@studion/infra-code-blocks 0.0.11 → 0.1.1

package/README.md

@@ -92,7 +92,7 @@ type DatabaseService = {
   serviceName: string;
   dbName: pulumi.Input<string>;
   username: pulumi.Input<string>;
-  password?: pulumi.Input<string>;
+  password: pulumi.Input<string>;
   applyImmediately?: pulumi.Input<boolean>;
   skipFinalSnapshot?: pulumi.Input<boolean>;
   allocatedStorage?: pulumi.Input<number>;
@@ -237,7 +237,7 @@ AWS RDS Postgres instance.
 Features:
 
 - enabled encryption with a symmetric encryption key
-- deployed inside a private subnet
+- deployed inside an isolated subnet
 - backup enabled with retention period set to 14 days
 
 <br>
@@ -256,8 +256,8 @@ new Database(name: string, args: DatabaseArgs, opts?: pulumi.CustomResourceOptio
 type DatabaseArgs = {
   dbName: pulumi.Input<string>;
   username: pulumi.Input<string>;
+  password: pulumi.Input<string>;
   vpc: awsx.ec2.Vpc;
-  password?: pulumi.Input<string>;
   applyImmediately?: pulumi.Input<boolean>;
   skipFinalSnapshot?: pulumi.Input<boolean>;
   allocatedStorage?: pulumi.Input<number>;
@@ -269,9 +269,8 @@ type DatabaseArgs = {
 };
 ```
 
-If a password is not specified, it will be autogenerated and stored as a secret
-inside AWS Secret Manager. The secret will be available on the `Database` resource
-as `passwordSecret`.
+The database password is stored as a secret inside AWS Secret Manager.
+The secret will be available on the `Database` resource as `passwordSecret`.
 
 ### Redis
 
@@ -429,16 +428,16 @@ Where `CLUSTER_NAME` is the name of the ECS cluster and `TASK_FAMILY_NAME` is th
 
 ## SSM Connect
 
-The [Database](#database) component deploys a database instance inside a private subnet,
+The [Database](#database) component deploys a database instance inside a isolated subnet,
 and it's not publicly accessible from outside of VPC.
 <br>
 In order to connect to the database we need to deploy the ec2 instance which will be used
 to forward traffic to the database instance.
 <br>
-Because of security reasons, the ec2 instance is also deployed inside a private subnet
+Because of security reasons, the ec2 instance is deployed inside a private subnet
 which means we can't directly connect to it. For that purpose, we use AWS System Manager
 which enables us to connect to the ec2 instance even though it's inside a private subnet.
-The benefit of using AWS SSM is that we don't need a ssh key pair.
+Another benefit of using AWS SSM is that we don't need a ssh key pair.
 
 ![AWS RDS connection schema](/assets/images/ssm-rds.png)
 
@@ -501,3 +500,4 @@ const project = new studion.Project('demo-project', {
 
 - [ ] Add worker service for executing tasks
 - [ ] Add MongoDB service
+- [ ] Enable RDS password rotation

package/dist/components/acm-certificate.js

@@ -3,10 +3,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.AcmCertificate = void 0;
 const pulumi = require("@pulumi/pulumi");
 const aws = require("@pulumi/aws");
+const constants_1 = require("../constants");
 class AcmCertificate extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {
         super('studion:acm:Certificate', name, {}, opts);
-        this.certificate = new aws.acm.Certificate(`${args.domain}-certificate`, { domainName: args.domain, validationMethod: 'DNS' }, { parent: this });
+        this.certificate = new aws.acm.Certificate(`${args.domain}-certificate`, { domainName: args.domain, validationMethod: 'DNS', tags: constants_1.commonTags }, { parent: this });
         const certificateValidationDomain = new aws.route53.Record(`${args.domain}-cert-validation-domain`, {
             name: this.certificate.domainValidationOptions[0].resourceRecordName,
             type: this.certificate.domainValidationOptions[0].resourceRecordType,

package/dist/components/database.d.ts

@@ -11,14 +11,14 @@ export type DatabaseArgs = {
      */
     username: pulumi.Input<string>;
     /**
-     * The awsx.ec2.Vpc resource.
+     * Password for the master DB user.
+     * The value will be stored as a secret in AWS Secret Manager.
      */
-    vpc: awsx.ec2.Vpc;
+    password: pulumi.Input<string>;
     /**
-     * Password for the master DB user. If not specified, it will be autogenerated.
-     * The value will be stored as a secret in AWS Secret Manager.
+     * The awsx.ec2.Vpc resource.
      */
-    password?: pulumi.Input<string>;
+    vpc: awsx.ec2.Vpc;
     /**
      * Specifies whether any database modifications are applied immediately, or during the next maintenance window. Default is false.
