@studion/infra-code-blocks 0.0.2 → 0.0.3

package/README.md

@@ -78,14 +78,16 @@ type ProjectArgs = {
   )[];
   environment: Environment;
   hostedZoneId?: pulumi.Input<string>;
+  enableSSMConnect?: pulumi.Input<boolean>;
 };
 ```
 
-| Argument       |                               Description                               |
-| :------------- | :---------------------------------------------------------------------: |
-| services \*    |                              Service list.                              |
-| environment \* |                            Environment name.                            |
-| hostedZoneId   | Route53 hosted zone ID responsible for managing records for the domain. |
+| Argument         |                                                                         Description                                                                          |
+| :--------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------: |
+| services \*      |                                                                        Service list.                                                                         |
+| environment \*   |                                                                      Environment name.                                                                       |
+| hostedZoneId     |                                           Route53 hosted zone ID responsible for managing records for the domain.                                            |
+| enableSSMConnect | Setup ec2 instance and SSM in order to connect to the database in the private subnet. Please refer to the [SSM Connect](#ssm-connect) section for more info. |
 
 ```ts
 type DatabaseService = {
@@ -282,9 +284,90 @@ export type WebServerArgs = {
 };
 ```
 
+## SSM Connect
+
+The [Database](#database) component deploys a database instance inside a private subnet,
+and it's not publicly accessible from outside of VPC.
+<br>
+In order to connect to the database we need to deploy the ec2 instance which will be used
+to open an SSH tunnel to the database instance.
+<br>
+Because of security reasons, ec2 instance is also deployed inside private subnet
+which means we can't directly connect to it. For that purpose, we use AWS System Manager
+which enables us to connect to the ec2 instance even though it's inside private subnet.
+
+![AWS RDS connection schema](/assets/images/ssm-rds.png)
+
+**Prerequisites**
+
+1. Install the [Session Manager plugin](https://docs.aws.amazon.com/systems-manager/latest/userguide/install-plugin-macos-overview.html#install-plugin-macos)
+2. Generate a new ssh key pair or use the existing one.
+
+```bash
+$ ssh-keygen -f my_rsa
+```
+
+3. Set stack config property by running:
+
+```bash
+$ pulumi config set ssh:publicKey "ssh-rsa Z...9= mymac@Studions-MBP.localdomain"
+```
+
+SSM Connect can be enabled by setting `enableSSMConnect` property to `true`.
+
+```ts
+const project = new studion.Project('demo-project', {
+  enableSSMConnect: true,
+  ...
+});
+
+export const ec2InstanceId = project.ec2SSMConnect?.ec2.id;
+```
+
+Open up your terminal and run the following command:
+
+```bash
+$ aws ssm start-session --target EC2_INSTANCE_ID --document-name AWS-StartPortForwardingSession --parameters '{"portNumber":["22"], "localPortNumber":["9999"]}'
+```
+
+Where `EC2_INSTANCE_ID` is an ID of the EC2 instance that is created for you. ID can be
+obtained by exporting it from the stack.
+
+Next, open another terminal window and run the following command:
+
+```bash
+$ ssh ec2-user@localhost -p 9999 -N -L 5555:DATABASE_ADDRESS:DATABASE_PORT -i SSH_PRIVATE_KEY
+```
+
+Where `DATABASE_ADDRESS` and `DATABASE_PORT` are the address and port of the database instance,
+and `SSH_PRIVATE_KEY` is the path to the SSH private key.
+
+And that is it! 🥳
+Now you can use your favorite database client to connect to the database.
+
+![RDS connection](/assets/images/rds-connection.png)
+
+It is important that for the host you set `localhost` and for the port you set `5555`
+because we have an SSH tunnel open that forwards traffic from localhost:5555 to the
+DATABASE_ADDRESS:DATABASE_PORT. For the user, password, and database field, set values
+which are set in the `Project`.
+
+```ts
+const project = new studion.Project('demo-project', {
+  enableSSMConnect: true,
+  services: [
+    {
+      type: 'DATABASE',
+      dbName: 'database_name',
+      username: 'username',
+      password: 'password',
+      ...
+    }
+  ]
+});
+```
+
 ## 🚧 TODO
 
-- [x] Allow connection with RDS via ec2 instance
-- [x] Execute commands from ecs service
 - [ ] Add worker service for executing tasks
 - [ ] Update docs, describe each service, describe required stack configs...

