@infoxchange/make-it-so 2.13.0 → 2.14.0-internal-testing-add-sst-3-support.2

package/build.ts

@@ -0,0 +1,47 @@
+#!/usr/bin/env -S npx tsx
+
+import * as esbuild from "esbuild";
+import { readFileSync, rmSync } from "fs";
+import { execSync } from "child_process";
+
+interface PackageJson {
+  peerDependencies?: Record<string, string>;
+  dependencies?: Record<string, string>;
+}
+
+const packageJson: PackageJson = JSON.parse(
+  readFileSync("./package.json", "utf-8"),
+);
+
+// Clean dist directory before building
+rmSync("dist", { recursive: true, force: true });
+
+// Get all dependencies that should be external (not bundled)
+const external = [
+  ...Object.keys(packageJson.peerDependencies || {}),
+  ...Object.keys(packageJson.dependencies || {}).filter(
+    (dep) => dep !== "sst3",
+  ),
+  "@infoxchange/make-it-so/*", // Self-references should be external
+];
+
+// Build ESM
+await esbuild.build({
+  entryPoints: ["src/components/ix/index.ts", "src/index.ts"],
+  bundle: true,
+  platform: "node",
+  target: "node21",
+  external,
+  sourcemap: true,
+  format: "esm",
+  outdir: "dist",
+  outExtension: { ".js": ".js" },
+  // Bundle sst3 code
+  packages: "bundle",
+  entryNames: "[dir]/[name]", // Preserve directory structure
+});
+
+// Build declaration files
+execSync("tsc --project tsconfig.build.json", { stdio: "inherit" });
+
+console.log("Build complete!");

package/dist/components/ix/InternalNetwork.d.ts

@@ -0,0 +1,24 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as aws from "@pulumi/aws";
+import { Transform } from "sst3/platform/src/components/component";
+export interface InternalNetworkArgs {
+    name?: string;
+    transform?: {
+        securityGroup?: Transform<aws.ec2.SecurityGroupArgs>;
+    };
+}
+export declare class InternalNetwork extends pulumi.ComponentResource {
+    readonly vpc: pulumi.Output<aws.ec2.GetVpcResult>;
+    readonly subnetIds: pulumi.Output<string[]>;
+    readonly securityGroup: pulumi.Output<aws.ec2.SecurityGroup>;
+    constructor(name: string, args?: InternalNetworkArgs, opts?: pulumi.ComponentResourceOptions);
+    get securityGroupIds(): pulumi.Output<pulumi.Output<string>[]>;
+    static getVpcSubnetIds(): pulumi.Output<string[]>;
+    createSecurityGroup({ parentName, vpc, args, opts, }: {
+        parentName: string;
+        vpc: aws.ec2.GetVpcResult;
+        args?: Transform<aws.ec2.SecurityGroupArgs>;
+        opts: pulumi.ComponentResourceOptions;
+    }): import("@pulumi/aws/ec2/securityGroup").SecurityGroup;
+}
+//# sourceMappingURL=InternalNetwork.d.ts.map

package/dist/components/ix/InternalNetwork.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"InternalNetwork.d.ts","sourceRoot":"","sources":["../../../src/components/ix/InternalNetwork.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AACzC,OAAO,KAAK,GAAG,MAAM,aAAa,CAAC;AAEnC,OAAO,EAAE,SAAS,EAAa,MAAM,wCAAwC,CAAC;AAE9E,MAAM,WAAW,mBAAmB;IAClC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE;QACV,aAAa,CAAC,EAAE,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;KACtD,CAAC;CACH;AAED,qBAAa,eAAgB,SAAQ,MAAM,CAAC,iBAAiB;IAC3D,SAAgB,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACzD,SAAgB,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACnD,SAAgB,aAAa,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;gBAGlE,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,mBAAwB,EAC9B,IAAI,CAAC,EAAE,MAAM,CAAC,wBAAwB;IAqCxC,IAAW,gBAAgB,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAEpE;IAED,MAAM,CAAC,eAAe,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;IAwBjD,mBAAmB,CAAC,EAClB,UAAU,EACV,GAAG,EACH,IAAI,EACJ,IAAI,GACL,EAAE;QACD,UAAU,EAAE,MAAM,CAAC;QACnB,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC;QAC1B,IAAI,CAAC,EAAE,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAC5C,IAAI,EAAE,MAAM,CAAC,wBAAwB,CAAC;KACvC;CA8BF"}

