the Identity Pool.

Allows customization of the Cognito Identity Pool that provides temporary AWS credentials to authenticated users.

`userPool`^Optional

public readonly userPool: IUserPool;

Type: aws-cdk-lib.aws_cognito.IUserPool

Optional pre-existing Cognito User Pool to use for authentication.

When not provided, a new User Pool will be created with standard settings.

VpcConfiguration

Configuration for VPC settings of document processing components.

Controls VPC placement, subnet selection, and security group assignments for Lambda functions and other resources in the processing environment.

Initializer

import { VpcConfiguration } from '@cdklabs/genai-idp'

const vpcConfiguration: VpcConfiguration = { ... }

Properties

Name	Type	Description
`allowAllIpv6Outbound`	`boolean`	Controls whether IPv6 outbound traffic is allowed to all destinations.
`allowAllOutbound`	`boolean`	Controls whether outbound traffic is allowed to all destinations.
`securityGroups`	`aws-cdk-lib.aws_ec2.ISecurityGroup[]`	Optional security groups to apply to document processing components.
`vpc`	`aws-cdk-lib.aws_ec2.IVpc`	Optional VPC where document processing components will be deployed.
`vpcSubnets`	`aws-cdk-lib.aws_ec2.SubnetSelection`	Optional subnet selection for VPC-deployed resources.

`allowAllIpv6Outbound`^Optional

public readonly allowAllIpv6Outbound: boolean;

Type: boolean

Controls whether IPv6 outbound traffic is allowed to all destinations.

When true, allows document processing components to access external resources via IPv6.

`allowAllOutbound`^Optional

public readonly allowAllOutbound: boolean;

Type: boolean

Controls whether outbound traffic is allowed to all destinations.

When true, allows document processing components to access external resources.

`securityGroups`^Optional

public readonly securityGroups: ISecurityGroup[];

Type: aws-cdk-lib.aws_ec2.ISecurityGroup[]

Optional security groups to apply to document processing components.

Controls network access and security rules for VPC-deployed resources.

`vpc`^Optional

public readonly vpc: IVpc;

Type: aws-cdk-lib.aws_ec2.IVpc

Optional VPC where document processing components will be deployed.

When provided, Lambda functions and other resources will be deployed within this VPC.

`vpcSubnets`^Optional

public readonly vpcSubnets: SubnetSelection;

Type: aws-cdk-lib.aws_ec2.SubnetSelection

Optional subnet selection for VPC-deployed resources.

Determines which subnets within the VPC will host document processing components.

WebApplicationProps

Initializer

import { WebApplicationProps } from '@cdklabs/genai-idp'

const webApplicationProps: WebApplicationProps = { ... }

Properties

Name	Type	Description
`apiUrl`	`string`	The GraphQL API URL for the processing environment.
`environment`	`IProcessingEnvironment`	The processing environment that provides shared infrastructure and services.
`userIdentity`	`IUserIdentity`	The user identity management system that handles authentication and authorization for the web application.
`autoConfigure`	`boolean`	Whether to automatically configure CORS rules on S3 buckets for CloudFront access.
`distribution`	`aws-cdk-lib.aws_cloudfront.IDistribution`	Optional pre-existing CloudFront distribution to use for the web application.
`loggingBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 Bucket used for storing CloudFront and S3 access logs.
`shouldAllowSignUpEmailDomain`	`boolean`	Controls whether the UI allows users to sign up with any email domain.
`webAppBucket`	`aws-cdk-lib.aws_s3.IBucket`	Optional pre-existing S3 bucket to use for the web application.

`apiUrl`^Required

public readonly apiUrl: string;

Type: string

The GraphQL API URL for the processing environment.

This allows for flexible URL configuration including custom domains, cross-stack references, or external API endpoints.

Example

// Using a CDK-generated API URL
apiUrl: myApi.graphqlUrl

// Using a custom domain
apiUrl: 'https://api.mydomain.com/graphql'

// Using a cross-stack reference
apiUrl: 'https://abc123.appsync-api.us-east-1.amazonaws.com/graphql'

`environment`^Required

public readonly environment: IProcessingEnvironment;

Type: IProcessingEnvironment

The processing environment that provides shared infrastructure and services.

Contains input/output buckets, tracking tables, API endpoints, and other resources needed for document processing operations.

`userIdentity`^Required

public readonly userIdentity: IUserIdentity;

Type: IUserIdentity

The user identity management system that handles authentication and authorization for the web application.

Provides Cognito resources for user management and secure access to AWS resources.

`autoConfigure`^Optional

public readonly autoConfigure: boolean;

Type: boolean
Default: true

Whether to automatically configure CORS rules on S3 buckets for CloudFront access.

When true, the library will configure CORS rules on the input, output, and discovery buckets to allow access from the CloudFront distribution domain.

When false, users are responsible for configuring CORS rules themselves. This is useful when users have existing CORS policies or need custom CORS configurations.

`distribution`^Optional

public readonly distribution: IDistribution;

Type: aws-cdk-lib.aws_cloudfront.IDistribution
Default: A new distribution is created with best-practice defaults

Optional pre-existing CloudFront distribution to use for the web application.

