@awsless/awsless 0.0.15 → 0.0.16

package/dist/bin.js

@@ -57,7 +57,7 @@ var flushDebug = () => {
 // src/util/param.ts
 import { DeleteParameterCommand, GetParameterCommand, GetParametersByPathCommand, ParameterType, PutParameterCommand, SSMClient } from "@aws-sdk/client-ssm";
 var configParameterPrefix = (config) => {
-  return `/awsless/${config.name}/${config.stage}`;
+  return `/.awsless/${config.name}`;
 };
 var Params = class {
   constructor(config) {
@@ -138,8 +138,18 @@ var Params = class {
   }
 };
 
+// src/formation/asset.ts
+import { paramCase } from "change-case";
+var Asset = class {
+  constructor(type, id) {
+    this.type = type;
+    this.id = paramCase(id);
+  }
+  id;
+};
+
 // src/formation/util.ts
-import { paramCase, pascalCase } from "change-case";
+import { paramCase as paramCase2, pascalCase } from "change-case";
 var ref = (logicalId) => {
   return { Ref: logicalId };
 };
@@ -156,10 +166,10 @@ var importValue = (name) => {
   return { "Fn::ImportValue": name };
 };
 var formatLogicalId = (id) => {
-  return pascalCase(id);
+  return pascalCase(id).replaceAll("_", "");
 };
 var formatName = (name) => {
-  return paramCase(name);
+  return paramCase2(name);
 };
 
 // src/formation/resource.ts
@@ -295,11 +305,11 @@ var Function = class extends Resource {
     });
     role.addInlinePolicy(policy);
     role.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName("AWSLambdaBasicExecutionRole"));
-    super("AWS::Lambda::Function", logicalId, [
-      role,
-      props.code
-    ]);
+    super("AWS::Lambda::Function", logicalId, [role]);
     this.props = props;
+    if (props.code instanceof Asset) {
+      this.children.push(props.code);
+    }
     this.dependsOn(role);
     this.role = role;
     this.policy = policy;
@@ -352,16 +362,6 @@ var Function = class extends Resource {
   }
 };
 
-// src/formation/asset.ts
-import { paramCase as paramCase2 } from "change-case";
-var Asset = class {
-  constructor(type, id) {
-    this.type = type;
-    this.id = paramCase2(id);
-  }
-  id;
-};
-
 // src/formation/stack.ts
 var Stack = class {
   constructor(name, region) {
@@ -386,10 +386,16 @@ var Stack = class {
     return this;
   }
   export(name, value) {
-    name = formatName(name);
-    this.exports.set(name, value);
+    this.exports.set(formatName(name), value);
     return this;
   }
+  get(name) {
+    name = formatName(name);
+    if (!this.exports.has(name)) {
+      throw new Error(`Undefined export value: ${name}`);
+    }
+    return this.exports.get(name);
+  }
   import(name) {
     name = formatName(name);
     if (!this.exports.has(name)) {
@@ -797,55 +803,24 @@ var zipFiles = (files) => {
 };
 
 // src/formation/resource/lambda/code.ts
-import { createHash as createHash2 } from "crypto";
 var Code = class {
   static fromFile(id, file, bundler) {
     return new FileCode(id, file, bundler);
   }
-  static fromInline(id, code, handler) {
-    return new InlineCode(id, code, handler);
+  static fromInline(code, handler) {
+    return new InlineCode(code, handler);
   }
 };
-var InlineCode = class extends Asset {
-  constructor(id, code, handler = "index.default") {
-    super("function", id);
+var InlineCode = class {
+  constructor(code, handler = "index.default") {
     this.code = code;
     this.handler = handler;
   }
-  hash;
-  bundle;
-  s3;
-  async build({ write }) {
-    const hash = createHash2("sha1").update(this.code).digest("hex");
-    const bundle = await zipFiles([{
-      name: "index.js",
-      code: this.code
-    }]);
-    await Promise.all([
-      write("HASH", hash),
-      write("bundle.zip", bundle),
-      write("files/inline.js", this.code)
-    ]);
-    this.bundle = bundle;
-    this.hash = hash;
-    return {
-      size: formatByteSize(bundle.byteLength)
-    };
-  }
-  async publish({ publish }) {
-    this.s3 = await publish(
-      `${this.id}.zip`,
-      this.bundle,
-      this.hash
-    );
-  }
   toCodeJson() {
     return {
       Handler: this.handler,
       Code: {
-        S3Bucket: this.s3.bucket,
-        S3Key: this.s3.key,
-        S3ObjectVersion: this.s3.version
+        ZipFile: this.code
       }
     };
   }
@@ -896,6 +871,44 @@ var FileCode = class extends Asset {
   }
 };
 
+// src/formation/resource/lambda/event-invoke-config.ts
+var EventInvokeConfig = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::Lambda::EventInvokeConfig", logicalId);
+    this.props = props;
+  }
+  setOnFailure(arn) {
+    this.props.onFailure = arn;
+    return this;
+  }
+  setOnSuccess(arn) {
+    this.props.onSuccess = arn;
+    return this;
+  }
+  properties() {
+    return {
+      FunctionName: this.props.functionName,
+      Qualifier: this.props.qualifier || "$LATEST",
+      ...this.attr("MaximumEventAgeInSeconds", this.props.maxEventAge?.toSeconds()),
+      ...this.attr("MaximumRetryAttempts", this.props.retryAttempts),
+      ...this.props.onFailure || this.props.onSuccess ? {
+        DestinationConfig: {
+          ...this.props.onFailure ? {
+            OnFailure: {
+              Destination: this.props.onFailure
+            }
+          } : {},
+          ...this.props.onSuccess ? {
+            OnSuccess: {
+              Destination: this.props.onSuccess
+            }
+          } : {}
+        }
+      } : {}
+    };
+  }
+};
+
 // src/plugins/function.ts
 var MemorySizeSchema = SizeSchema.refine(sizeMin(Size.megaBytes(128)), "Minimum memory size is 128 MB").refine(sizeMax(Size.gigaBytes(10)), "Minimum memory size is 10 GB");
 var TimeoutSchema = DurationSchema.refine(durationMin(Duration.seconds(10)), "Minimum timeout duration is 10 seconds").refine(durationMax(Duration.minutes(15)), "Maximum timeout duration is 15 minutes");
@@ -910,29 +923,104 @@ var RuntimeSchema = z6.enum([
 var FunctionSchema = z6.union([
   LocalFileSchema,
   z6.object({
+    /** The file path ofthe function code. */
     file: LocalFileSchema,
+    /** The amount of time that Lambda allows a function to run before stopping it.
+     * You can specify a size value from 1 second to 15 minutes.
+     * @default '10 seconds'
+     */
     timeout: TimeoutSchema.optional(),
+    /** The identifier of the function's runtime.
+     * @default 'nodejs18.x'
+     */
     runtime: RuntimeSchema.optional(),
+    /** The amount of memory available to the function at runtime.
+     * Increasing the function memory also increases its CPU allocation.
+     * The value can be any multiple of 1 MB.
+     * You can specify a size value from 128 MB to 10 GB.
+     * @default '128 MB'
+     */
     memorySize: MemorySizeSchema.optional(),
+    /** The instruction set architecture that the function supports.
+     * @default 'arm64'
+     */
     architecture: ArchitectureSchema.optional(),
+    /** The size of the function's /tmp directory.
+     * You can specify a size value from 512 MB to 10 GB.
+     * @default 512 MB
+    */
     ephemeralStorageSize: EphemeralStorageSizeSchema.optional(),
+    /** The maximum number of times to retry when the function returns an error.
+     * You can specify a number from 0 to 2.
+     * @default 2
+    */
     retryAttempts: RetryAttemptsSchema.optional(),
+    /** Environment variable key-value pairs.
+     * @example
+     * {
+     *   environment: {
+     *     name: 'value'
+     *   }
+     * }
+     */
     environment: EnvironmentSchema.optional()
+    // onFailure: ResourceIdSchema.optional(),
   })
 ]);
 var schema = z6.object({
   defaults: z6.object({
     function: z6.object({
+      /** The amount of time that Lambda allows a function to run before stopping it.
+       * You can specify a size value from 1 second to 15 minutes.
+       * @default '10 seconds'
+       */
       timeout: TimeoutSchema.default("10 seconds"),
+      /** The identifier of the function's runtime.
+       * @default 'nodejs18.x'
+       */
       runtime: RuntimeSchema.default("nodejs18.x"),
+      /** The amount of memory available to the function at runtime.
+       * Increasing the function memory also increases its CPU allocation.
+       * The value can be any multiple of 1 MB.
+       * You can specify a size value from 128 MB to 10 GB.
+       * @default '128 MB'
+       */
       memorySize: MemorySizeSchema.default("128 MB"),
+      /** The instruction set architecture that the function supports.
+       * @default 'arm64'
+       */
       architecture: ArchitectureSchema.default("arm64"),
+      /** The size of the function's /tmp directory.
+       * You can specify a size value from 512 MB to 10 GB.
+       * @default 512 MB
+      */
       ephemeralStorageSize: EphemeralStorageSizeSchema.default("512 MB"),
+      /** The maximum number of times to retry when the function returns an error.
+       * You can specify a number from 0 to 2.
+       * @default 2
+      */
       retryAttempts: RetryAttemptsSchema.default(2),
+      /** Environment variable key-value pairs.
+       * @example
+       * {
+       *   environment: {
+       *     name: 'value'
+       *   }
+       * }
+       */
       environment: EnvironmentSchema.optional()
+      // onFailure: ResourceIdSchema.optional(),
     }).default({})
   }).default({}),
   stacks: z6.object({
+    /** Define the functions in your stack.
+     * @example
+     * {
+     *   functions: {
+     *     FUNCTION_NAME: 'function.ts'
+     *   }
+     * }
+     */
     functions: z6.record(
       ResourceIdSchema,
       FunctionSchema
@@ -958,12 +1046,15 @@ var toLambdaFunction = (ctx, id, fileOrProps) => {
     code: Code.fromFile(id, props.file),
     ...props
   });
-  lambda.addEnvironment("APP", config.name);
-  lambda.addEnvironment("STAGE", config.stage);
-  lambda.addEnvironment("STACK", stack.name);
+  lambda.addEnvironment("APP", config.name).addEnvironment("STAGE", config.stage).addEnvironment("STACK", stack.name);
   if (props.runtime.startsWith("nodejs")) {
     lambda.addEnvironment("AWS_NODEJS_CONNECTION_REUSE_ENABLED", "1");
   }
+  const invoke = new EventInvokeConfig(id, {
+    functionName: lambda.name,
+    retryAttempts: props.retryAttempts
+  }).dependsOn(lambda);
+  ctx.stack.add(invoke);
   return lambda;
 };
 