package/dist/components/ix/dns.d.ts

@@ -0,0 +1,97 @@
+/**
+ * The AWS DNS Adapter is used to create DNS records to manage domains hosted on
+ * [Route 53](https://aws.amazon.com/route53/).
+ *
+ * This adapter is passed in as `domain.dns` when setting a custom domain.
+ *
+ * @example
+ *
+ * ```ts
+ * {
+ *   domain: {
+ *     name: "example.com",
+ *     dns: sst.aws.dns()
+ *   }
+ * }
+ * ```
+ *
+ * You can also specify a hosted zone ID if you have multiple hosted zones with the same domain.
+ *
+ * ```ts
+ * {
+ *   domain: {
+ *     name: "example.com",
+ *     dns: sst.aws.dns({
+ *       zone: "Z2FDTNDATAQYW2"
+ *     })
+ *   }
+ * }
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { AliasRecord, Record as DnsRecord } from "sst3/platform/src/components/dns";
+import { ComponentResourceOptions } from "@pulumi/pulumi";
+import { Transform } from "sst3/platform/src/components/component";
+import { Input } from "sst3/platform/src/components/input";
+import { route53 } from "@pulumi/aws";
+export interface DnsArgs {
+    /**
+     * Set the hosted zone ID if you have multiple hosted zones that have the same
+     * domain in Route 53.
+     *
+     * The 14 letter ID of the [Route 53 hosted zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-working-with.html) that contains the `domainName`. You can find the hosted zone ID in the Route 53 part of the AWS Console.
+     *
+     * @example
+     * ```js
+     * {
+     *   zone: "Z2FDTNDATAQYW2"
+     * }
+     * ```
+     */
+    zone?: Input<string>;
+    /**
+     * Set to `true` if you want to let the new DNS records replace the existing ones.
+     *
+     * :::tip
+     * Use this to migrate over your domain without any downtime.
+     * :::
+     *
+     * This is useful if your domain is currently used by another app and you want to switch it
+     * to your current app. Without setting this, you'll first have to remove the existing DNS
+     * records and then add the new one. This can cause downtime.
+     *
+     * You can avoid this by setting this to `true` and the existing DNS records will be replaced
+     * without any downtime. Just make sure that when you remove your old app, you don't remove
+     * the DNS records.
+     *
+     * @default `false`
+     * @example
+     * ```js
+     * {
+     *   override: true
+     * }
+     * ```
+     */
+    override?: Input<boolean>;
+    /**
+     * [Transform](/docs/components#transform) how this component creates its underlying
+     * resources.
+     */
+    transform?: {
+        /**
+         * Transform the AWS Route 53 record resource.
+         */
+        record?: Transform<route53.RecordArgs & {
+            aliasIpType?: "IPv4" | "IPv6";
+            lambdaInput?: Record<string, unknown>;
+        }>;
+    };
+}
+export declare function dns(args?: DnsArgs): {
+    provider: "aws";
+    createAlias: (namePrefix: string, record: AliasRecord, opts: ComponentResourceOptions) => import("@pulumi/pulumi").Output<import("@pulumi/aws/lambda/invocation").Invocation>[];
+    createCaa: (namePrefix: string, recordName: string, opts: ComponentResourceOptions) => undefined;
+    createRecord: (namePrefix: string, record: DnsRecord, opts: ComponentResourceOptions) => import("@pulumi/pulumi").Output<import("@pulumi/aws/lambda/invocation").Invocation>;
+};
+//# sourceMappingURL=dns.d.ts.map

