@medplum/cdk 2.0.7

package/src/index.test.ts

@@ -0,0 +1,232 @@
+import { unlinkSync, writeFileSync } from 'fs';
+import { resolve } from 'path';
+import { main } from './index';
+
+describe('Infra', () => {
+  beforeEach(() => {
+    console.log = jest.fn();
+  });
+
+  test('Missing config', () => {
+    expect(() => main()).not.toThrow();
+  });
+
+  test('Synth stack', () => {
+    // Create a temp config file
+    const filename = resolve('./medplum.test.config.json');
+    writeFileSync(
+      filename,
+      JSON.stringify({
+        name: 'unittest',
+        stackName: 'MedplumUnitTestStack',
+        accountNumber: '647991932601',
+        region: 'us-east-1',
+        domainName: 'medplum.com',
+        apiPort: 8103,
+        apiDomainName: 'api.medplum.com',
+        apiSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/08bf1daf-3a2b-4cbe-91a0-739b4364a1ec',
+        appDomainName: 'app.medplum.com',
+        appSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/fd21b628-b2c0-4a5d-b4f5-b5c9a6d63b1a',
+        storageBucketName: 'medplum-storage',
+        storageDomainName: 'storage.medplum.com',
+        storageSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/19d85245-0a1d-4bf5-9789-23082b1a15fc',
+        storagePublicKey: '-----BEGIN PUBLIC KEY-----\n-----END PUBLIC KEY-----',
+        maxAzs: 2,
+        rdsInstances: 1,
+        desiredServerCount: 1,
+        serverImage: 'medplum/medplum-server:staging',
+        serverMemory: 512,
+        serverCpu: 256,
+        loadBalancerLoggingEnabled: true,
+        loadBalancerLoggingBucket: 'medplum-logs-us-east-1',
+        loadBalancerLoggingPrefix: 'elb',
+        clamscanEnabled: true,
+        clamscanLoggingBucket: 'medplum-logs-us-east-1',
+        clamscanLoggingPrefix: 'clamscan',
+      }),
+      { encoding: 'utf-8' }
+    );
+
+    expect(() => main({ config: filename })).not.toThrow();
+    unlinkSync(filename);
+  });
+
+  test('Multi region stack', () => {
+    const filename = resolve('./medplum.multiregion.config.json');
+    writeFileSync(
+      filename,
+      JSON.stringify({
+        name: 'multiregion',
+        stackName: 'MedplumMultiRegionStack',
+        accountNumber: '647991932601',
+        region: 'ap-southeast-1',
+        domainName: 'ap-southeast-1.medplum.com',
+        apiPort: 8103,
+        apiDomainName: 'api.medplum.com',
+        apiSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/08bf1daf-3a2b-4cbe-91a0-739b4364a1ec',
+        appDomainName: 'app.medplum.com',
+        appSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/fd21b628-b2c0-4a5d-b4f5-b5c9a6d63b1a',
+        storageBucketName: 'medplum-storage',
+        storageDomainName: 'storage.medplum.com',
+        storageSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/19d85245-0a1d-4bf5-9789-23082b1a15fc',
+        storagePublicKey: '-----BEGIN PUBLIC KEY-----\n-----END PUBLIC KEY-----',
+        maxAzs: 2,
+        rdsInstances: 1,
+        desiredServerCount: 1,
+        serverImage: 'medplum/medplum-server:staging',
+        serverMemory: 512,
+        serverCpu: 256,
+        loadBalancerLoggingEnabled: true,
+        loadBalancerLoggingBucket: 'medplum-logs-us-east-1',
+        loadBalancerLoggingPrefix: 'elb',
+        clamscanEnabled: true,
+        clamscanLoggingBucket: 'medplum-logs-us-east-1',
+        clamscanLoggingPrefix: 'clamscan',
+      }),
+      { encoding: 'utf-8' }
+    );
+
+    expect(() => main({ config: filename })).not.toThrow();
+    unlinkSync(filename);
+  });
+
+  test('ECR image', () => {
+    // Create a temp config file
+    const filename = resolve('./medplum.customvpc.config.json');
+    writeFileSync(
+      filename,
+      JSON.stringify({
+        name: 'customvpc',
+        stackName: 'MedplumCustomVpcStack',
+        accountNumber: '647991932601',
+        region: 'us-east-1',
+        domainName: 'medplum.com',
+        apiPort: 8103,
