@studion/infra-code-blocks 0.0.1 → 0.0.3

package/README.md

@@ -1,11 +1,373 @@
 # `@studion/infra-code-blocks`
 
-Studion common infra components.
+Studion Platform common infra components.
 
-## Installation 💻
+## Table of Contents
+
+1. [Installation](#installation)
+2. [Usage](#usage)
+3. [API](#api)
+
+## Installation
 
 - Run the command:
 
 ```bash
 $ npm i @studion/infra-code-blocks
 ```
+
+## Usage
+
+- Import Studion infra components in your project
+
+```ts
+import * as studion from '@studion/infra-code-blocks';
+```
+
+- Use Studion components
+
+```ts
+import * as studion from '@studion/infra-code-blocks';
+
+const project = new studion.Project('demo-project', {
+  environment: 'DEVELOPMENT',
+  services: [
+    {
+      type: 'REDIS',
+      serviceName: 'redis',
+      dbName: 'test-db',
+    },
+  ],
+});
+
+export const projectName = project.name;
+```
+
+## API
+
+1. [Project](#project)
+2. [Database](#database)
+3. [Redis](#redis)
+4. [StaticSite](#static-site)
+5. [WebServer](#web-server)
+
+### Project
+
+Project component makes it really easy to spin up project infrastructure,
+hiding infrastructure complexity.
+<br>
+The component creates its own VPC which is used for resources within the project.
+
+```ts
+new Project(name: string, args: ProjectArgs, opts?: pulumi.CustomResourceOptions);
+```
+
+| Argument |                  Description                   |
+| :------- | :--------------------------------------------: |
+| name \*  |        The unique name of the resource.        |
+| args \*  |     The arguments to resource properties.      |
+| opts     | Bag of options to control resource's behavior. |
+
+```ts
+type ProjectArgs = {
+  services: (
+    | DatabaseService
+    | RedisService
+    | StaticSiteService
+    | WebServerService
+  )[];
+  environment: Environment;
+  hostedZoneId?: pulumi.Input<string>;
+  enableSSMConnect?: pulumi.Input<boolean>;
+};
+```
+
+| Argument         |                                                                         Description                                                                          |
+| :--------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------: |
+| services \*      |                                                                        Service list.                                                                         |
+| environment \*   |                                                                      Environment name.                                                                       |
+| hostedZoneId     |                                           Route53 hosted zone ID responsible for managing records for the domain.                                            |
+| enableSSMConnect | Setup ec2 instance and SSM in order to connect to the database in the private subnet. Please refer to the [SSM Connect](#ssm-connect) section for more info. |
+
+```ts
+type DatabaseService = {
+  type: 'DATABASE';
+  serviceName: string;
+  dbName: pulumi.Input<string>;
+  username: pulumi.Input<string>;
+  password: pulumi.Input<string>;
+  applyImmediately?: pulumi.Input<boolean>;
+  skipFinalSnapshot?: pulumi.Input<boolean>;
+  allocatedStorage?: pulumi.Input<number>;
+  maxAllocatedStorage?: pulumi.Input<number>;
+  instanceClass?: pulumi.Input<string>;
+};
+```
+
+```ts
+export type RedisService = {
+  type: 'REDIS';
+  serviceName: string;
+  dbName: pulumi.Input<string>;
+  region?: pulumi.Input<string>;
+};
+```
+
+```ts
+export type StaticSiteService = {
+  type: 'STATIC_SITE';
+  serviceName: string;
+  domain: pulumi.Input<string>;
+};
+```
+
+```ts
+export type WebServerService = {
+  type: 'WEB_SERVER';
+  serviceName: string;
+  environment?:
+    | aws.ecs.KeyValuePair[]