package/dist/components/ix/dns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dns.d.ts","sourceRoot":"","sources":["../../../src/components/ix/dns.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,EACL,WAAW,EAEX,MAAM,IAAI,SAAS,EACpB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,wBAAwB,EAAU,MAAM,gBAAgB,CAAC;AAClE,OAAO,EAAE,SAAS,EAAa,MAAM,wCAAwC,CAAC;AAC9E,OAAO,EAAE,KAAK,EAAE,MAAM,oCAAoC,CAAC;AAE3D,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAItC,MAAM,WAAW,OAAO;IACtB;;;;;;;;;;;;OAYG;IACH,IAAI,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,QAAQ,CAAC,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;IAC1B;;;OAGG;IACH,SAAS,CAAC,EAAE;QACV;;WAEG;QACH,MAAM,CAAC,EAAE,SAAS,CAChB,OAAO,CAAC,UAAU,GAAG;YACnB,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;YAE9B,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACvC,CACF,CAAC;KACH,CAAC;CACH;AAED,wBAAgB,GAAG,CAAC,IAAI,GAAE,OAAY;;8BAgBtB,MAAM,UACV,WAAW,QACb,wBAAwB;4BAwBlB,MAAM,cACN,MAAM,QACZ,wBAAwB;+BAelB,MAAM,UACV,SAAS,QACX,wBAAwB;EAiHjC"}

package/dist/components/ix/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./dns.js";
+export * from "./InternalNetwork.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/components/ix/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/components/ix/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,sBAAsB,CAAC"}