      */
@@ -47,10 +47,16 @@ export type DatabaseArgs = {
     }>;
 };
 export declare class Database extends pulumi.ComponentResource {
+    name: string;
     instance: aws.rds.Instance;
     kms: aws.kms.Key;
     dbSubnetGroup: aws.rds.SubnetGroup;
     dbSecurityGroup: aws.ec2.SecurityGroup;
     passwordSecret: aws.secretsmanager.Secret;
     constructor(name: string, args: DatabaseArgs, opts?: pulumi.ComponentResourceOptions);
+    private createSubnetGroup;
+    private createSecurityGroup;
+    private createEncryptionKey;
+    private createPasswordSecret;
+    private createDatabaseInstance;
 }

package/dist/components/database.js

@@ -3,54 +3,77 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.Database = void 0;
 const aws = require("@pulumi/aws");
 const pulumi = require("@pulumi/pulumi");
+const constants_1 = require("../constants");
 const defaults = {
     applyImmediately: false,
     skipFinalSnapshot: false,
     allocatedStorage: 20,
     maxAllocatedStorage: 100,
-    instanceClass: 'db.t3.micro',
+    instanceClass: 'db.t4g.micro',
 };
 class Database extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {
         super('studion:Database', name, {}, opts);
-        const project = pulumi.getProject();
-        const stack = pulumi.getStack();
-        const argsWithDefaults = Object.assign({}, defaults, args);
-        this.dbSubnetGroup = new aws.rds.SubnetGroup(`${name}-subnet-group`, {
-            subnetIds: argsWithDefaults.vpc.privateSubnetIds,
+        this.name = name;
+        const { vpc, password } = args;
+        this.dbSubnetGroup = this.createSubnetGroup({ vpc });
+        this.dbSecurityGroup = this.createSecurityGroup({ vpc });
+        this.kms = this.createEncryptionKey();
+        this.passwordSecret = this.createPasswordSecret({ password });
+        this.instance = this.createDatabaseInstance(args);
+        this.registerOutputs();
+    }
+    createSubnetGroup({ vpc }) {
+        const dbSubnetGroup = new aws.rds.SubnetGroup(`${this.name}-subnet-group`, {
+            subnetIds: vpc.isolatedSubnetIds,
+            tags: constants_1.commonTags,
         }, { parent: this });
-        this.dbSecurityGroup = new aws.ec2.SecurityGroup(`${name}-security-group`, {
-            vpcId: argsWithDefaults.vpc.vpcId,
+        return dbSubnetGroup;
+    }
+    createSecurityGroup({ vpc }) {
+        const dbSecurityGroup = new aws.ec2.SecurityGroup(`${this.name}-security-group`, {
+            vpcId: vpc.vpcId,
             ingress: [
                 {
                     protocol: 'tcp',
                     fromPort: 5432,
                     toPort: 5432,
-                    cidrBlocks: [argsWithDefaults.vpc.vpc.cidrBlock],
+                    cidrBlocks: [vpc.vpc.cidrBlock],
                 },
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
-        this.kms = new aws.kms.Key(`${name}-rds-key`, {
-            description: `${name} RDS encryption key`,
+        return dbSecurityGroup;
+    }
+    createEncryptionKey() {
+        const kms = new aws.kms.Key(`${this.name}-rds-key`, {
+            description: `${this.name} RDS encryption key`,
             customerMasterKeySpec: 'SYMMETRIC_DEFAULT',
             isEnabled: true,
             keyUsage: 'ENCRYPT_DECRYPT',
             multiRegion: false,
             enableKeyRotation: true,
+            tags: constants_1.commonTags,
         }, { parent: this });
-        const password = argsWithDefaults.password ||
-            aws.secretsmanager
-                .getRandomPasswordOutput()
-                .apply(res => res.randomPassword);
-        this.passwordSecret = new aws.secretsmanager.Secret(`${name}-password-secret`, {
-            name: `${stack}/${project}/DatabasePassword`,
+        return kms;
+    }
+    createPasswordSecret({ password }) {
+        const project = pulumi.getProject();
+        const stack = pulumi.getStack();
+        const passwordSecret = new aws.secretsmanager.Secret(`${this.name}-password-secret`, {
+            namePrefix: `${stack}/${project}/DatabasePassword-`,
+            tags: constants_1.commonTags,
         }, { parent: this });
-        const passwordSecretValue = new aws.secretsmanager.SecretVersion(`${name}-password-secret-value`, {
-            secretId: this.passwordSecret.id,
+        const passwordSecretValue = new aws.secretsmanager.SecretVersion(`${this.name}-password-secret-value`, {
+            secretId: passwordSecret.id,
             secretString: password,
-        }, { parent: this, dependsOn: [this.passwordSecret] });
-        this.instance = new aws.rds.Instance(`${name}-rds`, {
-            identifier: name,
+        }, { parent: this, dependsOn: [passwordSecret] });
+        return passwordSecret;
+    }
+    createDatabaseInstance(args) {
+        const argsWithDefaults = Object.assign({}, defaults, args);
+        const instance = new aws.rds.Instance(`${this.name}-rds`, {