+    | ((services: Services) => aws.ecs.KeyValuePair[]);
+  image: pulumi.Input<string>;
+  port: pulumi.Input<number>;
+  domain: pulumi.Input<string>;
+  desiredCount?: pulumi.Input<number>;
+  minCount?: pulumi.Input<number>;
+  maxCount?: pulumi.Input<number>;
+  size?: pulumi.Input<Size>;
+  healtCheckPath?: pulumi.Input<string>;
+  taskExecutionRoleInlinePolicies?: pulumi.Input<
+    pulumi.Input<RoleInlinePolicy>[]
+  >;
+  taskRoleInlinePolicies?: pulumi.Input<pulumi.Input<RoleInlinePolicy>[]>;
+};
+```
+
+Often, web server depends on other services such as database, Redis, etc.
+For that purpose, environment factory can be used. The factory function
+recieves services bag as argument.
+
+```ts
+const project = new studion.Project('demo-project', {
+  environment: 'DEVELOPMENT',
+  services: [
+    {
+      type: 'REDIS',
+      serviceName: 'redis',
+      dbName: 'test-db',
+    },
+    {
+      type: 'WEB_SERVER',
+      serviceName: 'api',
+      image: imageUri,
+      port: 3000,
+      domain: 'api.my-domain.com',
+      environment: (services: Services) => {
+        const redisServiceName = 'redis';
+        const redis = services[redisServiceName];
+        return [
+          { name: 'REDIS_HOST', value: redis.endpoint },
+          { name: 'REDIS_PORT', value: redis.port.apply(port => String(port)) },
+        ];
+      },
+    },
+  ],
+});
+```
+
+### Database
+
+RDS Postgres instance.
+
+```ts
+new Database(name: string, args: DatabaseArgs, opts?: pulumi.CustomResourceOptions);
+```
+
+| Argument |                  Description                   |
+| :------- | :--------------------------------------------: |
+| name \*  |        The unique name of the resource.        |
+| args \*  |     The arguments to resource properties.      |
+| opts     | Bag of options to control resource's behavior. |
+
+```ts
+type DatabaseArgs = {
+  dbName: pulumi.Input<string>;
+  username: pulumi.Input<string>;
+  password: pulumi.Input<string>;
+  vpc: awsx.ec2.Vpc;
+  applyImmediately?: pulumi.Input<boolean>;
+  skipFinalSnapshot?: pulumi.Input<boolean>;
+  allocatedStorage?: pulumi.Input<number>;
+  maxAllocatedStorage?: pulumi.Input<number>;
+  instanceClass?: pulumi.Input<string>;
+};
+```
+
+### Redis
+
+Upstash Redis instance.
+
+```ts
+new Redis(name: string, args: RedisArgs, opts: RedisOptions);
+```
+
+| Argument |                  Description                   |
+| :------- | :--------------------------------------------: |
+| name \*  |        The unique name of the resource.        |
+| args \*  |     The arguments to resource properties.      |
+| opts     | Bag of options to control resource's behavior. |
+
+```ts
+type RedisArgs = {
+  dbName: pulumi.Input<string>;
+  region?: pulumi.Input<string>;
+};
+
+interface RedisOptions extends pulumi.ComponentResourceOptions {
+  provider: upstash.Provider;
+}
+```
+
+### Static Site
+
+A static site that will be deployed using S3 + Cloudfront.
+
+```ts
+new StaticSite(name: string, args: StaticSiteArgs, opts?: pulumi.ComponentResourceOptions );
+```
+
+| Argument |                  Description                   |
+| :------- | :--------------------------------------------: |
+| name \*  |        The unique name of the resource.        |
+| args \*  |     The arguments to resource properties.      |
+| opts     | Bag of options to control resource's behavior. |
+
+```ts
+type StaticSiteArgs = {
+  domain: pulumi.Input<string>;
+  hostedZoneId: pulumi.Input<string>;
+};
+```
+
+### Web Server
+
+A web server that will be deployed to ECS Fargate service with autoscaling enabled.
+
+```ts
+new WebServer(name: string, args: WebServerArgs, opts?: pulumi.ComponentResourceOptions );
+```
+
+| Argument |                  Description                   |