@@ -1041,9 +1132,26 @@ var cronPlugin = definePlugin({
   name: "cron",
   schema: z7.object({
     stacks: z7.object({
+      /** Define the crons in your stack
+       * @example
+       * {
+       *   crons: {
+       *     CRON_NAME: {
+       *       consumer: 'function.ts',
+       *       schedule: 'rate(5 minutes)',
+       *     }
+       *   }
+       * }
+       * */
       crons: z7.record(ResourceIdSchema, z7.object({
+        /** The consuming lambda function properties */
         consumer: FunctionSchema,
+        /** The scheduling expression.
+         * @example 'cron(0 20 * * ? *)'
+         * @example 'rate(5 minutes)'
+         */
         schedule: ScheduleExpressionSchema,
+        // Valid JSON passed to the consumer.
         payload: z7.unknown().optional()
       })).optional()
     }).array()
@@ -1072,6 +1180,10 @@ var Queue = class extends Resource {
     this.name = formatName(this.props.name || logicalId);
   }
   name;
+  setDeadLetter(arn) {
+    this.props.deadLetterArn = arn;
+    return this;
+  }
   get arn() {
     return getAtt(this.logicalId, "Arn");
   }
@@ -1096,7 +1208,12 @@ var Queue = class extends Resource {
       MaximumMessageSize: this.props.maxMessageSize?.toBytes() ?? Size.kiloBytes(256).toBytes(),
       MessageRetentionPeriod: this.props.retentionPeriod?.toSeconds() ?? Duration.days(4).toSeconds(),
       ReceiveMessageWaitTimeSeconds: this.props.receiveMessageWaitTime?.toSeconds() ?? 0,
-      VisibilityTimeout: this.props.visibilityTimeout?.toSeconds() ?? 30
+      VisibilityTimeout: this.props.visibilityTimeout?.toSeconds() ?? 30,
+      ...this.props.deadLetterArn ? {
+        RedrivePolicy: {
+          deadLetterTargetArn: this.props.deadLetterArn
+        }
+      } : {}
     };
   }
 };
@@ -1108,6 +1225,10 @@ var EventSourceMapping = class extends Resource {
     super("AWS::Lambda::EventSourceMapping", logicalId);
     this.props = props;
   }
+  setOnFailure(arn) {
+    this.props.onFailure = arn;
+    return this;
+  }
   properties() {
     return {
       Enabled: true,
@@ -1166,7 +1287,7 @@ var queuePlugin = definePlugin({
   name: "queue",
   schema: z8.object({
     defaults: z8.object({
-      /** Define the defaults properties for all queue's in your app */
+      /** Define the defaults properties for all queue's in your app. */
       queue: z8.object({
         /** The number of seconds that Amazon SQS retains a message.
          * You can specify a duration value from 1 minute to 14 days.
@@ -1195,20 +1316,20 @@ var queuePlugin = definePlugin({
       }).default({})
     }).default({}),
     stacks: z8.object({
-      /** Define the queues in your stack
+      /** Define the queues in your stack.
        * @example
        * {
        *   queues: {
        *     QUEUE_NAME: 'function.ts'
        *   }
        * }
-       * */
+       */
       queues: z8.record(
         ResourceIdSchema,
         z8.union([
           LocalFileSchema,
           z8.object({
-            /** The consuming lambda function properties */
+            /** The consuming lambda function properties. */
             consumer: FunctionSchema,
             /** The number of seconds that Amazon SQS retains a message.
              * You can specify a duration value from 1 minute to 14 days.
@@ -1226,7 +1347,6 @@ var queuePlugin = definePlugin({
             /** Specifies the duration, in seconds,
              * that the ReceiveMessage action call waits until a message is in the queue in order to include it in the response,
              * rather than returning an empty response if a message isn't yet available.
-             * You can specify an integer from 1 to 20.
              * You can specify a duration value from 1 to 20 seconds.
              * @default '0 seconds' */
             receiveMessageWaitTime: DurationSchema.optional(),
@@ -1247,7 +1367,7 @@ var queuePlugin = definePlugin({
         name: `${config.name}-${stack.name}-${id}`,
         ...props
       });
-      const lambda = toLambdaFunction(ctx, id, props.consumer);
+      const lambda = toLambdaFunction(ctx, `queue-${id}`, props.consumer);
       const source = new SqsEventSource(id, lambda, {
         queueArn: queue2.arn
       });
@@ -1273,12 +1393,21 @@ var Table = class extends Resource {
   }
   name;
   indexes;
+  enableStream(viewType) {
+    this.props.stream = viewType;
+  }
   addIndex(name, props) {
     this.indexes[name] = props;
   }
-  get arn() {
+  get id() {
     return ref(this.logicalId);
   }
+  get arn() {
+    return getAtt(this.logicalId, "Arn");
+  }
+  get streamArn() {
+    return getAtt(this.logicalId, "StreamArn");
+  }
   get permissions() {
     return {
       actions: [
@@ -1312,6 +1441,11 @@ var Table = class extends Resource {
         AttributeName: name,
         AttributeType: type[0].toUpperCase()
       })),
+      ...this.props.stream ? {
+        StreamSpecification: {
+          StreamViewType: constantCase2(this.props.stream)
+        }
+      } : {},
       ...this.props.timeToLiveAttribute ? {
         TimeToLiveSpecification: {
           AttributeName: this.props.timeToLiveAttribute,
@@ -1334,13 +1468,42 @@ var Table = class extends Resource {
   }
 };
 