+            identifierPrefix: `${this.name}-`,
             engine: 'postgres',
             engineVersion: '14.9',
             allocatedStorage: argsWithDefaults.allocatedStorage,
@@ -58,7 +81,7 @@ class Database extends pulumi.ComponentResource {
             instanceClass: argsWithDefaults.instanceClass,
             dbName: argsWithDefaults.dbName,
             username: argsWithDefaults.username,
-            password,
+            password: argsWithDefaults.password,
             dbSubnetGroupName: this.dbSubnetGroup.name,
             vpcSecurityGroupIds: [this.dbSecurityGroup.id],
             storageEncrypted: true,
@@ -68,12 +91,12 @@ class Database extends pulumi.ComponentResource {
             applyImmediately: argsWithDefaults.applyImmediately,
             autoMinorVersionUpgrade: true,
             maintenanceWindow: 'Mon:07:00-Mon:07:30',
-            finalSnapshotIdentifier: `${name}-final-snapshot`,
+            finalSnapshotIdentifier: `${this.name}-final-snapshot`,
             backupWindow: '06:00-06:30',
             backupRetentionPeriod: 14,
-            tags: argsWithDefaults.tags,
+            tags: Object.assign(Object.assign({}, constants_1.commonTags), argsWithDefaults.tags),
         }, { parent: this });
-        this.registerOutputs();
+        return instance;
     }
 }
 exports.Database = Database;

package/dist/components/ec2-ssm-connect.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.Ec2SSMConnect = void 0;
 const pulumi = require("@pulumi/pulumi");
 const aws = require("@pulumi/aws");
+const constants_1 = require("../constants");
 const config = new pulumi.Config('aws');
 const awsRegion = config.require('region');
 class Ec2SSMConnect extends pulumi.ComponentResource {
@@ -15,25 +16,20 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
                     protocol: 'tcp',
                     fromPort: 22,
                     toPort: 22,
-                    cidrBlocks: ['0.0.0.0/0'],
-                },
-                {
-                    protocol: 'tcp',
-                    fromPort: 80,
-                    toPort: 80,
-                    cidrBlocks: ['0.0.0.0/0'],
+                    cidrBlocks: [args.vpc.vpc.cidrBlock],
                 },
                 {
                     protocol: 'tcp',
                     fromPort: 443,
                     toPort: 443,
-                    cidrBlocks: ['0.0.0.0/0'],
+                    cidrBlocks: [args.vpc.vpc.cidrBlock],
                 },
             ],
             egress: [
                 { protocol: '-1', fromPort: 0, toPort: 0, cidrBlocks: ['0.0.0.0/0'] },
             ],
             vpcId: args.vpc.vpcId,
+            tags: constants_1.commonTags,
         }, { parent: this });
         const role = new aws.iam.Role(`${name}-ec2-role`, {
             assumeRolePolicy: {
@@ -48,6 +44,7 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
                     },
                 ],
             },
+            tags: constants_1.commonTags,
         }, { parent: this });
         const ssmPolicyAttachment = new aws.iam.RolePolicyAttachment(`${name}-ssm-policy-attachment`, {
             role: role.name,
@@ -55,15 +52,16 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
         }, { parent: this });
         const ssmProfile = new aws.iam.InstanceProfile(`${name}-ssm-profile`, {
             role: role.name,
+            tags: constants_1.commonTags,
         }, { parent: this, dependsOn: [ssmPolicyAttachment] });
         this.ec2 = new aws.ec2.Instance(`${name}-ec2`, {
-            ami: 'ami-067d1e60475437da2',
+            ami: constants_1.Ec2AMI.AmazonLinux2023.ARM,
             associatePublicIpAddress: false,
-            instanceType: 't2.micro',
+            instanceType: 't4g.nano',
             iamInstanceProfile: ssmProfile.name,
             subnetId,
             vpcSecurityGroupIds: [this.ec2SecurityGroup.id],
-            tags: Object.assign({ Name: `${name}-ec2` }, args.tags),
+            tags: Object.assign(Object.assign(Object.assign({}, constants_1.commonTags), { Name: `${name}-ec2` }), args.tags),
         }, { parent: this });
         this.ssmVpcEndpoint = new aws.ec2.VpcEndpoint(`${name}-ssm-vpc-endpoint`, {
             vpcId: args.vpc.vpcId,
@@ -73,6 +71,7 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
             subnetIds: [subnetId],
             securityGroupIds: [this.ec2SecurityGroup.id],
             privateDnsEnabled: true,
+            tags: constants_1.commonTags,
         }, { parent: this, dependsOn: [this.ec2] });
         this.ec2MessagesVpcEndpoint = new aws.ec2.VpcEndpoint(`${name}-ec2messages-vpc-endpoint`, {
             vpcId: args.vpc.vpcId,
@@ -82,6 +81,7 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
             subnetIds: [subnetId],
             securityGroupIds: [this.ec2SecurityGroup.id],
             privateDnsEnabled: true,