package/dist/components/acm-certificate.d.ts

@@ -0,0 +1,10 @@
+import * as pulumi from '@pulumi/pulumi';
+import * as aws from '@pulumi/aws';
+export type AcmCertificateArgs = {
+    domain: pulumi.Input<string>;
+    hostedZoneId: pulumi.Input<string>;
+};
+export declare class AcmCertificate extends pulumi.ComponentResource {
+    certificate: aws.acm.Certificate;
+    constructor(name: string, args: AcmCertificateArgs, opts?: pulumi.ComponentResourceOptions);
+}

package/dist/components/acm-certificate.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AcmCertificate = void 0;
+const pulumi = require("@pulumi/pulumi");
+const aws = require("@pulumi/aws");
+class AcmCertificate extends pulumi.ComponentResource {
+    constructor(name, args, opts = {}) {
+        super('studion:acm:Certificate', name, {}, opts);
+        this.certificate = new aws.acm.Certificate(`${args.domain}-certificate`, { domainName: args.domain, validationMethod: 'DNS' }, { parent: this });
+        const certificateValidationDomain = new aws.route53.Record(`${args.domain}-cert-validation-domain`, {
+            name: this.certificate.domainValidationOptions[0].resourceRecordName,
+            type: this.certificate.domainValidationOptions[0].resourceRecordType,
+            zoneId: args.hostedZoneId,
+            records: [
+                this.certificate.domainValidationOptions[0].resourceRecordValue,
+            ],
+            ttl: 600,
+        }, {
+            parent: this,
+            deleteBeforeReplace: true,
+        });
+        const certificateValidation = new aws.acm.CertificateValidation(`${args.domain}-cert-validation`, {
+            certificateArn: this.certificate.arn,
+            validationRecordFqdns: [certificateValidationDomain.fqdn],
+        }, { parent: this });
+        this.registerOutputs();
+    }
+}
+exports.AcmCertificate = AcmCertificate;

package/dist/components/database.d.ts

@@ -0,0 +1,48 @@
+import * as aws from '@pulumi/aws';
+import * as awsx from '@pulumi/awsx';
+import * as pulumi from '@pulumi/pulumi';
+export type DatabaseArgs = {
+    /**
+     * The name of the database to create when the DB instance is created.
+     */
+    dbName: pulumi.Input<string>;
+    /**
+     * Username for the master DB user.
+     */
+    username: pulumi.Input<string>;
+    /**
+     * Password for the master DB user.
+     */
+    password: pulumi.Input<string>;
+    /**
+     * The awsx.ec2.Vpc resource.
+     */
+    vpc: awsx.ec2.Vpc;
+    /**
+     * Specifies whether any database modifications are applied immediately, or during the next maintenance window. Default is false.
+     */
+    applyImmediately?: pulumi.Input<boolean>;
+    /**
+     * Determines whether a final DB snapshot is created before the DB instance is deleted.
+     */
+    skipFinalSnapshot?: pulumi.Input<boolean>;
+    /**
+     * The allocated storage in gibibytes.
+     */
+    allocatedStorage?: pulumi.Input<number>;
+    /**
+     * The upper limit to which Amazon RDS can automatically scale the storage of the DB instance.
+     */
+    maxAllocatedStorage?: pulumi.Input<number>;
+    /**
+     * The instance type of the RDS instance.