+| :------- | :--------------------------------------------: |
+| name \*  |        The unique name of the resource.        |
+| args \*  |     The arguments to resource properties.      |
+| opts     | Bag of options to control resource's behavior. |
+
+```ts
+export type WebServerArgs = {
+  image: pulumi.Input<string>;
+  port: pulumi.Input<number>;
+  domain: pulumi.Input<string>;
+  cluster: aws.ecs.Cluster;
+  hostedZoneId: pulumi.Input<string>;
+  vpc: awsx.ec2.Vpc;
+  desiredCount?: pulumi.Input<number>;
+  minCount?: pulumi.Input<number>;
+  maxCount?: pulumi.Input<number>;
+  size?: pulumi.Input<Size>;
+  environment?: aws.ecs.KeyValuePair[];
+  healtCheckPath?: pulumi.Input<string>;
+  taskExecutionRoleInlinePolicies?: pulumi.Input<
+    pulumi.Input<RoleInlinePolicy>[]
+  >;
+  taskRoleInlinePolicies?: pulumi.Input<pulumi.Input<RoleInlinePolicy>[]>;
+};
+```
+
+## SSM Connect
+
+The [Database](#database) component deploys a database instance inside a private subnet,
+and it's not publicly accessible from outside of VPC.
+<br>
+In order to connect to the database we need to deploy the ec2 instance which will be used
+to open an SSH tunnel to the database instance.
+<br>
+Because of security reasons, ec2 instance is also deployed inside private subnet
+which means we can't directly connect to it. For that purpose, we use AWS System Manager
+which enables us to connect to the ec2 instance even though it's inside private subnet.
+
+![AWS RDS connection schema](/assets/images/ssm-rds.png)
+
+**Prerequisites**
+
+1. Install the [Session Manager plugin](https://docs.aws.amazon.com/systems-manager/latest/userguide/install-plugin-macos-overview.html#install-plugin-macos)
+2. Generate a new ssh key pair or use the existing one.
+
+```bash
+$ ssh-keygen -f my_rsa
+```
+
+3. Set stack config property by running:
+
+```bash
+$ pulumi config set ssh:publicKey "ssh-rsa Z...9= mymac@Studions-MBP.localdomain"
+```
+
+SSM Connect can be enabled by setting `enableSSMConnect` property to `true`.
+
+```ts
+const project = new studion.Project('demo-project', {
+  enableSSMConnect: true,
+  ...
+});
+
+export const ec2InstanceId = project.ec2SSMConnect?.ec2.id;
+```
+
+Open up your terminal and run the following command:
+
+```bash
+$ aws ssm start-session --target EC2_INSTANCE_ID --document-name AWS-StartPortForwardingSession --parameters '{"portNumber":["22"], "localPortNumber":["9999"]}'
+```
+
+Where `EC2_INSTANCE_ID` is an ID of the EC2 instance that is created for you. ID can be
+obtained by exporting it from the stack.
+
+Next, open another terminal window and run the following command:
+
+```bash
+$ ssh ec2-user@localhost -p 9999 -N -L 5555:DATABASE_ADDRESS:DATABASE_PORT -i SSH_PRIVATE_KEY
+```
+
+Where `DATABASE_ADDRESS` and `DATABASE_PORT` are the address and port of the database instance,
+and `SSH_PRIVATE_KEY` is the path to the SSH private key.
+
+And that is it! 🥳
+Now you can use your favorite database client to connect to the database.
+
+![RDS connection](/assets/images/rds-connection.png)
+
+It is important that for the host you set `localhost` and for the port you set `5555`
+because we have an SSH tunnel open that forwards traffic from localhost:5555 to the
+DATABASE_ADDRESS:DATABASE_PORT. For the user, password, and database field, set values
+which are set in the `Project`.
+
+```ts
+const project = new studion.Project('demo-project', {
+  enableSSMConnect: true,
+  services: [
+    {
+      type: 'DATABASE',
+      dbName: 'database_name',
+      username: 'username',
+      password: 'password',
+      ...
+    }
+  ]
+});
+```
+
+## 🚧 TODO
+
+- [ ] Add worker service for executing tasks
+- [ ] Update docs, describe each service, describe required stack configs...

