pangea-aws 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c4fe3965d89b22bf5fd613fc817fa08d619e64a7e318085e5eed5fe45c06bb23
-  data.tar.gz: fb390445ba7da8a9d9d7d0f76f80d57c0a9ee8093c25ab3c3a199040404970aa
+  metadata.gz: 171b953acda35d607e7f18e2dd248e2535ffb11966cd85389288130bfaab807d
+  data.tar.gz: d1140dcd5eb37444b0ce9a34577e825bd3eba4421af2e32c90f8966dd80c2a6f
 SHA512:
-  metadata.gz: 9ae4a9df1c5e2124fd3414749faaa5fa904c6c31e6fd2f1fe5529b729d4f1635fee2d2b414cde7ca04f9515e40c5d6955c9ad70746fe32973a7498b0fe98dd7d
-  data.tar.gz: f63de27865e4f4708506773eb84ae457ead67ee28d266838d22fe879cc3a9481ce979f724203aeead5eeaa5c94a3d208799721a81bf1bec9fb60d4bb277c9e31
+  metadata.gz: 992c3aadad1f441386c8fba09cdbe6fadcd11e4bfbaf741622ee670a692c525af6d9202a4095fe5232f4e03a5cc751d2070f844f618f38db89692ad45b95118a
+  data.tar.gz: f6b08dd54ca87b02c9a7f2cb7aa35f0d1b0e3451f7c00fdad34845117e352bcb39527f3a25209d1dc0c962b77a3fe9697f06141732381ac7c2a6855e5f37be7b

data/flake.lock

@@ -771,11 +771,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1771807706,
-        "narHash": "sha256-JMDKxc0hfy7itVnURZamiz+2K94VCPOfY3a4OgqHYNc=",
+        "lastModified": 1771861648,
+        "narHash": "sha256-XjYnA7XQUFTg/XrgQL35oojiX/oddmuqHSsLbQg+X44=",
         "owner": "pleme-io",
         "repo": "substrate",
-        "rev": "eb59960eb0dade9bd102b5d4ed774b452c313933",
+        "rev": "0f97a626e8141f4ffa2a4e143f96df2689a82b6b",
         "type": "github"
       },
       "original": {

data/flake.nix

@@ -16,45 +16,11 @@
     };
   };
 
-  outputs = {
-    self,
-    nixpkgs,
-    ruby-nix,
-    flake-utils,
-    substrate,
-    forge,
-    ...
-  }:
-    flake-utils.lib.eachSystem ["x86_64-linux" "aarch64-linux" "aarch64-darwin"] (system: let
-      pkgs = import nixpkgs {
-        inherit system;
-        overlays = [ruby-nix.overlays.ruby];
-      };
-      rnix = ruby-nix.lib pkgs;
-      rnix-env = rnix {
-        name = "pangea-aws";
-        gemset = ./gemset.nix;
-      };
-      env = rnix-env.env;
-      ruby = rnix-env.ruby;
-
-      rubyBuild = import "${substrate}/lib/ruby-build.nix" {
-        inherit pkgs;
-        forgeCmd = "${forge.packages.${system}.default}/bin/forge";
-        defaultGhcrToken = "";
-      };
-    in {
-      devShells.default = pkgs.mkShell {
-        buildInputs = [env ruby];
-        shellHook = ''
-          export RUBYLIB=$PWD/lib:$RUBYLIB
-          export DRY_TYPES_WARNINGS=false
-        '';
-      };
-
-      apps = rubyBuild.mkRubyGemApps {
-        srcDir = self;
-        name = "pangea-aws";
-      };
-    });
+  outputs = { self, nixpkgs, ruby-nix, flake-utils, substrate, forge, ... }:
+    (import "${substrate}/lib/ruby-gem-flake.nix" {
+      inherit nixpkgs ruby-nix flake-utils substrate forge;
+    }) {
+      inherit self;
+      name = "pangea-aws";
+    };
 }

data/lib/pangea/architectures/aws/web_application_architecture/README.md

@@ -0,0 +1,375 @@
+# Web Application Architecture
+
+Production-ready 3-tier web application architecture with load balancing, auto-scaling, database, monitoring, and optional caching/CDN capabilities.
+
+## Overview
+
+The Web Application Architecture creates a complete, production-ready infrastructure for web applications. It automatically configures networking, security, compute resources, database, monitoring, and optional performance enhancements based on environment and requirements.