+     */
+    instanceClass?: pulumi.Input<string>;
+};
+export declare class Database extends pulumi.ComponentResource {
+    instance: aws.rds.Instance;
+    kms: aws.kms.Key;
+    dbSubnetGroup: aws.rds.SubnetGroup;
+    dbSecurityGroup: aws.ec2.SecurityGroup;
+    constructor(name: string, args: DatabaseArgs, opts?: pulumi.ComponentResourceOptions);
+}

package/dist/components/database.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Database = void 0;
+const aws = require("@pulumi/aws");
+const pulumi = require("@pulumi/pulumi");
+const defaults = {
+    applyImmediately: false,
+    skipFinalSnapshot: false,
+    allocatedStorage: 20,
+    maxAllocatedStorage: 100,
+    instanceClass: 'db.t3.micro',
+};
+class Database extends pulumi.ComponentResource {
+    constructor(name, args, opts = {}) {
+        super('studion:Database', name, {}, opts);
+        const argsWithDefaults = Object.assign({}, defaults, args);
+        this.dbSubnetGroup = new aws.rds.SubnetGroup(`${name}-subnet-group`, {
+            subnetIds: argsWithDefaults.vpc.privateSubnetIds,
+        }, { parent: this });
+        this.dbSecurityGroup = new aws.ec2.SecurityGroup(`${name}-security-group`, {
+            vpcId: argsWithDefaults.vpc.vpcId,
+            ingress: [
+                {
+                    protocol: 'tcp',
+                    fromPort: 5432,
+                    toPort: 5432,
+                    cidrBlocks: [argsWithDefaults.vpc.vpc.cidrBlock],
+                },
+            ],
+        }, { parent: this });
+        this.kms = new aws.kms.Key(`${name}-rds-key`, {
+            customerMasterKeySpec: 'SYMMETRIC_DEFAULT',
+            isEnabled: true,
+            keyUsage: 'ENCRYPT_DECRYPT',
+            multiRegion: false,
+            enableKeyRotation: true,
+        }, { parent: this });
+        this.instance = new aws.rds.Instance(`${name}-rds`, {
+            identifier: name,
+            engine: 'postgres',
+            engineVersion: '14.9',
+            allocatedStorage: argsWithDefaults.allocatedStorage,
+            maxAllocatedStorage: argsWithDefaults.maxAllocatedStorage,
+            instanceClass: argsWithDefaults.instanceClass,
+            dbName: argsWithDefaults.dbName,
+            username: argsWithDefaults.username,
+            password: argsWithDefaults.password,
+            dbSubnetGroupName: this.dbSubnetGroup.name,
+            vpcSecurityGroupIds: [this.dbSecurityGroup.id],
+            storageEncrypted: true,
+            kmsKeyId: this.kms.arn,
+            publiclyAccessible: false,
+            skipFinalSnapshot: argsWithDefaults.skipFinalSnapshot,
+            applyImmediately: argsWithDefaults.applyImmediately,
+            autoMinorVersionUpgrade: true,
+            maintenanceWindow: 'Mon:07:00-Mon:07:30',
+            finalSnapshotIdentifier: `${name}-final-snapshot`,
+            backupWindow: '06:00-06:30',
+            backupRetentionPeriod: 14,
+        }, { parent: this });
+        this.registerOutputs();
+    }
+}
+exports.Database = Database;

package/dist/components/ec2-ssm-connect.d.ts

@@ -0,0 +1,16 @@
+import * as pulumi from '@pulumi/pulumi';
+import * as aws from '@pulumi/aws';
+import * as awsx from '@pulumi/awsx';
+export type Ec2SSMConnectArgs = {
+    vpc: awsx.ec2.Vpc;
+    sshPublicKey: pulumi.Input<string>;
+};
+export declare class Ec2SSMConnect extends pulumi.ComponentResource {
+    ec2SecurityGroup: aws.ec2.SecurityGroup;
+    ssmVpcEndpoint: aws.ec2.VpcEndpoint;
+    ec2MessagesVpcEndpoint: aws.ec2.VpcEndpoint;
+    ssmMessagesVpcEndpoint: aws.ec2.VpcEndpoint;
+    ec2: aws.ec2.Instance;
+    sshKeyPair: aws.ec2.KeyPair;
+    constructor(name: string, args: Ec2SSMConnectArgs, opts?: pulumi.ComponentResourceOptions);
+}

package/dist/components/ec2-ssm-connect.js

@@ -0,0 +1,92 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Ec2SSMConnect = void 0;
+const pulumi = require("@pulumi/pulumi");
+const aws = require("@pulumi/aws");
+const config = new pulumi.Config('aws');
+const awsRegion = config.require('region');
+class Ec2SSMConnect extends pulumi.ComponentResource {
+    constructor(name, args, opts = {}) {
+        super('studion:Ec2BastionSSMConnect', name, {}, opts);
+        const subnetId = args.vpc.privateSubnetIds.apply(ids => ids[0]);
