API Reference

Classes

Name	Description
AccessConrtolLambda	No description
AdminRole	No description
BillingRole	No description
ComprehendS3olab	Creates the foundation necessary to deploy the S3 Object Lambda Acceess Control Use Case.
CustSupportRole	No description
GeneralRole	The role that you are going to assume (switch role).
LambdaArnCaptorCustomResource	No description
RedactionLambda	No description

Structs

Name	Description
AccessConrtolLambdaProps	No description
AdminRoleProps	No description
BillingRoleProps	No description
ComprehendS3olabProps	No description
CustSupportRoleProps	No description
GeneralRoleProps	No description
LambdaArnCaptorResourceProps	No description
RedactionLambdaProps	No description
S3AccessPointNames	No description

Enums

Name	Description
IamRoleName	No description

class AccessConrtolLambda

Implements: IConstruct, IDependable Extends: Construct

Initializer

new AccessConrtolLambda(scope: Construct, id: string, props: AccessConrtolLambdaProps)

scope (Construct) No description
id (string) No description
props (AccessConrtolLambdaProps) No description
- confidenceThreshold (string) The minimum prediction confidence score above which PII classification and detection would be considered as final answer. Default: '0.5'
- containsPiiEntitiesThreadCount (string) Number of threads to use for calling Comprehend's ContainsPiiEntities API. Default: '20'
- defaultLanguageCode (string) Default language of the text to be processed. Default: 'en'
- documentMaxSize (string) Default maximum document size (in bytes) that this function can process otherwise will throw exception for too large document size. Default: '102400'
- documentMaxSizeContainsPiiEntities (string) Maximum document size (in bytes) to be used for making calls to Comprehend's ContainsPiiEntities API. Default: '50000'
- isPartialObjectSupported (string) Whether to support partial objects or not. Default: 'false'
- logLevel (string) Log level for Lambda function logging, e.g., ERROR, INFO, DEBUG, etc. Default: 'INFO'
- maxCharsOverlap (string) Maximum characters to overlap among segments of a document in case chunking is needed because of maximum document size limit. Default: '200'
- piiEntityTypes (string) List of comma separated PII entity types to be considered for access control. Default: 'ALL'
- publishCloudWatchMetrics (string) True if publish metrics to Cloudwatch, false otherwise. Default: 'true'
- semanticVersion (string) The version of the serverless application. Default: '1.0.2'
- subsegmentOverlappingTokens (string) Number of tokens/words to overlap among segments of a document in case chunking is needed because of maximum document size limit. Default: '20'
- unsupportedFileHandling (string) Handling logic for Unsupported files. Default: 'FAIL'

Properties

Name	Type	Description
stackName	`string`	The name of the underlying resoure in the serverless application.

class AdminRole

Implements: IConstruct, IDependable Extends: Construct

Initializer

new AdminRole(scope: Construct, id: string, props?: AdminRoleProps)

scope (Construct) No description
id (string) No description
props (AdminRoleProps) No description
- iamRoleName (string) The name of the IAM role. Default: 'RedactionAdminRole'
- objectLambdaAccessPointName (string) The name of the object Lambda access point, which will be the same as the S3 acceess point for the S3 bucket in the demostration. Default: 'admin-s3olap-call-transcripts-known-pii'
- policyName (string) The name of the IAM policy for the IAM role. Default: 'admin-role-s3olap-policy'

Properties

Name	Type	Description
roleArn	`string`	The ARN of the IAM role.
roleId	`string`	The unique string identifying the role.
roleName	`string`	The name of the IAM role.

class BillingRole

Implements: IConstruct, IDependable Extends: Construct

Initializer

new BillingRole(scope: Construct, id: string, props?: AdminRoleProps)

scope (Construct) No description
id (string) No description
props (AdminRoleProps) No description
- iamRoleName (string) The name of the IAM role. Default: 'RedactionAdminRole'
- objectLambdaAccessPointName (string) The name of the object Lambda access point, which will be the same as the S3 acceess point for the S3 bucket in the demostration. Default: 'admin-s3olap-call-transcripts-known-pii'
- policyName (string) The name of the IAM policy for the IAM role. Default: 'admin-role-s3olap-policy'

Properties

Name	Type	Description
roleArn	`string`	The ARN of the IAM role.
roleId	`string`	The unique string identifying the role.
roleName	`string`	The name of the IAM role.

class ComprehendS3olab

Creates the foundation necessary to deploy the S3 Object Lambda Acceess Control Use Case.