+            tags: constants_1.commonTags,
         }, { parent: this, dependsOn: [this.ec2] });
         this.ssmMessagesVpcEndpoint = new aws.ec2.VpcEndpoint(`${name}-ssmmessages-vpc-endpoint`, {
             vpcId: args.vpc.vpcId,
@@ -91,6 +91,7 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
             subnetIds: [subnetId],
             securityGroupIds: [this.ec2SecurityGroup.id],
             privateDnsEnabled: true,
+            tags: constants_1.commonTags,
         }, { parent: this, dependsOn: [this.ec2] });
         this.registerOutputs();
     }

package/dist/components/project.js

@@ -21,6 +21,7 @@ const web_server_1 = require("./web-server");
 const redis_1 = require("./redis");
 const static_site_1 = require("./static-site");
 const ec2_ssm_connect_1 = require("./ec2-ssm-connect");
+const constants_1 = require("../constants");
 class MissingHostedZoneId extends Error {
     constructor(serviceType) {
         super(`Project::hostedZoneId argument must be provided 
@@ -50,6 +51,12 @@ class Project extends pulumi.ComponentResource {
             numberOfAvailabilityZones: 2,
             enableDnsHostnames: true,
             enableDnsSupport: true,
+            subnetSpecs: [
+                { type: awsx.ec2.SubnetType.Public, cidrMask: 24 },
+                { type: awsx.ec2.SubnetType.Private, cidrMask: 24 },
+                { type: awsx.ec2.SubnetType.Isolated, cidrMask: 24 },
+            ],
+            tags: constants_1.commonTags,
         }, { parent: this });
         return vpc;
     }
@@ -81,6 +88,7 @@ class Project extends pulumi.ComponentResource {
     createWebServerPrerequisites() {
         this.cluster = new aws.ecs.Cluster(`${this.name}-cluster`, {
             name: this.name,
+            tags: constants_1.commonTags,
         }, { parent: this });
     }
     createDatabaseService(options) {

package/dist/components/redis.js

@@ -4,6 +4,7 @@ exports.Redis = void 0;
 const pulumi = require("@pulumi/pulumi");
 const upstash = require("@upstash/pulumi");
 const aws = require("@pulumi/aws");
+const constants_1 = require("../constants");
 const defaults = {
     region: 'us-east-1',
 };
@@ -21,7 +22,8 @@ class Redis extends pulumi.ComponentResource {
             tls: true,
         }, { provider: opts.provider, parent: this });
         this.passwordSecret = new aws.secretsmanager.Secret(`${name}-password-secret`, {
-            name: `${stack}/${project}/RedisPassword`,
+            namePrefix: `${stack}/${project}/RedisPassword-`,
+            tags: constants_1.commonTags,
         }, { parent: this, dependsOn: [this.instance] });
         const passwordSecretValue = new aws.secretsmanager.SecretVersion(`${name}-password-secret-value`, {
             secretId: this.passwordSecret.id,

package/dist/components/static-site.d.ts

@@ -19,8 +19,13 @@ export type StaticSiteArgs = {
     }>;
 };
 export declare class StaticSite extends pulumi.ComponentResource {
+    name: string;
     certificate: AcmCertificate;
     bucket: aws.s3.Bucket;
     cloudfront: aws.cloudfront.Distribution;
     constructor(name: string, args: StaticSiteArgs, opts?: pulumi.ComponentResourceOptions);
+    private createTlsCertificate;
+    private createPublicBucket;
+    private createCloudfrontDistribution;
+    private createDnsRecord;
 }

package/dist/components/static-site.js

@@ -4,28 +4,42 @@ exports.StaticSite = void 0;
 const aws = require("@pulumi/aws");
 const pulumi = require("@pulumi/pulumi");
 const acm_certificate_1 = require("./acm-certificate");
+const constants_1 = require("../constants");
 class StaticSite extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {
         super('studion:StaticSite', name, {}, opts);
-        const certificate = new acm_certificate_1.AcmCertificate(`${args.domain}-acm-certificate`, {
-            domain: args.domain,
-            hostedZoneId: args.hostedZoneId,
+        this.name = name;
+        const { domain, hostedZoneId, tags } = args;
+        this.certificate = this.createTlsCertificate({ domain, hostedZoneId });
+        this.bucket = this.createPublicBucket({ tags });
+        this.cloudfront = this.createCloudfrontDistribution({ domain, tags });
+        this.createDnsRecord({ domain, hostedZoneId });
+        this.registerOutputs();
+    }
+    createTlsCertificate({ domain, hostedZoneId, }) {
+        const certificate = new acm_certificate_1.AcmCertificate(`${domain}-acm-certificate`, {
+            domain,
+            hostedZoneId,
         }, { parent: this });
-        const bucket = new aws.s3.Bucket(`${name}-bucket`, {
+        return certificate;
+    }
+    createPublicBucket({ tags }) {
+        const bucket = new aws.s3.Bucket(`${this.name}-bucket`, {
+            bucketPrefix: `${this.name}-`,
             website: {
                 indexDocument: 'index.html',
                 errorDocument: 'index.html',
             },