When not provided, a default distribution will be created with sensible defaults that work well for most use cases.

`loggingBucket`^Optional

public readonly loggingBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 Bucket used for storing CloudFront and S3 access logs.

Helps with security auditing and troubleshooting.

`shouldAllowSignUpEmailDomain`^Optional

public readonly shouldAllowSignUpEmailDomain: boolean;

Type: boolean
Default: false

Controls whether the UI allows users to sign up with any email domain.

When true, enables self-service registration for all users. When false, sign-up functionality is restricted and must be managed by administrators.

`webAppBucket`^Optional

public readonly webAppBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

Optional pre-existing S3 bucket to use for the web application.

When not provided, a new bucket will be created.

WorkteamProps

Properties for configuring the SageMaker workteam for HITL.

Initializer

import { WorkteamProps } from '@cdklabs/genai-idp'

const workteamProps: WorkteamProps = { ... }

Properties

Name	Type	Description
`userGroup`	`aws-cdk-lib.aws_cognito.CfnUserPoolGroup`	The Cognito User Group that contains the human reviewers.
`userPool`	`aws-cdk-lib.aws_cognito.IUserPool`	The Cognito User Pool for authentication.
`userPoolClient`	`aws-cdk-lib.aws_cognito.IUserPoolClient`	The Cognito User Pool Client for A2I integration.
`description`	`string`	Description for the workteam.
`existingPrivateWorkforceArn`	`string`	Optional existing private workforce ARN to use instead of creating a new workteam.
`workTeamName`	`string`	No description.

`userGroup`^Required

public readonly userGroup: CfnUserPoolGroup;

Type: aws-cdk-lib.aws_cognito.CfnUserPoolGroup

The Cognito User Group that contains the human reviewers.

`userPool`^Required

public readonly userPool: IUserPool;

Type: aws-cdk-lib.aws_cognito.IUserPool

The Cognito User Pool for authentication.

`userPoolClient`^Required

public readonly userPoolClient: IUserPoolClient;

Type: aws-cdk-lib.aws_cognito.IUserPoolClient

The Cognito User Pool Client for A2I integration.

`description`^Optional

public readonly description: string;

Type: string
Default: "Private workteam for working on A2I tasks"

Description for the workteam.

`existingPrivateWorkforceArn`^Optional

public readonly existingPrivateWorkforceArn: string;

Type: string

Optional existing private workforce ARN to use instead of creating a new workteam.

When provided, the construct will use the existing workforce instead of creating a new one.

`workTeamName`^Optional

public readonly workTeamName: string;

Type: string

Classes

ConfigurationDefinition

Implements: IConfigurationDefinition

A configuration definition for document processing.

Manages configuration data and provides methods to access it.

Initializers

import { ConfigurationDefinition } from '@cdklabs/genai-idp'

new ConfigurationDefinition(props: ConfigurationDefinitionProps)

Name	Type	Description
`props`	`ConfigurationDefinitionProps`	Properties for the configuration definition.

`props`^Required

Type: ConfigurationDefinitionProps

Properties for the configuration definition.

Methods

Name	Description
`raw`	Gets the raw configuration object.

`raw`

public raw(): {[ key: string ]: any}

Gets the raw configuration object.

ConfigurationDefinitionLoader

Utility class for loading configuration definitions from files.

Provides methods to parse YAML configuration files into JavaScript objects.

Initializers

import { ConfigurationDefinitionLoader } from '@cdklabs/genai-idp'

new ConfigurationDefinitionLoader()

Name	Type	Description

Static Functions

Name	Description
`fromFile`	Loads and parses a YAML configuration file.

`fromFile`

import { ConfigurationDefinitionLoader } from '@cdklabs/genai-idp'

ConfigurationDefinitionLoader.fromFile(filePath: string)

Loads and parses a YAML configuration file.

`filePath`^Required

Type: string

Path to the YAML configuration file.

IdpPythonLayerVersion

A singleton class that provides a Python Lambda Layer with the idp_common package.

Initializers

import { IdpPythonLayerVersion } from '@cdklabs/genai-idp'

new IdpPythonLayerVersion()

Name	Type	Description

Static Functions

Name	Description
`getOrCreate`	Gets or creates a singleton instance of the IdpPythonLayerVersion.

`getOrCreate`

import { IdpPythonLayerVersion } from '@cdklabs/genai-idp'

IdpPythonLayerVersion.getOrCreate(scope: Construct, modules: ...string[])

Gets or creates a singleton instance of the IdpPythonLayerVersion.

`scope`^Required

Type: constructs.Construct

The construct scope where the layer should be created if it doesn't exist.

`modules`^Required

Type: ...string[]

The modules to install (using TypeScript spread operator).

Protocols

IAgentAnalytics

Extends: constructs.IConstruct
Implemented By: AgentAnalytics, IAgentAnalytics

Interface for Agent Analytics implementations.

