@studion/infra-code-blocks 0.0.2 → 0.0.4

package/dist/components/web-server.js

@@ -0,0 +1,304 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebServer = void 0;
+const pulumi = require("@pulumi/pulumi");
+const aws = require("@pulumi/aws");
+const constants_1 = require("../constants");
+const acm_certificate_1 = require("./acm-certificate");
+const config = new pulumi.Config('aws');
+const awsRegion = config.require('region');
+const assumeRolePolicy = {
+    Version: '2012-10-17',
+    Statement: [
+        {
+            Action: 'sts:AssumeRole',
+            Principal: {
+                Service: 'ecs-tasks.amazonaws.com',
+            },
+            Effect: 'Allow',
+            Sid: '',
+        },
+    ],
+};
+const defaults = {
+    desiredCount: 1,
+    minCount: 1,
+    maxCount: 10,
+    size: 'small',
+    environment: [],
+    healtCheckPath: '/healtcheck',
+    taskExecutionRoleInlinePolicies: [],
+    taskRoleInlinePolicies: [],
+};
+class WebServer extends pulumi.ComponentResource {
+    constructor(name, args, opts = {}) {
+        super('studion:WebServer', name, {}, opts);
+        const argsWithDefaults = Object.assign({}, defaults, args);
+        this.certificate = new acm_certificate_1.AcmCertificate(`${argsWithDefaults.domain}-acm-certificate`, {
+            domain: argsWithDefaults.domain,
+            hostedZoneId: argsWithDefaults.hostedZoneId,
+        }, { parent: this });
+        this.logGroup = new aws.cloudwatch.LogGroup(`${name}-log-group`, {
+            retentionInDays: 14,
+            name: `/ecs/${name}`,
+        }, { parent: this });
+        this.lbSecurityGroup = new aws.ec2.SecurityGroup(`${name}-lb-security-group`, {
+            vpcId: argsWithDefaults.vpc.vpcId,
+            ingress: [
+                {
+                    protocol: 'tcp',
+                    fromPort: 80,
+                    toPort: 80,
+                    cidrBlocks: ['0.0.0.0/0'],
+                },
+                {
+                    protocol: 'tcp',
+                    fromPort: 443,
+                    toPort: 443,
+                    cidrBlocks: ['0.0.0.0/0'],
+                },
+            ],
+            egress: [
+                {
+                    fromPort: 0,
+                    toPort: 0,
+                    protocol: '-1',
+                    cidrBlocks: ['0.0.0.0/0'],
+                },
+            ],
+        }, { parent: this });
+        this.lb = new aws.lb.LoadBalancer(`${name}-lb`, {
+            name: `${name}-lb`,
+            loadBalancerType: 'application',
+            subnets: argsWithDefaults.vpc.publicSubnetIds,
+            securityGroups: [this.lbSecurityGroup.id],
+            internal: false,
+            ipAddressType: 'ipv4',
+        }, { parent: this });
+        this.lbTargetGroup = new aws.lb.TargetGroup(`${name}-lb-tg`, {
+            name: `${name}-lb-tg`,
+            port: argsWithDefaults.port,
+            protocol: 'HTTP',
+            targetType: 'ip',
+            vpcId: argsWithDefaults.vpc.vpcId,
+            healthCheck: {
+                healthyThreshold: 3,
+                unhealthyThreshold: 2,
+                interval: 60,
+                timeout: 5,
+                path: argsWithDefaults.healtCheckPath,
+            },
+        }, { parent: this, dependsOn: [this.lb] });
+        this.lbHttpListener = new aws.lb.Listener(`${name}-lb-listener-80`, {
+            loadBalancerArn: this.lb.arn,
+            port: 80,
+            defaultActions: [
+                {
+                    type: 'redirect',
+                    redirect: {
+                        port: '443',
+                        protocol: 'HTTPS',
+                        statusCode: 'HTTP_301',
+                    },
+                },
+            ],
+        }, { parent: this });
+        this.lbTlsListener = new aws.lb.Listener(`${name}-lb-listener-443`, {
+            loadBalancerArn: this.lb.arn,
+            port: 443,
+            protocol: 'HTTPS',
+            sslPolicy: 'ELBSecurityPolicy-2016-08',