-            tags: args.tags,
+            tags: Object.assign(Object.assign({}, constants_1.commonTags), tags),
         }, { parent: this });
-        const bucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock(`${name}-bucket-access-block`, {
+        const bucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock(`${this.name}-bucket-access-block`, {
             bucket: bucket.id,
             blockPublicAcls: false,
             blockPublicPolicy: false,
             ignorePublicAcls: false,
             restrictPublicBuckets: false,
         }, { parent: this });
-        const siteBucketPolicy = new aws.s3.BucketPolicy(`${name}-bucket-policy`, {
+        const siteBucketPolicy = new aws.s3.BucketPolicy(`${this.name}-bucket-policy`, {
             bucket: bucket.bucket,
             policy: bucket.bucket.apply(publicReadPolicy),
         }, { parent: this, dependsOn: [bucketPublicAccessBlock] });
@@ -42,22 +56,25 @@ class StaticSite extends pulumi.ComponentResource {
                 ],
             };
         }
-        const cloudfront = new aws.cloudfront.Distribution(`${name}-cloudfront`, {
+        return bucket;
+    }
+    createCloudfrontDistribution({ domain, tags, }) {
+        const cloudfront = new aws.cloudfront.Distribution(`${this.name}-cloudfront`, {
             enabled: true,
             defaultRootObject: 'index.html',
-            aliases: [args.domain],
+            aliases: [domain],
             isIpv6Enabled: true,
             waitForDeployment: true,
             httpVersion: 'http2and3',
             viewerCertificate: {
-                acmCertificateArn: certificate.certificate.arn,
+                acmCertificateArn: this.certificate.certificate.arn,
                 sslSupportMethod: 'sni-only',
                 minimumProtocolVersion: 'TLSv1.2_2021',
             },
             origins: [
                 {
-                    originId: bucket.arn,
-                    domainName: bucket.websiteEndpoint,
+                    originId: this.bucket.arn,
+                    domainName: this.bucket.websiteEndpoint,
                     connectionAttempts: 3,
                     connectionTimeout: 10,
                     customOriginConfig: {
@@ -69,7 +86,7 @@ class StaticSite extends pulumi.ComponentResource {
                 },
             ],
             defaultCacheBehavior: {
-                targetOriginId: bucket.arn,
+                targetOriginId: this.bucket.arn,
                 viewerProtocolPolicy: 'redirect-to-https',
                 allowedMethods: ['GET', 'HEAD', 'OPTIONS'],
                 cachedMethods: ['GET', 'HEAD', 'OPTIONS'],
@@ -86,24 +103,24 @@ class StaticSite extends pulumi.ComponentResource {
             restrictions: {
                 geoRestriction: { restrictionType: 'none' },
             },
-            tags: args.tags,
+            tags: Object.assign(Object.assign({}, constants_1.commonTags), tags),
         }, { parent: this });
-        const cdnAliasRecord = new aws.route53.Record(`${name}-cdn-route53-record`, {
+        return cloudfront;
+    }
+    createDnsRecord({ domain, hostedZoneId, }) {
+        const cdnAliasRecord = new aws.route53.Record(`${this.name}-cdn-route53-record`, {
             type: 'A',
-            name: args.domain,
-            zoneId: args.hostedZoneId,
+            name: domain,
+            zoneId: hostedZoneId,
             aliases: [
                 {
-                    name: cloudfront.domainName,
-                    zoneId: cloudfront.hostedZoneId,
+                    name: this.cloudfront.domainName,
+                    zoneId: this.cloudfront.hostedZoneId,
                     evaluateTargetHealth: true,
                 },
             ],
         }, { parent: this });
-        this.certificate = certificate;
-        this.bucket = bucket;
-        this.cloudfront = cloudfront;
-        this.registerOutputs();
+        return cdnAliasRecord;
     }
 }
 exports.StaticSite = StaticSite;

package/dist/components/web-server.d.ts

@@ -1,7 +1,7 @@
 import * as pulumi from '@pulumi/pulumi';
 import * as aws from '@pulumi/aws';
 import * as awsx from '@pulumi/awsx';
-import { Size } from './types';
+import { Size } from '../types/size';
 import { AcmCertificate } from './acm-certificate';
 export type RoleInlinePolicy = {
     /**
@@ -85,6 +85,7 @@ export type WebServerArgs = {
     }>;
 };
 export declare class WebServer extends pulumi.ComponentResource {
+    name: string;
     certificate: AcmCertificate;
     logGroup: aws.cloudwatch.LogGroup;
     lbSecurityGroup: aws.ec2.SecurityGroup;
@@ -92,8 +93,14 @@ export declare class WebServer extends pulumi.ComponentResource {
     lbTargetGroup: aws.lb.TargetGroup;
     lbHttpListener: aws.lb.Listener;
     lbTlsListener: aws.lb.Listener;
-    serviceSecurityGroup: aws.ec2.SecurityGroup;
     taskDefinition: aws.ecs.TaskDefinition;