+        this.ec2SecurityGroup = new aws.ec2.SecurityGroup(`${name}-ec2-security-group`, {
+            ingress: [
+                {
+                    protocol: 'tcp',
+                    fromPort: 22,
+                    toPort: 22,
+                    cidrBlocks: ['0.0.0.0/0'],
+                },
+            ],
+            egress: [
+                { protocol: '-1', fromPort: 0, toPort: 0, cidrBlocks: ['0.0.0.0/0'] },
+            ],
+            vpcId: args.vpc.vpcId,
+        }, { parent: this });
+        const role = new aws.iam.Role(`${name}-ec2-role`, {
+            assumeRolePolicy: {
+                Version: '2012-10-17',
+                Statement: [
+                    {
+                        Effect: 'Allow',
+                        Principal: {
+                            Service: 'ec2.amazonaws.com',
+                        },
+                        Action: 'sts:AssumeRole',
+                    },
+                ],
+            },
+        }, { parent: this });
+        const ssmPolicyAttachment = new aws.iam.RolePolicyAttachment(`${name}-ssm-policy-attachment`, {
+            role: role.name,
+            policyArn: 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore',
+        }, { parent: this });
+        const ssmProfile = new aws.iam.InstanceProfile(`${name}-ssm-profile`, {
+            role: role.name,
+        }, { parent: this, dependsOn: [ssmPolicyAttachment] });
+        this.ssmVpcEndpoint = new aws.ec2.VpcEndpoint(`${name}-ssm-vpc-endpoint`, {
+            vpcId: args.vpc.vpcId,
+            ipAddressType: 'ipv4',
+            serviceName: `com.amazonaws.${awsRegion}.ssm`,
+            vpcEndpointType: 'Interface',
+            subnetIds: [subnetId],
+            securityGroupIds: [this.ec2SecurityGroup.id],
+            privateDnsEnabled: true,
+        }, { parent: this });
+        this.ec2MessagesVpcEndpoint = new aws.ec2.VpcEndpoint(`${name}-ec2messages-vpc-endpoint`, {
+            vpcId: args.vpc.vpcId,
+            ipAddressType: 'ipv4',
+            serviceName: `com.amazonaws.${awsRegion}.ec2messages`,
+            vpcEndpointType: 'Interface',
+            subnetIds: [subnetId],
+            securityGroupIds: [this.ec2SecurityGroup.id],
+            privateDnsEnabled: true,
+        }, { parent: this });
+        this.ssmMessagesVpcEndpoint = new aws.ec2.VpcEndpoint(`${name}-ssmmessages-vpc-endpoint`, {
+            vpcId: args.vpc.vpcId,
+            ipAddressType: 'ipv4',
+            serviceName: `com.amazonaws.${awsRegion}.ssmmessages`,
+            vpcEndpointType: 'Interface',
+            subnetIds: [subnetId],
+            securityGroupIds: [this.ec2SecurityGroup.id],
+            privateDnsEnabled: true,
+        }, { parent: this });
+        this.sshKeyPair = new aws.ec2.KeyPair(`${name}-ec2-keypair`, {
+            publicKey: args.sshPublicKey,
+        }, { parent: this });
+        this.ec2 = new aws.ec2.Instance(`${name}-ec2`, {
+            ami: 'ami-067d1e60475437da2',
+            associatePublicIpAddress: false,
+            instanceType: 't2.micro',
+            keyName: this.sshKeyPair.keyName,
+            iamInstanceProfile: ssmProfile.name,
+            subnetId,
+            vpcSecurityGroupIds: [this.ec2SecurityGroup.id],
+            tags: {
+                Name: `${name}-ec2`,
+            },
+        }, { parent: this });
+        this.registerOutputs();
+    }
+}
+exports.Ec2SSMConnect = Ec2SSMConnect;

package/dist/components/project.d.ts

@@ -2,51 +2,60 @@ import * as pulumi from '@pulumi/pulumi';
 import * as aws from '@pulumi/aws';
 import * as awsx from '@pulumi/awsx';
 import * as upstash from '@upstash/pulumi';
-import { Rds, RdsArgs } from './rds';
-import { EcsService, EcsServiceArgs } from './ecs';
+import { Database, DatabaseArgs } from './database';
+import { WebServer, WebServerArgs } from './web-server';
 import { Redis, RedisArgs } from './redis';
+import { StaticSite, StaticSiteArgs } from './static-site';
 import { Environment } from '../constants';
-export type Service = Rds | Redis | EcsService;
+import { Ec2SSMConnect } from './ec2-ssm-connect';
+export type Service = Database | Redis | StaticSite | WebServer;
 export type Services = Record<string, Service>;
 type ServiceArgs = {
+    /**
+     * The unique name for the service.
