@studion/infra-code-blocks 0.1.0 → 0.1.2

package/README.md

@@ -500,9 +500,4 @@ const project = new studion.Project('demo-project', {
 
 - [ ] Add worker service for executing tasks
 - [ ] Add MongoDB service
-- [x] reduce ec2 security group rules and change cidr block to be within VPC
-- [x] change db private subnet ids to isolated subnet ids
-- [x] change default instance classes to t4g
-- [x] extract ami images/ instance classes, etc...
-- [x] remove duplicated types
-- [ ] extract constructor code to private methods...
+- [ ] Enable RDS password rotation

package/dist/components/acm-certificate.js

@@ -3,10 +3,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.AcmCertificate = void 0;
 const pulumi = require("@pulumi/pulumi");
 const aws = require("@pulumi/aws");
+const constants_1 = require("../constants");
 class AcmCertificate extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {
         super('studion:acm:Certificate', name, {}, opts);
-        this.certificate = new aws.acm.Certificate(`${args.domain}-certificate`, { domainName: args.domain, validationMethod: 'DNS' }, { parent: this });
+        this.certificate = new aws.acm.Certificate(`${args.domain}-certificate`, { domainName: args.domain, validationMethod: 'DNS', tags: constants_1.commonTags }, { parent: this });
         const certificateValidationDomain = new aws.route53.Record(`${args.domain}-cert-validation-domain`, {
             name: this.certificate.domainValidationOptions[0].resourceRecordName,
             type: this.certificate.domainValidationOptions[0].resourceRecordType,

package/dist/components/database.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.Database = void 0;
 const aws = require("@pulumi/aws");
 const pulumi = require("@pulumi/pulumi");
+const constants_1 = require("../constants");
 const defaults = {
     applyImmediately: false,
     skipFinalSnapshot: false,
@@ -25,6 +26,7 @@ class Database extends pulumi.ComponentResource {
     createSubnetGroup({ vpc }) {
         const dbSubnetGroup = new aws.rds.SubnetGroup(`${this.name}-subnet-group`, {
             subnetIds: vpc.isolatedSubnetIds,
+            tags: constants_1.commonTags,
         }, { parent: this });
         return dbSubnetGroup;
     }
@@ -39,6 +41,7 @@ class Database extends pulumi.ComponentResource {
                     cidrBlocks: [vpc.vpc.cidrBlock],
                 },
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
         return dbSecurityGroup;
     }
@@ -50,6 +53,7 @@ class Database extends pulumi.ComponentResource {
             keyUsage: 'ENCRYPT_DECRYPT',
             multiRegion: false,
             enableKeyRotation: true,
+            tags: constants_1.commonTags,
         }, { parent: this });
         return kms;
     }
@@ -58,6 +62,7 @@ class Database extends pulumi.ComponentResource {
         const stack = pulumi.getStack();
         const passwordSecret = new aws.secretsmanager.Secret(`${this.name}-password-secret`, {
             namePrefix: `${stack}/${project}/DatabasePassword-`,
+            tags: constants_1.commonTags,
         }, { parent: this });
         const passwordSecretValue = new aws.secretsmanager.SecretVersion(`${this.name}-password-secret-value`, {
             secretId: passwordSecret.id,
@@ -89,7 +94,7 @@ class Database extends pulumi.ComponentResource {
             finalSnapshotIdentifier: `${this.name}-final-snapshot`,
             backupWindow: '06:00-06:30',
             backupRetentionPeriod: 14,
-            tags: argsWithDefaults.tags,
+            tags: Object.assign(Object.assign({}, constants_1.commonTags), argsWithDefaults.tags),
         }, { parent: this });
         return instance;
     }