Implements: IConstruct, IDependable Extends: Construct

Initializer

new ComprehendS3olab(scope: Construct, id: string, props: ComprehendS3olabProps)

scope (Construct) No description
id (string) No description
props (ComprehendS3olabProps) No description
- accessControlLambdaConfig (AccessConrtolLambdaProps) The parameters needed for the ComprehendPiiAccessControlS3ObjectLambda function. Optional
- adminRedactionLambdaConfig (RedactionLambdaProps) The parameters of the ComprehendPiiRedactionS3ObjectLambda function for the AdminRole. Optional
- adminRoleConfig (AdminRoleProps) The manageable properties for the administrator IAM role in the redaction case. Optional
- billingRedactionLambdaConfig (RedactionLambdaProps) The parameters of the ComprehendPiiRedactionS3ObjectLambda function for the BillingRole. Optional
- billingRoleConfig (BillingRoleProps) The manageable properties for the billing IAM role in the redaction case. Optional
- cusrtSupportRedactionLambdaConfig (RedactionLambdaProps) The parameters of the ComprehendPiiRedactionS3ObjectLambda function for the CustSupportRole. Optional
- custSupportRoleConfig (CustSupportRoleProps) The manageable properties for the customer support IAM role in the redaction case. Optional
- exampleFileDir (string) The directory path where files/access_control/*.txt and files/redaction/*.txt will be put. Default: __dirname
- generalRoleConfig (GeneralRoleProps) The manageable properties for the IAM role used to access the survey-results.txt data. Optional
- generateRandomCharacters (boolean) For distinguish test and normal deployment. Default: true
- s3AccessPointNames (S3AccessPointNames) The names of the S3 access points for the access control case and redaction case. Optional
- surveyBucketPrefix (string) The prefix attached to the name of the S3 bucket where you are going to explore the S3 Object Lambda pertaining to the access control case. Default: 6 random words
- transcriptsBucketPrefix (string) The prefix attached to the name of the S3 bucket where you are going to explore the S3 Object Lambda pertaining to the redaction case. Default: 6 random words

Properties

Name	Type	Description
adminLambdaArn	`string`	The ARN of the Lambda function combined with Amazon Comprehend for thie administrator role in the redaction case.
billingLambdaArn	`string`	The ARN of the Lambda function combined with Amazon Comprehend for thie billing role in the redaction case.
customerSupportLambdaArn	`string`	The ARN of the Lambda function combined with Amazon Comprehend for thie customer support role in the redaction case.
piiAccessConrtolLambdaArn	`string`	The ARN of the Lambda function combined with Amazon Comprehend for the general case.
s3objectLambdaAccessControlArn	`string`	The ARN of the S3 Object Lambda for access control.
s3objectLambdaAdminArn	`string`	The ARN of the S3 Object Lambda for the admin role in the redaction case.
s3objectLambdaBillingArn	`string`	The ARN of the S3 Object Lambda for the billing role in the redaction case.
s3objectLambdaCustomerSupportArn	`string`	The ARN of the S3 Object Lambda for the customer support role in the redaction case.

Methods

generateS3Prefix(length)

generateS3Prefix(length: number): string

length (number) No description

Returns:

string

class CustSupportRole

Implements: IConstruct, IDependable Extends: Construct

Initializer

new CustSupportRole(scope: Construct, id: string, props?: AdminRoleProps)

scope (Construct) No description
id (string) No description
props (AdminRoleProps) No description
- iamRoleName (string) The name of the IAM role. Default: 'RedactionAdminRole'
- objectLambdaAccessPointName (string) The name of the object Lambda access point, which will be the same as the S3 acceess point for the S3 bucket in the demostration. Default: 'admin-s3olap-call-transcripts-known-pii'
- policyName (string) The name of the IAM policy for the IAM role. Default: 'admin-role-s3olap-policy'

Properties

Name	Type	Description
roleArn	`string`	The ARN of the IAM role.
roleId	`string`	The unique string identifying the role.
roleName	`string`	The name of the IAM role.

class GeneralRole

The role that you are going to assume (switch role).

Explores how the S3 Object Lambda works.