+     */
     serviceName: string;
 };
 export type DatabaseService = {
     type: 'DATABASE';
-} & ServiceArgs & Pick<RdsArgs, 'dbName' | 'username' | 'password' | 'allocatedStorage' | 'maxAllocatedStorage' | 'instanceClass' | 'applyImmediately'>;
+} & ServiceArgs & Omit<DatabaseArgs, 'vpc'>;
 export type RedisService = {
     type: 'REDIS';
 } & ServiceArgs & Pick<RedisArgs, 'dbName' | 'region'>;
+export type StaticSiteService = {
+    type: 'STATIC_SITE';
+} & ServiceArgs & Omit<StaticSiteArgs, 'hostedZoneId'>;
 export type WebServerService = {
     type: 'WEB_SERVER';
     environment?: aws.ecs.KeyValuePair[] | ((services: Services) => aws.ecs.KeyValuePair[]);
-    healtCheckPath?: pulumi.Input<string>;
-} & ServiceArgs & Pick<EcsServiceArgs, 'image' | 'port' | 'desiredCount' | 'minCount' | 'maxCount' | 'size'>;
+} & ServiceArgs & Omit<WebServerArgs, 'cluster' | 'vpc' | 'hostedZoneId' | 'environment'>;
 export type Environment = (typeof Environment)[keyof typeof Environment];
 export type ProjectArgs = {
-    services: (DatabaseService | RedisService | WebServerService)[];
+    services: (DatabaseService | RedisService | StaticSiteService | WebServerService)[];
     environment: Environment;
+    hostedZoneId?: pulumi.Input<string>;
+    enableSSMConnect?: pulumi.Input<boolean>;
 };
+export declare class MissingHostedZoneId extends Error {
+    constructor(serviceType: string);
+}
 export declare class Project extends pulumi.ComponentResource {
     name: string;
     environment: Environment;
     vpc: awsx.ec2.Vpc;
-    dbSubnetGroup: aws.rds.SubnetGroup | null;
-    dbSecurityGroup: aws.ec2.SecurityGroup | null;
-    cluster: aws.ecs.Cluster | null;
-    lbSecurityGroup: aws.ec2.SecurityGroup | null;
-    lb: aws.lb.LoadBalancer | null;
-    ecsServiceSecurityGroup: aws.ec2.SecurityGroup | null;
-    upstashProvider: upstash.Provider | null;
+    cluster?: aws.ecs.Cluster;
+    hostedZoneId?: pulumi.Input<string>;
+    upstashProvider?: upstash.Provider;
+    ec2SSMConnect?: Ec2SSMConnect;
     services: Services;
     constructor(name: string, args: ProjectArgs, opts?: pulumi.ComponentResourceOptions);
     private createVpc;
     private createServices;
-    private createDatabasePrerequisites;
     private createRedisPrerequisites;
     private createWebServerPrerequisites;
     private createDatabaseService;
     private createRedisService;
+    private createStaticSiteService;
     private createWebServerService;
 }
 export {};

package/dist/components/project.js

@@ -11,30 +11,41 @@ var __rest = (this && this.__rest) || function (s, e) {
     return t;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Project = void 0;
+exports.Project = exports.MissingHostedZoneId = void 0;
 const pulumi = require("@pulumi/pulumi");
 const aws = require("@pulumi/aws");
 const awsx = require("@pulumi/awsx");
 const upstash = require("@upstash/pulumi");
-const rds_1 = require("./rds");
-const ecs_1 = require("./ecs");
+const database_1 = require("./database");
+const web_server_1 = require("./web-server");
 const redis_1 = require("./redis");
+const static_site_1 = require("./static-site");
+const ec2_ssm_connect_1 = require("./ec2-ssm-connect");
+class MissingHostedZoneId extends Error {
+    constructor(serviceType) {
+        super(`Project::hostedZoneId argument must be provided 
+      in order to create ${serviceType} service`);
+        this.name = this.constructor.name;
+    }
+}
+exports.MissingHostedZoneId = MissingHostedZoneId;
 class Project extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {
         super('studion:Project', name, {}, opts);
-        this.dbSubnetGroup = null;
-        this.dbSecurityGroup = null;
-        this.cluster = null;
-        this.lbSecurityGroup = null;
-        this.lb = null;
-        this.ecsServiceSecurityGroup = null;
-        this.upstashProvider = null;
         this.services = {};
-        const { services, environment } = args;
+        const { services, environment, hostedZoneId } = args;
         this.name = name;