+// src/formation/resource/lambda/event-source/dynamodb.ts
+var DynamoDBEventSource = class extends Group {
+  constructor(id, lambda, props) {
+    const source = new EventSourceMapping(id, {
+      functionArn: lambda.arn,
+      sourceArn: props.tableArn,
+      batchSize: props.batchSize ?? 100,
+      bisectBatchOnError: props.bisectBatchOnError ?? true,
+      maxBatchingWindow: props.maxBatchingWindow,
+      maxRecordAge: props.maxRecordAge,
+      retryAttempts: props.retryAttempts ?? -1,
+      parallelizationFactor: props.parallelizationFactor ?? 1,
+      startingPosition: props.startingPosition,
+      startingPositionTimestamp: props.startingPositionTimestamp,
+      tumblingWindow: props.tumblingWindow
+    });
+    lambda.addPermissions({
+      actions: [
+        "dynamodb:ListStreams",
+        "dynamodb:DescribeStream",
+        "dynamodb:GetRecords",
+        "dynamodb:GetShardIterator"
+      ],
+      resources: [props.tableArn]
+    });
+    super([source]);
+  }
+};
+
 // src/plugins/table.ts
 var KeySchema = z9.string().min(1).max(255);
 var tablePlugin = definePlugin({
   name: "table",
   schema: z9.object({
     stacks: z9.object({
-      /** Define the tables in your stack
+      /** Define the tables in your stack.
        * @example
        * {
        *   tables: {
@@ -1367,20 +1530,34 @@ var tablePlugin = definePlugin({
            *     id: 'string'
            *   }
            * }
-          */
+           */
           fields: z9.record(z9.string(), z9.enum(["string", "number", "binary"])),
           /** The table class of the table.
            * @default 'standard'
-          */
+           */
           class: z9.enum(["standard", "standard-infrequent-access"]).default("standard"),
           /** Indicates whether point in time recovery is enabled on the table.
            * @default false
-          */
+           */
           pointInTimeRecovery: z9.boolean().default(false),
           /** The name of the TTL attribute used to store the expiration time for items in the table.
            * - To update this property, you must first disable TTL and then enable TTL with the new attribute name.
-          */
+           */
           timeToLiveAttribute: KeySchema.optional(),
+          /** The settings for the DynamoDB table stream, which capture changes to items stored in the table. */
+          stream: z9.object({
+            /** When an item in the table is modified,
+             * stream.type determines what information is written to the stream for this table.
+             * Valid values are:
+             * - keys-only - Only the key attributes of the modified item are written to the stream.
+             * - new-image - The entire item, as it appears after it was modified, is written to the stream.
+             * - old-image - The entire item, as it appeared before it was modified, is written to the stream.
+             * - new-and-old-images - Both the new and the old item images of the item are written to the stream.
+             */
+            type: z9.enum(["keys-only", "new-image", "old-image", "new-and-old-images"]),
+            /** The consuming lambda function for the stream */
+            consumer: FunctionSchema
+          }).optional(),
           /** Specifies the global secondary indexes to be created on the table.
            * @example
            * {
@@ -1390,7 +1567,7 @@ var tablePlugin = definePlugin({
            *     }
            *   }
            * }
-          */
+           */
           indexes: z9.record(z9.string(), z9.object({
             /** Specifies the name of the partition / hash key that makes up the primary key for the global secondary index. */
             hash: KeySchema,
@@ -1418,13 +1595,23 @@ var tablePlugin = definePlugin({
       ).optional()
     }).array()
   }),
-  onStack({ config, stack, stackConfig, bind }) {
+  onStack(ctx) {
+    const { config, stack, stackConfig, bind } = ctx;
     for (const [id, props] of Object.entries(stackConfig.tables || {})) {
       const table = new Table(id, {
+        ...props,
         name: `${config.name}-${stack.name}-${id}`,
-        ...props
+        stream: props.stream?.type
       });
       stack.add(table);
+      if (props.stream) {
+        const lambda = toLambdaFunction(ctx, `stream-${id}`, props.stream.consumer);
+        const source = new DynamoDBEventSource(id, lambda, {
+          tableArn: table.arn,
+          ...props.stream
+        });
+        stack.add(lambda, source);
+      }
       bind((lambda) => {
         lambda.addPermissions(table.permissions);
       });
@@ -1479,12 +1666,12 @@ var storePlugin = definePlugin({
   name: "store",
   schema: z10.object({
     stacks: z10.object({
-      /** Define the stores in your stack
+      /** Define the stores in your stack.
        * @example
        * {
        *   stores: [ 'STORE_NAME' ]
        * }
-       * */
+       */
       stores: z10.array(ResourceIdSchema).optional()
     }).array()
   }),
@@ -1568,14 +1755,14 @@ var topicPlugin = definePlugin({
   name: "topic",
   schema: z11.object({
     stacks: z11.object({
-      /** Define the topics to listen too in your stack
+      /** Define the topics to listen too in your stack.
        * @example
        * {
        *   topics: {
        *     TOPIC_NAME: 'function.ts'
        *   }
        * }
-       * */
+       */
       topics: z11.record(ResourceIdSchema, FunctionSchema).optional()
     }).array()
   }),
@@ -1605,7 +1792,7 @@ var topicPlugin = definePlugin({
   onStack(ctx) {
     const { stack, stackConfig, bootstrap: bootstrap2 } = ctx;
     for (const [id, props] of Object.entries(stackConfig.topics || {})) {
-      const lambda = toLambdaFunction(ctx, id, props);
+      const lambda = toLambdaFunction(ctx, `topic-${id}`, props);
       const source = new SnsEventSource(id, lambda, {
         topicArn: bootstrap2.import(`topic-${id}-arn`)
       });
@@ -1619,10 +1806,10 @@ import { z as z12 } from "zod";
 var extendPlugin = definePlugin({
   name: "extend",
   schema: z12.object({
-    /** Extend your app with custom resources */
+    /** Extend your app with custom resources. */
     extend: z12.custom().optional(),
     stacks: z12.object({
-      /** Extend your stack with custom resources */
+      /** Extend your stack with custom resources. */
       extend: z12.custom().optional()
     }).array()
   }),
@@ -1688,7 +1875,7 @@ var pubsubPlugin = definePlugin({
   name: "pubsub",
   schema: z13.object({
     stacks: z13.object({
-      /** Define the pubsub subscriber in your stack
+      /** Define the pubsub subscriber in your stack.
        * @example
        * {
        *   pubsub: {
@@ -1700,11 +1887,11 @@ var pubsubPlugin = definePlugin({
        * }
        */
       pubsub: z13.record(ResourceIdSchema, z13.object({
-        /** The SQL statement used to query the iot topic */
+        /** The SQL statement used to query the iot topic. */
         sql: z13.string(),
-        /** The version of the SQL rules engine to use when evaluating the rule */
+        /** The version of the SQL rules engine to use when evaluating the rule. */
         sqlVersion: z13.enum(["2015-10-08", "2016-03-23", "beta"]).default("2016-03-23"),
-        /** The consuming lambda function properties */
+        /** The consuming lambda function properties. */
         consumer: FunctionSchema
       })).optional()
     }).array()
@@ -1720,7 +1907,7 @@ var pubsubPlugin = definePlugin({
   onStack(ctx) {
     const { config, stack, stackConfig } = ctx;
     for (const [id, props] of Object.entries(stackConfig.pubsub || {})) {
-      const lambda = toLambdaFunction(ctx, id, props.consumer);
+      const lambda = toLambdaFunction(ctx, `pubsub-${id}`, props.consumer);
       const source = new IotEventSource(id, lambda, {
         name: `${config.name}-${stack.name}-${id}`,
         sql: props.sql,
@@ -1747,34 +1934,6 @@ import { paramCase as paramCase3 } from "change-case";
 
 // src/formation/resource/appsync/graphql-api.ts
 import { constantCase as constantCase3 } from "change-case";
-var GraphQL = class extends Group {
-  constructor(logicalId, props) {
-    const api = new GraphQLApi(logicalId, props);
-    const schema2 = new GraphQLSchema(logicalId, {
-      apiId: api.id,
-      definition: props.schema
-    }).dependsOn(api);
-    super([api, schema2]);
-    this.logicalId = logicalId;
-    this.api = api;
-    this.schema = schema2;
-  }
-  api;
-  schema;
-  attachDomainName(domainName, certificateArn) {
-    const id = this.logicalId + domainName;
-    const domain = new DomainName(id, {
-      domainName,
-      certificateArn
-    });
-    const association = new DomainNameApiAssociation(id, {
-      apiId: this.api.id,
-      domainName
-    }).dependsOn(this.api, domain);
-    this.children.push(domain, association);
-    return this;
-  }
-};
 var GraphQLApi = class extends Resource {
   constructor(logicalId, props) {
     super("AWS::AppSync::GraphQLApi", logicalId);
@@ -1816,44 +1975,6 @@ var GraphQLApi = class extends Resource {
     };
   }
 };
-var GraphQLSchema = class extends Resource {
-  constructor(logicalId, props) {
-    super("AWS::AppSync::GraphQLSchema", logicalId, [
-      props.definition
-    ]);
-    this.props = props;
-  }
-  properties() {
-    return {
-      ApiId: this.props.apiId,
-      Definition: this.props.definition.toDefinition()
-    };
-  }
-};
-var DomainName = class extends Resource {
-  constructor(logicalId, props) {
-    super("AWS::AppSync::DomainName", logicalId);
-    this.props = props;
-  }
-  properties() {
-    return {
-      DomainName: this.props.domainName,
-      CertificateArn: this.props.certificateArn
-    };
-  }
-};
-var DomainNameApiAssociation = class extends Resource {
-  constructor(logicalId, props) {
-    super("AWS::AppSync::DomainNameApiAssociation", logicalId);
-    this.props = props;
-  }
-  properties() {
-    return {
-      ApiId: this.props.apiId,
-      DomainName: this.props.domainName
-    };
-  }
-};
 
 // src/formation/resource/route53/record-set.ts
 var RecordSet = class extends Resource {
@@ -1874,19 +1995,33 @@ var RecordSet = class extends Resource {
       } : {},
       ...this.props.alias ? {
         AliasTarget: {
-          DNSName: this.props.alias,
-          HostedZoneId: this.props.hostedZoneId
+          DNSName: this.props.alias.dnsName,
+          HostedZoneId: this.props.alias.hostedZoneId
         }
       } : {}
     };
   }
 };
 
-// src/formation/resource/appsync/schema.ts
+// src/formation/resource/appsync/graphql-schema.ts
 import { print } from "graphql";
 import { readFile } from "fs/promises";
 import { mergeTypeDefs } from "@graphql-tools/merge";
-var Schema = class extends Asset {
+var GraphQLSchema = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::AppSync::GraphQLSchema", logicalId, [
+      props.definition
+    ]);
+    this.props = props;
+  }
+  properties() {
+    return {
+      ApiId: this.props.apiId,
+      Definition: this.props.definition.toString()
+    };
+  }
+};
+var Definition = class extends Asset {
   constructor(id, files) {
     super("graphql", id);
     this.files = files;
@@ -1899,10 +2034,14 @@ var Schema = class extends Asset {
     }));
     const defs = mergeTypeDefs(schemas);
     const schema2 = print(defs);
+    const size = Buffer.from(schema2, "utf8").byteLength;
     await write("schema.gql", schema2);
     this.schema = schema2;
+    return {
+      size: formatByteSize(size)
+    };
   }
-  toDefinition() {
+  toString() {
     return this.schema;
   }
 };
@@ -2082,6 +2221,41 @@ var AppsyncEventSource = class extends Group {
   }
 };
 