+        apiDomainName: 'api.medplum.com',
+        apiSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/08bf1daf-3a2b-4cbe-91a0-739b4364a1ec',
+        appDomainName: 'app.medplum.com',
+        appSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/fd21b628-b2c0-4a5d-b4f5-b5c9a6d63b1a',
+        storageBucketName: 'medplum-storage',
+        storageDomainName: 'storage.medplum.com',
+        storageSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/19d85245-0a1d-4bf5-9789-23082b1a15fc',
+        storagePublicKey: '-----BEGIN PUBLIC KEY-----\n-----END PUBLIC KEY-----',
+        maxAzs: 2,
+        rdsInstances: 1,
+        rdsInstanceType: 't3.micro',
+        desiredServerCount: 1,
+        serverImage: '647991932601.dkr.ecr.us-east-1.amazonaws.com/medplum-server:staging',
+        serverMemory: 512,
+        serverCpu: 256,
+      }),
+      { encoding: 'utf-8' }
+    );
+
+    expect(() => main({ config: filename })).not.toThrow();
+    unlinkSync(filename);
+  });
+
+  test('Custom VPC', () => {
+    // Create a temp config file
+    const filename = resolve('./medplum.customvpc.config.json');
+    writeFileSync(
+      filename,
+      JSON.stringify({
+        name: 'customvpc',
+        stackName: 'MedplumCustomVpcStack',
+        accountNumber: '647991932601',
+        region: 'us-east-1',
+        domainName: 'medplum.com',
+        apiPort: 8103,
+        vpcId: 'vpc-0fc3a4d0600000000',
+        apiDomainName: 'api.medplum.com',
+        apiSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/08bf1daf-3a2b-4cbe-91a0-739b4364a1ec',
+        appDomainName: 'app.medplum.com',
+        appSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/fd21b628-b2c0-4a5d-b4f5-b5c9a6d63b1a',
+        storageBucketName: 'medplum-storage',
+        storageDomainName: 'storage.medplum.com',
+        storageSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/19d85245-0a1d-4bf5-9789-23082b1a15fc',
+        storagePublicKey: '-----BEGIN PUBLIC KEY-----\n-----END PUBLIC KEY-----',
+        maxAzs: 2,
+        rdsInstances: 1,
+        desiredServerCount: 1,
+        serverImage: 'medplum/medplum-server:latest',
+        serverMemory: 512,
+        serverCpu: 256,
+      }),
+      { encoding: 'utf-8' }
+    );
+
+    expect(() => main({ config: filename })).not.toThrow();
+    unlinkSync(filename);
+  });
+
+  test('Custom RDS instance type', () => {
+    // Create a temp config file
+    const filename = resolve('./medplum.customRdsInstanceType.config.json');
+    writeFileSync(
+      filename,
+      JSON.stringify({
+        name: 'customRdsInstanceType',
+        stackName: 'MedplumCustomRdsInstanceTypeStack',
+        accountNumber: '647991932601',
+        region: 'us-east-1',
+        domainName: 'medplum.com',
+        apiPort: 8103,
+        apiDomainName: 'api.medplum.com',
+        apiSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/08bf1daf-3a2b-4cbe-91a0-739b4364a1ec',
+        appDomainName: 'app.medplum.com',
+        appSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/fd21b628-b2c0-4a5d-b4f5-b5c9a6d63b1a',
+        storageBucketName: 'medplum-storage',
+        storageDomainName: 'storage.medplum.com',
+        storageSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/19d85245-0a1d-4bf5-9789-23082b1a15fc',
+        storagePublicKey: '-----BEGIN PUBLIC KEY-----\n-----END PUBLIC KEY-----',
+        maxAzs: 2,
+        rdsInstances: 1,
+        rdsInstanceType: 't3.micro',
+        desiredServerCount: 1,
+        serverImage: 'medplum/medplum-server:latest',
+        serverMemory: 512,
+        serverCpu: 256,
+      }),
+      { encoding: 'utf-8' }
+    );
+
+    expect(() => main({ config: filename })).not.toThrow();
+    unlinkSync(filename);
+  });
+
+  test('Custom RDS secrets', () => {
+    // Create a temp config file
+    const filename = resolve('./medplum.customRdsSecrets.config.json');