+            certificateArn: this.certificate.certificate.arn,
+            defaultActions: [
+                {
+                    type: 'forward',
+                    targetGroupArn: this.lbTargetGroup.arn,
+                },
+            ],
+        }, { parent: this });
+        const albAliasRecord = new aws.route53.Record(`${name}-route53-record`, {
+            type: 'A',
+            name: argsWithDefaults.domain,
+            zoneId: argsWithDefaults.hostedZoneId,
+            aliases: [
+                {
+                    name: this.lb.dnsName,
+                    zoneId: this.lb.zoneId,
+                    evaluateTargetHealth: true,
+                },
+            ],
+        }, { parent: this });
+        const taskExecutionRole = new aws.iam.Role(`${name}-ecs-task-exec-role`, {
+            name: `${name}-ecs-task-exec-role`,
+            assumeRolePolicy,
+            managedPolicyArns: [
+                'arn:aws:iam::aws:policy/CloudWatchFullAccess',
+                'arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess',
+            ],
+            inlinePolicies: argsWithDefaults.taskExecutionRoleInlinePolicies,
+        }, { parent: this });
+        const execCmdInlinePolicy = {
+            name: 'ecs-exec',
+            policy: JSON.stringify({
+                Version: '2012-10-17',
+                Statement: [
+                    {
+                        Sid: 'AllowContainerToCreateECSExecSSMChannel',
+                        Effect: 'Allow',
+                        Action: [
+                            'ssmmessages:CreateControlChannel',
+                            'ssmmessages:CreateDataChannel',
+                            'ssmmessages:OpenControlChannel',
+                            'ssmmessages:OpenDataChannel',
+                        ],
+                        Resource: '*',
+                    },
+                ],
+            }),
+        };
+        const taskRole = new aws.iam.Role(`${name}-ecs-task-role`, {
+            name: `${name}-ecs-task-role`,
+            assumeRolePolicy,
+            inlinePolicies: [
+                execCmdInlinePolicy,
+                ...argsWithDefaults.taskRoleInlinePolicies,
+            ],
+        }, { parent: this });
+        const parsedSize = pulumi.all([argsWithDefaults.size]).apply(([size]) => {
+            const mapCapabilities = ({ cpu, memory }) => ({
+                cpu: String(cpu),
+                memory: String(memory),
+            });
+            if (typeof size === 'string') {
+                return mapCapabilities(constants_1.PredefinedSize[size]);
+            }
+            if (typeof size === 'object') {
+                return mapCapabilities(size);
+            }
+            throw Error('Incorrect EcsService size argument');
+        });
+        this.taskDefinition = new aws.ecs.TaskDefinition(`${name}-task-definition`, {
+            family: `${name}-task-definition`,
+            networkMode: 'awsvpc',
+            executionRoleArn: taskExecutionRole.arn,
+            taskRoleArn: taskRole.arn,
+            cpu: parsedSize.cpu,
+            memory: parsedSize.memory,
+            requiresCompatibilities: ['FARGATE'],
+            containerDefinitions: pulumi
+                .all([
+                name,
+                argsWithDefaults.image,
+                argsWithDefaults.port,
+                argsWithDefaults.environment,
+                this.logGroup.name,
+                awsRegion,
+            ])
+                .apply(([containerName, image, port, environment, logGroup, region]) => {
+                return JSON.stringify([
+                    {
+                        readonlyRootFilesystem: true,
+                        name: containerName,
+                        image,
+                        essential: true,
+                        portMappings: [
+                            {
+                                containerPort: port,
+                                protocol: 'tcp',