Provides AI-powered analytics capabilities for natural language querying of processed document data.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`agentProcessor`	`aws-cdk-lib.aws_lambda.IFunction`	Lambda function that processes agent queries using Bedrock AgentCore.
`agentRequestHandler`	`aws-cdk-lib.aws_lambda.IFunction`	Lambda function that handles agent query requests from the UI.
`agentTable`	`IAgentTable`	The DynamoDB table for tracking agent jobs and analytics queries.
`listAvailableAgents`	`aws-cdk-lib.aws_lambda.IFunction`	Lambda function that lists available analytics agents.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`agentProcessor`^Required

public readonly agentProcessor: IFunction;

Type: aws-cdk-lib.aws_lambda.IFunction

Lambda function that processes agent queries using Bedrock AgentCore.

`agentRequestHandler`^Required

public readonly agentRequestHandler: IFunction;

Type: aws-cdk-lib.aws_lambda.IFunction

Lambda function that handles agent query requests from the UI.

`agentTable`^Required

public readonly agentTable: IAgentTable;

Type: IAgentTable

The DynamoDB table for tracking agent jobs and analytics queries.

`listAvailableAgents`^Required

public readonly listAvailableAgents: IFunction;

Type: aws-cdk-lib.aws_lambda.IFunction

Lambda function that lists available analytics agents.

IAgentTable

Extends: aws-cdk-lib.aws_dynamodb.ITable
Implemented By: AgentTable, IAgentTable

Interface for Agent Table implementations.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`tableArn`	`string`	Arn of the dynamodb table.
`tableName`	`string`	Table name of the dynamodb table.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS encryption key associated with this table.
`tableStreamArn`	`string`	ARN of the table's stream, if there is one.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`tableArn`^Required

public readonly tableArn: string;

Type: string

Arn of the dynamodb table.

`tableName`^Required

public readonly tableName: string;

Type: string

Table name of the dynamodb table.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS encryption key associated with this table.

`tableStreamArn`^Optional

public readonly tableStreamArn: string;

Type: string

ARN of the table's stream, if there is one.

IConcurrencyTable

Extends: aws-cdk-lib.aws_dynamodb.ITable
Implemented By: ConcurrencyTable, IConcurrencyTable

Interface for the concurrency management table.

This table is used to track and limit concurrent document processing tasks, preventing resource exhaustion and ensuring system stability under load.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`tableArn`	`string`	Arn of the dynamodb table.
`tableName`	`string`	Table name of the dynamodb table.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS encryption key associated with this table.
`tableStreamArn`	`string`	ARN of the table's stream, if there is one.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`tableArn`^Required

public readonly tableArn: string;

Type: string

Arn of the dynamodb table.

`tableName`^Required

public readonly tableName: string;

Type: string

Table name of the dynamodb table.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS encryption key associated with this table.

`tableStreamArn`^Optional

public readonly tableStreamArn: string;

Type: string

ARN of the table's stream, if there is one.

IConfigurationDefinition

Implemented By: ConfigurationDefinition, IConfigurationDefinition

Interface for configuration definitions.

Provides methods to access configuration data.

Methods

Name	Description
`raw`	Gets the raw configuration object.

`raw`

public raw(): {[ key: string ]: any}

Gets the raw configuration object.

IConfigurationDefinitionPropertyTransform

Implemented By: IConfigurationDefinitionPropertyTransform

Defines a transformation to apply to a specific property in the configuration.

Used to modify configuration values during initialization.

Methods

Name	Description
`transform`	Function to transform the property value.

`transform`

public transform(value: any): any

Function to transform the property value.

`value`^Required

Type: any

The original property value.

Properties

Name	Type	Description
`flatPath`	`string`	Dot-notation path to the property to transform (e.g., "extraction.model").

`flatPath`^Required

public readonly flatPath: string;

Type: string

Dot-notation path to the property to transform (e.g., "extraction.model").

IConfigurationTable

Extends: aws-cdk-lib.aws_dynamodb.ITable
Implemented By: ConfigurationTable, IConfigurationTable

Interface for the configuration management table.

This table stores system-wide configuration settings for the document processing solution, including extraction schemas, model parameters, evaluation criteria, and UI settings.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`tableArn`	`string`	Arn of the dynamodb table.
`tableName`	`string`	Table name of the dynamodb table.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS encryption key associated with this table.
`tableStreamArn`	`string`	ARN of the table's stream, if there is one.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`tableArn`^Required

public readonly tableArn: string;

Type: string

Arn of the dynamodb table.

`tableName`^Required

public readonly tableName: string;

Type: string

Table name of the dynamodb table.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS encryption key associated with this table.

`tableStreamArn`^Optional

public readonly tableStreamArn: string;

Type: string

ARN of the table's stream, if there is one.

ICustomPromptGenerator

Extends: constructs.IConstruct
Implemented By: CustomPromptGenerator, ICustomPromptGenerator

Interface for custom prompt generator implementations.

Custom prompt generators allow injection of business logic into document processing workflows for Patterns 2 and 3, enabling dynamic prompt customization based on document content, customer configurations, or external system integrations.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`generatorFunction`	`aws-cdk-lib.aws_lambda.IFunction`	The Lambda function that implements the custom prompt generation logic.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`generatorFunction`^Required

public readonly generatorFunction: IFunction;

Type: aws-cdk-lib.aws_lambda.IFunction

The Lambda function that implements the custom prompt generation logic.