+// src/formation/resource/appsync/domain-name.ts
+var DomainName = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::AppSync::DomainName", logicalId);
+    this.props = props;
+  }
+  get appSyncDomainName() {
+    return getAtt(this.logicalId, "AppSyncDomainName");
+  }
+  get domainName() {
+    return getAtt(this.logicalId, "DomainName");
+  }
+  get hostedZoneId() {
+    return getAtt(this.logicalId, "HostedZoneId");
+  }
+  properties() {
+    return {
+      DomainName: this.props.domainName,
+      CertificateArn: this.props.certificateArn
+    };
+  }
+};
+var DomainNameApiAssociation = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::AppSync::DomainNameApiAssociation", logicalId);
+    this.props = props;
+  }
+  properties() {
+    return {
+      ApiId: this.props.apiId,
+      DomainName: this.props.domainName
+    };
+  }
+};
+
 // src/plugins/graphql.ts
 var defaultResolver = `
 export function request(ctx) {
@@ -2131,38 +2305,51 @@ var graphqlPlugin = definePlugin({
       }
     }
     for (const id of apis) {
-      const schema2 = [];
+      const schemaFiles = [];
       for (const stack of config.stacks) {
         const files = toArray(stack.graphql?.[id]?.schema || []);
-        schema2.push(...files);
+        schemaFiles.push(...files);
       }
-      const graphql = new GraphQL(id, {
+      const api = new GraphQLApi(id, {
         name: `${config.name}-${id}`,
-        authenticationType: "api-key",
-        schema: new Schema(id, schema2)
+        authenticationType: "api-key"
       });
-      bootstrap2.add(graphql).export(`graphql-${id}`, graphql.api.id);
+      const schema2 = new GraphQLSchema(id, {
+        apiId: api.id,
+        definition: new Definition(id, schemaFiles)
+      }).dependsOn(api);
+      bootstrap2.add(api).add(schema2).export(`graphql-${id}`, api.id);
       const props = config.defaults.graphql?.[id];
       if (!props) {
         continue;
       }
       if (props.authorization) {
         const lambda = toLambdaFunction(ctx, `${id}-authorizer`, props.authorization.authorizer);
-        graphql.api.addLambdaAuthProvider(lambda.arn, props.authorization.ttl);
+        api.addLambdaAuthProvider(lambda.arn, props.authorization.ttl);
         bootstrap2.add(lambda);
       }
       if (props.domain) {
         const domainName = props.subDomain ? `${props.subDomain}.${props.domain}` : props.domain;
-        const hostedZoneId = ref(`${props.domain}Route53HostedZone`);
+        const hostedZoneId = usEastBootstrap.import(`hosted-zone-${props.domain}-id`);
         const certificateArn = usEastBootstrap.import(`certificate-${props.domain}-arn`);
-        graphql.attachDomainName(domainName, certificateArn);
-        const record = new RecordSet(id, {
+        const domain = new DomainName(id, {
+          domainName,
+          certificateArn
+        });
+        const association = new DomainNameApiAssociation(id, {
+          apiId: api.id,
+          domainName: domain.domainName
+        }).dependsOn(api, domain);
+        const record = new RecordSet(`${id}-graphql`, {
           hostedZoneId,
           type: "A",
           name: domainName,
-          alias: graphql.api.dns
-        });
-        bootstrap2.add(record);
+          alias: {
+            dnsName: domain.appSyncDomainName,
+            hostedZoneId: domain.hostedZoneId
+          }
+        }).dependsOn(domain, association);
+        bootstrap2.add(domain, association, record);
       }
     }
   },
@@ -2173,7 +2360,7 @@ var graphqlPlugin = definePlugin({
       for (const [typeAndField, functionProps] of Object.entries(props.resolvers || {})) {
         const [typeName, fieldName] = typeAndField.split(/[\s]+/g);
         const entryId = paramCase3(`${id}-${typeName}-${fieldName}`);
-        const lambda = toLambdaFunction(ctx, entryId, functionProps);
+        const lambda = toLambdaFunction(ctx, `graphql-${entryId}`, functionProps);
         const source = new AppsyncEventSource(entryId, lambda, {
           apiId,
           typeName,
@@ -2209,7 +2396,7 @@ var HostedZone = class extends Resource {
 
 // src/formation/resource/certificate-manager/certificate.ts
 var Certificate = class extends Resource {
-  constructor(logicalId, props = {}) {
+  constructor(logicalId, props) {
     super("AWS::CertificateManager::Certificate", logicalId);
     this.props = props;
     this.name = this.props.domainName || logicalId;
@@ -2221,8 +2408,12 @@ var Certificate = class extends Resource {
   properties() {
     return {
       DomainName: this.name,
+      SubjectAlternativeNames: this.props.alternativeNames || [],
       ValidationMethod: "DNS",
-      SubjectAlternativeNames: this.props.alternativeNames || []
+      DomainValidationOptions: [{
+        DomainName: this.name,
+        HostedZoneId: this.props.hostedZoneId
+      }]
     };
   }
 };
@@ -2254,51 +2445,998 @@ var RecordSetGroup = class extends Resource {
   }
 };
 
-// src/plugins/domain.ts
-var DomainNameSchema = z15.string().regex(/[a-z\-\_\.]/g, "Invalid domain name");
-var domainPlugin = definePlugin({
-  name: "domain",
-  schema: z15.object({
-    domains: z15.record(DomainNameSchema, z15.object({
-      name: DomainNameSchema.optional(),
-      type: z15.enum(["A", "AAAA", "CAA", "CNAME", "DS", "MX", "NAPTR", "NS", "PTR", "SOA", "SPF", "SRV", "TXT"]),
-      ttl: DurationSchema,
-      records: z15.string().array()
-    }).array()).optional()
-  }),
-  onApp({ config, bootstrap: bootstrap2, usEastBootstrap }) {
-    for (const [domain, records] of Object.entries(config.domains || {})) {
-      const hostedZone = new HostedZone(domain);
-      const certificate = new Certificate(domain, {
-        alternativeNames: [`*.${domain}`]
-      });
-      bootstrap2.add(certificate);
-      usEastBootstrap.add(hostedZone).add(certificate).export(`certificate-${domain}-arn`, certificate.arn);
-      if (records.length > 0) {
-        const group = new RecordSetGroup(domain, {
-          hostedZoneId: hostedZone.id,
-          records
-        }).dependsOn(hostedZone);
-        usEastBootstrap.add(group);
-      }
-    }
-  }
-});
+// src/custom/delete-hosted-zone/handler.ts
+var deleteHostedZoneRecordsHandlerCode = (
+  /* JS */
+  `
 