package/dist/components/acm-certificate.d.ts

@@ -0,0 +1,10 @@
+import * as pulumi from '@pulumi/pulumi';
+import * as aws from '@pulumi/aws';
+export type AcmCertificateArgs = {
+    domain: pulumi.Input<string>;
+    hostedZoneId: pulumi.Input<string>;
+};
+export declare class AcmCertificate extends pulumi.ComponentResource {
+    certificate: aws.acm.Certificate;
+    constructor(name: string, args: AcmCertificateArgs, opts?: pulumi.ComponentResourceOptions);
+}

package/dist/components/acm-certificate.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AcmCertificate = void 0;
+const pulumi = require("@pulumi/pulumi");
+const aws = require("@pulumi/aws");
+class AcmCertificate extends pulumi.ComponentResource {
+    constructor(name, args, opts = {}) {
+        super('studion:acm:Certificate', name, {}, opts);
+        this.certificate = new aws.acm.Certificate(`${args.domain}-certificate`, { domainName: args.domain, validationMethod: 'DNS' }, { parent: this });
+        const certificateValidationDomain = new aws.route53.Record(`${args.domain}-cert-validation-domain`, {
+            name: this.certificate.domainValidationOptions[0].resourceRecordName,
+            type: this.certificate.domainValidationOptions[0].resourceRecordType,
+            zoneId: args.hostedZoneId,
+            records: [
+                this.certificate.domainValidationOptions[0].resourceRecordValue,
+            ],
+            ttl: 600,
+        }, {
+            parent: this,
+            deleteBeforeReplace: true,
+        });
+        const certificateValidation = new aws.acm.CertificateValidation(`${args.domain}-cert-validation`, {
+            certificateArn: this.certificate.arn,
+            validationRecordFqdns: [certificateValidationDomain.fqdn],
+        }, { parent: this });
+        this.registerOutputs();
+    }
+}
+exports.AcmCertificate = AcmCertificate;

package/dist/components/database.d.ts

@@ -0,0 +1,48 @@
+import * as aws from '@pulumi/aws';
+import * as awsx from '@pulumi/awsx';
+import * as pulumi from '@pulumi/pulumi';
+export type DatabaseArgs = {
+    /**
+     * The name of the database to create when the DB instance is created.
+     */
+    dbName: pulumi.Input<string>;
+    /**
+     * Username for the master DB user.
+     */
+    username: pulumi.Input<string>;
+    /**
+     * Password for the master DB user.
+     */
+    password: pulumi.Input<string>;
+    /**
+     * The awsx.ec2.Vpc resource.
+     */
+    vpc: awsx.ec2.Vpc;
+    /**
+     * Specifies whether any database modifications are applied immediately, or during the next maintenance window. Default is false.
+     */
+    applyImmediately?: pulumi.Input<boolean>;
+    /**
+     * Determines whether a final DB snapshot is created before the DB instance is deleted.
+     */
+    skipFinalSnapshot?: pulumi.Input<boolean>;
+    /**
+     * The allocated storage in gibibytes.
+     */
+    allocatedStorage?: pulumi.Input<number>;
+    /**
+     * The upper limit to which Amazon RDS can automatically scale the storage of the DB instance.
+     */
+    maxAllocatedStorage?: pulumi.Input<number>;
+    /**
+     * The instance type of the RDS instance.
+     */
+    instanceClass?: pulumi.Input<string>;
+};
+export declare class Database extends pulumi.ComponentResource {
+    instance: aws.rds.Instance;
+    kms: aws.kms.Key;
+    dbSubnetGroup: aws.rds.SubnetGroup;
+    dbSecurityGroup: aws.ec2.SecurityGroup;
+    constructor(name: string, args: DatabaseArgs, opts?: pulumi.ComponentResourceOptions);
+}