Implements: IConstruct, IDependable Extends: Construct

Initializer

new GeneralRole(scope: Construct, id: string, props: GeneralRoleProps)

scope (Construct) No description
id (string) No description
props (GeneralRoleProps) No description
- iamRoleName (string) The name of the IAM role. Default: 'GeneralRole'
- objectLambdaAccessPointName (string) The name of the object Lambda access point, which will be the same as the S3 acceess point for the S3 bucket in the demostration. Default: 'accessctl-s3olap-survey-results-unknown-pii'
- policyName (string) The name of the IAM policy for the IAM role. Default: 'general-role-s3olap-policy'

Properties

Name	Type	Description
roleArn	`string`	The ARN of the IAM role.
roleId	`string`	The unique string identifying the role.
roleName	`string`	The name of the IAM role.

class LambdaArnCaptorCustomResource

Implements: IConstruct, IDependable Extends: Construct

Initializer

new LambdaArnCaptorCustomResource(scope: Construct, id: string, props: LambdaArnCaptorResourceProps)

scope (Construct) No description
id (string) No description
props (LambdaArnCaptorResourceProps) No description
- partialLambdaName (string) The partial fixed name of the gemeral Lambda function created from the serverless application.
- roleName (string) the name of the corresponding IAM role.

Properties

Name	Type	Description
lambdaArn	`string`	The ARN of the general Lambda function created from the serverless application.

class RedactionLambda

Implements: IConstruct, IDependable Extends: Construct

Initializer

new RedactionLambda(scope: Construct, id: string, props?: RedactionLambdaProps)

scope (Construct) No description
id (string) No description
props (RedactionLambdaProps) No description
- confidenceThreshold (string) The minimum prediction confidence score above which PII classification and detection would be considered as final answer. Default: '0.5'
- containsPiiEntitiesThreadCount (string) Number of threads to use for calling Comprehend's ContainsPiiEntities API. Default: '20'
- defaultLanguageCode (string) Default language of the text to be processed. Default: 'en'
- detectPiiEntitiesThreadCount (string) Number of threads to use for calling Comprehend's DetectPiiEntities API. Default: '8'
- documentMaxSize (string) Default maximum document size (in bytes) that this function can process otherwise will throw exception for too large document size. Default: '102400'
- documentMaxSizeContainsPiiEntities (string) Maximum document size (in bytes) to be used for making calls to Comprehend's ContainsPiiEntities API. Default: '50000'
- documentMaxSizeDetectPiiEntities (string) Maximum document size (in bytes) to be used for making calls to Comprehend's DetectPiiEntities API. Default: '5000'
- isPartialObjectSupported (string) Whether to support partial objects or not. Default: 'false'
- logLevel (string) Log level for Lambda function logging, e.g., ERROR, INFO, DEBUG, etc. Default: 'INFO'
- maskCharacter (string) A character that replaces each character in the redacted PII entity. Default: '*'
- maskMode (string) Specifies whether the PII entity is redacted with the mask character or the entity type. Optional
- maxCharsOverlap (string) Maximum characters to overlap among segments of a document in case chunking is needed because of maximum document size limit. Default: '200'
- piiEntityTypes (string) List of comma separated PII entity types to be considered for redaction. Default: 'ALL'
- publishCloudWatchMetrics (string) True if publish metrics to Cloudwatch, false otherwise. Default: 'true'
- semanticVersion (string) The version of the serverless application. Default: '1.0.2'
- subsegmentOverlappingTokens (string) Number of tokens/words to overlap among segments of a document in case chunking is needed because of maximum document size limit. Default: '20'
- unsupportedFileHandling (string) Handling logic for Unsupported files. Default: 'FAIL'

Properties

Name	Type	Description
stackName	`string`	The name of the underlying resoure in the serverless application.