package/dist/components/ix/index.js

@@ -0,0 +1,375 @@
+// node_modules/sst3/platform/src/components/naming.ts
+function logicalName(name) {
+  name = name.replace(/[^a-zA-Z0-9]/g, "");
+  return name.charAt(0).toUpperCase() + name.slice(1);
+}
+
+// src/components/ix/dns.ts
+import { output as output2 } from "@pulumi/pulumi";
+
+// node_modules/sst3/platform/src/components/component.ts
+import {
+  ComponentResource,
+  runtime,
+  output,
+  asset as pulumiAsset,
+  all
+} from "@pulumi/pulumi";
+
+// node_modules/sst3/platform/src/components/error.ts
+var VisibleError = class extends Error {
+  constructor(...message) {
+    super(message.join("\n"));
+  }
+};
+
+// node_modules/sst3/platform/src/components/component.ts
+function transform(transform2, name, args, opts) {
+  if (typeof transform2 === "function") {
+    transform2(args, opts, name);
+    return [name, args, opts];
+  }
+  return [name, { ...args, ...transform2 }, opts];
+}
+
+// node_modules/sst3/platform/src/components/aws/helpers/provider.ts
+import { runtime as runtime2 } from "@pulumi/pulumi";
+import { Provider } from "@pulumi/aws";
+
+// node_modules/sst3/platform/src/util/lazy.ts
+function lazy(callback) {
+  let loaded = false;
+  let result;
+  return () => {
+    if (!loaded) {
+      loaded = true;
+      result = callback();
+    }
+    return result;
+  };
+}
+
+// node_modules/sst3/platform/src/components/aws/helpers/provider.ts
+var useProviderCache = lazy(() => /* @__PURE__ */ new Map());
+var useProvider = (region) => {
+  const cache = useProviderCache();
+  const existing = cache.get(region);
+  if (existing) return existing;
+  const config = runtime2.allConfig();
+  for (const key in config) {
+    const value = config[key];
+    delete config[key];
+    const [prefix, real] = key.split(":");
+    if (prefix !== "aws") continue;
+    try {
+      config[real] = JSON.parse(value);
+    } catch (e) {
+      config[real] = value;
+    }
+  }
+  const provider = new Provider(`AwsProvider.sst.${region}`, {
+    ...config,
+    region
+  });
+  cache.set(region, provider);
+  return provider;
+};
+
+// src/components/ix/dns.ts
+import * as aws from "@pulumi/aws";
+function dns(args = {}) {
+  return {
+    provider: "aws",
+    createAlias,
+    createCaa,
+    createRecord
+  };
+  function createAlias(namePrefix, record, opts) {
+    return ["A", "AAAA"].map(
+      (type) => _createRecord(
+        namePrefix,
+        {
+          type,
+          name: record.name,
+          aliases: [
+            {
+              name: record.aliasName,
+              zoneId: record.aliasZone,
+              evaluateTargetHealth: true
+            }
+          ]
+        },
+        opts
+      )
+    );
+  }
+  function createCaa(namePrefix, recordName, opts) {
+    return void 0;
+  }
+  function createRecord(namePrefix, record, opts) {
+    return _createRecord(
+      namePrefix,
+      {
+        type: record.type,
+        name: record.name,
+        ttl: 60,
+        records: [record.value]
+      },
+      opts
+    );
+  }
+  function _createRecord(namePrefix, partial, opts) {
+    return output2(partial).apply((partial2) => {
+      const nameSuffix = logicalName(partial2.name);
+      const zoneId = "";
+      const dnsRecord = createRecord2();
+      return dnsRecord;
+      function createRecord2() {
+        const [name, mergedArgs, mergedOpts] = transform(
+          args.transform?.record,
+          `${namePrefix}${partial2.type}Record${nameSuffix}`,
+          {
+            zoneId,
+            allowOverwrite: args.override,
+            ...partial2
+          },
+          opts
+        );
+        const lambdaInput = output2(mergedArgs).apply((mergedArgs2) => {
+          const { aliases } = mergedArgs2;
+          let { aliasIpType } = mergedArgs2;
+          if (aliases && aliases.length > 1) {
+            throw new VisibleError(
+              "Aliases with multiple targets are not supported"
+            );
+          }
+          const [alias] = aliases || [];
+          if (alias) {
+            if (mergedArgs2.type === "A") {
+              aliasIpType = "IPv4";
+            } else if (mergedArgs2.type === "AAAA") {
+              aliasIpType = "IPv6";
+            } else {