+
+## Architecture Components
+
+### Core Infrastructure
+- **VPC with Public/Private Subnets**: Multi-AZ network foundation with proper isolation
+- **Application Load Balancer**: SSL termination, health checks, and traffic distribution  
+- **Auto Scaling Group**: Elastic compute capacity with configurable scaling policies
+- **RDS Database**: Managed database with backups, encryption, and multi-AZ support
+- **Security Groups**: Least-privilege security rules for each tier
+
+### Optional Components
+- **ElastiCache Redis**: In-memory caching for improved performance
+- **CloudFront CDN**: Global content delivery network
+- **Route53 DNS**: Custom domain management
+- **ACM SSL Certificate**: Automatic SSL certificate provisioning
+- **CloudWatch Monitoring**: Comprehensive monitoring, logging, and alerting
+
+## Usage
+
+### Basic Web Application
+
+```ruby
+web_app = web_application_architecture(:myapp, {
+  domain_name: "myapp.com",
+  environment: "production"
+})
+
+# Architecture automatically configures:
+# - Multi-AZ VPC with public/private subnets
+# - Application Load Balancer with SSL termination
+# - Auto Scaling Group (min: 2, max: 10)
+# - MySQL RDS database with Multi-AZ
+# - CloudWatch monitoring and alarms
+# - Security groups with proper isolation
+```
+
+### Development Environment
+
+```ruby
+dev_app = web_application_architecture(:myapp_dev, {
+  domain_name: "dev.myapp.com",
+  environment: "development",
+  auto_scaling: { min: 1, max: 2 },
+  instance_type: "t3.micro",
+  database_instance_class: "db.t3.micro",
+  high_availability: false
+})
+```
+
+### Production with Performance Features
+
+```ruby
+prod_app = web_application_architecture(:myapp_prod, {
+  domain_name: "myapp.com",
+  environment: "production",
+  
+  # High performance configuration
+  instance_type: "c5.large",
+  auto_scaling: { min: 3, max: 20, desired: 5 },
+  
+  # Database optimization
+  database_engine: "aurora-mysql",
+  database_instance_class: "db.r5.xlarge",
+  
+  # Performance features
+  enable_caching: true,
+  enable_cdn: true,
+  
+  # Security enhancements
+  security: {
+    enable_waf: true,
+    enable_ddos_protection: true,
+    compliance_standards: ["PCI-DSS"]
+  }
+})
+```
+
+## Configuration Parameters
+
+### Required Parameters
+
+- **domain_name**: Primary domain for the application
+- **environment**: Deployment environment (`development`, `staging`, `production`)
+
+### Network Configuration
+
+```ruby
+# Network settings
+region: "us-east-1",
+vpc_cidr: "10.0.0.0/16", 
+availability_zones: ["us-east-1a", "us-east-1b", "us-east-1c"]
+```
+
+### Compute Configuration
+
+```ruby
+# Instance and scaling settings
+instance_type: "t3.medium",
+auto_scaling: {
+  min: 2,
+  max: 10,
+  desired: 3
+}
+```
+
+### Database Configuration
+
+```ruby
+# Database settings
+database_enabled: true,
+database_engine: "mysql",  # mysql, postgresql, aurora
+database_instance_class: "db.t3.small",
+database_allocated_storage: 100,
+high_availability: true  # Enables Multi-AZ
+```
+
+### Performance Features
+
+```ruby
+# Performance optimization
+enable_caching: true,      # ElastiCache Redis cluster
+enable_cdn: true,          # CloudFront distribution
+ssl_certificate_arn: "...", # Custom SSL cert (optional)
+```
+
+### Security Configuration
+
+```ruby
+security: {
+  encryption_at_rest: true,
+  encryption_in_transit: true,
+  enable_waf: true,
+  enable_ddos_protection: true,
+  compliance_standards: ["SOC2", "PCI-DSS"]
+}
+```
+
+### Monitoring Configuration
+
+```ruby
+monitoring: {
+  detailed_monitoring: true,
+  enable_logging: true,
+  log_retention_days: 30,
+  enable_alerting: true,
+  enable_tracing: false
+}
+```
+
+### Backup Configuration
+
+```ruby
+backup: {
+  backup_schedule: "daily",
+  retention_days: 30,
+  cross_region_backup: true,
+  point_in_time_recovery: true
+}
+```
+
+## Environment Defaults
+
+The architecture automatically applies environment-appropriate defaults:
+
+### Development
+- **Instance Type**: t3.micro
+- **Auto Scaling**: min=1, max=2
+- **Database**: db.t3.micro
+- **High Availability**: false  
+- **Caching**: disabled
+- **CDN**: disabled
+- **Backup Retention**: 1 day
+
+### Staging  
+- **Instance Type**: t3.small
+- **Auto Scaling**: min=1, max=4
+- **Database**: db.t3.small
+- **High Availability**: true
+- **Caching**: enabled
+- **CDN**: disabled
+- **Backup Retention**: 3 days
+
+### Production
+- **Instance Type**: t3.medium
+- **Auto Scaling**: min=2, max=10
+- **Database**: db.r5.large
+- **High Availability**: true
+- **Caching**: enabled
+- **CDN**: enabled  
+- **Backup Retention**: 30 days
+- **WAF & DDoS Protection**: enabled
+
+## Architecture Outputs