+    const rdsSecretsArn = 'arn:aws:secretsmanager:s-east-1:647991932601:secret:SecretName-6RandomCharacters';
+    writeFileSync(
+      filename,
+      JSON.stringify({
+        name: 'customRdsSecrets',
+        stackName: 'MedplumCustomRdsSecretsStack',
+        accountNumber: '647991932601',
+        region: 'us-east-1',
+        domainName: 'medplum.com',
+        apiPort: 8103,
+        apiDomainName: 'api.medplum.com',
+        apiSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/08bf1daf-3a2b-4cbe-91a0-739b4364a1ec',
+        appDomainName: 'app.medplum.com',
+        appSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/fd21b628-b2c0-4a5d-b4f5-b5c9a6d63b1a',
+        storageBucketName: 'medplum-storage',
+        storageDomainName: 'storage.medplum.com',
+        storageSslCertArn: 'arn:aws:acm:us-east-1:647991932601:certificate/19d85245-0a1d-4bf5-9789-23082b1a15fc',
+        storagePublicKey: '-----BEGIN PUBLIC KEY-----\n-----END PUBLIC KEY-----',
+        maxAzs: 2,
+        rdsSecretsArn,
+        desiredServerCount: 1,
+        serverImage: 'medplum/medplum-server:latest',
+        serverMemory: 512,
+        serverCpu: 256,
+      }),
+      { encoding: 'utf-8' }
+    );
+
+    expect(() => main({ config: filename })).not.toThrow();
+    unlinkSync(filename);
+  });
+});

package/src/index.ts

@@ -0,0 +1,68 @@
+import { App, Stack } from 'aws-cdk-lib';
+import { readFileSync } from 'fs';
+import { resolve } from 'path';
+import { BackEnd } from './backend';
+import { MedplumInfraConfig } from './config';
+import { FrontEnd } from './frontend';
+import { Storage } from './storage';
+
+class MedplumStack {
+  primaryStack: Stack;
+  backEnd: BackEnd;
+  frontEnd: FrontEnd;
+  storage: Storage;
+
+  constructor(scope: App, config: MedplumInfraConfig) {
+    this.primaryStack = new Stack(scope, config.stackName, {
+      env: {
+        region: config.region,
+        account: config.accountNumber,
+      },
+    });
+
+    this.backEnd = new BackEnd(this.primaryStack, config);
+    this.frontEnd = new FrontEnd(this.primaryStack, config, config.region);
+    this.storage = new Storage(this.primaryStack, config, config.region);
+
+    if (config.region !== 'us-east-1') {
+      // Some resources must be created in us-east-1
+      // For example, CloudFront distributions and ACM certificates
+      // If the primary region is not us-east-1, create these resources in us-east-1
+      const usEast1Stack = new Stack(scope, config.stackName + '-us-east-1', {
+        env: {
+          region: 'us-east-1',
+          account: config.accountNumber,
+        },
+      });
+
+      this.frontEnd = new FrontEnd(usEast1Stack, config, 'us-east-1');
+      this.storage = new Storage(usEast1Stack, config, 'us-east-1');
+    }
+  }
+}
+
+export function main(context?: Record<string, string>): void {
+  const app = new App({ context });
+
+  const configFileName = app.node.tryGetContext('config');
+  if (!configFileName) {
+    console.log('Missing "config" context variable');
+    console.log('Usage: cdk deploy -c config=my-config.json');
+    return;
+  }
+
+  const config = JSON.parse(readFileSync(resolve(configFileName), 'utf-8')) as MedplumInfraConfig;
+
+  const stack = new MedplumStack(app, config);
+
+  console.log('Stack', stack.primaryStack.stackId);
+  console.log('BackEnd', stack.backEnd.node.id);
+  console.log('FrontEnd', stack.frontEnd.node.id);
+  console.log('Storage', stack.storage.node.id);
+
+  app.synth();
+}
+
+if (require.main === module) {
+  main();
+}

package/src/init.test.ts

@@ -0,0 +1,378 @@
+import { randomUUID } from 'crypto';
+import { readFileSync, unlinkSync, writeFileSync } from 'fs';
+import readline from 'readline';
+import { main } from './init';
+
+jest.mock('@aws-sdk/client-acm');
+jest.mock('@aws-sdk/client-ssm');
+jest.mock('@aws-sdk/client-sts');
+
+test('Init tool success', async () => {
+  const filename = `test-${randomUUID()}.json`;
+
+  await main(
+    mockReadline(