package/dist/components/database.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Database = void 0;
+const aws = require("@pulumi/aws");
+const pulumi = require("@pulumi/pulumi");
+const defaults = {
+    applyImmediately: false,
+    skipFinalSnapshot: false,
+    allocatedStorage: 20,
+    maxAllocatedStorage: 100,
+    instanceClass: 'db.t3.micro',
+};
+class Database extends pulumi.ComponentResource {
+    constructor(name, args, opts = {}) {
+        super('studion:Database', name, {}, opts);
+        const argsWithDefaults = Object.assign({}, defaults, args);
+        this.dbSubnetGroup = new aws.rds.SubnetGroup(`${name}-subnet-group`, {
+            subnetIds: argsWithDefaults.vpc.privateSubnetIds,
+        }, { parent: this });
+        this.dbSecurityGroup = new aws.ec2.SecurityGroup(`${name}-security-group`, {
+            vpcId: argsWithDefaults.vpc.vpcId,
+            ingress: [
+                {
+                    protocol: 'tcp',
+                    fromPort: 5432,
+                    toPort: 5432,
+                    cidrBlocks: [argsWithDefaults.vpc.vpc.cidrBlock],
+                },
+            ],
+        }, { parent: this });
+        this.kms = new aws.kms.Key(`${name}-rds-key`, {
+            customerMasterKeySpec: 'SYMMETRIC_DEFAULT',
+            isEnabled: true,
+            keyUsage: 'ENCRYPT_DECRYPT',
+            multiRegion: false,
+            enableKeyRotation: true,
+        }, { parent: this });
+        this.instance = new aws.rds.Instance(`${name}-rds`, {
+            identifier: name,
+            engine: 'postgres',
+            engineVersion: '14.9',
+            allocatedStorage: argsWithDefaults.allocatedStorage,
+            maxAllocatedStorage: argsWithDefaults.maxAllocatedStorage,
+            instanceClass: argsWithDefaults.instanceClass,
+            dbName: argsWithDefaults.dbName,
+            username: argsWithDefaults.username,
+            password: argsWithDefaults.password,
+            dbSubnetGroupName: this.dbSubnetGroup.name,
+            vpcSecurityGroupIds: [this.dbSecurityGroup.id],
+            storageEncrypted: true,
+            kmsKeyId: this.kms.arn,
+            publiclyAccessible: false,
+            skipFinalSnapshot: argsWithDefaults.skipFinalSnapshot,
+            applyImmediately: argsWithDefaults.applyImmediately,
+            autoMinorVersionUpgrade: true,
+            maintenanceWindow: 'Mon:07:00-Mon:07:30',
+            finalSnapshotIdentifier: `${name}-final-snapshot`,
+            backupWindow: '06:00-06:30',
+            backupRetentionPeriod: 14,
+        }, { parent: this });
+        this.registerOutputs();
+    }
+}
+exports.Database = Database;

package/dist/components/ec2-ssm-connect.d.ts

@@ -0,0 +1,16 @@
+import * as pulumi from '@pulumi/pulumi';
+import * as aws from '@pulumi/aws';
+import * as awsx from '@pulumi/awsx';
+export type Ec2SSMConnectArgs = {
+    vpc: awsx.ec2.Vpc;
+    sshPublicKey: pulumi.Input<string>;
+};
+export declare class Ec2SSMConnect extends pulumi.ComponentResource {
+    ec2SecurityGroup: aws.ec2.SecurityGroup;
+    ssmVpcEndpoint: aws.ec2.VpcEndpoint;
+    ec2MessagesVpcEndpoint: aws.ec2.VpcEndpoint;
+    ssmMessagesVpcEndpoint: aws.ec2.VpcEndpoint;
+    ec2: aws.ec2.Instance;
+    sshKeyPair: aws.ec2.KeyPair;
+    constructor(name: string, args: Ec2SSMConnectArgs, opts?: pulumi.ComponentResourceOptions);
+}