package/dist/components/ec2-ssm-connect.js

@@ -29,6 +29,7 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
                 { protocol: '-1', fromPort: 0, toPort: 0, cidrBlocks: ['0.0.0.0/0'] },
             ],
             vpcId: args.vpc.vpcId,
+            tags: constants_1.commonTags,
         }, { parent: this });
         const role = new aws.iam.Role(`${name}-ec2-role`, {
             assumeRolePolicy: {
@@ -43,6 +44,7 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
                     },
                 ],
             },
+            tags: constants_1.commonTags,
         }, { parent: this });
         const ssmPolicyAttachment = new aws.iam.RolePolicyAttachment(`${name}-ssm-policy-attachment`, {
             role: role.name,
@@ -50,6 +52,7 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
         }, { parent: this });
         const ssmProfile = new aws.iam.InstanceProfile(`${name}-ssm-profile`, {
             role: role.name,
+            tags: constants_1.commonTags,
         }, { parent: this, dependsOn: [ssmPolicyAttachment] });
         this.ec2 = new aws.ec2.Instance(`${name}-ec2`, {
             ami: constants_1.Ec2AMI.AmazonLinux2023.ARM,
@@ -58,7 +61,7 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
             iamInstanceProfile: ssmProfile.name,
             subnetId,
             vpcSecurityGroupIds: [this.ec2SecurityGroup.id],
-            tags: Object.assign({ Name: `${name}-ec2` }, args.tags),
+            tags: Object.assign(Object.assign(Object.assign({}, constants_1.commonTags), { Name: `${name}-ec2` }), args.tags),
         }, { parent: this });
         this.ssmVpcEndpoint = new aws.ec2.VpcEndpoint(`${name}-ssm-vpc-endpoint`, {
             vpcId: args.vpc.vpcId,
@@ -68,6 +71,7 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
             subnetIds: [subnetId],
             securityGroupIds: [this.ec2SecurityGroup.id],
             privateDnsEnabled: true,
+            tags: constants_1.commonTags,
         }, { parent: this, dependsOn: [this.ec2] });
         this.ec2MessagesVpcEndpoint = new aws.ec2.VpcEndpoint(`${name}-ec2messages-vpc-endpoint`, {
             vpcId: args.vpc.vpcId,
@@ -77,6 +81,7 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
             subnetIds: [subnetId],
             securityGroupIds: [this.ec2SecurityGroup.id],
             privateDnsEnabled: true,
+            tags: constants_1.commonTags,
         }, { parent: this, dependsOn: [this.ec2] });
         this.ssmMessagesVpcEndpoint = new aws.ec2.VpcEndpoint(`${name}-ssmmessages-vpc-endpoint`, {
             vpcId: args.vpc.vpcId,
@@ -86,6 +91,7 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
             subnetIds: [subnetId],
             securityGroupIds: [this.ec2SecurityGroup.id],
             privateDnsEnabled: true,
+            tags: constants_1.commonTags,
         }, { parent: this, dependsOn: [this.ec2] });
         this.registerOutputs();
     }

package/dist/components/project.js

@@ -21,6 +21,7 @@ const web_server_1 = require("./web-server");
 const redis_1 = require("./redis");
 const static_site_1 = require("./static-site");
 const ec2_ssm_connect_1 = require("./ec2-ssm-connect");
+const constants_1 = require("../constants");
 class MissingHostedZoneId extends Error {
     constructor(serviceType) {
         super(`Project::hostedZoneId argument must be provided 
@@ -55,6 +56,7 @@ class Project extends pulumi.ComponentResource {
                 { type: awsx.ec2.SubnetType.Private, cidrMask: 24 },
                 { type: awsx.ec2.SubnetType.Isolated, cidrMask: 24 },
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
         return vpc;
     }
@@ -86,6 +88,7 @@ class Project extends pulumi.ComponentResource {
     createWebServerPrerequisites() {
         this.cluster = new aws.ecs.Cluster(`${this.name}-cluster`, {
             name: this.name,
+            tags: constants_1.commonTags,
         }, { parent: this });
     }
     createDatabaseService(options) {

package/dist/components/redis.js

@@ -4,6 +4,7 @@ exports.Redis = void 0;
 const pulumi = require("@pulumi/pulumi");
 const upstash = require("@upstash/pulumi");
 const aws = require("@pulumi/aws");
+const constants_1 = require("../constants");
 const defaults = {
     region: 'us-east-1',
 };
@@ -22,6 +23,7 @@ class Redis extends pulumi.ComponentResource {
         }, { provider: opts.provider, parent: this });
         this.passwordSecret = new aws.secretsmanager.Secret(`${name}-password-secret`, {
             namePrefix: `${stack}/${project}/RedisPassword-`,
+            tags: constants_1.commonTags,
         }, { parent: this, dependsOn: [this.instance] });
         const passwordSecretValue = new aws.secretsmanager.SecretVersion(`${name}-password-secret-value`, {
             secretId: this.passwordSecret.id,

package/dist/components/static-site.js

@@ -4,6 +4,7 @@ exports.StaticSite = void 0;
 const aws = require("@pulumi/aws");
 const pulumi = require("@pulumi/pulumi");
 const acm_certificate_1 = require("./acm-certificate");
+const constants_1 = require("../constants");
 class StaticSite extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {
         super('studion:StaticSite', name, {}, opts);
@@ -29,7 +30,7 @@ class StaticSite extends pulumi.ComponentResource {
                 indexDocument: 'index.html',
                 errorDocument: 'index.html',
             },
-            tags,
+            tags: Object.assign(Object.assign({}, constants_1.commonTags), tags),
         }, { parent: this });
         const bucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock(`${this.name}-bucket-access-block`, {
             bucket: bucket.id,
@@ -102,7 +103,7 @@ class StaticSite extends pulumi.ComponentResource {
             restrictions: {
                 geoRestriction: { restrictionType: 'none' },
             },
-            tags,
+            tags: Object.assign(Object.assign({}, constants_1.commonTags), tags),
         }, { parent: this });
         return cloudfront;
     }