+
+### Primary Outputs
+```ruby
+web_app.application_url          # https://myapp.com
+web_app.load_balancer_dns        # myapp-alb-123.us-east-1.elb.amazonaws.com
+web_app.database_endpoint        # myapp-db.cluster-xyz.rds.amazonaws.com
+```
+
+### Optional Outputs
+```ruby
+web_app.cdn_domain              # d1234567890.cloudfront.net
+web_app.monitoring_dashboard_url # CloudWatch dashboard URL
+web_app.estimated_monthly_cost   # $247.50
+```
+
+### Architecture Capabilities
+```ruby
+web_app.capabilities = {
+  high_availability: true,
+  auto_scaling: true,
+  caching: true,
+  cdn: true,
+  ssl_termination: true,
+  monitoring: true,
+  backup: true
+}
+```
+
+## Architecture Validation
+
+### Security Compliance Score
+```ruby
+web_app.security_compliance_score  # 95.2
+```
+
+### High Availability Score  
+```ruby
+web_app.high_availability_score    # 88.0
+```
+
+### Performance Score
+```ruby
+web_app.performance_score          # 92.5
+```
+
+## Cost Estimation
+
+### Monthly Cost Breakdown
+```ruby
+web_app.cost_breakdown = {
+  components: {
+    load_balancer: 22.0,
+    web_servers: 204.0,    # 3 x t3.medium
+    database: 180.0,       # db.r5.large Multi-AZ  
+    cache: 15.0,           # ElastiCache
+    cdn: 10.0              # CloudFront
+  },
+  total: 431.0
+}
+```
+
+## Customization and Overrides
+
+### Override Database with Aurora Serverless
+```ruby
+web_app.override(:database) do |arch_ref|
+  aurora_serverless_cluster(:"#{arch_ref.name}_db", {
+    engine: "aurora-mysql",
+    vpc_ref: arch_ref.network.vpc,
+    scaling: { min_capacity: 2, max_capacity: 16 }
+  })
+end
+```
+
+### Extend with Additional Components
+```ruby
+web_app.extend_with({
+  api_gateway: aws_api_gateway_rest_api(:"#{web_app.name}_api", {
+    description: "API Gateway for #{web_app.name}"
+  }),
+  
+  lambda_functions: aws_lambda_function(:"#{web_app.name}_processor", {
+    runtime: "python3.9",
+    handler: "lambda_function.lambda_handler"
+  })
+})
+```
+
+### Compose with Other Architectures
+```ruby
+web_app.compose_with do |arch_ref|
+  # Add data analytics pipeline
+  arch_ref.analytics = data_lake_architecture(:"#{arch_ref.name}_analytics", {
+    vpc_ref: arch_ref.network.vpc,
+    source_database: arch_ref.database
+  })
+end
+```
+
+## Template Integration
+
+### Basic Template Usage
+```ruby
+template :web_application do
+  include Pangea::Architectures
+  
+  web_app = web_application_architecture(:myapp, {
+    domain_name: "myapp.com",
+    environment: "production"
+  })
+  
+  output :application_url do
+    value web_app.application_url
+  end
+  
+  output :monthly_cost do
+    value web_app.estimated_monthly_cost
+  end
+end
+```
+
+### Multi-Environment Deployment
+```ruby
+template :multi_environment_web_app do
+  include Pangea::Architectures
+  
+  environments = ["development", "staging", "production"]
+  
+  environments.each do |env|
+    web_app = web_application_architecture(:"myapp_#{env}", {
+      domain_name: "#{env == 'production' ? '' : env + '.'}myapp.com",
+      environment: env
+    })
+    
+    output :"#{env}_url" do
+      value web_app.application_url
+    end
+  end
+end
+```
+
+## Best Practices
+
+1. **Environment Separation**: Use separate architectures per environment
+2. **Domain Strategy**: Use subdomains for non-production environments  
+3. **Scaling Configuration**: Set appropriate min/max based on traffic patterns
+4. **Database Sizing**: Choose instance classes based on performance requirements
+5. **Security**: Enable WAF and DDoS protection for production
+6. **Monitoring**: Always enable detailed monitoring and alerting
+7. **Backup Strategy**: Configure appropriate retention for your RPO requirements
+8. **Cost Optimization**: Use spot instances for development environments
+9. **SSL Certificates**: Let the architecture manage ACM certificates automatically
+10. **Tags**: Use consistent tagging for cost allocation and management
+
+## Troubleshooting
+
+### High Costs
+- Review instance types and auto scaling settings
+- Consider using spot instances for non-production
+- Optimize database instance class selection
+
+### Performance Issues  
+- Enable caching with ElastiCache
+- Add CloudFront CDN for static content
+- Consider upgrading instance types
+
+### Security Compliance
+- Enable WAF and DDoS protection
+- Ensure encryption at rest and in transit
+- Review security group rules
+
+### High Availability Issues
+- Verify Multi-AZ database configuration
+- Ensure auto scaling spans multiple availability zones
+- Check load balancer health check configuration

data/lib/pangea/architectures/aws/web_application_architecture/architecture/component_creation.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+