+        this.hostedZoneId = hostedZoneId;
         this.environment = environment;
         this.vpc = this.createVpc();
         this.createServices(services);
+        if (args.enableSSMConnect) {
+            const sshConfig = new pulumi.Config('ssh');
+            this.ec2SSMConnect = new ec2_ssm_connect_1.Ec2SSMConnect(`${name}-ssm-connect`, {
+                vpc: this.vpc,
+                sshPublicKey: sshConfig.require('publicKey'),
+            });
+        }
         this.registerOutputs();
     }
     createVpc() {
@@ -46,11 +57,8 @@ class Project extends pulumi.ComponentResource {
         return vpc;
     }
     createServices(services) {
-        const hasDatabaseService = services.some(it => it.type === 'DATABASE');
         const hasRedisService = services.some(it => it.type === 'REDIS');
         const hasWebServerService = services.some(it => it.type === 'WEB_SERVER');
-        if (hasDatabaseService)
-            this.createDatabasePrerequisites();
         if (hasRedisService)
             this.createRedisPrerequisites();
         if (hasWebServerService)
@@ -60,26 +68,12 @@ class Project extends pulumi.ComponentResource {
                 this.createDatabaseService(it);
             if (it.type === 'REDIS')
                 this.createRedisService(it);
+            if (it.type === 'STATIC_SITE')
+                this.createStaticSiteService(it);
             if (it.type === 'WEB_SERVER')
                 this.createWebServerService(it);
         });
     }
-    createDatabasePrerequisites() {
-        this.dbSubnetGroup = new aws.rds.SubnetGroup('db-subnet-group', {
-            subnetIds: this.vpc.privateSubnetIds,
-        }, { parent: this });
-        this.dbSecurityGroup = new aws.ec2.SecurityGroup('db-security-group', {
-            vpcId: this.vpc.vpcId,
-            ingress: [
-                {
-                    protocol: 'tcp',
-                    fromPort: 5432,
-                    toPort: 5432,
-                    cidrBlocks: [this.vpc.vpc.cidrBlock],
-                },
-            ],
-        }, { parent: this });
-    }
     createRedisPrerequisites() {
         const upstashConfig = new pulumi.Config('upstash');
         this.upstashProvider = new upstash.Provider('upstash', {
@@ -89,103 +83,40 @@ class Project extends pulumi.ComponentResource {
     }
     createWebServerPrerequisites() {
         this.cluster = new aws.ecs.Cluster(`${this.name}-cluster`, { name: this.name }, { parent: this });
-        this.lbSecurityGroup = new aws.ec2.SecurityGroup('ecs-lb-security-group', {
-            vpcId: this.vpc.vpcId,
-            ingress: [
-                {
-                    fromPort: 80,
-                    toPort: 80,
-                    protocol: 'tcp',
-                    cidrBlocks: ['0.0.0.0/0'],
-                },
-            ],
-            egress: [
-                {
-                    fromPort: 0,
-                    toPort: 0,
-                    protocol: '-1',
-                    cidrBlocks: ['0.0.0.0/0'],
-                },
-            ],
-        }, { parent: this });
-        this.lb = new aws.lb.LoadBalancer('ecs-load-balancer', {
-            loadBalancerType: 'application',
-            subnets: this.vpc.publicSubnetIds,
-            securityGroups: [this.lbSecurityGroup.id],
-            internal: false,
-            ipAddressType: 'ipv4',
-        }, { parent: this });
-        this.ecsServiceSecurityGroup = new aws.ec2.SecurityGroup('ecs-service-security-group', {
-            vpcId: this.vpc.vpcId,
-            ingress: [
-                {
-                    fromPort: 0,
-                    toPort: 0,
-                    protocol: '-1',
-                    securityGroups: [this.lbSecurityGroup.id],
-                },
-            ],
-            egress: [
-                {
-                    fromPort: 0,
-                    toPort: 0,
-                    protocol: '-1',
-                    cidrBlocks: ['0.0.0.0/0'],
-                },
-            ],
-        }, { parent: this });