package/dist/components/web-server.js

@@ -61,6 +61,7 @@ class WebServer extends pulumi.ComponentResource {
         const logGroup = new aws.cloudwatch.LogGroup(`${this.name}-log-group`, {
             retentionInDays: 14,
             namePrefix: `/ecs/${this.name}-`,
+            tags: constants_1.commonTags,
         }, { parent: this });
         return logGroup;
     }
@@ -89,6 +90,7 @@ class WebServer extends pulumi.ComponentResource {
                     cidrBlocks: ['0.0.0.0/0'],
                 },
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
         const lb = new aws.lb.LoadBalancer(`${this.name}-lb`, {
             namePrefix: `${this.name}-lb-`,
@@ -97,9 +99,10 @@ class WebServer extends pulumi.ComponentResource {
             securityGroups: [lbSecurityGroup.id],
             internal: false,
             ipAddressType: 'ipv4',
+            tags: constants_1.commonTags,
         }, { parent: this });
         const lbTargetGroup = new aws.lb.TargetGroup(`${this.name}-lb-tg`, {
-            namePrefix: `${this.name}-lb-tg-`,
+            namePrefix: 'lb-tg-',
             port,
             protocol: 'HTTP',
             targetType: 'ip',
@@ -111,6 +114,7 @@ class WebServer extends pulumi.ComponentResource {
                 timeout: 5,
                 path: healtCheckPath || defaults.healtCheckPath,
             },
+            tags: Object.assign(Object.assign({}, constants_1.commonTags), { Name: `${this.name}-lb-target-group` }),
         }, { parent: this, dependsOn: [this.lb] });
         const lbHttpListener = new aws.lb.Listener(`${this.name}-lb-listener-80`, {
             loadBalancerArn: this.lb.arn,
@@ -125,6 +129,7 @@ class WebServer extends pulumi.ComponentResource {
                     },
                 },
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
         const lbTlsListener = new aws.lb.Listener(`${this.name}-lb-listener-443`, {
             loadBalancerArn: this.lb.arn,
@@ -138,6 +143,7 @@ class WebServer extends pulumi.ComponentResource {
                     targetGroupArn: this.lbTargetGroup.arn,
                 },
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
         return {
             lb,
@@ -174,6 +180,7 @@ class WebServer extends pulumi.ComponentResource {
                 secretManagerSecretsInlinePolicy,
                 ...argsWithDefaults.taskExecutionRoleInlinePolicies,
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
         const execCmdInlinePolicy = {
             name: `${this.name}-ecs-exec`,
@@ -201,6 +208,7 @@ class WebServer extends pulumi.ComponentResource {
                 execCmdInlinePolicy,
                 ...argsWithDefaults.taskRoleInlinePolicies,
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
         const parsedSize = pulumi.all([argsWithDefaults.size]).apply(([size]) => {
             const mapCapabilities = ({ cpu, memory }) => ({
@@ -259,7 +267,7 @@ class WebServer extends pulumi.ComponentResource {
                     },
                 ]);
             }),
-            tags: argsWithDefaults.tags,
+            tags: Object.assign(Object.assign({}, constants_1.commonTags), argsWithDefaults.tags),
         }, { parent: this });
         return taskDefinition;
     }
@@ -283,6 +291,7 @@ class WebServer extends pulumi.ComponentResource {
                     cidrBlocks: ['0.0.0.0/0'],
                 },
             ],
+            tags: constants_1.commonTags,
         }, { parent: this });
         const service = new aws.ecs.Service(`${this.name}-service`, {
             name: this.name,
@@ -303,7 +312,7 @@ class WebServer extends pulumi.ComponentResource {
                 subnets: argsWithDefaults.vpc.publicSubnetIds,
                 securityGroups: [serviceSecurityGroup.id],
             },
-            tags: argsWithDefaults.tags,
+            tags: Object.assign(Object.assign({}, constants_1.commonTags), argsWithDefaults.tags),
         }, {
             parent: this,
             dependsOn: [
@@ -337,6 +346,7 @@ class WebServer extends pulumi.ComponentResource {
             resourceId: pulumi.interpolate `service/${argsWithDefaults.cluster.name}/${this.service.name}`,
             serviceNamespace: 'ecs',
             scalableDimension: 'ecs:service:DesiredCount',
+            tags: constants_1.commonTags,
         }, { parent: this });
         const memoryAutoscalingPolicy = new aws.appautoscaling.Policy(`${this.name}-memory-autoscale-policy`, {
             policyType: 'TargetTrackingScaling',

package/dist/constants.d.ts

@@ -21,3 +21,7 @@ export declare const Ec2AMI: {
         ARM: string;
     };
 };
+export declare const commonTags: {
+    Env: string;
+    Project: string;
+};

package/dist/constants.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Ec2AMI = exports.PredefinedSize = void 0;
+exports.commonTags = exports.Ec2AMI = exports.PredefinedSize = void 0;
+const pulumi = require("@pulumi/pulumi");
 const CPU_1_VCPU = 1024;
 const MEMORY_1GB = 1024;
 exports.PredefinedSize = {
@@ -26,3 +27,7 @@ exports.Ec2AMI = {
         ARM: 'ami-0b40baa8c6b882e6c',
     },
 };
+exports.commonTags = {
+    Env: pulumi.getStack(),
+    Project: pulumi.getProject(),
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@studion/infra-code-blocks",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Studion common infra components",
   "keywords": [
     "infrastructure",