This function receives template placeholders and returns customized prompts.

IDiscoveryQueue

Extends: aws-cdk-lib.aws_sqs.IQueue
Implemented By: DiscoveryQueue, IDiscoveryQueue

Interface for the discovery processing queue.

This queue handles async processing of discovery jobs.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`fifo`	`boolean`	Whether this queue is an Amazon SQS FIFO queue.
`queueArn`	`string`	The ARN of this queue.
`queueName`	`string`	The name of this queue.
`queueUrl`	`string`	The URL of this queue.
`encryptionMasterKey`	`aws-cdk-lib.aws_kms.IKey`	If this queue is server-side encrypted, this is the KMS encryption key.
`encryptionType`	`aws-cdk-lib.aws_sqs.QueueEncryption`	Whether the contents of the queue are encrypted, and by what type of key.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`fifo`^Required

public readonly fifo: boolean;

Type: boolean

Whether this queue is an Amazon SQS FIFO queue.

If false, this is a standard queue.

`queueArn`^Required

public readonly queueArn: string;

Type: string

The ARN of this queue.

`queueName`^Required

public readonly queueName: string;

Type: string

The name of this queue.

`queueUrl`^Required

public readonly queueUrl: string;

Type: string

The URL of this queue.

`encryptionMasterKey`^Optional

public readonly encryptionMasterKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

If this queue is server-side encrypted, this is the KMS encryption key.

`encryptionType`^Optional

public readonly encryptionType: QueueEncryption;

Type: aws-cdk-lib.aws_sqs.QueueEncryption

Whether the contents of the queue are encrypted, and by what type of key.

IDiscoveryTable

Extends: aws-cdk-lib.aws_dynamodb.ITable
Implemented By: DiscoveryTable, IDiscoveryTable

Interface for the discovery tracking table.

This table tracks discovery job status and metadata.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`tableArn`	`string`	Arn of the dynamodb table.
`tableName`	`string`	Table name of the dynamodb table.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS encryption key associated with this table.
`tableStreamArn`	`string`	ARN of the table's stream, if there is one.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`tableArn`^Required

public readonly tableArn: string;

Type: string

Arn of the dynamodb table.

`tableName`^Required

public readonly tableName: string;

Type: string

Table name of the dynamodb table.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS encryption key associated with this table.

`tableStreamArn`^Optional

public readonly tableStreamArn: string;

Type: string

ARN of the table's stream, if there is one.

IDocumentDiscovery

Implemented By: DocumentDiscovery, IDocumentDiscovery

Interface for the document discovery system.

Provides document analysis capabilities for automated configuration generation.

Methods

Name	Description
`initializeFunctions`	Initialize Lambda functions with API dependencies.

`initializeFunctions`

public initializeFunctions(api: IProcessingEnvironmentApi, configurationTable: IConfigurationTable, encryptionKey?: IKey, logLevel?: LogLevel, logRetention?: RetentionDays, vpcConfiguration?: VpcConfiguration): DocumentDiscoveryFunctions

Initialize Lambda functions with API dependencies.

Called by ProcessingEnvironmentApi when adding document discovery.

`api`^Required

Type: IProcessingEnvironmentApi

`configurationTable`^Required

Type: IConfigurationTable

`encryptionKey`^Optional

Type: aws-cdk-lib.aws_kms.IKey

`logLevel`^Optional

Type: LogLevel

`logRetention`^Optional

Type: aws-cdk-lib.aws_logs.RetentionDays

`vpcConfiguration`^Optional

Type: VpcConfiguration

Properties

Name	Type	Description
`discoveryBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket for document discovery uploads.
`discoveryQueue`	`IDiscoveryQueue`	The SQS queue for processing discovery jobs asynchronously.
`discoveryTable`	`IDiscoveryTable`	The DynamoDB table that tracks discovery job status and metadata.

`discoveryBucket`^Required

public readonly discoveryBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket for document discovery uploads.

`discoveryQueue`^Required

public readonly discoveryQueue: IDiscoveryQueue;

Type: IDiscoveryQueue

The SQS queue for processing discovery jobs asynchronously.

`discoveryTable`^Required

public readonly discoveryTable: IDiscoveryTable;

Type: IDiscoveryTable

The DynamoDB table that tracks discovery job status and metadata.

IDocumentProcessor

Extends: constructs.IConstruct
Implemented By: IDocumentProcessor

Interface for document processor implementations.

Document processors handle the extraction of structured data from documents using different processing patterns and AI/ML services.

The GenAI IDP Accelerator includes multiple processor implementations: - Pattern 1: Uses Amazon Bedrock Data Automation for document processing with minimal custom code - Pattern 2: Implements custom extraction using Amazon Bedrock foundation models for flexible processing - Pattern 3: Provides specialized document processing using SageMaker endpoints for custom classification models

Each pattern is optimized for different document types, complexity levels, and customization needs.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`environment`	`IProcessingEnvironment`	The processing environment that provides shared infrastructure and services.
`maxProcessingConcurrency`	`number`	The maximum number of documents that can be processed concurrently.
`stateMachine`	`aws-cdk-lib.aws_stepfunctions.IStateMachine`	The Step Functions state machine that orchestrates the document processing workflow.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`environment`^Required

public readonly environment: IProcessingEnvironment;

Type: IProcessingEnvironment

The processing environment that provides shared infrastructure and services.