+                            },
+                        ],
+                        logConfiguration: {
+                            logDriver: 'awslogs',
+                            options: {
+                                'awslogs-group': logGroup,
+                                'awslogs-region': region,
+                                'awslogs-stream-prefix': 'ecs',
+                            },
+                        },
+                        environment,
+                    },
+                ]);
+            }),
+        }, { parent: this });
+        this.serviceSecurityGroup = new aws.ec2.SecurityGroup(`${name}-security-group`, {
+            vpcId: argsWithDefaults.vpc.vpcId,
+            ingress: [
+                {
+                    fromPort: 0,
+                    toPort: 0,
+                    protocol: '-1',
+                    securityGroups: [this.lbSecurityGroup.id],
+                },
+            ],
+            egress: [
+                {
+                    fromPort: 0,
+                    toPort: 0,
+                    protocol: '-1',
+                    cidrBlocks: ['0.0.0.0/0'],
+                },
+            ],
+        }, { parent: this });
+        this.service = new aws.ecs.Service(`${name}-service`, {
+            name,
+            cluster: argsWithDefaults.cluster.id,
+            launchType: 'FARGATE',
+            desiredCount: argsWithDefaults.desiredCount,
+            taskDefinition: this.taskDefinition.arn,
+            enableExecuteCommand: true,
+            loadBalancers: [
+                {
+                    containerName: name,
+                    containerPort: argsWithDefaults.port,
+                    targetGroupArn: this.lbTargetGroup.arn,
+                },
+            ],
+            networkConfiguration: {
+                assignPublicIp: true,
+                subnets: argsWithDefaults.vpc.publicSubnetIds,
+                securityGroups: [this.serviceSecurityGroup.id],
+            },
+        }, {
+            parent: this,
+            dependsOn: [
+                this.lb,
+                this.lbTargetGroup,
+                this.lbHttpListener,
+                this.lbTlsListener,
+            ],
+        });
+        const autoscalingTarget = new aws.appautoscaling.Target(`${name}-autoscale-target`, {
+            minCapacity: argsWithDefaults.minCount,
+            maxCapacity: argsWithDefaults.maxCount,
+            resourceId: pulumi.interpolate `service/${argsWithDefaults.cluster.name}/${this.service.name}`,
+            serviceNamespace: 'ecs',
+            scalableDimension: 'ecs:service:DesiredCount',
+        }, { parent: this });
+        const memoryAutoscalingPolicy = new aws.appautoscaling.Policy(`${name}-memory-autoscale-policy`, {
+            policyType: 'TargetTrackingScaling',
+            resourceId: autoscalingTarget.resourceId,
+            scalableDimension: autoscalingTarget.scalableDimension,
+            serviceNamespace: autoscalingTarget.serviceNamespace,
+            targetTrackingScalingPolicyConfiguration: {
+                predefinedMetricSpecification: {
+                    predefinedMetricType: 'ECSServiceAverageMemoryUtilization',
+                },
+                targetValue: 80,
+            },
+        }, { parent: this });
+        const cpuAutoscalingPolicy = new aws.appautoscaling.Policy(`${name}-cpu-autoscale-policy`, {
+            policyType: 'TargetTrackingScaling',
+            resourceId: autoscalingTarget.resourceId,
+            scalableDimension: autoscalingTarget.scalableDimension,
+            serviceNamespace: autoscalingTarget.serviceNamespace,
+            targetTrackingScalingPolicyConfiguration: {
+                predefinedMetricSpecification: {
+                    predefinedMetricType: 'ECSServiceAverageCPUUtilization',
+                },
+                targetValue: 60,
+            },
+        }, { parent: this });
+        this.registerOutputs();
+    }
+}
+exports.WebServer = WebServer;