+      'foo',
+      filename,
+      'us-east-1',
+      'account-123',
+      'TestStack',
+      'test.example.com',
+      'support@example.com',
+      '', // default API domain
+      '', // default app domain
+      '', // default storage domain
+      '', // default storage bucket
+      '', // default availability zones
+      'y', // Yes, create a database
+      '', // default database instances
+      '', // default server instances
+      '', // default server memory
+      '', // default server cpu
+      '', // default server image
+      'y', // Yes, request api certificate
+      '', // default DNS validation
+      'y', // Yes, request app certificate
+      '', // default DNS validation
+      'y', // Yes, request storage certificate
+      '', // default DNS validation
+      'y' // Yes, write to Parameter Store
+    )
+  );
+
+  const config = JSON.parse(readFileSync(filename, 'utf8'));
+  expect(config).toMatchObject({
+    apiPort: 8103,
+    name: 'foo',
+    region: 'us-east-1',
+    accountNumber: 'account-123',
+    stackName: 'TestStack',
+    domainName: 'test.example.com',
+    apiDomainName: 'api.test.example.com',
+    appDomainName: 'app.test.example.com',
+    storageDomainName: 'storage.test.example.com',
+    storageBucketName: 'medplum-foo-storage',
+    maxAzs: 2,
+    rdsInstances: 1,
+    desiredServerCount: 1,
+    serverMemory: 512,
+    serverCpu: 256,
+    serverImage: 'medplum/medplum-server:latest',
+    storagePublicKey: expect.stringContaining('-----BEGIN PUBLIC KEY-----'),
+    apiSslCertArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
+    appSslCertArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
+    storageSslCertArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
+  });
+  unlinkSync(filename);
+});
+
+test('Overwrite existing file', async () => {
+  const filename = `test-${randomUUID()}.json`;
+  writeFileSync(filename, '{}', 'utf8');
+
+  await main(
+    mockReadline(
+      'foo',
+      filename,
+      'y', // Yes, overwrite
+      'us-east-1',
+      'account-123',
+      'TestStack',
+      'test.example.com',
+      'support@example.com',
+      '', // default API domain
+      '', // default app domain
+      '', // default storage domain
+      '', // default storage bucket
+      '', // default availability zones
+      'y', // Yes, create a database
+      '', // default database instances
+      '', // default server instances
+      '', // default server memory
+      '', // default server cpu
+      '', // default server image
+      'y', // Yes, request api certificate
+      '', // default DNS validation
+      'y', // Yes, request app certificate
+      '', // default DNS validation
+      'y', // Yes, request storage certificate
+      '', // default DNS validation
+      'y' // Yes, write to Parameter Store
+    )
+  );
+
+  const config = JSON.parse(readFileSync(filename, 'utf8'));
+  expect(config).toMatchObject({
+    apiPort: 8103,
+    name: 'foo',
+    region: 'us-east-1',
+    accountNumber: 'account-123',
+    stackName: 'TestStack',
+    domainName: 'test.example.com',
+    apiDomainName: 'api.test.example.com',
+    appDomainName: 'app.test.example.com',
+    storageDomainName: 'storage.test.example.com',
+    storageBucketName: 'medplum-foo-storage',
+    maxAzs: 2,
+    rdsInstances: 1,
+    desiredServerCount: 1,
+    serverMemory: 512,
+    serverCpu: 256,
+    serverImage: 'medplum/medplum-server:latest',
+    storagePublicKey: expect.stringContaining('-----BEGIN PUBLIC KEY-----'),
+    apiSslCertArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
+    appSslCertArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
+    storageSslCertArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
+  });
+  unlinkSync(filename);
+});
+
+test('Invalid AWS credentials', async () => {
+  const filename = `test-${randomUUID()}.json`;
+
+  console.log = jest.fn();
+
+  await main(