+# Copyright 2025 The Pangea Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Pangea
+  module Architectures
+    module WebApplicationArchitecture
+      class Architecture
+        # Component creation methods
+        module ComponentCreation
+          def create_components(name, attributes)
+            extend Pangea::Components if defined?(Pangea::Components)
+
+            components = {}
+            components[:network] = create_network_component(name, attributes)
+            components[:security_groups] = create_security_groups(name, attributes, components[:network])
+            components[:load_balancer] = create_load_balancer(name, attributes, components[:network], components[:security_groups])
+            components[:web_servers] = create_web_servers(name, attributes, components[:network], components[:security_groups], components[:load_balancer])
+            components[:database] = create_database(name, attributes, components[:network], components[:security_groups]) if attributes[:database_enabled] != false
+            components[:monitoring] = create_monitoring(name, attributes, components)
+            components[:cache] = create_cache_component(name, attributes, components[:network], components[:security_groups]) if attributes[:enable_caching]
+            components[:cdn] = create_cdn_component(name, attributes, components[:load_balancer]) if attributes[:enable_cdn]
+            components
+          end
+
+          def create_network_component(name, attributes)
+            if defined?(Pangea::Components) && respond_to?(:secure_vpc)
+              secure_vpc(:"#{name}_network", {
+                cidr_block: attributes[:vpc_cidr] || '10.0.0.0/16',
+                availability_zones: attributes[:availability_zones] || %w[us-east-1a us-east-1b us-east-1c],
+                enable_flow_logs: attributes[:environment] == 'production',
+                tags: architecture_tags(attributes)
+              })
+            else
+              create_vpc_directly(name, attributes)
+            end
+          end
+
+          def create_security_groups(name, attributes, network)
+            if defined?(Pangea::Components) && respond_to?(:web_security_group)
+              web_security_group(:"#{name}_web_sg", {
+                vpc_ref: network.respond_to?(:vpc) ? network.vpc : network,
+                allowed_cidr_blocks: attributes[:allowed_cidr_blocks] || ['0.0.0.0/0'],
+                tags: architecture_tags(attributes)
+              })
+            else
+              create_security_groups_directly(name, attributes, network)
+            end
+          end
+
+          def create_load_balancer(name, attributes, network, security_groups)
+            if defined?(Pangea::Components) && respond_to?(:application_load_balancer)
+              subnets = network.respond_to?(:public_subnets) ? network.public_subnets : []
+              sg_refs = security_groups.respond_to?(:security_groups) ? security_groups.security_groups : [security_groups]
+
+              application_load_balancer(:"#{name}_alb", {
+                subnet_refs: subnets, security_group_refs: sg_refs,
+                enable_deletion_protection: attributes[:environment] == 'production',
+                certificate_arn: attributes[:ssl_certificate_arn],
+                tags: architecture_tags(attributes)
+              })
+            else
+              create_load_balancer_directly(name, attributes, network, security_groups)
+            end
+          end
+
+          def create_web_servers(name, attributes, network, security_groups, load_balancer)
+            if defined?(Pangea::Components) && respond_to?(:auto_scaling_web_servers)
+              subnets = network.respond_to?(:private_subnets) ? network.private_subnets : []
+              auto_scaling_web_servers(:"#{name}_web", {
+                subnet_refs: subnets,
+                target_group_ref: load_balancer.respond_to?(:target_group) ? load_balancer.target_group : nil,
+                min_size: attributes[:auto_scaling][:min], max_size: attributes[:auto_scaling][:max],
+                desired_capacity: attributes[:auto_scaling][:desired] || attributes[:auto_scaling][:min],
+                instance_type: attributes[:instance_type] || 't3.medium',
+                tags: architecture_tags(attributes)
+              })
+            else
+              create_web_servers_directly(name, attributes, network, security_groups, load_balancer)
+            end
+          end
+
+          def create_database(name, attributes, network, security_groups)
+            engine = attributes[:database_engine] || 'mysql'
+