package/dist/index.d.ts

@@ -1,4 +1,6 @@
-export * from './components/ecs';
-export * from './components/rds';
+export * from './components/web-server';
+export * from './components/static-site';
+export * from './components/database';
 export * from './components/redis';
 export * from './components/project';
+export * from './components/ec2-ssm-connect';

package/dist/index.js

@@ -14,7 +14,9 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./components/ecs"), exports);
-__exportStar(require("./components/rds"), exports);
+__exportStar(require("./components/web-server"), exports);
+__exportStar(require("./components/static-site"), exports);
+__exportStar(require("./components/database"), exports);
 __exportStar(require("./components/redis"), exports);
 __exportStar(require("./components/project"), exports);
+__exportStar(require("./components/ec2-ssm-connect"), exports);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@studion/infra-code-blocks",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "description": "Studion common infra components",
   "keywords": [
     "infrastructure",
@@ -24,10 +24,10 @@
     "dist"
   ],
   "scripts": {
-    "build": "npm run clean && tsc",
     "clean": "rm -rf dist",
+    "build": "npm run clean && tsc",
     "format": "prettier -w .",
-    "release": "release-it",
+    "release": "npm run build && release-it",
     "test": ""
   },
   "prettier": "@studion/prettier-config",

package/dist/components/ecs.d.ts

@@ -1,33 +0,0 @@
-import * as pulumi from '@pulumi/pulumi';
-import * as aws from '@pulumi/aws';
-import { Size } from './types';
-export type RoleInlinePolicy = {
-    /**
-     * Name of the role policy.
-     */
-    name?: pulumi.Input<string>;
-    /**
-     * Policy document as a JSON formatted string.
-     */
-    policy?: pulumi.Input<string>;
-};
-export type EcsServiceArgs = {
-    image: pulumi.Input<string>;
-    port: pulumi.Input<number>;
-    cluster: aws.ecs.Cluster;
-    subnets: pulumi.Input<pulumi.Input<string>[]>;
-    securityGroupIds: pulumi.Input<pulumi.Input<string>[]>;
-    lb: aws.lb.LoadBalancer;
-    lbTargetGroup: aws.lb.TargetGroup;
-    lbListener: aws.lb.Listener;
-    desiredCount?: pulumi.Input<number>;
-    minCount?: pulumi.Input<number>;
-    maxCount?: pulumi.Input<number>;
-    size?: pulumi.Input<Size>;
-    environment?: aws.ecs.KeyValuePair[];
-    taskExecutionRoleInlinePolicies?: pulumi.Input<pulumi.Input<RoleInlinePolicy>[]>;
-    taskRoleInlinePolicies?: pulumi.Input<pulumi.Input<RoleInlinePolicy>[]>;
-};
-export declare class EcsService extends pulumi.ComponentResource {
-    constructor(name: string, args: EcsServiceArgs, opts?: pulumi.ComponentResourceOptions);
-}