package/dist/components/ec2-ssm-connect.js

@@ -0,0 +1,92 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Ec2SSMConnect = void 0;
+const pulumi = require("@pulumi/pulumi");
+const aws = require("@pulumi/aws");
+const config = new pulumi.Config('aws');
+const awsRegion = config.require('region');
+class Ec2SSMConnect extends pulumi.ComponentResource {
+    constructor(name, args, opts = {}) {
+        super('studion:Ec2BastionSSMConnect', name, {}, opts);
+        const subnetId = args.vpc.privateSubnetIds.apply(ids => ids[0]);
+        this.ec2SecurityGroup = new aws.ec2.SecurityGroup(`${name}-ec2-security-group`, {
+            ingress: [
+                {
+                    protocol: 'tcp',
+                    fromPort: 22,
+                    toPort: 22,
+                    cidrBlocks: ['0.0.0.0/0'],
+                },
+            ],
+            egress: [
+                { protocol: '-1', fromPort: 0, toPort: 0, cidrBlocks: ['0.0.0.0/0'] },
+            ],
+            vpcId: args.vpc.vpcId,
+        }, { parent: this });
+        const role = new aws.iam.Role(`${name}-ec2-role`, {
+            assumeRolePolicy: {
+                Version: '2012-10-17',
+                Statement: [
+                    {
+                        Effect: 'Allow',
+                        Principal: {
+                            Service: 'ec2.amazonaws.com',
+                        },
+                        Action: 'sts:AssumeRole',
+                    },
+                ],
+            },
+        }, { parent: this });
+        const ssmPolicyAttachment = new aws.iam.RolePolicyAttachment(`${name}-ssm-policy-attachment`, {
+            role: role.name,
+            policyArn: 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore',
+        }, { parent: this });
+        const ssmProfile = new aws.iam.InstanceProfile(`${name}-ssm-profile`, {
+            role: role.name,
+        }, { parent: this, dependsOn: [ssmPolicyAttachment] });
+        this.ssmVpcEndpoint = new aws.ec2.VpcEndpoint(`${name}-ssm-vpc-endpoint`, {
+            vpcId: args.vpc.vpcId,
+            ipAddressType: 'ipv4',
+            serviceName: `com.amazonaws.${awsRegion}.ssm`,
+            vpcEndpointType: 'Interface',
+            subnetIds: [subnetId],
+            securityGroupIds: [this.ec2SecurityGroup.id],
+            privateDnsEnabled: true,
+        }, { parent: this });
+        this.ec2MessagesVpcEndpoint = new aws.ec2.VpcEndpoint(`${name}-ec2messages-vpc-endpoint`, {
+            vpcId: args.vpc.vpcId,
+            ipAddressType: 'ipv4',
+            serviceName: `com.amazonaws.${awsRegion}.ec2messages`,
+            vpcEndpointType: 'Interface',
+            subnetIds: [subnetId],
+            securityGroupIds: [this.ec2SecurityGroup.id],
+            privateDnsEnabled: true,
+        }, { parent: this });
+        this.ssmMessagesVpcEndpoint = new aws.ec2.VpcEndpoint(`${name}-ssmmessages-vpc-endpoint`, {
+            vpcId: args.vpc.vpcId,
+            ipAddressType: 'ipv4',
+            serviceName: `com.amazonaws.${awsRegion}.ssmmessages`,
+            vpcEndpointType: 'Interface',
+            subnetIds: [subnetId],
+            securityGroupIds: [this.ec2SecurityGroup.id],
+            privateDnsEnabled: true,
+        }, { parent: this });
+        this.sshKeyPair = new aws.ec2.KeyPair(`${name}-ec2-keypair`, {
+            publicKey: args.sshPublicKey,
+        }, { parent: this });
+        this.ec2 = new aws.ec2.Instance(`${name}-ec2`, {
+            ami: 'ami-067d1e60475437da2',
+            associatePublicIpAddress: false,
+            instanceType: 't2.micro',
+            keyName: this.sshKeyPair.keyName,
+            iamInstanceProfile: ssmProfile.name,
+            subnetId,
+            vpcSecurityGroupIds: [this.ec2SecurityGroup.id],
+            tags: {
+                Name: `${name}-ec2`,
+            },
+        }, { parent: this });
+        this.registerOutputs();
+    }
+}
+exports.Ec2SSMConnect = Ec2SSMConnect;