+            if defined?(Pangea::Components)
+              component_method = engine == 'postgresql' ? :postgresql_database : :mysql_database
+              return create_database_directly(name, attributes, network, security_groups) unless respond_to?(component_method)
+
+              subnets = network.respond_to?(:private_subnets) ? network.private_subnets : []
+              vpc = network.respond_to?(:vpc) ? network.vpc : network
+
+              send(component_method, :"#{name}_db", {
+                subnet_refs: subnets, vpc_ref: vpc,
+                instance_class: attributes[:database_instance_class] || 'db.t3.micro',
+                allocated_storage: attributes[:database_allocated_storage] || 20,
+                storage_encrypted: attributes[:environment] == 'production',
+                backup_retention_days: attributes.dig(:backup, :retention_days) || (attributes[:environment] == 'production' ? 7 : 1),
+                multi_az: attributes[:high_availability] && attributes[:environment] == 'production',
+                tags: architecture_tags(attributes)
+              })
+            else
+              create_database_directly(name, attributes, network, security_groups)
+            end
+          end
+
+          def create_monitoring(name, attributes, components)
+            monitoring_resources = {}
+            monitoring_resources[:alarms] = create_cloudwatch_alarms(name, attributes, components) if attributes[:monitoring][:enable_alerting]
+            monitoring_resources[:dashboard] = create_cloudwatch_dashboard(name, attributes, components) if attributes[:monitoring][:detailed_monitoring]
+            monitoring_resources
+          end
+
+          def create_cache_component(name, attributes, network, security_groups)
+            if defined?(Pangea::Components) && respond_to?(:elasticache_redis)
+              subnets = network.respond_to?(:private_subnets) ? network.private_subnets : []
+              elasticache_redis(:"#{name}_cache", { subnet_refs: subnets, node_type: 'cache.t3.micro', num_cache_nodes: 1, port: 6379, tags: architecture_tags(attributes) })
+            else
+              create_cache_directly(name, attributes, network, security_groups)
+            end
+          end
+
+          def create_cdn_component(name, attributes, load_balancer)
+            if defined?(Pangea::Components) && respond_to?(:cloudfront_distribution)
+              cloudfront_distribution(:"#{name}_cdn", { origin_domain_name: load_balancer.respond_to?(:dns_name) ? load_balancer.dns_name : '', price_class: 'PriceClass_100', tags: architecture_tags(attributes) })
+            else
+              create_cdn_directly(name, attributes, load_balancer)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/pangea/architectures/aws/web_application_architecture/architecture/cost_estimation.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+# Copyright 2025 The Pangea Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Pangea
+  module Architectures
+    module WebApplicationArchitecture
+      class Architecture
+        # Cost estimation methods
+        module CostEstimation
+          def calculate_monthly_cost(components, _resources)
+            cost = 0.0
+            cost += 22.0 if components[:load_balancer]
+            cost += calculate_instance_costs(components[:web_servers])
+            cost += calculate_database_costs(components[:database])
+            cost += 15.0 if components[:cache]
+            cost += 10.0 if components[:cdn]
+            cost.round(2)
+          end
+
+          private
+
+          def calculate_instance_costs(web_servers)
+            return 0.0 unless web_servers&.[](:min_size)
+
+            instance_cost = estimate_instance_cost(web_servers[:instance_type] || 't3.medium')
+            instance_cost * web_servers[:min_size]
+          end
+
+          def calculate_database_costs(database)
+            return 0.0 unless database
+
+            estimate_database_cost(database[:instance_class] || 'db.t3.micro')
+          end
+
+          def estimate_instance_cost(instance_type)
+            case instance_type
+            when /t3\.micro/ then 8.5
+            when /t3\.small/ then 17.0
+            when /t3\.medium/ then 34.0
+            when /t3\.large/ then 67.0
+            when /c5\.large/ then 72.0
+            else 50.0
+            end
+          end
+
+          def estimate_database_cost(instance_class)
+            case instance_class
+            when /db\.t3\.micro/ then 16.0
+            when /db\.t3\.small/ then 32.0
+            when /db\.r5\.large/ then 180.0
+            else 80.0
+            end
+          end
+        end
+      end
+    end
+  end
+end