package/dist/components/ecs.js

@@ -1,154 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.EcsService = void 0;
-const pulumi = require("@pulumi/pulumi");
-const aws = require("@pulumi/aws");
-const constants_1 = require("../constants");
-const config = new pulumi.Config('aws');
-const awsRegion = config.get('region');
-const assumeRolePolicy = {
-    Version: '2012-10-17',
-    Statement: [
-        {
-            Action: 'sts:AssumeRole',
-            Principal: {
-                Service: 'ecs-tasks.amazonaws.com',
-            },
-            Effect: 'Allow',
-            Sid: '',
-        },
-    ],
-};
-class EcsService extends pulumi.ComponentResource {
-    constructor(name, args, opts = {}) {
-        super('studion:ecs:Service', name, {}, opts);
-        const logGroup = new aws.cloudwatch.LogGroup(`${name}-log-group`, {
-            retentionInDays: 14,
-            name: `/ecs/${name}`,
-        }, { parent: this });
-        const taskExecutionRole = new aws.iam.Role(`${name}-ecs-task-exec-role`, {
-            name: `${name}-ecs-task-exec-role`,
-            assumeRolePolicy,
-            managedPolicyArns: [
-                'arn:aws:iam::aws:policy/CloudWatchFullAccess',
-                'arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess',
-            ],
-            inlinePolicies: args.taskExecutionRoleInlinePolicies || [],
-        }, { parent: this });
-        const taskRole = new aws.iam.Role(`${name}-ecs-task-role`, {
-            name: `${name}-ecs-task-role`,
-            assumeRolePolicy,
-            inlinePolicies: args.taskRoleInlinePolicies || [],
-        }, { parent: this });
-        const parsedSize = pulumi.all([args.size || 'small']).apply(([size]) => {
-            const mapCapabilities = ({ cpu, memory }) => ({
-                cpu: String(cpu),
-                memory: String(memory),
-            });
-            if (typeof size === 'string') {
-                return mapCapabilities(constants_1.PredefinedSize[size]);
-            }
-            if (typeof size === 'object') {
-                return mapCapabilities(size);
-            }
-            throw Error('Incorrect EcsService size argument');
-        });
-        const taskDefinition = new aws.ecs.TaskDefinition(`${name}-task-definition`, {
-            family: `${name}-task-definition`,
-            networkMode: 'awsvpc',
-            executionRoleArn: taskExecutionRole.arn,
-            taskRoleArn: taskRole.arn,
-            cpu: parsedSize.cpu,
-            memory: parsedSize.memory,
-            requiresCompatibilities: ['FARGATE'],
-            containerDefinitions: pulumi
-                .all([
-                name,
-                args.image,
-                args.port,
-                args.environment || [],
-                logGroup.name,
-                awsRegion,
-            ])
-                .apply(([containerName, image, port, environment, logGroup, region]) => {
-                return JSON.stringify([
-                    {
-                        name: containerName,
-                        image,
-                        essential: true,
-                        portMappings: [
-                            {
-                                containerPort: port,
-                                protocol: 'tcp',
-                            },
-                        ],
-                        logConfiguration: {
-                            logDriver: 'awslogs',
-                            options: {
-                                'awslogs-group': logGroup,
-                                'awslogs-region': region,
-                                'awslogs-stream-prefix': 'ecs',
-                            },
-                        },
-                        environment,
-                    },
-                ]);
-            }),
-        }, { parent: this });
-        const service = new aws.ecs.Service(`${name}-service`, {
-            name,
-            cluster: args.cluster.id,
-            launchType: 'FARGATE',
-            desiredCount: args.desiredCount || 1,
-            taskDefinition: taskDefinition.arn,
-            loadBalancers: [
-                {
-                    containerName: name,
-                    containerPort: args.port,
-                    targetGroupArn: args.lbTargetGroup.arn,
-                },
-            ],
-            networkConfiguration: {
-                assignPublicIp: true,
-                subnets: args.subnets,
-                securityGroups: args.securityGroupIds,
-            },
-        }, {
-            parent: this,
-            dependsOn: [args.lb, args.lbTargetGroup, args.lbListener],
-        });
-        const autoscalingTarget = new aws.appautoscaling.Target(`${name}-autoscale-target`, {
-            minCapacity: args.minCount || 1,
-            maxCapacity: args.maxCount || 10,
-            resourceId: pulumi.interpolate `service/${args.cluster.name}/${service.name}`,
-            serviceNamespace: 'ecs',
-            scalableDimension: 'ecs:service:DesiredCount',
-        }, { parent: this });
-        const memoryAutoscalingPolicy = new aws.appautoscaling.Policy(`${name}-memory-autoscale-policy`, {
-            policyType: 'TargetTrackingScaling',
-            resourceId: autoscalingTarget.resourceId,
-            scalableDimension: autoscalingTarget.scalableDimension,
-            serviceNamespace: autoscalingTarget.serviceNamespace,
-            targetTrackingScalingPolicyConfiguration: {
-                predefinedMetricSpecification: {
-                    predefinedMetricType: 'ECSServiceAverageMemoryUtilization',
-                },
-                targetValue: 80,
-            },
-        }, { parent: this });
-        const cpuAutoscalingPolicy = new aws.appautoscaling.Policy(`${name}-cpu-autoscale-policy`, {
-            policyType: 'TargetTrackingScaling',
-            resourceId: autoscalingTarget.resourceId,
-            scalableDimension: autoscalingTarget.scalableDimension,
-            serviceNamespace: autoscalingTarget.serviceNamespace,
-            targetTrackingScalingPolicyConfiguration: {
-                predefinedMetricSpecification: {
-                    predefinedMetricType: 'ECSServiceAverageCPUUtilization',
-                },
-                targetValue: 60,
-            },
-        }, { parent: this });
-        this.registerOutputs();
-    }
-}
-exports.EcsService = EcsService;