     service: aws.ecs.Service;
     constructor(name: string, args: WebServerArgs, opts?: pulumi.ComponentResourceOptions);
+    private createTlsCertificate;
+    private createLogGroup;
+    private createLoadBalancer;
+    private createTaskDefinition;
+    private createEcsService;
+    private createDnsRecord;
+    private enableAutoscaling;
 }

package/dist/components/web-server.js

@@ -34,17 +34,40 @@ const defaults = {
 class WebServer extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {
         super('studion:WebServer', name, {}, opts);
-        const argsWithDefaults = Object.assign({}, defaults, args);
-        this.certificate = new acm_certificate_1.AcmCertificate(`${argsWithDefaults.domain}-acm-certificate`, {
-            domain: argsWithDefaults.domain,
-            hostedZoneId: argsWithDefaults.hostedZoneId,
+        this.name = name;
+        const { domain, hostedZoneId, vpc, port, healtCheckPath } = args;
+        this.certificate = this.createTlsCertificate({ domain, hostedZoneId });
+        this.logGroup = this.createLogGroup();
+        const { lb, lbTargetGroup, lbHttpListener, lbTlsListener, lbSecurityGroup, } = this.createLoadBalancer({ vpc, port, healtCheckPath });
+        this.lb = lb;
+        this.lbTargetGroup = lbTargetGroup;
+        this.lbHttpListener = lbHttpListener;
+        this.lbTlsListener = lbTlsListener;
+        this.lbSecurityGroup = lbSecurityGroup;
+        this.taskDefinition = this.createTaskDefinition(args);
+        this.service = this.createEcsService(args);
+        this.createDnsRecord({ domain, hostedZoneId });
+        this.enableAutoscaling(args);
+        this.registerOutputs();
+    }
+    createTlsCertificate({ domain, hostedZoneId, }) {
+        const certificate = new acm_certificate_1.AcmCertificate(`${domain}-acm-certificate`, {
+            domain,
+            hostedZoneId,
         }, { parent: this });
-        this.logGroup = new aws.cloudwatch.LogGroup(`${name}-log-group`, {
+        return certificate;
+    }
+    createLogGroup() {
+        const logGroup = new aws.cloudwatch.LogGroup(`${this.name}-log-group`, {
             retentionInDays: 14,
-            name: `/ecs/${name}`,
+            namePrefix: `/ecs/${this.name}-`,
+            tags: constants_1.commonTags,
         }, { parent: this });
-        this.lbSecurityGroup = new aws.ec2.SecurityGroup(`${name}-lb-security-group`, {
-            vpcId: argsWithDefaults.vpc.vpcId,
+        return logGroup;
+    }
+    createLoadBalancer({ vpc, port, healtCheckPath, }) {
+        const lbSecurityGroup = new aws.ec2.SecurityGroup(`${this.name}-lb-security-group`, {
+            vpcId: vpc.vpcId,
             ingress: [
                 {
                     protocol: 'tcp',
@@ -67,30 +90,33 @@ class WebServer extends pulumi.ComponentResource {
                     cidrBlocks: ['0.0.0.0/0'],
                 },
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
-        this.lb = new aws.lb.LoadBalancer(`${name}-lb`, {
-            name: `${name}-lb`,
+        const lb = new aws.lb.LoadBalancer(`${this.name}-lb`, {
+            namePrefix: `${this.name}-lb-`,
             loadBalancerType: 'application',
-            subnets: argsWithDefaults.vpc.publicSubnetIds,
-            securityGroups: [this.lbSecurityGroup.id],
+            subnets: vpc.publicSubnetIds,
+            securityGroups: [lbSecurityGroup.id],
             internal: false,
             ipAddressType: 'ipv4',
+            tags: constants_1.commonTags,
         }, { parent: this });
-        this.lbTargetGroup = new aws.lb.TargetGroup(`${name}-lb-tg`, {
-            name: `${name}-lb-tg`,
-            port: argsWithDefaults.port,
+        const lbTargetGroup = new aws.lb.TargetGroup(`${this.name}-lb-tg`, {
+            namePrefix: `${this.name}-lb-tg-`,
+            port,
             protocol: 'HTTP',
             targetType: 'ip',
-            vpcId: argsWithDefaults.vpc.vpcId,
+            vpcId: vpc.vpcId,
             healthCheck: {
                 healthyThreshold: 3,
                 unhealthyThreshold: 2,
                 interval: 60,
                 timeout: 5,
-                path: argsWithDefaults.healtCheckPath,
+                path: healtCheckPath || defaults.healtCheckPath,
             },
+            tags: constants_1.commonTags,
         }, { parent: this, dependsOn: [this.lb] });
-        this.lbHttpListener = new aws.lb.Listener(`${name}-lb-listener-80`, {
+        const lbHttpListener = new aws.lb.Listener(`${this.name}-lb-listener-80`, {
             loadBalancerArn: this.lb.arn,
             port: 80,
             defaultActions: [
@@ -103,8 +129,9 @@ class WebServer extends pulumi.ComponentResource {
                     },
                 },
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
-        this.lbTlsListener = new aws.lb.Listener(`${name}-lb-listener-443`, {