Contains input/output buckets, tracking tables, API endpoints, and other resources needed for document processing operations.

`maxProcessingConcurrency`^Required

public readonly maxProcessingConcurrency: number;

Type: number

The maximum number of documents that can be processed concurrently.

Controls the throughput and resource utilization of the document processing system.

`stateMachine`^Required

public readonly stateMachine: IStateMachine;

Type: aws-cdk-lib.aws_stepfunctions.IStateMachine

The Step Functions state machine that orchestrates the document processing workflow.

Manages the sequence of processing steps and handles error conditions. This state machine is triggered for each document that needs processing and coordinates the entire extraction pipeline.

IHitlEnvironment

Implemented By: HitlEnvironment, IHitlEnvironment

Interface for the HITL environment.

Properties

Name	Type	Description
`labelingConsoleUrl`	`string`	The labeling console URL for SageMaker Ground Truth.
`userPoolClient`	`aws-cdk-lib.aws_cognito.IUserPoolClient`	The Cognito User Pool Client for A2I integration.
`workforcePortalUrl`	`string`	The workforce portal URL for human reviewers.
`workteam`	`IWorkteam`	The SageMaker workteam for HITL tasks.

`labelingConsoleUrl`^Required

public readonly labelingConsoleUrl: string;

Type: string

The labeling console URL for SageMaker Ground Truth.

`userPoolClient`^Required

public readonly userPoolClient: IUserPoolClient;

Type: aws-cdk-lib.aws_cognito.IUserPoolClient

The Cognito User Pool Client for A2I integration.

`workforcePortalUrl`^Required

public readonly workforcePortalUrl: string;

Type: string

The workforce portal URL for human reviewers.

`workteam`^Required

public readonly workteam: IWorkteam;

Type: IWorkteam

The SageMaker workteam for HITL tasks.

IProcessingEnvironment

Implemented By: ProcessingEnvironment, IProcessingEnvironment

Methods

Name	Description
`attach`	Attaches a document processor to this processing environment.

`attach`

public attach(processor: IDocumentProcessor, options?: DocumentProcessorAttachmentOptions): void

Attaches a document processor to this processing environment.

Sets up the necessary event triggers, permissions, and integrations to enable the processor to work with this environment.

`processor`^Required

Type: IDocumentProcessor

The document processor to attach to this environment.

`options`^Optional

Type: DocumentProcessorAttachmentOptions

Properties

Name	Type	Description
`configurationFunction`	`aws-cdk-lib.aws_lambda.IFunction`	The Lambda function that updates configuration settings.
`configurationTable`	`IConfigurationTable`	The DynamoDB table that stores configuration settings.
`inputBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket where source documents to be processed are stored.
`logLevel`	`LogLevel`	The log level for document processing components.
`metricNamespace`	`string`	The namespace for CloudWatch metrics emitted by the document processing system.
`outputBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket where processed documents and extraction results are stored.
`trackingTable`	`ITrackingTable`	The DynamoDB table that tracks document processing status and metadata.
`workingBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket used for temporary storage during document processing.
`api`	`IProcessingEnvironmentApi`	Optional ProcessingEnvironmentApi for progress notifications.
`documentDiscovery`	`IDocumentDiscovery`	Optional document discovery system for automated configuration generation.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS key used for encrypting sensitive data in the processing environment.
`logRetention`	`aws-cdk-lib.aws_logs.RetentionDays`	The retention period for CloudWatch logs generated by document processing components.
`reportingEnvironment`	`IReportingEnvironment`	Optional reporting environment for analytics and evaluation capabilities.
`saveReportingDataFunction`	`aws-cdk-lib.aws_lambda.IFunction`	Optional Lambda function that saves reporting data to the reporting bucket.
`vpcConfiguration`	`VpcConfiguration`	Optional VPC configuration for document processing components.

`configurationFunction`^Required

public readonly configurationFunction: IFunction;

Type: aws-cdk-lib.aws_lambda.IFunction

The Lambda function that updates configuration settings.

Used to initialize and update configuration during deployment and runtime.

`configurationTable`^Required

public readonly configurationTable: IConfigurationTable;

Type: IConfigurationTable

The DynamoDB table that stores configuration settings.

Contains document schemas, extraction parameters, and other system-wide settings.

`inputBucket`^Required

public readonly inputBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where source documents to be processed are stored.

This bucket is monitored for new document uploads to trigger processing.

`logLevel`^Required

public readonly logLevel: LogLevel;

Type: LogLevel

The log level for document processing components.

Controls the verbosity of logs generated during document processing.

`metricNamespace`^Required

public readonly metricNamespace: string;

Type: string

The namespace for CloudWatch metrics emitted by the document processing system.