package/dist/components/rds.d.ts

@@ -1,20 +0,0 @@
-import * as aws from '@pulumi/aws';
-import * as pulumi from '@pulumi/pulumi';
-export type RdsArgs = {
-    dbName: pulumi.Input<string>;
-    username: pulumi.Input<string>;
-    password: pulumi.Input<string>;
-    subnetGroupName: pulumi.Input<string>;
-    securityGroupIds: pulumi.Input<pulumi.Input<string>[]>;
-    publiclyAccessible?: pulumi.Input<boolean>;
-    applyImmediately?: pulumi.Input<boolean>;
-    skipFinalSnapshot?: pulumi.Input<boolean>;
-    allocatedStorage?: pulumi.Input<number>;
-    maxAllocatedStorage?: pulumi.Input<number>;
-    instanceClass?: pulumi.Input<string>;
-};
-export type RdsInstance = aws.rds.Instance;
-export declare class Rds extends pulumi.ComponentResource {
-    instance: RdsInstance;
-    constructor(name: string, args: RdsArgs, opts?: pulumi.ComponentResourceOptions);
-}

package/dist/components/rds.js

@@ -1,42 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.Rds = void 0;
-const aws = require("@pulumi/aws");
-const pulumi = require("@pulumi/pulumi");
-class Rds extends pulumi.ComponentResource {
-    constructor(name, args, opts = {}) {
-        super('studion:rds:Instance', name, {}, opts);
-        const kms = new aws.kms.Key(`${name}-rds-key`, {
-            customerMasterKeySpec: 'SYMMETRIC_DEFAULT',
-            isEnabled: true,
-            keyUsage: 'ENCRYPT_DECRYPT',
-            multiRegion: false,
-            enableKeyRotation: true,
-        }, { parent: this });
-        this.instance = new aws.rds.Instance(`${name}-rds`, {
-            identifier: name,
-            engine: 'postgres',
-            engineVersion: '14.9',
-            allocatedStorage: args.allocatedStorage || 20,
-            maxAllocatedStorage: args.maxAllocatedStorage || 100,
-            instanceClass: args.instanceClass || 'db.t3.micro',
-            dbName: args.dbName,
-            username: args.username,
-            password: args.password,
-            dbSubnetGroupName: args.subnetGroupName,
-            vpcSecurityGroupIds: args.securityGroupIds,
-            storageEncrypted: true,
-            kmsKeyId: kms.arn,
-            publiclyAccessible: args.publiclyAccessible || false,
-            skipFinalSnapshot: args.skipFinalSnapshot || false,
-            applyImmediately: args.applyImmediately || false,
-            autoMinorVersionUpgrade: true,
-            maintenanceWindow: 'Mon:07:00-Mon:07:30',
-            finalSnapshotIdentifier: `${name}-final-snapshot`,
-            backupWindow: '06:00-06:30',
-            backupRetentionPeriod: 14,
-        }, { parent: this });
-        this.registerOutputs();
-    }
-}
-exports.Rds = Rds;