struct AccessConrtolLambdaProps

Name	Type	Description
confidenceThreshold?	`string`	The minimum prediction confidence score above which PII classification and detection would be considered as final answer. *Default*: '0.5'
containsPiiEntitiesThreadCount?	`string`	Number of threads to use for calling Comprehend's ContainsPiiEntities API. *Default*: '20'
defaultLanguageCode?	`string`	Default language of the text to be processed. *Default*: 'en'
documentMaxSize?	`string`	Default maximum document size (in bytes) that this function can process otherwise will throw exception for too large document size. *Default*: '102400'
documentMaxSizeContainsPiiEntities?	`string`	Maximum document size (in bytes) to be used for making calls to Comprehend's ContainsPiiEntities API. *Default*: '50000'
isPartialObjectSupported?	`string`	Whether to support partial objects or not. *Default*: 'false'
logLevel?	`string`	Log level for Lambda function logging, e.g., ERROR, INFO, DEBUG, etc. *Default*: 'INFO'
maxCharsOverlap?	`string`	Maximum characters to overlap among segments of a document in case chunking is needed because of maximum document size limit. *Default*: '200'
piiEntityTypes?	`string`	List of comma separated PII entity types to be considered for access control. *Default*: 'ALL'
publishCloudWatchMetrics?	`string`	True if publish metrics to Cloudwatch, false otherwise. *Default*: 'true'
semanticVersion?	`string`	The version of the serverless application. *Default*: '1.0.2'
subsegmentOverlappingTokens?	`string`	Number of tokens/words to overlap among segments of a document in case chunking is needed because of maximum document size limit. *Default*: '20'
unsupportedFileHandling?	`string`	Handling logic for Unsupported files. *Default*: 'FAIL'

struct AdminRoleProps

Name	Type	Description
iamRoleName?	`string`	The name of the IAM role. *Default*: 'RedactionAdminRole'
objectLambdaAccessPointName?	`string`	The name of the object Lambda access point, which will be the same as the S3 acceess point for the S3 bucket in the demostration. *Default*: 'admin-s3olap-call-transcripts-known-pii'
policyName?	`string`	The name of the IAM policy for the IAM role. *Default*: 'admin-role-s3olap-policy'

struct BillingRoleProps

Name	Type	Description
iamRoleName?	`string`	The name of the IAM role. *Default*: 'RedactionBillingRole'
objectLambdaAccessPointName?	`string`	The name of the object Lambda access point, which will be the same as the S3 acceess point for the S3 bucket in the demostration. *Default*: 'billing-s3olap-call-transcripts-known-pii'
policyName?	`string`	The name of the IAM policy for the IAM role. *Default*: 'billing-role-s3olap-policy'

struct ComprehendS3olabProps

Name	Type	Description
accessControlLambdaConfig?	`AccessConrtolLambdaProps`	The parameters needed for the `ComprehendPiiAccessControlS3ObjectLambda` function. *Optional*
adminRedactionLambdaConfig?	`RedactionLambdaProps`	The parameters of the `ComprehendPiiRedactionS3ObjectLambda` function for the `AdminRole`. *Optional*
adminRoleConfig?	`AdminRoleProps`	The manageable properties for the administrator IAM role in the redaction case. *Optional*
billingRedactionLambdaConfig?	`RedactionLambdaProps`	The parameters of the `ComprehendPiiRedactionS3ObjectLambda` function for the `BillingRole`. *Optional*
billingRoleConfig?	`BillingRoleProps`	The manageable properties for the billing IAM role in the redaction case. *Optional*
cusrtSupportRedactionLambdaConfig?	`RedactionLambdaProps`	The parameters of the `ComprehendPiiRedactionS3ObjectLambda` function for the `CustSupportRole`. *Optional*
custSupportRoleConfig?	`CustSupportRoleProps`	The manageable properties for the customer support IAM role in the redaction case. *Optional*
exampleFileDir?	`string`	The directory path where `files/access_control/.txt` and `files/redaction/.txt` will be put. *Default*: __dirname
generalRoleConfig?	`GeneralRoleProps`	The manageable properties for the IAM role used to access the `survey-results.txt` data. *Optional*
generateRandomCharacters?	`boolean`	For distinguish test and normal deployment. *Default*: true
s3AccessPointNames?	`S3AccessPointNames`	The names of the S3 access points for the access control case and redaction case. *Optional*
surveyBucketPrefix?	`string`	The prefix attached to the name of the S3 bucket where you are going to explore the S3 Object Lambda pertaining to the access control case. *Default*: 6 random words
transcriptsBucketPrefix?	`string`	The prefix attached to the name of the S3 bucket where you are going to explore the S3 Object Lambda pertaining to the redaction case. *Default*: 6 random words

struct CustSupportRoleProps

Name	Type	Description
iamRoleName?	`string`	The name of the IAM role. *Default*: 'RedactionCustSupportRole'
objectLambdaAccessPointName?	`string`	The name of the object Lambda access point, which will be the same as the S3 acceess point for the S3 bucket in the demostration. *Default*: 'custsupport-s3olap-call-transcripts-known-pii'
policyName?	`string`	The name of the IAM policy for the IAM role. *Default*: 'customersupport-role-s3olap-policy'

