@anvil-cloud/sdk 0.0.12 → 0.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. package/aws/index.ts +14 -0
  2. package/aws/lambda.ts +8 -2
  3. package/aws/vpc.ts +159 -0
  4. package/aws/vpcEndpoint.ts +93 -0
  5. package/bin/aws/index.d.ts +6 -0
  6. package/bin/aws/index.js +9 -1
  7. package/bin/aws/index.js.map +1 -1
  8. package/bin/aws/lambda.d.ts +6 -2
  9. package/bin/aws/lambda.js +2 -0
  10. package/bin/aws/lambda.js.map +1 -1
  11. package/bin/aws/vpc.d.ts +98 -0
  12. package/bin/aws/vpc.js +94 -0
  13. package/bin/aws/vpc.js.map +1 -0
  14. package/bin/aws/vpcEndpoint.d.ts +49 -0
  15. package/bin/aws/vpcEndpoint.js +61 -0
  16. package/bin/aws/vpcEndpoint.js.map +1 -0
  17. package/bin/grants.d.ts +0 -10
  18. package/bin/grants.js +1 -10
  19. package/bin/grants.js.map +1 -1
  20. package/bin/package.json +1 -1
  21. package/bin/types/enums/aws/index.d.ts +76 -0
  22. package/bin/types/enums/aws/index.js +71 -1
  23. package/bin/types/enums/aws/index.js.map +1 -1
  24. package/bin/types/input.d.ts +88 -0
  25. package/grants.ts +1 -21
  26. package/package.json +1 -1
  27. package/tsconfig.json +2 -0
  28. package/types/enums/aws/index.ts +82 -0
  29. package/types/input.ts +95 -0
package/types/input.ts CHANGED
@@ -542,6 +542,54 @@ export namespace aws {
542
542
  lambda?: pulumi.Input<inputs.aws.LambdaOverridesArgs>;
543
543
  }
544
544
 
545
+ export interface LambdaVpcArgsArgs {
546
+ /**
547
+ * CIDR-scoped egress rules. One SG rule per port per CIDR. Use for peered VPCs or on-premise ranges.
548
+ */
549
+ cidrs?: pulumi.Input<pulumi.Input<inputs.aws.LambdaVpcCidrArgsArgs>[]>;
550
+ /**
551
+ * Only needed for imported VPCs with NAT. Omit when using an Anvil Vpc component.
552
+ */
553
+ hasNat?: pulumi.Input<boolean>;
554
+ /**
555
+ * The IDs of the private subnets to attach the Lambda to. Always private — Lambda must never be placed in public subnets.
556
+ */
557
+ privateSubnetIds: pulumi.Input<pulumi.Input<string>[]>;
558
+ /**
559
+ * VPC endpoints this Lambda needs access to. Anvil wires both SG rules automatically.
560
+ */
561
+ vpcEndpoints?: pulumi.Input<pulumi.Input<inputs.aws.LambdaVpcEndpointArgsArgs>[]>;
562
+ /**
563
+ * The ID of the VPC to place the Lambda in.
564
+ */
565
+ vpcId: pulumi.Input<string>;
566
+ }
567
+
568
+ export interface LambdaVpcCidrArgsArgs {
569
+ /**
570
+ * TCP ports to allow. Required — be explicit.
571
+ */
572
+ ports: pulumi.Input<pulumi.Input<number>[]>;
573
+ /**
574
+ * IPv4 CIDR block, e.g. 10.0.0.0/8
575
+ */
576
+ range: pulumi.Input<string>;
577
+ }
578
+
579
+ /**
580
+ * A VPC endpoint to grant this Lambda access to.
581
+ */
582
+ export interface LambdaVpcEndpointArgsArgs {
583
+ /**
584
+ * The endpoint's ID. Use ep.endpointId. Used for SG rule naming.
585
+ */
586
+ endpointId: pulumi.Input<string>;
587
+ /**
588
+ * The endpoint's security group ID. Use ep.securityGroupId.
589
+ */
590
+ securityGroupId: pulumi.Input<string>;
591
+ }
592
+
545
593
  export interface PABTransformArgs {
546
594
  /**
547
595
  * Whether Amazon S3 should block public ACLs for this bucket. Defaults to <span pulumi-lang-nodejs="`false`" pulumi-lang-dotnet="`False`" pulumi-lang-go="`false`" pulumi-lang-python="`false`" pulumi-lang-yaml="`false`" pulumi-lang-java="`false`">`false`</span>. Enabling this setting does not affect existing policies or ACLs. When set to <span pulumi-lang-nodejs="`true`" pulumi-lang-dotnet="`True`" pulumi-lang-go="`true`" pulumi-lang-python="`true`" pulumi-lang-yaml="`true`" pulumi-lang-java="`true`">`true`</span> causes the following behavior:
@@ -577,6 +625,53 @@ export namespace aws {
577
625
  */
578
626
  skipDestroy?: pulumi.Input<boolean>;
579
627
  }
628
+
629
+ export interface VpcBastionArgsArgs {
630
+ /**
631
+ * Source IP CIDRs allowed to initiate SSM sessions via IAM policy condition. Omit to allow any authenticated IAM principal. Example: ['203.0.113.0/32'] to restrict to your office IP.
632
+ */
633
+ allowedCidrs?: pulumi.Input<pulumi.Input<string>[]>;
634
+ /**
635
+ * EC2 instance type for the bastion host. Default: 't4g.nano' — the bastion is purely a jump box with minimal resource requirements.
636
+ */
637
+ instanceType?: pulumi.Input<string>;
638
+ }
639
+
640
+ export interface VpcCloudWatchFlowLogArgsArgs {
641
+ /**
642
+ * Number of days to retain flow log data in CloudWatch Logs. Common values: 7, 14, 30, 90.
643
+ */
644
+ retention: pulumi.Input<number>;
645
+ }
646
+
647
+ export interface VpcFlowLogsArgsArgs {
648
+ /**
649
+ * Enable flow log delivery to a CloudWatch Log Group. Use for fast querying with CloudWatch Logs Insights and active debugging of connection issues.
650
+ */
651
+ cloudwatch?: pulumi.Input<inputs.aws.VpcCloudWatchFlowLogArgsArgs>;
652
+ /**
653
+ * Enable flow log delivery to a dedicated S3 bucket with auto-tiered lifecycle policy. Use for compliance retention and audit evidence.
654
+ */
655
+ s3?: pulumi.Input<inputs.aws.VpcS3FlowLogArgsArgs>;
656
+ }
657
+
658
+ export interface VpcNatArgsArgs {
659
+ /**
660
+ * EC2 instance type for the fck-nat instance. Only applies when natType is 'fck-nat'. Default: 't4g.small'.
661
+ */
662
+ instanceType?: pulumi.Input<string>;
663
+ /**
664
+ * Type of NAT to provision. 'gateway' provisions one AWS managed NAT Gateway per AZ. 'fck-nat' provisions a single fck-nat EC2 instance shared across all AZs.
665
+ */
666
+ natType: pulumi.Input<enums.aws.VpcNatType>;
667
+ }
668
+
669
+ export interface VpcS3FlowLogArgsArgs {
670
+ /**
671
+ * Storage tiering policy for flow log retention.
672
+ */
673
+ lifecycle: pulumi.Input<enums.aws.S3FlowLogLifecycle>;
674
+ }
580
675
  }
581
676
 
582
677
  export namespace gcp {