-// src/plugins/index.ts
-var defaultPlugins = [
-  extendPlugin,
-  functionPlugin,
+const { Route53Client, ListResourceRecordSetsCommand, ChangeResourceRecordSetsCommand } = require('@aws-sdk/client-route-53')
+
+const client = new Route53Client({})
+
+exports.handler = async (event) => {
+	const type = event.RequestType
+	const hostedZoneId = event.ResourceProperties.hostedZoneId
+
+	try {
+		if(type === 'Delete') {
+			const records = await listHostedZoneRecords(hostedZoneId)
+			console.log(records)
+
+			await deleteHostedZoneRecords(hostedZoneId, records)
+		}
+
+		await send(event, hostedZoneId, 'SUCCESS')
+	}
+	catch(error) {
+		if (error instanceof Error) {
+			await send(event, hostedZoneId, 'FAILED', {}, error.message)
+		} else {
+			await send(event, hostedZoneId, 'FAILED', {}, 'Unknown error')
+		}
+	}
+}
+
+const send = async (event, id, status, data = {}, reason = '') => {
+	const body = JSON.stringify({
+		Status: status,
+		Reason: reason,
+		PhysicalResourceId: id,
+		StackId: event.StackId,
+		RequestId: event.RequestId,
+		LogicalResourceId: event.LogicalResourceId,
+		NoEcho: false,
+		Data: data
+	})
+
+	await fetch(event.ResponseURL, {
+		method: 'PUT',
+		port: 443,
+		body,
+		headers: {
+			'content-type': '',
+            'content-length': Buffer.from(body).byteLength,
+		},
+	})
+}
+
+const deleteHostedZoneRecords = async (hostedZoneId, records) => {
+	records = records.filter(record => ![ 'SOA', 'NS' ].includes(record.Type))
+	if(records.length === 0) {
+		return
+	}
+
+	const chunkSize = 100;
+	for (let i = 0; i < records.length; i += chunkSize) {
+		const chunk = records.slice(i, i + chunkSize);
+
+		await client.send(new ChangeResourceRecordSetsCommand({
+			HostedZoneId: hostedZoneId,
+			ChangeBatch: {
+				Changes: chunk.map(record => ({
+					Action: 'DELETE',
+					ResourceRecordSet: record
+				}))
+			}
+		}))
+	}
+}
+
+const listHostedZoneRecords = async (hostedZoneId) => {
+
+	const records = []
+	let token
+
+	while(true) {
+		const result = await client.send(new ListResourceRecordSetsCommand({
+			HostedZoneId: hostedZoneId,
+			NextRecordName: token
+		}))
+
+		if(result.ResourceRecordSets && result.ResourceRecordSets.length) {
+			records.push(...result.ResourceRecordSets)
+		}
+
+		if(result.NextRecordName) {
+			token = result.NextRecordName
+		} else {
+			return records
+		}
+	}
+}
+`
+);
+
+// src/formation/resource/cloud-formation/custom-resource.ts
+var CustomResource = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::CloudFormation::CustomResource", logicalId);
+    this.props = props;
+  }
+  getAtt(name) {
+    return getAtt(this.logicalId, name);
+  }
+  properties() {
+    return {
+      ServiceToken: this.props.serviceToken,
+      ...this.props.properties
+    };
+  }
+};
+
+// src/plugins/domain.ts
+var DomainNameSchema = z15.string().regex(/[a-z\-\_\.]/g, "Invalid domain name");
+var domainPlugin = definePlugin({
+  name: "domain",
+  schema: z15.object({
+    /** Define the domains for your application.
+     * @example
+     * {
+     *   domains: {
+     *     'example.com': [{
+     *       name: 'www',
+     *       type: 'TXT',
+     *       ttl: '60 seconds',
+     *       records: [ 'value' ]
+     *     }]
+     *   }
+     * }
+     */
+    domains: z15.record(DomainNameSchema, z15.object({
+      /** Enter a fully qualified domain name, for example, www.example.com.
+       * You can optionally include a trailing dot.
+       * If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified.
+       * This means that Route 53 treats www.example.com (without a trailing dot) and www.example.com. (with a trailing dot) as identical.
+       */
+      name: DomainNameSchema.optional(),
+      /** The DNS record type. */
+      type: z15.enum(["A", "AAAA", "CAA", "CNAME", "DS", "MX", "NAPTR", "NS", "PTR", "SOA", "SPF", "SRV", "TXT"]),
+      /** The resource record cache time to live (TTL) */
+      ttl: DurationSchema,
+      /** One or more values that correspond with the value that you specified for the Type property. */
+      records: z15.string().array()
+    }).array()).optional()
+  }),
+  onApp({ config, bootstrap: bootstrap2, usEastBootstrap }) {
+    const domains = Object.entries(config.domains || {});
+    if (domains.length === 0) {
+      return;
+    }
+    const lambda = new Function("delete-hosted-zone", {
+      name: `${config.name}-delete-hosted-zone`,
+      code: Code.fromInline(deleteHostedZoneRecordsHandlerCode, "index.handler")
+    });
+    lambda.addPermissions({
+      actions: [
+        "route53:ListResourceRecordSets",
+        "route53:ChangeResourceRecordSets"
+      ],
+      resources: ["*"]
+    });
+    usEastBootstrap.add(lambda);
+    for (const [domain, records] of domains) {
+      const hostedZone = new HostedZone(domain);
+      const usEastCertificate = new Certificate(domain, {
+        hostedZoneId: hostedZone.id,
+        alternativeNames: [`*.${domain}`]
+      });
+      const custom = new CustomResource(domain, {
+        serviceToken: lambda.arn,
+        properties: {
+          hostedZoneId: hostedZone.id
+        }
+      }).dependsOn(hostedZone);
+      usEastBootstrap.add(custom).add(hostedZone).add(usEastCertificate).export(`certificate-${domain}-arn`, usEastCertificate.arn).export(`hosted-zone-${domain}-id`, hostedZone.id);
+      const certificate = new Certificate(domain, {
+        hostedZoneId: usEastBootstrap.import(`hosted-zone-${domain}-id`),
+        alternativeNames: [`*.${domain}`]
+      });
+      bootstrap2.add(certificate).export(`certificate-${domain}-arn`, certificate.arn);
+      if (records.length > 0) {
+        const group = new RecordSetGroup(domain, {
+          hostedZoneId: hostedZone.id,
+          records
+        }).dependsOn(hostedZone);
+        usEastBootstrap.add(group);
+      }
+    }
+  }
+});
+
+// src/plugins/on-failure.ts
+import { z as z16 } from "zod";
+var hasOnFailure = (config) => {
+  const onFailure = config.stacks.find((stack) => {
+    return typeof stack.onFailure !== "undefined";
+  });
+  return !!onFailure;
+};
+var onFailurePlugin = definePlugin({
+  name: "on-failure",
+  schema: z16.object({
+    stacks: z16.object({
+      /** Defining a onFailure handler will add a global onFailure handler for the following resources:
+       * - Async lambda functions
+       * - SQS queues
+       * - DynamoDB streams
+       * @example
+       * {
+       *   onFailure: 'on-failure.ts'
+       * }
+       */
+      onFailure: FunctionSchema.optional()
+    }).array()
+  }),
+  onApp({ config, bootstrap: bootstrap2 }) {
+    if (!hasOnFailure(config)) {
+      return;
+    }
+    const queue2 = new Queue("on-failure", {
+      name: `${config.name}-failure`
+    });
+    bootstrap2.add(queue2).export("on-failure-queue-arn", queue2.arn);
+  },
+  onStack(ctx) {
+    const { stack, stackConfig, bootstrap: bootstrap2 } = ctx;
+    const onFailure = stackConfig.onFailure;
+    if (!onFailure) {
+      return;
+    }
+    const queueArn = bootstrap2.import("on-failure-queue-arn");
+    const lambda = toLambdaFunction(ctx, "on-failure", onFailure);
+    const source = new SqsEventSource("on-failure", lambda, {
+      queueArn
+    });
+    lambda.addPermissions({
+      actions: [
+        "sqs:SendMessage",
+        "sqs:ReceiveMessage",
+        "sqs:GetQueueUrl",
+        "sqs:GetQueueAttributes"
+      ],
+      resources: [queueArn]
+    });
+    stack.add(lambda, source);
+  },
+  onResource({ config, resource, bootstrap: bootstrap2 }) {
+    if (!hasOnFailure(config)) {
+      return;
+    }
+    const queueArn = bootstrap2.import("on-failure-queue-arn");
+    if (resource instanceof Queue) {
+      resource.setDeadLetter(queueArn);
+    }
+    if (resource instanceof EventInvokeConfig) {
+      resource.setOnFailure(queueArn);
+    }
+    if (resource instanceof EventSourceMapping) {
+      resource.setOnFailure(queueArn);
+    }
+  }
+});
+
+// src/formation/resource/ec2/vpc.ts
+var Vpc = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::EC2::VPC", logicalId);
+    this.props = props;
+  }
+  get id() {
+    return ref(this.logicalId);
+  }
+  properties() {
+    return {
+      CidrBlock: this.props.cidrBlock.ip
+    };
+  }
+};
+var RouteTable = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::EC2::RouteTable", logicalId);
+    this.props = props;
+    this.name = formatName(props.name || logicalId);
+  }
+  name;
+  get id() {
+    return ref(this.logicalId);
+  }
+  properties() {
+    return {
+      VpcId: this.props.vpcId,
+      Tags: [{
+        Key: "name",
+        Value: this.name
+      }]
+    };
+  }
+};
+var InternetGateway = class extends Resource {
+  constructor(logicalId) {
+    super("AWS::EC2::InternetGateway", logicalId);
+  }
+  get id() {
+    return ref(this.logicalId);
+  }
+  properties() {
+    return {};
+  }
+};
+var VPCGatewayAttachment = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::EC2::VPCGatewayAttachment", logicalId);
+    this.props = props;
+  }
+  get id() {
+    return ref(this.logicalId);
+  }
+  properties() {
+    return {
+      VpcId: this.props.vpcId,
+      InternetGatewayId: this.props.internetGatewayId
+    };
+  }
+};
+var Route = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::EC2::Route", logicalId);
+    this.props = props;
+  }
+  get id() {
+    return ref(this.logicalId);
+  }
+  properties() {
+    return {
+      GatewayId: this.props.gatewayId,
+      RouteTableId: this.props.routeTableId,
+      DestinationCidrBlock: this.props.destination.ip
+    };
+  }
+};
+var Subnet = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::EC2::Subnet", logicalId);
+    this.props = props;
+  }
+  get id() {
+    return ref(this.logicalId);
+  }
+  properties() {
+    return {
+      VpcId: this.props.vpcId,
+      CidrBlock: this.props.cidrBlock.ip,
+      AvailabilityZone: this.props.availabilityZone
+    };
+  }
+};
+var SubnetRouteTableAssociation = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::EC2::SubnetRouteTableAssociation", logicalId);
+    this.props = props;
+  }
+  get id() {
+    return ref(this.logicalId);
+  }
+  properties() {
+    return {
+      SubnetId: this.props.subnetId,
+      RouteTableId: this.props.routeTableId
+    };
+  }
+};
+
+// src/formation/resource/ec2/peer.ts
+var Peer = class {
+  constructor(ip, type) {
+    this.ip = ip;
+    this.type = type;
+  }
+  static ipv4(cidrIp) {
+    const cidrMatch = cidrIp.match(/^(\d{1,3}\.){3}\d{1,3}(\/\d+)?$/);
+    if (!cidrMatch) {
+      throw new Error(`Invalid IPv4 CIDR: "${cidrIp}"`);
+    }
+    if (!cidrMatch[2]) {
+      throw new Error(`CIDR mask is missing in IPv4: "${cidrIp}". Did you mean "${cidrIp}/32"?`);
+    }
+    return new Peer(cidrIp, "v4");
+  }
+  static anyIpv4() {
+    return new Peer("0.0.0.0/0", "v4");
+  }
+  static ipv6(cidrIpv6) {
+    const cidrMatch = cidrIpv6.match(/^([\da-f]{0,4}:){2,7}([\da-f]{0,4})?(\/\d+)?$/);
+    if (!cidrMatch) {
+      throw new Error(`Invalid IPv6 CIDR: "${cidrIpv6}"`);
+    }
+    if (!cidrMatch[3]) {
+      throw new Error(`CIDR mask is missing in IPv6: "${cidrIpv6}". Did you mean "${cidrIpv6}/128"?`);
+    }
+    return new Peer(cidrIpv6, "v6");
+  }
+  static anyIpv6() {
+    return new Peer("::/0", "v6");
+  }
+  toRuleJson() {
+    switch (this.type) {
+      case "v4":
+        return { CidrIp: this.ip };
+      case "v6":
+        return { CidrIpv6: this.ip };
+    }
+  }
+  toString() {
+    return this.ip;
+  }
+};
+
+// src/plugins/vpc.ts
+var vpcPlugin = definePlugin({
+  name: "vpc",
+  // schema: z.object({
+  // 	defaults: z.object({
+  // 		vpc: z.boolean().default(false),
+  // 	}).default({}),
+  // }),
+  onApp({ config, bootstrap: bootstrap2 }) {
+    const vpc = new Vpc("main", {
+      cidrBlock: Peer.ipv4("10.0.0.0/16")
+    });
+    const privateRouteTable = new RouteTable("private", {
+      vpcId: vpc.id,
+      name: "private"
+    }).dependsOn(vpc);
+    const publicRouteTable = new RouteTable("public", {
+      vpcId: vpc.id,
+      name: "public"
+    }).dependsOn(vpc);
+    const gateway = new InternetGateway("");
+    const attachment = new VPCGatewayAttachment("", {
+      vpcId: vpc.id,
+      internetGatewayId: gateway.id
+    }).dependsOn(vpc, gateway);
+    const route = new Route("", {
+      gatewayId: gateway.id,
+      routeTableId: publicRouteTable.id,
+      destination: Peer.anyIpv4()
+    }).dependsOn(gateway, publicRouteTable);
+    bootstrap2.export(`vpc-id`, vpc.id);
+    bootstrap2.add(
+      vpc,
+      privateRouteTable,
+      publicRouteTable,
+      gateway,
+      attachment,
+      route
+    );
+    const zones = ["a", "b"];
+    const tables = [privateRouteTable, publicRouteTable];
+    let block = 0;
+    for (const table of tables) {
+      for (const i in zones) {
+        const id = `${table.name}-${i}`;
+        const subnet = new Subnet(id, {
+          vpcId: vpc.id,
+          cidrBlock: Peer.ipv4(`10.0.${block++}.0/24`),
+          availabilityZone: config.region + zones[i]
+        }).dependsOn(vpc);
+        const association = new SubnetRouteTableAssociation(id, {
+          routeTableId: table.id,
+          subnetId: subnet.id
+        }).dependsOn(subnet, table);
+        bootstrap2.export(`${table.name}-subnet-${Number(i) + 1}`, subnet.id);
+        bootstrap2.add(
+          subnet,
+          association
+        );
+      }
+    }
+  }
+});
+
+// src/plugins/http.ts
+import { z as z17 } from "zod";
+
+// src/formation/resource/ec2/security-group.ts
+var SecurityGroup = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::EC2::SecurityGroup", logicalId);