+    mockReadline(
+      'foo',
+      filename,
+      'us-bad-1', // Special fake region for mock clients
+      'account-123',
+      'TestStack',
+      'test.example.com',
+      'support@example.com',
+      '', // default API domain
+      '', // default app domain
+      '', // default storage domain
+      '', // default storage bucket
+      '', // default availability zones
+      'y', // Yes, create a database
+      '', // default database instances
+      '', // default server instances
+      '', // default server memory
+      '', // default server cpu
+      '', // default server image
+      'y', // Yes, request api certificate
+      '', // default DNS validation
+      'y', // Yes, request app certificate
+      '', // default DNS validation
+      'y', // Yes, request storage certificate
+      '', // default DNS validation
+      'y' // Yes, write to Parameter Store
+    )
+  );
+
+  expect(console.log).toHaveBeenCalledWith('Warning: Unable to get AWS account ID', 'Invalid region');
+
+  const config = JSON.parse(readFileSync(filename, 'utf8'));
+  expect(config).toMatchObject({
+    apiPort: 8103,
+    name: 'foo',
+    region: 'us-bad-1',
+    accountNumber: 'account-123',
+    stackName: 'TestStack',
+    domainName: 'test.example.com',
+    apiDomainName: 'api.test.example.com',
+    appDomainName: 'app.test.example.com',
+    storageDomainName: 'storage.test.example.com',
+    storageBucketName: 'medplum-foo-storage',
+    maxAzs: 2,
+    rdsInstances: 1,
+    desiredServerCount: 1,
+    serverMemory: 512,
+    serverCpu: 256,
+    serverImage: 'medplum/medplum-server:latest',
+    storagePublicKey: expect.stringContaining('-----BEGIN PUBLIC KEY-----'),
+    apiSslCertArn: 'TODO',
+    appSslCertArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
+    storageSslCertArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
+  });
+  unlinkSync(filename);
+});
+
+test('Bring your own database', async () => {
+  const filename = `test-${randomUUID()}.json`;
+
+  await main(
+    mockReadline(
+      'foo',
+      filename,
+      'us-east-1',
+      'account-123',
+      'TestStack',
+      'test.example.com',
+      'support@example.com',
+      '', // default API domain
+      '', // default app domain
+      '', // default storage domain
+      '', // default storage bucket
+      '', // default availability zones
+      'n', // No, do not create a database
+      '', // default server instances
+      '', // default server memory
+      '', // default server cpu
+      '', // default server image
+      'y', // Yes, request api certificate
+      '', // default DNS validation
+      'y', // Yes, request app certificate
+      '', // default DNS validation
+      'y', // Yes, request storage certificate
+      '', // default DNS validation
+      'y' // Yes, write to Parameter Store
+    )
+  );
+
+  const config = JSON.parse(readFileSync(filename, 'utf8'));
+  expect(config).toMatchObject({
+    apiPort: 8103,
+    name: 'foo',
+    region: 'us-east-1',
+    accountNumber: 'account-123',
+    stackName: 'TestStack',
+    domainName: 'test.example.com',
+    apiDomainName: 'api.test.example.com',
+    appDomainName: 'app.test.example.com',
+    storageDomainName: 'storage.test.example.com',
+    storageBucketName: 'medplum-foo-storage',
+    maxAzs: 2,
+    rdsSecretsArn: 'TODO',
+    desiredServerCount: 1,
+    serverMemory: 512,
+    serverCpu: 256,
+    serverImage: 'medplum/medplum-server:latest',
+    storagePublicKey: expect.stringContaining('-----BEGIN PUBLIC KEY-----'),
+    apiSslCertArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
+    appSslCertArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
+    storageSslCertArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
+  });
+  unlinkSync(filename);
+});
+
+test('Do not request SSL certs', async () => {
+  const filename = `test-${randomUUID()}.json`;
+
+  await main(