Used to organize and identify metrics related to document processing.

`outputBucket`^Required

public readonly outputBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where processed documents and extraction results are stored.

Contains the structured data output and processing artifacts.

`trackingTable`^Required

public readonly trackingTable: ITrackingTable;

Type: ITrackingTable

The DynamoDB table that tracks document processing status and metadata.

Stores information about documents being processed, including status and results.

`workingBucket`^Required

public readonly workingBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket used for temporary storage during document processing.

Contains intermediate processing artifacts and working files.

`api`^Optional

public readonly api: IProcessingEnvironmentApi;

Type: IProcessingEnvironmentApi

Optional ProcessingEnvironmentApi for progress notifications.

When provided, functions will use GraphQL mutations to update document status and notify clients about processing progress.

`documentDiscovery`^Optional

public readonly documentDiscovery: IDocumentDiscovery;

Type: IDocumentDiscovery

Optional document discovery system for automated configuration generation.

When provided, enables discovery job processing, status tracking, and UI upload functionality.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS key used for encrypting sensitive data in the processing environment.

When provided, ensures that document content and metadata are encrypted at rest.

`logRetention`^Optional

public readonly logRetention: RetentionDays;

Type: aws-cdk-lib.aws_logs.RetentionDays

The retention period for CloudWatch logs generated by document processing components.

Controls how long system logs are kept for troubleshooting and auditing.

`reportingEnvironment`^Optional

public readonly reportingEnvironment: IReportingEnvironment;

Type: IReportingEnvironment

Optional reporting environment for analytics and evaluation capabilities.

When provided, enables storage and querying of evaluation metrics and processing analytics.

`saveReportingDataFunction`^Optional

public readonly saveReportingDataFunction: IFunction;

Type: aws-cdk-lib.aws_lambda.IFunction

Optional Lambda function that saves reporting data to the reporting bucket.

Available when a reporting environment is provided.

`vpcConfiguration`^Optional

public readonly vpcConfiguration: VpcConfiguration;

Type: VpcConfiguration

Optional VPC configuration for document processing components.

When provided, deploys processing components within a VPC with specified settings.

IProcessingEnvironmentApi

Extends: aws-cdk-lib.aws_appsync.IGraphqlApi
Implemented By: ProcessingEnvironmentApi, IProcessingEnvironmentApi

Interface for the document processing environment API.

Provides GraphQL API capabilities for monitoring and managing document processing.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`apiId`	`string`	an unique AWS AppSync GraphQL API identifier i.e. 'lxz775lwdrgcndgz3nurvac7oa'.
`arn`	`string`	the ARN of the API.
`graphQLEndpointArn`	`string`	The GraphQL endpoint ARN.
`modes`	`aws-cdk-lib.aws_appsync.AuthorizationType[]`	The Authorization Types for this GraphQL Api.
`visibility`	`aws-cdk-lib.aws_appsync.Visibility`	the visibility of the API.
`graphqlUrl`	`string`	The URL endpoint for the GraphQL API.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`apiId`^Required

public readonly apiId: string;

Type: string

an unique AWS AppSync GraphQL API identifier i.e. 'lxz775lwdrgcndgz3nurvac7oa'.

`arn`^Required

public readonly arn: string;

Type: string

the ARN of the API.

`graphQLEndpointArn`^Required

public readonly graphQLEndpointArn: string;

Type: string

The GraphQL endpoint ARN.

`modes`^Required

public readonly modes: AuthorizationType[];

Type: aws-cdk-lib.aws_appsync.AuthorizationType[]

The Authorization Types for this GraphQL Api.

`visibility`^Required

public readonly visibility: Visibility;

Type: aws-cdk-lib.aws_appsync.Visibility

the visibility of the API.

`graphqlUrl`^Required

public readonly graphqlUrl: string;

Type: string

The URL endpoint for the GraphQL API.

Used by client applications to interact with the document processing system.

IReportingEnvironment

Implemented By: ReportingEnvironment, IReportingEnvironment

Interface for the reporting environment that provides analytics and evaluation capabilities.

This environment stores evaluation metrics, document processing analytics, and metering data in a structured format suitable for querying with Amazon Athena.

Properties

Name	Type	Description
`attributeEvaluationsTable`	`@aws-cdk/aws-glue-alpha.S3Table`	The Glue table for attribute-level evaluation metrics.
`documentEvaluationsTable`	`@aws-cdk/aws-glue-alpha.S3Table`	The Glue table for document-level evaluation metrics.
`meteringTable`	`@aws-cdk/aws-glue-alpha.S3Table`	The Glue table for metering data.
`reportingBucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket where evaluation metrics and reporting data are stored in Parquet format.
`reportingDatabase`	`@aws-cdk/aws-glue-alpha.Database`	The AWS Glue database containing tables for evaluation metrics.
`sectionEvaluationsTable`	`@aws-cdk/aws-glue-alpha.S3Table`	The Glue table for section-level evaluation metrics.

`attributeEvaluationsTable`^Required

public readonly attributeEvaluationsTable: S3Table;

Type: @aws-cdk/aws-glue-alpha.S3Table

The Glue table for attribute-level evaluation metrics.