+    this.props = props;
+  }
+  ingress = [];
+  egress = [];
+  get id() {
+    return ref(this.logicalId);
+  }
+  addIngressRule(peer, port, description) {
+    this.ingress.push({
+      peer,
+      port,
+      description
+    });
+    return this;
+  }
+  addEgressRule(peer, port, description) {
+    this.egress.push({
+      peer,
+      port,
+      description
+    });
+    return this;
+  }
+  properties() {
+    return {
+      VpcId: this.props.vpcId,
+      GroupName: this.logicalId,
+      GroupDescription: this.props.description,
+      SecurityGroupIngress: this.ingress.map((rule) => ({
+        Description: rule.description || "",
+        ...rule.port.toRuleJson(),
+        ...rule.peer.toRuleJson()
+      })),
+      SecurityGroupEgress: this.egress.map((rule) => ({
+        Description: rule.description || "",
+        ...rule.port.toRuleJson(),
+        ...rule.peer.toRuleJson()
+      }))
+    };
+  }
+};
+
+// src/formation/resource/ec2/port.ts
+var Port = class {
+  static tcp(port) {
+    return new Port({
+      protocol: "tcp" /* TCP */,
+      from: port,
+      to: port
+    });
+  }
+  static tcpRange(startPort, endPort) {
+    return new Port({
+      protocol: "tcp" /* TCP */,
+      from: startPort,
+      to: endPort
+    });
+  }
+  static allTcp() {
+    return new Port({
+      protocol: "tcp" /* TCP */,
+      from: 0,
+      to: 65535
+    });
+  }
+  static allTraffic() {
+    return new Port({
+      protocol: "-1" /* ALL */
+    });
+  }
+  protocol;
+  from;
+  to;
+  constructor(props) {
+    this.protocol = props.protocol;
+    this.from = props.from;
+    this.to = props.to;
+  }
+  toRuleJson() {
+    return {
+      IpProtocol: this.protocol,
+      FromPort: this.from,
+      ToPort: this.to
+    };
+  }
+};
+
+// src/formation/resource/elb/load-balancer.ts
+var LoadBalancer = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::ElasticLoadBalancingV2::LoadBalancer", logicalId);
+    this.props = props;
+    this.name = this.props.name || logicalId;
+  }
+  name;
+  get arn() {
+    return ref(this.logicalId);
+  }
+  get dnsName() {
+    return getAtt(this.logicalId, "DNSName");
+  }
+  get hostedZoneId() {
+    return getAtt(this.logicalId, "CanonicalHostedZoneID");
+  }
+  properties() {
+    return {
+      Name: this.name,
+      Type: this.props.type,
+      Scheme: this.props.schema || "internet-facing",
+      SecurityGroups: this.props.securityGroups,
+      Subnets: this.props.subnets
+    };
+  }
+};
+
+// src/formation/resource/elb/listener.ts
+import { constantCase as constantCase4 } from "change-case";
+var Listener = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::ElasticLoadBalancingV2::Listener", logicalId);
+    this.props = props;
+  }
+  get id() {
+    return ref(this.logicalId);
+  }
+  get arn() {
+    return getAtt(this.logicalId, "ListenerArn");
+  }
+  properties() {
+    return {
+      LoadBalancerArn: this.props.loadBalancerArn,
+      Port: this.props.port,
+      Protocol: constantCase4(this.props.protocol),
+      Certificates: this.props.certificates.map((arn) => ({
+        CertificateArn: arn
+      })),
+      ...this.attr("DefaultActions", this.props.defaultActions?.map((action) => action.toJSON()))
+    };
+  }
+};
+var ListenerAction = class {
+  constructor(props) {
+    this.props = props;
+  }
+  static fixedResponse(statusCode, props = {}) {
+    return new ListenerAction({
+      type: "fixed-response",
+      fixedResponse: {
+        statusCode,
+        ...props
+      }
+    });
+  }
+  static forward(targets) {
+    return new ListenerAction({
+      type: "forward",
+      forward: {
+        targetGroups: targets
+      }
+    });
+  }
+  toJSON() {
+    return {
+      // AuthenticateCognitoConfig: AuthenticateCognitoConfig,
+      // AuthenticateOidcConfig: AuthenticateOidcConfig,
+      // RedirectConfig: RedirectConfig,
+      Type: this.props.type,
+      // Order: Integer,
+      ...this.props.type === "fixed-response" ? {
+        FixedResponseConfig: {
+          StatusCode: this.props.fixedResponse.statusCode,
+          ...this.props.fixedResponse.contentType ? {
+            ContentType: this.props.fixedResponse.contentType
+          } : {},
+          ...this.props.fixedResponse.messageBody ? {
+            MessageBody: this.props.fixedResponse.messageBody
+          } : {}
+        }
+      } : {},
+      ...this.props.type === "forward" ? {
+        ForwardConfig: {
+          TargetGroups: this.props.forward.targetGroups.map((target) => ({
+            TargetGroupArn: target
+          }))
+        }
+      } : {}
+    };
+  }
+};
+
+// src/formation/resource/elb/listener-rule.ts
+var ListenerRule = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::ElasticLoadBalancingV2::ListenerRule", logicalId);
+    this.props = props;
+  }
+  get id() {
+    return ref(this.logicalId);
+  }
+  get arn() {
+    return getAtt(this.logicalId, "ListenerArn");
+  }
+  properties() {
+    return {
+      ListenerArn: this.props.listenerArn,
+      Priority: this.props.priority,
+      Conditions: this.props.conditions.map((condition) => condition.toJSON()),
+      Actions: this.props.actions.map((action) => action.toJSON())
+    };
+  }
+};
+var ListenerCondition = class {
+  constructor(props) {
+    this.props = props;
+  }
+  static httpRequestMethods(methods) {
+    return new ListenerCondition({
+      field: "http-request-method",
+      methods
+    });
+  }
+  static pathPatterns(paths) {
+    return new ListenerCondition({
+      field: "path-pattern",
+      paths
+    });
+  }
+  toJSON() {
+    return {
+      Field: this.props.field,
+      ...this.props.field === "http-request-method" ? {
+        HttpRequestMethodConfig: {
+          Values: this.props.methods
+        }
+      } : {},
+      ...this.props.field === "path-pattern" ? {
+        PathPatternConfig: {
+          Values: this.props.paths
+        }
+      } : {}
+    };
+  }
+};
+
+// src/formation/resource/elb/target-group.ts
+var TargetGroup = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::ElasticLoadBalancingV2::TargetGroup", logicalId);
+    this.props = props;
+    this.name = formatName(this.props.name || logicalId);
+  }
+  name;
+  get arn() {
+    return ref(this.logicalId);
+  }
+  get fullName() {
+    return getAtt(this.logicalId, "TargetGroupFullName");
+  }
+  properties() {
+    return {
+      Name: this.name,
+      TargetType: this.props.type,
+      Targets: this.props.targets.map((target) => ({
+        Id: target
+      }))
+    };
+  }
+};
+
+// src/formation/resource/lambda/event-source/elb.ts
+var ElbEventSource = class extends Group {
+  constructor(id, lambda, props) {
+    const name = formatName(id);
+    const permission = new Permission2(id, {
+      action: "lambda:InvokeFunction",
+      principal: "elasticloadbalancing.amazonaws.com",
+      functionArn: lambda.arn,
+      sourceArn: sub("arn:${AWS::Partition}:elasticloadbalancing:${AWS::Region}:${AWS::AccountId}:targetgroup/${name}/*", {
+        name
+      })
+    }).dependsOn(lambda);
+    const target = new TargetGroup(id, {
+      name,
+      type: "lambda",
+      targets: [lambda.arn]
+    }).dependsOn(lambda, permission);
+    const rule = new ListenerRule(id, {
+      listenerArn: props.listenerArn,
+      priority: props.priority,
+      conditions: props.conditions,
+      actions: [
+        ListenerAction.forward([target.arn])
+      ]
+    }).dependsOn(target);
+    super([target, rule, permission]);
+  }
+};
+
+// src/plugins/http.ts
+var RouteSchema = z17.custom((route) => {
+  return z17.string().regex(/^(POST|GET|PUT|DELETE|HEAD|OPTIONS)(\s\/[a-z0-9\+\_\-\/]*)$/ig).safeParse(route).success;
+}, "Invalid route");
+var parseRoute = (route) => {
+  const [method, ...paths] = route.split(" ");
+  const path = paths.join(" ");
+  return { method, path };
+};
+var strToInt = (str) => {
+  return parseInt(Buffer.from(str, "utf8").toString("hex"), 16);
+};
+var generatePriority = (stackName, route) => {
+  const start = strToInt(stackName) % 500 + 1;
+  const end = strToInt(route) % 100;
+  const priority = start + "" + end;
+  return parseInt(priority, 10);
+};
+var httpPlugin = definePlugin({
+  name: "http",
+  schema: z17.object({
+    defaults: z17.object({
+      /** Define your global http api's.
+       * @example
+       * {
+       *   http: {
+       *     HTTP_API_NAME: {
+       *       domain: 'example.com',
+       *       subDomain: 'api',
+       *     }
+       *   }
+       * }
+       */
+      http: z17.record(
+        ResourceIdSchema,
+        z17.object({
+          /** The domain to link your api with. */
+          domain: z17.string(),
+          subDomain: z17.string().optional()
+        })
+      ).optional()
+    }).default({}),
+    stacks: z17.object({
+      /** Define routes in your stack for your global http api.
+       * @example
+       * {
+       *   http: {
+       *     HTTP_API_NAME: {
+       *       'GET /': 'index.ts',
+       *       'POST /posts': 'create-post.ts',
+       *     }
+       *   }
+       * }
+       */
+      http: z17.record(
+        ResourceIdSchema,
+        z17.record(RouteSchema, FunctionSchema)
+      ).optional()
+    }).array()
+  }),
+  onApp({ config, bootstrap: bootstrap2, usEastBootstrap }) {
+    if (Object.keys(config.defaults?.http || {}).length === 0) {
+      return;
+    }
+    const vpcId = bootstrap2.get("vpc-id");
+    const securityGroup = new SecurityGroup("http", {
+      description: "http security group",
+      vpcId
+    });
+    securityGroup.addIngressRule(Peer.anyIpv4(), Port.tcp(443));
+    securityGroup.addIngressRule(Peer.anyIpv6(), Port.tcp(443));
+    bootstrap2.add(securityGroup);
+    for (const [id, props] of Object.entries(config.defaults?.http || {})) {
+      const loadBalancer = new LoadBalancer(id, {
+        name: `${config.name}-${id}`,
+        type: "application",
+        securityGroups: [securityGroup.id],
+        subnets: [
+          bootstrap2.get("public-subnet-1"),
+          bootstrap2.get("public-subnet-2")
+        ]
+      }).dependsOn(securityGroup);
+      const listener = new Listener(id, {
+        loadBalancerArn: loadBalancer.arn,
+        port: 443,
+        protocol: "https",
+        certificates: [
+          bootstrap2.get(`certificate-${props.domain}-arn`)
+        ],
+        defaultActions: [
+          ListenerAction.fixedResponse(404, {
+            contentType: "application/json",
+            messageBody: JSON.stringify({
+              message: "Route not found"
+            })
+          })
+        ]
+      }).dependsOn(loadBalancer);
+      const record = new RecordSet(`${id}-http`, {
+        hostedZoneId: usEastBootstrap.import(`hosted-zone-${props.domain}-id`),
+        name: props.subDomain ? `${props.subDomain}.${props.domain}` : props.domain,
+        type: "A",
+        alias: {
+          hostedZoneId: loadBalancer.hostedZoneId,
+          dnsName: loadBalancer.dnsName
+        }
+      }).dependsOn(loadBalancer);
+      bootstrap2.add(loadBalancer, listener, record).export(`http-${id}-listener-arn`, listener.arn);
+    }
+  },
+  onStack(ctx) {
+    const { stack, stackConfig, bootstrap: bootstrap2 } = ctx;
+    for (const [id, routes] of Object.entries(stackConfig.http || {})) {
+      for (const [route, props] of Object.entries(routes)) {
+        const { method, path } = parseRoute(route);
+        const lambda = toLambdaFunction(ctx, `http-${id}`, props);
+        const source = new ElbEventSource(`http-${id}-${route}`, lambda, {
+          listenerArn: bootstrap2.import(`http-${id}-listener-arn`),
+          priority: generatePriority(stackConfig.name, route),
+          conditions: [
+            ListenerCondition.httpRequestMethods([method]),
+            ListenerCondition.pathPatterns([path])
+          ]
+        });
+        stack.add(lambda, source);
+      }
+    }
+  }
+});
+
+// src/plugins/search.ts
+import { z as z18 } from "zod";
+
+// src/formation/resource/open-search-serverless/collection.ts
+var Collection = class extends Resource {
+  constructor(logicalId, props) {
+    super("AWS::OpenSearchServerless::Collection", logicalId);
+    this.props = props;
+    this.name = this.props.name || logicalId;
+  }
+  name;
+  get id() {
+    return ref(this.logicalId);
+  }
+  get arn() {
+    return getAtt(this.logicalId, "Arn");
+  }
+  get endpoint() {
+    return getAtt(this.logicalId, "CollectionEndpoint");
+  }
+  properties() {
+    return {
+      Name: this.name,
+      Type: this.props.type.toUpperCase(),
+      ...this.attr("Description", this.props.description)
+    };
+  }
+};
+
+// src/plugins/search.ts
+var searchPlugin = definePlugin({
+  name: "search",
+  schema: z18.object({
+    stacks: z18.object({
+      searchs: z18.array(ResourceIdSchema).optional()
+    }).array()
+  }),
+  onStack({ config, stack, stackConfig, bind }) {
+    for (const id of stackConfig.searchs || []) {
+      const collection = new Collection(id, {
+        name: `${config.name}-${stack.name}-${id}`,
+        type: "search"
+      });
+      bind((lambda) => {
+        lambda.addPermissions({
+          actions: ["aoss:APIAccessAll"],
+          resources: [collection.arn]
+        });
+      });
+    }
+  }
+});
+
+// src/plugins/index.ts
+var defaultPlugins = [
+  extendPlugin,
+  vpcPlugin,
+  functionPlugin,
   cronPlugin,
   queuePlugin,
   tablePlugin,
   storePlugin,
   topicPlugin,
   pubsubPlugin,
-  // searchPlugin,
+  searchPlugin,
   domainPlugin,
-  graphqlPlugin
-  // httpPlugin,
+  graphqlPlugin,
+  httpPlugin,
+  onFailurePlugin
 ];
 