+              throw new VisibleError(
+                "Alias records can only be created for A or AAAA record types"
+              );
+            }
+          }
+          return {
+            RecordType: mergedArgs2.type,
+            // Even though a trailing dot is valid a bug in the IX dns lambda means that an error occurs
+            // when trying to find the hosted zone if there is a trailing dot.
+            RecordFQDN: mergedArgs2.name.replace(/\.$/, ""),
+            // If giving the IX dns lambda multiple values we need to wrap in 'Value' objects
+            // unlike for single values where the lambda does it for us
+            // https://github.com/InfoxchangeTS/aws-gov/blob/213609c2e91b021375b93290efdaf38936ee98e1/components/xaccount-route53/dns-record-updater-lambda/src/index.py#L133
+            RecordValue: mergedArgs2.records?.map((value) => ({ Value: value })),
+            ...mergedArgs2.zoneId ? { HostedZoneId: mergedArgs2.zoneId } : {},
+            ...mergedArgs2.ttl ? { RecordTTL: mergedArgs2.ttl } : {},
+            ...alias ? {
+              RecordType: "ALIAS",
+              // https://github.com/InfoxchangeTS/aws-gov/blob/213609c2e91b021375b93290efdaf38936ee98e1/components/xaccount-route53/dns-record-updater-lambda/src/index.py#L145
+              RecordValue: alias.name,
+              // https://github.com/InfoxchangeTS/aws-gov/blob/213609c2e91b021375b93290efdaf38936ee98e1/components/xaccount-route53/dns-record-updater-lambda/src/index.py#L144
+              AliasZoneId: alias.zoneId,
+              // alias.evaluateTargetHealth can't be set by the lambda
+              IpAddressType: aliasIpType?.toLowerCase()
+            } : {},
+            ...mergedArgs2.lambdaInput
+          };
+        });
+        return new aws.lambda.Invocation(
+          name,
+          {
+            input: output2(lambdaInput).apply(
+              (lambdaInput2) => JSON.stringify({
+                RequestType: "Create",
+                ResourceProperties: lambdaInput2,
+                // We need some value so that the lambda doesn't throw an error but we don't want the lambda to actually
+                // send a response to this url (the response is for CloudFormation which we're not using). Setting an
+                // invalid domain will cause it to log an error but not throw so the lambda is considered successful.
+                ResponseURL: "invalid://make-it-so-dns",
+                StackId: "",
+                RequestId: "",
+                LogicalResourceId: ""
+              })
+            ),
+            functionName: aws.ssm.getParameter({
+              name: "/shared-services/route53/lambdaArn"
+            }).then((param) => param.value)
+          },
+          {
+            ...mergedOpts,
+            // Function can only be invoked from within the same region it is deployed
+            provider: useProvider("ap-southeast-2")
+          }
+        );
+      }
+    });
+  }
+}
+
+// src/components/ix/InternalNetwork.ts
+import * as pulumi from "@pulumi/pulumi";
+import * as aws2 from "@pulumi/aws";
+
+// src/deployConfig.ts
+import { z } from "zod";
+var getEnvVars = () => ({
+  isIxDeploy: process.env.IX_DEPLOYMENT?.toLowerCase() === "true",
+  // This needs to start as a bool for the discriminated union
+  appName: process.env.IX_APP_NAME ?? "",
+  environment: process.env.IX_ENVIRONMENT ?? "",
+  workloadGroup: process.env.IX_WORKLOAD_GROUP ?? "",
+  primaryAwsRegion: process.env.IX_PRIMARY_AWS_REGION ?? "",
+  siteDomains: process.env.IX_SITE_DOMAINS ?? "",
+  siteDomainAliases: process.env.IX_SITE_DOMAIN_ALIASES ?? "",
+  isInternalApp: process.env.IX_INTERNAL_APP ?? "",
+  deploymentType: process.env.IX_DEPLOYMENT_TYPE ?? "",
+  sourceCommitRef: process.env.IX_SOURCE_COMMIT_REF ?? "",
+  sourceCommitHash: process.env.IX_SOURCE_COMMIT_HASH ?? "",
+  deployTriggeredBy: process.env.IX_DEPLOY_TRIGGERED_BY ?? "",
+  smtpHost: process.env.SMTP_HOST ?? "",
+  smtpPort: process.env.SMTP_PORT ?? "",
+  clamAVUrl: process.env.CLAMAV_URL ?? "",
+  vpcHttpProxy: process.env.VPC_HTTP_PROXY ?? ""
+});
+var ixDeployConfigSchema = z.object({
+  isIxDeploy: z.literal(true),
+  appName: z.string().min(1),
+  environment: z.enum(["dev", "test", "uat", "prod"]),