+    mockReadline(
+      'foo',
+      filename,
+      'us-east-1',
+      'account-123',
+      'TestStack',
+      'test.example.com',
+      'support@example.com',
+      '', // default API domain
+      '', // default app domain
+      '', // default storage domain
+      '', // default storage bucket
+      '', // default availability zones
+      'y', // Yes, create a database
+      '', // default database instances
+      '', // default server instances
+      '', // default server memory
+      '', // default server cpu
+      '', // default server image
+      'n', // No api certificate
+      'n', // No app certificate
+      'n', // No storage certificate
+      'y' // Yes, write to Parameter Store
+    )
+  );
+
+  const config = JSON.parse(readFileSync(filename, 'utf8'));
+  expect(config).toMatchObject({
+    apiPort: 8103,
+    name: 'foo',
+    region: 'us-east-1',
+    accountNumber: 'account-123',
+    stackName: 'TestStack',
+    domainName: 'test.example.com',
+    apiDomainName: 'api.test.example.com',
+    appDomainName: 'app.test.example.com',
+    storageDomainName: 'storage.test.example.com',
+    storageBucketName: 'medplum-foo-storage',
+    maxAzs: 2,
+    rdsInstances: 1,
+    desiredServerCount: 1,
+    serverMemory: 512,
+    serverCpu: 256,
+    serverImage: 'medplum/medplum-server:latest',
+    storagePublicKey: expect.stringContaining('-----BEGIN PUBLIC KEY-----'),
+    apiSslCertArn: 'TODO',
+    appSslCertArn: 'TODO',
+    storageSslCertArn: 'TODO',
+  });
+  unlinkSync(filename);
+});
+
+test('Existing SSL certificates', async () => {
+  const filename = `test-${randomUUID()}.json`;
+
+  await main(
+    mockReadline(
+      'foo',
+      filename,
+      'us-east-1',
+      'account-123',
+      'TestStack',
+      'existing.example.com',
+      'support@example.com',
+      '', // default API domain
+      '', // default app domain
+      '', // default storage domain
+      '', // default storage bucket
+      '', // default availability zones
+      'y', // Yes, create a database
+      '', // default database instances
+      '', // default server instances
+      '', // default server memory
+      '', // default server cpu
+      '', // default server image
+      'y', // Yes, request api certificate
+      '', // default DNS validation
+      'y', // Yes, request app certificate
+      '', // default DNS validation
+      'y', // Yes, request storage certificate
+      '', // default DNS validation
+      'y' // Yes, write to Parameter Store
+    )
+  );
+
+  const config = JSON.parse(readFileSync(filename, 'utf8'));
+  expect(config).toMatchObject({
+    apiPort: 8103,
+    name: 'foo',
+    region: 'us-east-1',
+    accountNumber: 'account-123',
+    stackName: 'TestStack',
+    domainName: 'existing.example.com',
+    apiDomainName: 'api.existing.example.com',
+    appDomainName: 'app.existing.example.com',
+    storageDomainName: 'storage.existing.example.com',
+    storageBucketName: 'medplum-foo-storage',
+    maxAzs: 2,
+    rdsInstances: 1,
+    desiredServerCount: 1,
+    serverMemory: 512,
+    serverCpu: 256,
+    serverImage: 'medplum/medplum-server:latest',
+    storagePublicKey: expect.stringContaining('-----BEGIN PUBLIC KEY-----'),
+    apiSslCertArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789013',
+    appSslCertArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
+    storageSslCertArn: 'arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012',
+  });
+  unlinkSync(filename);
+});
+
+function mockReadline(...answers: string[]): readline.Interface {
+  const result = { write: jest.fn(), question: jest.fn() };
+  const debug = false;
+  for (const answer of answers) {
+    result.question.mockImplementationOnce((q: string, cb: (answer: string) => void) => {
+      if (debug) {
+        console.log(q, answer);
+      }
+      cb(answer);
+    });
+  }
+  return result as unknown as readline.Interface;
+}