 // src/formation/app.ts
@@ -2325,23 +3463,6 @@ var App = class {
   // }
 };
 
-// src/formation/resource/cloud-formation/custom-resource.ts
-var CustomResource = class extends Resource {
-  constructor(logicalId, props) {
-    super("AWS::CloudFormation::CustomResource", logicalId);
-    this.props = props;
-  }
-  getAtt(name) {
-    return getAtt(this.logicalId, name);
-  }
-  properties() {
-    return {
-      ServiceToken: this.props.serviceToken,
-      ...this.props.properties
-    };
-  }
-};
-
 // src/custom/global-export/handler.ts
 var globalExportsHandlerCode = (
   /* JS */
@@ -2436,7 +3557,7 @@ var extendWithGlobalExports = (appName, importable, exportable) => {
           region: importable.region
         }
       });
-      exportable.add(crossRegionExports);
+      exportable.add(lambda, crossRegionExports);
     }
     return crossRegionExports.getAtt(name);
   };
@@ -2497,6 +3618,20 @@ var toApp = async (config, filters) => {
     app.add(stack);
     stacks.push({ stack, config: stackConfig });
   }
+  for (const plugin of plugins) {
+    for (const stack of app.stacks) {
+      for (const resource of stack) {
+        plugin.onResource?.({
+          config,
+          app,
+          stack,
+          bootstrap: bootstrap2,
+          usEastBootstrap,
+          resource
+        });
+      }
+    }
+  }
   const functions = app.find(Function);
   for (const bind2 of bindings) {
     for (const fn of functions) {
@@ -2543,17 +3678,17 @@ var getCredentials = (profile) => {
 };
 
 // src/schema/app.ts
-import { z as z19 } from "zod";
+import { z as z22 } from "zod";
 
 // src/schema/stack.ts
-import { z as z16 } from "zod";
-var StackSchema = z16.object({
+import { z as z19 } from "zod";
+var StackSchema = z19.object({
   name: ResourceIdSchema,
-  depends: z16.array(z16.lazy(() => StackSchema)).optional()
+  depends: z19.array(z19.lazy(() => StackSchema)).optional()
 });
 