+        const lbTlsListener = new aws.lb.Listener(`${this.name}-lb-listener-443`, {
             loadBalancerArn: this.lb.arn,
             port: 443,
             protocol: 'HTTPS',
@@ -116,21 +143,20 @@ class WebServer extends pulumi.ComponentResource {
                     targetGroupArn: this.lbTargetGroup.arn,
                 },
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
-        const albAliasRecord = new aws.route53.Record(`${name}-route53-record`, {
-            type: 'A',
-            name: argsWithDefaults.domain,
-            zoneId: argsWithDefaults.hostedZoneId,
-            aliases: [
-                {
-                    name: this.lb.dnsName,
-                    zoneId: this.lb.zoneId,
-                    evaluateTargetHealth: true,
-                },
-            ],
-        }, { parent: this });
+        return {
+            lb,
+            lbTargetGroup,
+            lbHttpListener,
+            lbTlsListener,
+            lbSecurityGroup,
+        };
+    }
+    createTaskDefinition(args) {
+        const argsWithDefaults = Object.assign({}, defaults, args);
         const secretManagerSecretsInlinePolicy = {
-            name: `${name}-secret-manager-access`,
+            name: `${this.name}-secret-manager-access`,
             policy: JSON.stringify({
                 Version: '2012-10-17',
                 Statement: [
@@ -143,8 +169,8 @@ class WebServer extends pulumi.ComponentResource {
                 ],
             }),
         };
-        const taskExecutionRole = new aws.iam.Role(`${name}-ecs-task-exec-role`, {
-            name: `${name}-ecs-task-exec-role`,
+        const taskExecutionRole = new aws.iam.Role(`${this.name}-ecs-task-exec-role`, {
+            namePrefix: `${this.name}-ecs-task-exec-role-`,
             assumeRolePolicy,
             managedPolicyArns: [
                 'arn:aws:iam::aws:policy/CloudWatchFullAccess',
@@ -154,9 +180,10 @@ class WebServer extends pulumi.ComponentResource {
                 secretManagerSecretsInlinePolicy,
                 ...argsWithDefaults.taskExecutionRoleInlinePolicies,
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
         const execCmdInlinePolicy = {
-            name: `${name}-ecs-exec`,
+            name: `${this.name}-ecs-exec`,
             policy: JSON.stringify({
                 Version: '2012-10-17',
                 Statement: [
@@ -174,13 +201,14 @@ class WebServer extends pulumi.ComponentResource {
                 ],
             }),
         };
-        const taskRole = new aws.iam.Role(`${name}-ecs-task-role`, {
-            name: `${name}-ecs-task-role`,
+        const taskRole = new aws.iam.Role(`${this.name}-ecs-task-role`, {
+            namePrefix: `${this.name}-ecs-task-role-`,
             assumeRolePolicy,
             inlinePolicies: [
                 execCmdInlinePolicy,
                 ...argsWithDefaults.taskRoleInlinePolicies,
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
         const parsedSize = pulumi.all([argsWithDefaults.size]).apply(([size]) => {
             const mapCapabilities = ({ cpu, memory }) => ({
@@ -195,8 +223,8 @@ class WebServer extends pulumi.ComponentResource {
             }
             throw Error('Incorrect EcsService size argument');
         });
-        this.taskDefinition = new aws.ecs.TaskDefinition(`${name}-task-definition`, {
-            family: `${name}-task-definition`,
+        const taskDefinition = new aws.ecs.TaskDefinition(`${this.name}-task-definition`, {
+            family: `${this.name}-task-definition`,
             networkMode: 'awsvpc',
             executionRoleArn: taskExecutionRole.arn,
             taskRoleArn: taskRole.arn,
@@ -205,7 +233,7 @@ class WebServer extends pulumi.ComponentResource {
             requiresCompatibilities: ['FARGATE'],
             containerDefinitions: pulumi
                 .all([
-                name,
+                this.name,
                 argsWithDefaults.image,
                 argsWithDefaults.port,
                 argsWithDefaults.environment,
@@ -239,9 +267,13 @@ class WebServer extends pulumi.ComponentResource {
                     },
                 ]);
             }),
-            tags: argsWithDefaults.tags,
+            tags: Object.assign(Object.assign({}, constants_1.commonTags), argsWithDefaults.tags),
         }, { parent: this });
-        this.serviceSecurityGroup = new aws.ec2.SecurityGroup(`${name}-security-group`, {
+        return taskDefinition;
+    }
+    createEcsService(args) {
+        const argsWithDefaults = Object.assign({}, defaults, args);
+        const serviceSecurityGroup = new aws.ec2.SecurityGroup(`${this.name}-security-group`, {
             vpcId: argsWithDefaults.vpc.vpcId,
             ingress: [
                 {
@@ -259,9 +291,10 @@ class WebServer extends pulumi.ComponentResource {
                     cidrBlocks: ['0.0.0.0/0'],
                 },