     }
     createDatabaseService(options) {
-        if (!this.dbSecurityGroup || !this.dbSubnetGroup)
-            return;
-        const { serviceName, type } = options, rdsOptions = __rest(options, ["serviceName", "type"]);
-        const instance = new rds_1.Rds(serviceName, Object.assign(Object.assign({}, rdsOptions), { subnetGroupName: this.dbSubnetGroup.name, securityGroupIds: [this.dbSecurityGroup.id] }), { parent: this });
-        this.services[serviceName] = instance;
+        const { serviceName, type } = options, databaseOptions = __rest(options, ["serviceName", "type"]);
+        const service = new database_1.Database(serviceName, Object.assign(Object.assign({}, databaseOptions), { vpc: this.vpc }), { parent: this });
+        this.services[serviceName] = service;
     }
     createRedisService(options) {
         if (!this.upstashProvider)
             return;
         const { serviceName } = options, redisOptions = __rest(options, ["serviceName"]);
-        const instance = new redis_1.Redis(serviceName, redisOptions, {
+        const service = new redis_1.Redis(serviceName, redisOptions, {
             parent: this,
             provider: this.upstashProvider,
         });
-        this.services[options.serviceName] = instance;
+        this.services[options.serviceName] = service;
+    }
+    createStaticSiteService(options) {
+        const { serviceName } = options, staticSiteOptions = __rest(options, ["serviceName"]);
+        if (!this.hostedZoneId)
+            throw new MissingHostedZoneId(options.type);
+        const service = new static_site_1.StaticSite(serviceName, Object.assign(Object.assign({}, staticSiteOptions), { hostedZoneId: this.hostedZoneId }), { parent: this });
+        this.services[serviceName] = service;
     }
     createWebServerService(options) {
-        if (!this.cluster || !this.ecsServiceSecurityGroup || !this.lb) {
+        if (!this.cluster)
             return;
-        }
-        const { serviceName, environment, healtCheckPath = '/healtcheck' } = options, ecsOptions = __rest(options, ["serviceName", "environment", "healtCheckPath"]);
-        const lbTargetGroup = new aws.lb.TargetGroup(`${serviceName}-tg`, {
-            port: ecsOptions.port,
-            protocol: 'HTTP',
-            targetType: 'ip',
-            vpcId: this.vpc.vpcId,
-            healthCheck: {
-                healthyThreshold: 3,
-                unhealthyThreshold: 2,
-                interval: 60,
-                timeout: 5,
-                path: healtCheckPath,
-            },
-        }, { parent: this, dependsOn: [this.lb] });
-        const lbListener = new aws.lb.Listener(`${serviceName}-lb-listener`, {
-            loadBalancerArn: this.lb.arn,
-            port: 80,
-            defaultActions: [
-                {
-                    type: 'forward',
-                    targetGroupArn: lbTargetGroup.arn,
-                },
-            ],
-        }, { parent: this, dependsOn: [this.lb, lbTargetGroup] });
+        if (!this.hostedZoneId)
+            throw new MissingHostedZoneId(options.type);
+        const { serviceName, environment } = options, ecsOptions = __rest(options, ["serviceName", "environment"]);
         const parsedEnv = typeof environment === 'function'
             ? environment(this.services)
             : environment;
-        const instance = new ecs_1.EcsService(serviceName, Object.assign(Object.assign({}, ecsOptions), { cluster: this.cluster, subnets: this.vpc.publicSubnetIds, securityGroupIds: [this.ecsServiceSecurityGroup.id], lb: this.lb, lbTargetGroup,
-            lbListener, environment: parsedEnv }), { parent: this });
-        this.services[options.serviceName] = instance;
+        const service = new web_server_1.WebServer(serviceName, Object.assign(Object.assign({}, ecsOptions), { cluster: this.cluster, vpc: this.vpc, hostedZoneId: this.hostedZoneId, environment: parsedEnv }), { parent: this });
+        this.services[options.serviceName] = service;
     }
 }
 exports.Project = Project;