+  workloadGroup: z.enum(["ds", "srs"]),
+  primaryAwsRegion: z.literal("ap-southeast-2"),
+  siteDomains: z.string().transform(
+    (val) => val.split(",").map((domain) => domain.trim()).filter(Boolean)
+  ),
+  siteDomainAliases: z.string().transform(
+    (val) => val.split(",").map((domain) => domain.trim()).filter(Boolean)
+  ),
+  isInternalApp: z.coerce.boolean(),
+  deploymentType: z.enum(["docker", "serverless"]),
+  sourceCommitRef: z.string().min(1),
+  sourceCommitHash: z.string().min(1),
+  deployTriggeredBy: z.string().min(1),
+  smtpHost: z.string().min(1),
+  smtpPort: z.coerce.number().int(),
+  clamAVUrl: z.string().url(),
+  vpcHttpProxy: z.string().url()
+}).strip();
+var nonIxDeployConfigSchema = z.object({
+  isIxDeploy: z.literal(false),
+  appName: z.string(),
+  environment: z.string(),
+  workloadGroup: z.string(),
+  primaryAwsRegion: z.string(),
+  siteDomains: z.string().transform((val) => val.split(",").map((domain) => domain.trim())),
+  siteDomainAliases: z.string().transform((val) => val.split(",").map((domain) => domain.trim())),
+  isInternalApp: z.string().transform((val) => val ? val.toLowerCase() === "true" : void 0),
+  deploymentType: z.string(),
+  sourceCommitRef: z.string(),
+  sourceCommitHash: z.string(),
+  deployTriggeredBy: z.string(),
+  smtpHost: z.string(),
+  smtpPort: z.string().transform(
+    (val) => isNaN(parseInt(val, 10)) ? void 0 : parseInt(val, 10)
+  ),
+  clamAVUrl: z.string(),
+  vpcHttpProxy: z.string()
+}).strip();
+var schema = z.discriminatedUnion("isIxDeploy", [
+  ixDeployConfigSchema,
+  nonIxDeployConfigSchema
+]);
+var deployConfig_default = schema.parse(getEnvVars());
+
+// src/components/ix/InternalNetwork.ts
+var InternalNetwork = class _InternalNetwork extends pulumi.ComponentResource {
+  vpc;
+  subnetIds;
+  securityGroup;
+  constructor(name, args = {}, opts) {
+    super("ix:aws:InternalNetwork", name, args, opts);
+    const vpcIdParam = aws2.ssm.getParameterOutput(
+      {
+        name: "/vpc/id"
+      },
+      { parent: this }
+    );
+    const vpcId = vpcIdParam.value;
+    this.vpc = vpcId.apply(
+      async (vpcId2) => await aws2.ec2.getVpc({ id: vpcId2 })
+    );
+    this.subnetIds = _InternalNetwork.getVpcSubnetIds();
+    this.securityGroup = this.vpc.apply(
+      (vpc) => this.createSecurityGroup({
+        parentName: name,
+        vpc,
+        args: args.transform?.securityGroup,
+        opts: { parent: this }
+      })
+    );
+    this.registerOutputs({
+      vpc: this.vpc,
+      subnetIds: this.subnetIds
+    });
+  }
+  get securityGroupIds() {
+    return pulumi.output(this.securityGroup).apply((sg) => [sg.id]);
+  }
+  static getVpcSubnetIds() {
+    const { workloadGroup, appName } = deployConfig_default;
+    let suffix = "";
+    if (workloadGroup === "ds") {
+      const possibleSuffixes = ["", "-2"];
+      const hash = appName.split("").reduce((acc, char) => acc + char.charCodeAt(0), 0);
+      suffix = possibleSuffixes[hash % possibleSuffixes.length];
+    }
+    const subnetOutputs = [1, 2, 3].map(
+      (subnetNum) => aws2.ssm.getParameterOutput({
+        name: `/vpc/subnet/private-${workloadGroup}${suffix}/${subnetNum}/id`
+      }).value
+    );
+    return pulumi.all(subnetOutputs);
+  }
+  // Based on https://github.com/anomalyco/sst/blob/3407c32b2cf97b85ea96a92361c6f4a0a8d55200/platform/src/components/aws/vpc.ts#L840
+  createSecurityGroup({
+    parentName,
+    vpc,
+    args,
+    opts
+  }) {
+    return new aws2.ec2.SecurityGroup(
+      ...transform(
+        args,
+        `${parentName}SecurityGroup`,
+        {
+          description: "Managed by make-it-so",
+          vpcId: vpc.id,
+          egress: [
+            {
+              fromPort: 0,
+              toPort: 0,
+              protocol: "-1",
+              cidrBlocks: ["0.0.0.0/0"]
+            }
+          ],
+          ingress: [
+            {
+              fromPort: 0,
+              toPort: 0,
+              protocol: "-1",
+              // Restricts inbound traffic to only within the VPC
+              cidrBlocks: [vpc.cidrBlock]
+            }
+          ]
+        },
+        opts
+      )
+    );
+  }
+};
+export {
+  InternalNetwork,
+  dns
+};
+//# sourceMappingURL=index.js.map