 // src/schema/region.ts
-import { z as z17 } from "zod";
+import { z as z20 } from "zod";
 var US = ["us-east-2", "us-east-1", "us-west-1", "us-west-2"];
 var AF = ["af-south-1"];
 var AP = ["ap-east-1", "ap-south-2", "ap-southeast-3", "ap-southeast-4", "ap-south-1", "ap-northeast-3", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1"];
@@ -2570,46 +3705,91 @@ var regions = [
   ...ME,
   ...SA
 ];
-var RegionSchema = z17.enum(regions);
+var RegionSchema = z20.enum(regions);
 
 // src/schema/plugin.ts
-import { z as z18 } from "zod";
-var PluginSchema = z18.object({
-  name: z18.string(),
-  schema: z18.custom().optional(),
+import { z as z21 } from "zod";
+var PluginSchema = z21.object({
+  name: z21.string(),
+  schema: z21.custom().optional(),
   // depends: z.array(z.lazy(() => PluginSchema)).optional(),
-  onBootstrap: z18.function().returns(z18.any()).optional(),
-  onStack: z18.function().returns(z18.any()).optional(),
-  onApp: z18.function().returns(z18.void()).optional()
+  onApp: z21.function().returns(z21.void()).optional(),
+  onStack: z21.function().returns(z21.any()).optional(),
+  onResource: z21.function().returns(z21.any()).optional()
   // bind: z.function().optional(),
 });
 
 // src/schema/app.ts
-var AppSchema = z19.object({
+var AppSchema = z22.object({
+  /** App name */
   name: ResourceIdSchema,
+  /** The AWS region to deploy to. */
   region: RegionSchema,
-  profile: z19.string(),
-  stage: z19.string().regex(/[a-z]+/).default("prod"),
-  defaults: z19.object({}).default({}),
-  stacks: z19.array(StackSchema).min(1).refine((stacks) => {
+  /** The AWS profile to deploy to. */
+  profile: z22.string(),
+  /** The deployment stage.
+   * @default 'prod'
+   */
+  stage: z22.string().regex(/[a-z]+/).default("prod"),
+  /** Default properties. */
+  defaults: z22.object({}).default({}),
+  /** The application stacks. */
+  stacks: z22.array(StackSchema).min(1).refine((stacks) => {
     const unique = new Set(stacks.map((stack) => stack.name));
     return unique.size === stacks.length;
   }, "Must be an array of unique stacks"),
-  plugins: z19.array(PluginSchema).optional()
+  /** Custom plugins. */
+  plugins: z22.array(PluginSchema).optional()
 });
 
 // src/util/import.ts
 import { transformFile } from "@swc/core";
 import { dirname, join as join2 } from "path";
-import { lstat, mkdir, writeFile } from "fs/promises";
+import { lstat as lstat2, mkdir, writeFile } from "fs/promises";
 
 // src/util/path.ts
-import { join } from "path";
-var rootDir = process.cwd();
-var outDir = join(rootDir, ".awsless");
-var templateDir = join(outDir, "template");
-var assetDir = join(outDir, "asset");
-var cacheDir = join(outDir, "cache");
+import { lstat } from "fs/promises";
+import { join, normalize } from "path";
+var root = process.cwd();
+var directories = {
+  root,
+  get output() {
+    return join(this.root, ".awsless");
+  },
+  get cache() {
+    return join(this.output, "cache");
+  },
+  get asset() {
+    return join(this.output, "asset");
+  },
+  get template() {
+    return join(this.output, "template");
+  }
+};
+var setRoot = (path = root) => {
+  directories.root = path;
+};
+var findRootDir = async (path, configFile, level = 5) => {
+  if (!level) {
+    throw new TypeError("No awsless project found");
+  }
+  const file = join(path, configFile);
+  const exists = await fileExist(file);
+  if (exists) {
+    return path;
+  }
+  return findRootDir(normalize(join(path, "..")), configFile, level - 1);
+};
+var fileExist = async (file) => {
+  try {
+    const stat = await lstat(file);
+    if (stat.isFile()) {
+      return true;
+    }
+  } catch (error) {
+  }
+  return false;
+};
 
 // src/util/import.ts
 var resolveFileNameExtension = async (path) => {
@@ -2624,7 +3804,7 @@ var resolveFileNameExtension = async (path) => {
     const file = path.replace(/\.js$/, "") + option;
     let stat;
     try {
-      stat = await lstat(file);
+      stat = await lstat2(file);
     } catch (error) {
       continue;
     }
@@ -2635,11 +3815,11 @@ var resolveFileNameExtension = async (path) => {
   throw new Error(`Failed to load file: ${path}`);
 };
 var resolveDir = (path) => {
-  return dirname(path).replace(rootDir + "/", "");
+  return dirname(path).replace(directories.root + "/", "");
 };
 var importFile = async (path) => {
   const load = async (file) => {
-    debug("Load file", file);
+    debug("Load file:", style.info(file));
     let { code: code2 } = await transformFile(file, {
       isModule: true
     });
@@ -2659,16 +3839,22 @@ var importFile = async (path) => {
     return code2;
   };
   const code = await load(path);
-  const outputFile = join2(outDir, "config.js");
-  await mkdir(outDir, { recursive: true });
+  const outputFile = join2(directories.cache, "config.js");
+  await mkdir(directories.cache, { recursive: true });
   await writeFile(outputFile, code);
+  debug("Save config file:", style.info(outputFile));
   return import(outputFile);
 };
 
 // src/config.ts
 var importConfig = async (options) => {
+  debug("Find the root directory");
+  const configFile = options.configFile || "awsless.config.ts";
+  const root2 = await findRootDir(process.cwd(), configFile);
+  setRoot(root2);
+  debug("CWD:", style.info(root2));
   debug("Import config file");
-  const fileName = join3(process.cwd(), options.configFile || "awsless.config.ts");
+  const fileName = join3(root2, configFile);
   const module = await importFile(fileName);
   const appConfig = typeof module.default === "function" ? await module.default(options) : module.default;
   debug("Validate config file");
@@ -3242,7 +4428,7 @@ var assetBuilder = (app) => {
           derive([details], (details2) => {
             return Object.entries(details2).map(([key, value]) => {
               return `${style.label(key)} ${value}`;
-            }).join(" / ");
+            }).join(style.placeholder(" \u2500 "));
           }),
           br()
         ]);
@@ -3250,7 +4436,7 @@ var assetBuilder = (app) => {
         const timer = createTimer();
         const data = await asset.build({
           async write(file, data2) {
-            const fullpath = join4(assetDir, asset.type, app.name, stack.name, asset.id, file);
+            const fullpath = join4(directories.asset, asset.type, app.name, stack.name, asset.id, file);
             const basepath = dirname2(fullpath);
             await mkdir2(basepath, { recursive: true });
             await writeFile2(fullpath, data2);
@@ -3274,9 +4460,9 @@ import { mkdir as mkdir3, rm } from "fs/promises";
 var cleanUp = async () => {
   debug("Clean up template, cache, and asset files");
   const paths = [
-    templateDir,
-    assetDir,
-    cacheDir
+    directories.asset,
+    directories.cache,
+    directories.template
   ];
   await Promise.all(paths.map((path) => rm(path, {
     recursive: true,
@@ -3296,7 +4482,7 @@ var templateBuilder = (app) => {
     const done = term.out.write(loadingDialog("Building stack templates..."));
     await Promise.all(app.stacks.map(async (stack) => {
       const template = stack.toString(true);
-      const path = join5(templateDir, app.name);
+      const path = join5(directories.template, app.name);
       const file = join5(path, `${stack.name}.json`);
       await mkdir4(path, { recursive: true });
       await writeFile3(file, template);
@@ -3425,19 +4611,26 @@ var StackClient = class {
   async update(stack, capabilities) {
     debug("Update the", style.info(stack.name), "stack");
     const client = this.getClient(stack.region);
-    await client.send(new UpdateStackCommand({
-      StackName: this.stackName(stack.name),
-      Capabilities: capabilities,
-      Tags: this.tags(stack),
-      ...this.templateProp(stack)
-    }));
-    await waitUntilStackUpdateComplete({
-      client,
-      maxWaitTime: this.maxWaitTime,
-      maxDelay: this.maxDelay
-    }, {
-      StackName: this.stackName(stack.name)
-    });
+    try {
+      await client.send(new UpdateStackCommand({
+        StackName: this.stackName(stack.name),
+        Capabilities: capabilities,
+        Tags: this.tags(stack),
+        ...this.templateProp(stack)
+      }));
+      await waitUntilStackUpdateComplete({
+        client,
+        maxWaitTime: this.maxWaitTime,
+        maxDelay: this.maxDelay
+      }, {
+        StackName: this.stackName(stack.name)
+      });
+    } catch (error) {
+      if (error instanceof Error && error.name === "ValidationError" && error.message.toLowerCase().includes("no updates")) {
+        return;
+      }
+      throw error;
+    }
   }
   async validate(stack) {
     debug("Validate the", style.info(stack.name), "stack");
@@ -3737,7 +4930,7 @@ var assetPublisher = (config, app) => {
       await Promise.all([...stack.assets].map(async (asset) => {
         await asset.publish?.({
           async read(file) {
-            const path = join6(assetDir, asset.type, app.name, stack.name, asset.id, file);
+            const path = join6(directories.asset, asset.type, app.name, stack.name, asset.id, file);
             const data = await readFile3(path);
             return data;
           },