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
-        this.service = new aws.ecs.Service(`${name}-service`, {
-            name,
+        const service = new aws.ecs.Service(`${this.name}-service`, {
+            name: this.name,
             cluster: argsWithDefaults.cluster.id,
             launchType: 'FARGATE',
             desiredCount: argsWithDefaults.desiredCount,
@@ -269,7 +302,7 @@ class WebServer extends pulumi.ComponentResource {
             enableExecuteCommand: true,
             loadBalancers: [
                 {
-                    containerName: name,
+                    containerName: this.name,
                     containerPort: argsWithDefaults.port,
                     targetGroupArn: this.lbTargetGroup.arn,
                 },
@@ -277,9 +310,9 @@ class WebServer extends pulumi.ComponentResource {
             networkConfiguration: {
                 assignPublicIp: true,
                 subnets: argsWithDefaults.vpc.publicSubnetIds,
-                securityGroups: [this.serviceSecurityGroup.id],
+                securityGroups: [serviceSecurityGroup.id],
             },
-            tags: argsWithDefaults.tags,
+            tags: Object.assign(Object.assign({}, constants_1.commonTags), argsWithDefaults.tags),
         }, {
             parent: this,
             dependsOn: [
@@ -289,14 +322,33 @@ class WebServer extends pulumi.ComponentResource {
                 this.lbTlsListener,
             ],
         });
-        const autoscalingTarget = new aws.appautoscaling.Target(`${name}-autoscale-target`, {
+        return service;
+    }
+    createDnsRecord({ domain, hostedZoneId, }) {
+        const albAliasRecord = new aws.route53.Record(`${this.name}-route53-record`, {
+            type: 'A',
+            name: domain,
+            zoneId: hostedZoneId,
+            aliases: [
+                {
+                    name: this.lb.dnsName,
+                    zoneId: this.lb.zoneId,
+                    evaluateTargetHealth: true,
+                },
+            ],
+        }, { parent: this });
+    }
+    enableAutoscaling(args) {
+        const argsWithDefaults = Object.assign({}, defaults, args);
+        const autoscalingTarget = new aws.appautoscaling.Target(`${this.name}-autoscale-target`, {
             minCapacity: argsWithDefaults.minCount,
             maxCapacity: argsWithDefaults.maxCount,
             resourceId: pulumi.interpolate `service/${argsWithDefaults.cluster.name}/${this.service.name}`,
             serviceNamespace: 'ecs',
             scalableDimension: 'ecs:service:DesiredCount',
+            tags: constants_1.commonTags,
         }, { parent: this });
-        const memoryAutoscalingPolicy = new aws.appautoscaling.Policy(`${name}-memory-autoscale-policy`, {
+        const memoryAutoscalingPolicy = new aws.appautoscaling.Policy(`${this.name}-memory-autoscale-policy`, {
             policyType: 'TargetTrackingScaling',
             resourceId: autoscalingTarget.resourceId,
             scalableDimension: autoscalingTarget.scalableDimension,
@@ -308,7 +360,7 @@ class WebServer extends pulumi.ComponentResource {
                 targetValue: 80,
             },
         }, { parent: this });
-        const cpuAutoscalingPolicy = new aws.appautoscaling.Policy(`${name}-cpu-autoscale-policy`, {
+        const cpuAutoscalingPolicy = new aws.appautoscaling.Policy(`${this.name}-cpu-autoscale-policy`, {
             policyType: 'TargetTrackingScaling',
             resourceId: autoscalingTarget.resourceId,
             scalableDimension: autoscalingTarget.scalableDimension,
@@ -320,7 +372,6 @@ class WebServer extends pulumi.ComponentResource {
                 targetValue: 60,
             },
         }, { parent: this });
-        this.registerOutputs();
     }
 }
 exports.WebServer = WebServer;

package/dist/constants.d.ts

@@ -16,3 +16,12 @@ export declare const PredefinedSize: {
         readonly memory: number;
     };
 };
+export declare const Ec2AMI: {
+    AmazonLinux2023: {
+        ARM: string;
+    };
+};
+export declare const commonTags: {
+    Env: string;
+    Project: string;
+};

package/dist/constants.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.PredefinedSize = void 0;
+exports.commonTags = exports.Ec2AMI = exports.PredefinedSize = void 0;
+const pulumi = require("@pulumi/pulumi");
 const CPU_1_VCPU = 1024;
 const MEMORY_1GB = 1024;
 exports.PredefinedSize = {
@@ -21,3 +22,12 @@ exports.PredefinedSize = {
         memory: MEMORY_1GB * 4, // 4 GB memory
     },
 };
+exports.Ec2AMI = {
+    AmazonLinux2023: {
+        ARM: 'ami-0b40baa8c6b882e6c',
+    },
+};
+exports.commonTags = {
+    Env: pulumi.getStack(),
+    Project: pulumi.getProject(),
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@studion/infra-code-blocks",
-  "version": "0.0.11",
+  "version": "0.1.1",
   "description": "Studion common infra components",
   "keywords": [
     "infrastructure",