Contains detailed evaluation metrics for individual extracted attributes.

`documentEvaluationsTable`^Required

public readonly documentEvaluationsTable: S3Table;

Type: @aws-cdk/aws-glue-alpha.S3Table

The Glue table for document-level evaluation metrics.

Contains accuracy, precision, recall, F1 score, and other document-level metrics.

`meteringTable`^Required

public readonly meteringTable: S3Table;

Type: @aws-cdk/aws-glue-alpha.S3Table

The Glue table for metering data.

Contains cost and usage metrics for document processing operations.

`reportingBucket`^Required

public readonly reportingBucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where evaluation metrics and reporting data are stored in Parquet format.

Contains document-level, section-level, and attribute-level evaluation metrics.

`reportingDatabase`^Required

public readonly reportingDatabase: Database;

Type: @aws-cdk/aws-glue-alpha.Database

The AWS Glue database containing tables for evaluation metrics.

Provides a structured catalog for querying evaluation data with Amazon Athena.

`sectionEvaluationsTable`^Required

public readonly sectionEvaluationsTable: S3Table;

Type: @aws-cdk/aws-glue-alpha.S3Table

The Glue table for section-level evaluation metrics.

Contains evaluation metrics for individual sections within documents.

ITrackingTable

Extends: aws-cdk-lib.aws_dynamodb.ITable
Implemented By: TrackingTable, ITrackingTable

Interface for the document tracking table.

This table stores information about document processing status, metadata, and results, enabling tracking of documents throughout their processing lifecycle from upload to completion.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`tableArn`	`string`	Arn of the dynamodb table.
`tableName`	`string`	Table name of the dynamodb table.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	Optional KMS encryption key associated with this table.
`tableStreamArn`	`string`	ARN of the table's stream, if there is one.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`tableArn`^Required

public readonly tableArn: string;

Type: string

Arn of the dynamodb table.

`tableName`^Required

public readonly tableName: string;

Type: string

Table name of the dynamodb table.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

Optional KMS encryption key associated with this table.

`tableStreamArn`^Optional

public readonly tableStreamArn: string;

Type: string

ARN of the table's stream, if there is one.

IUserIdentity

Implemented By: UserIdentity, IUserIdentity

Interface for user identity management components.

Provides authentication and authorization for the web application.

Properties

Name	Type	Description
`identityPool`	`aws-cdk-lib.aws_cognito_identitypool.IdentityPool`	The Cognito Identity Pool that provides temporary AWS credentials.
`userPool`	`aws-cdk-lib.aws_cognito.IUserPool`	The Cognito UserPool that stores user identities and credentials.
`userPoolClient`	`aws-cdk-lib.aws_cognito.IUserPoolClient`	The Cognito UserPool Client used by the web application for OAuth flows.

`identityPool`^Required

public readonly identityPool: IdentityPool;

Type: aws-cdk-lib.aws_cognito_identitypool.IdentityPool

The Cognito Identity Pool that provides temporary AWS credentials.

Allows authenticated users to access AWS services with appropriate permissions.

`userPool`^Required

public readonly userPool: IUserPool;

Type: aws-cdk-lib.aws_cognito.IUserPool

The Cognito UserPool that stores user identities and credentials.

Handles user registration, authentication, and account management.

`userPoolClient`^Required

public readonly userPoolClient: IUserPoolClient;

Type: aws-cdk-lib.aws_cognito.IUserPoolClient

The Cognito UserPool Client used by the web application for OAuth flows.

Enables the web UI to authenticate users against the UserPool.

IWebApplication

Implemented By: WebApplication, IWebApplication

Interface for the web application that provides a user interface for the document processing solution.

Enables users to upload documents, monitor processing status, and access extraction results.

Properties

Name	Type	Description
`bucket`	`aws-cdk-lib.aws_s3.IBucket`	The S3 bucket where the web application assets are deployed.
`distribution`	`aws-cdk-lib.aws_cloudfront.IDistribution`	The CloudFront distribution that serves the web application.

`bucket`^Required

public readonly bucket: IBucket;

Type: aws-cdk-lib.aws_s3.IBucket

The S3 bucket where the web application assets are deployed.

Contains the static files for the web UI including HTML, CSS, and JavaScript.

`distribution`^Required

public readonly distribution: IDistribution;

Type: aws-cdk-lib.aws_cloudfront.IDistribution

The CloudFront distribution that serves the web application.

Provides global content delivery with low latency and high performance.

IWorkteam

Extends: aws-cdk-lib.IResource
Implemented By: Workteam, IWorkteam

Interface for SageMaker workteam used in HITL workflows.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`workteamArn`	`string`	The ARN of the SageMaker workteam.
`workteamName`	`string`	The name of the SageMaker workteam.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`workteamArn`^Required

public readonly workteamArn: string;

Type: string

The ARN of the SageMaker workteam.

`workteamName`^Required

public readonly workteamName: string;

Type: string

The name of the SageMaker workteam.

Enums

CrawlerSchedule

Enumeration of supported crawler schedules.