struct GeneralRoleProps

Name	Type	Description
iamRoleName?	`string`	The name of the IAM role. *Default*: 'GeneralRole'
objectLambdaAccessPointName?	`string`	The name of the object Lambda access point, which will be the same as the S3 acceess point for the S3 bucket in the demostration. *Default*: 'accessctl-s3olap-survey-results-unknown-pii'
policyName?	`string`	The name of the IAM policy for the IAM role. *Default*: 'general-role-s3olap-policy'

struct LambdaArnCaptorResourceProps

Name	Type	Description
partialLambdaName	`string`	The partial fixed name of the gemeral Lambda function created from the serverless application.
roleName	`string`	the name of the corresponding IAM role.

struct RedactionLambdaProps

Name	Type	Description
confidenceThreshold?	`string`	The minimum prediction confidence score above which PII classification and detection would be considered as final answer. *Default*: '0.5'
containsPiiEntitiesThreadCount?	`string`	Number of threads to use for calling Comprehend's ContainsPiiEntities API. *Default*: '20'
defaultLanguageCode?	`string`	Default language of the text to be processed. *Default*: 'en'
detectPiiEntitiesThreadCount?	`string`	Number of threads to use for calling Comprehend's DetectPiiEntities API. *Default*: '8'
documentMaxSize?	`string`	Default maximum document size (in bytes) that this function can process otherwise will throw exception for too large document size. *Default*: '102400'
documentMaxSizeContainsPiiEntities?	`string`	Maximum document size (in bytes) to be used for making calls to Comprehend's ContainsPiiEntities API. *Default*: '50000'
documentMaxSizeDetectPiiEntities?	`string`	Maximum document size (in bytes) to be used for making calls to Comprehend's DetectPiiEntities API. *Default*: '5000'
isPartialObjectSupported?	`string`	Whether to support partial objects or not. *Default*: 'false'
logLevel?	`string`	Log level for Lambda function logging, e.g., ERROR, INFO, DEBUG, etc. *Default*: 'INFO'
maskCharacter?	`string`	A character that replaces each character in the redacted PII entity. *Default: ''
maskMode?	`string`	Specifies whether the PII entity is redacted with the mask character or the entity type. *Optional*
maxCharsOverlap?	`string`	Maximum characters to overlap among segments of a document in case chunking is needed because of maximum document size limit. *Default*: '200'
piiEntityTypes?	`string`	List of comma separated PII entity types to be considered for redaction. *Default*: 'ALL'
publishCloudWatchMetrics?	`string`	True if publish metrics to Cloudwatch, false otherwise. *Default*: 'true'
semanticVersion?	`string`	The version of the serverless application. *Default*: '1.0.2'
subsegmentOverlappingTokens?	`string`	Number of tokens/words to overlap among segments of a document in case chunking is needed because of maximum document size limit. *Default*: '20'
unsupportedFileHandling?	`string`	Handling logic for Unsupported files. *Default*: 'FAIL'

struct S3AccessPointNames

Name	Type	Description
admin	`string`	The name of the S3 aceess point for the admin role in the redaction case.
billing	`string`	The name of the S3 aceess point for the billing role in the redaction case.
customerSupport	`string`	The name of the S3 aceess point for the customer support role in the redaction case.
general	`string`	The name of the S3 aceess point for the general role in the access control case.

enum IamRoleName

Name	Description
GENERAL
ADMIN
BILLING
CUST_SUPPORT

Files

API.md

Latest commit

History

API.md

File metadata and controls

API Reference

class AccessConrtolLambda

Initializer

Properties

class AdminRole

Initializer

Properties

class BillingRole

Initializer

Properties

class ComprehendS3olab

Initializer

Properties

Methods

generateS3Prefix(length)

class CustSupportRole

Initializer

Properties

class GeneralRole

Initializer

Properties

class LambdaArnCaptorCustomResource

Initializer

Properties

class RedactionLambda

Initializer

Properties

struct AccessConrtolLambdaProps

struct AdminRoleProps

struct BillingRoleProps

struct ComprehendS3olabProps

struct CustSupportRoleProps

struct GeneralRoleProps

struct LambdaArnCaptorResourceProps

struct RedactionLambdaProps

struct S3AccessPointNames

enum IamRoleName