Members

Name	Description
`MANUAL`	Manual execution only - no automatic schedule.
`EVERY_15_MINUTES`	Run every 15 minutes.
`HOURLY`	Run every hour.
`DAILY`	Run daily.

`MANUAL`

Manual execution only - no automatic schedule.

`EVERY_15_MINUTES`

Run every 15 minutes.

`HOURLY`

Run every hour.

`DAILY`

Run daily.

LogLevel

Defines the logging verbosity levels for the document processing components.

Controls the amount of detail included in logs for troubleshooting and monitoring.

The log level affects all Lambda functions and other components in the IDP solution, allowing administrators to adjust logging detail based on operational needs.

Members

Name	Description
`DEBUG`	Most verbose logging level, includes detailed debugging information. Useful during development and troubleshooting but generates large log volumes.
`INFO`	Standard logging level for operational information. Provides general information about the system's operation without excessive detail.
`WARN`	Logs potentially harmful situations that don't prevent the system from working.
`ERROR`	Logs error events that might still allow the application to continue running. Indicates failures that should be investigated.

`DEBUG`

Most verbose logging level, includes detailed debugging information. Useful during development and troubleshooting but generates large log volumes.

Includes detailed information about internal operations, variable values, and processing steps that are useful for diagnosing issues.

`INFO`

Standard logging level for operational information. Provides general information about the system's operation without excessive detail.

Includes information about document processing events, workflow transitions, and important operational milestones.

`WARN`

Logs potentially harmful situations that don't prevent the system from working.

Indicates issues that should be addressed but aren't critical failures.

Includes warnings about potential problems, performance issues, or situations that might lead to errors if not addressed.

`ERROR`

Logs error events that might still allow the application to continue running. Indicates failures that should be investigated.

Includes information about processing failures, service errors, and other issues that affect system functionality.

@cdklabs/genai-idp

Constructs

AgentAnalytics

Initializers

scopeRequired

idRequired

propsRequired

Methods

toString

Static Functions

isConstruct

xRequired

Properties

nodeRequired

agentProcessorRequired

agentRequestHandlerRequired

agentTableRequired

listAvailableAgentsRequired

AgentProcessorFunction

Initializers

scopeRequired

idRequired

propsRequired

Methods

toString

applyRemovalPolicy

policyRequired

addEventSource

sourceRequired

addEventSourceMapping

idRequired

optionsRequired

addFunctionUrl

optionsOptional

addPermission

idRequired

permissionRequired

addToRolePolicy

statementRequired

configureAsyncInvoke

optionsRequired

considerWarningOnInvokeFunctionPermissions

scopeRequired

actionRequired

grantInvoke

granteeRequired

grantInvokeCompositePrincipal

compositePrincipalRequired

grantInvokeLatestVersion

granteeRequired

grantInvokeUrl

granteeRequired

grantInvokeVersion

granteeRequired

versionRequired

metric

metricNameRequired

propsOptional

metricDuration

propsOptional

metricErrors

propsOptional

metricInvocations

propsOptional

metricThrottles

propsOptional

addAlias

aliasNameRequired

optionsOptional

addEnvironment

keyRequired

valueRequired

optionsOptional

addLayers

layersRequired

invalidateVersionBasedOn

xRequired

Static Functions

isConstruct

xRequired

`scope`^Required

`id`^Required

`props`^Required

`toString`

`isConstruct`

`x`^Required

`node`^Required

`agentProcessor`^Required

`agentRequestHandler`^Required

`agentTable`^Required

`listAvailableAgents`^Required

`scope`^Required

`id`^Required

`props`^Required

`toString`

`applyRemovalPolicy`

`policy`^Required

`addEventSource`

`source`^Required

`addEventSourceMapping`

`id`^Required

`options`^Required

`addFunctionUrl`

`options`^Optional

`addPermission`

`id`^Required

`permission`^Required

`addToRolePolicy`

`statement`^Required

`configureAsyncInvoke`

`options`^Required

`considerWarningOnInvokeFunctionPermissions`

`scope`^Required

`action`^Required

`grantInvoke`

`grantee`^Required

`grantInvokeCompositePrincipal`

`compositePrincipal`^Required

`grantInvokeLatestVersion`

`grantee`^Required

`grantInvokeUrl`

`grantee`^Required

`grantInvokeVersion`

`grantee`^Required

`version`^Required

`metric`

`metricName`^Required

`props`^Optional

`metricDuration`

`props`^Optional

`metricErrors`

`props`^Optional

`metricInvocations`

`props`^Optional

`metricThrottles`

`props`^Optional

`addAlias`

`aliasName`^Required

`options`^Optional

`addEnvironment`

`key`^Required

`value`^Required

`options`^Optional

`addLayers`

`layers`^Required

`invalidateVersionBasedOn`

`x`^Required

`isConstruct`

`x`^Required

`isOwnedResource`

`construct`^Required

`isResource`

`construct`^Required

`classifyVersionProperty`

`propertyName`^Required

`locked`^Required

`fromFunctionArn`

`scope`^Required

`id`^Required

`functionArn`^Required