@studion/infra-code-blocks 0.1.8 → 0.1.9

package/README.md

@@ -4,9 +4,15 @@ Studion Platform common infra components.
 
 ## Table of Contents
 
-1. [Installation](#installation)
-2. [Usage](#usage)
-3. [API](#api)
+1. [Prerequisites](#prerequisites)
+2. [Installation](#installation)
+3. [Usage](#usage)
+4. [API](#api)
+
+## Prerequisites
+
+- Working [Pulumi](https://www.pulumi.com/docs/clouds/aws/get-started/begin/#pulumi-aws-before-you-begin) project
+- AWS account with neccessary permissions for each studion component
 
 ## Installation
 
@@ -42,6 +48,12 @@ const project = new studion.Project('demo-project', {
 export const projectName = project.name;
 ```
 
+- Deploy pulumi stack
+
+```bash
+$ pulumi up
+```
+
 ## API
 
 1. [Project](#project)
@@ -83,7 +95,7 @@ type ProjectArgs = {
 | Argument         |                                                                         Description                                                                          |
 | :--------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------: |
 | services \*      |                                                                        Service list.                                                                         |
-| hostedZoneId     |                                           Route53 hosted zone ID responsible for managing records for the domain.                                            |
+| hostedZoneId     |                     Route53 hosted zone ID responsible for managing records for the domain. Required for 'STATIC_SITE' and 'WEB_SERVER'                      |
 | enableSSMConnect | Setup ec2 instance and SSM in order to connect to the database in the private subnet. Please refer to the [SSM Connect](#ssm-connect) section for more info. |
 
 ```ts
@@ -92,7 +104,7 @@ type DatabaseService = {
   serviceName: string;
   dbName: pulumi.Input<string>;
   username: pulumi.Input<string>;
-  password: pulumi.Input<string>;
+  password?: pulumi.Input<string>;
   applyImmediately?: pulumi.Input<boolean>;
   skipFinalSnapshot?: pulumi.Input<boolean>;
   allocatedStorage?: pulumi.Input<number>;
@@ -117,7 +129,7 @@ export type RedisService = {
 export type StaticSiteService = {
   type: 'STATIC_SITE';
   serviceName: string;
-  domain: pulumi.Input<string>;
+  domain?: pulumi.Input<string>;
   tags?: pulumi.Input<{
     [key: string]: pulumi.Input<string>;
   }>;
@@ -256,8 +268,8 @@ new Database(name: string, args: DatabaseArgs, opts?: pulumi.CustomResourceOptio
 type DatabaseArgs = {
   dbName: pulumi.Input<string>;
   username: pulumi.Input<string>;
-  password: pulumi.Input<string>;
   vpc: awsx.ec2.Vpc;
+  password?: pulumi.Input<string>;
   applyImmediately?: pulumi.Input<boolean>;
   skipFinalSnapshot?: pulumi.Input<boolean>;
   allocatedStorage?: pulumi.Input<number>;
@@ -269,6 +281,7 @@ type DatabaseArgs = {
 };
 ```
 
+If the password is not specified it will be autogenerated.
 The database password is stored as a secret inside AWS Secret Manager.
 The secret will be available on the `Database` resource as `passwordSecret`.
 
@@ -341,8 +354,8 @@ new StaticSite(name: string, args: StaticSiteArgs, opts?: pulumi.ComponentResour
 
 ```ts
 type StaticSiteArgs = {
-  domain: pulumi.Input<string>;
-  hostedZoneId: pulumi.Input<string>;
+  domain?: pulumi.Input<string>;
+  hostedZoneId?: pulumi.Input<string>;
   tags?: pulumi.Input<{
     [key: string]: pulumi.Input<string>;
   }>;

package/dist/components/database.d.ts

@@ -10,15 +10,15 @@ export type DatabaseArgs = {
      * Username for the master DB user.
      */
     username: pulumi.Input<string>;
-    /**
-     * Password for the master DB user.
-     * The value will be stored as a secret in AWS Secret Manager.
-     */
-    password: pulumi.Input<string>;
     /**
      * The awsx.ec2.Vpc resource.
      */
     vpc: awsx.ec2.Vpc;
+    /**
+     * Password for the master DB user. If not specified it will be autogenerated.
+     * The value will be stored as a secret in AWS Secret Manager.
+     */
+    password?: pulumi.Input<string>;
     /**
      * Specifies whether any database modifications are applied immediately, or during the next maintenance window. Default is false.
      */

package/dist/components/database.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.Database = void 0;
 const aws = require("@pulumi/aws");
 const pulumi = require("@pulumi/pulumi");
+const random = require("@pulumi/random");
 const constants_1 = require("../constants");
 const defaults = {
     applyImmediately: false,
@@ -15,12 +16,13 @@ class Database extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {
         super('studion:Database', name, {}, opts);
         this.name = name;
-        const { vpc, password } = args;
+        const { vpc } = args;
         this.dbSubnetGroup = this.createSubnetGroup({ vpc });
         this.dbSecurityGroup = this.createSecurityGroup({ vpc });
         this.kms = this.createEncryptionKey();
-        this.passwordSecret = this.createPasswordSecret({ password });
-        this.instance = this.createDatabaseInstance(args);
+        const { instance, passwordSecret } = this.createDatabaseInstance(args);
+        this.instance = instance;
+        this.passwordSecret = passwordSecret;
         this.registerOutputs();
     }
     createSubnetGroup({ vpc }) {
@@ -73,16 +75,23 @@ class Database extends pulumi.ComponentResource {
     createDatabaseInstance(args) {
         const argsWithDefaults = Object.assign({}, defaults, args);
         const stack = pulumi.getStack();
+        const password = argsWithDefaults.password ||
+            new random.RandomPassword(`${this.name}-db-password`, {
+                length: 16,
+                overrideSpecial: '_%$',
+                special: true,
+            }).result;
+        const passwordSecret = this.createPasswordSecret({ password });
         const instance = new aws.rds.Instance(`${this.name}-rds`, {
             identifierPrefix: `${this.name}-`,
             engine: 'postgres',
-            engineVersion: '14.9',
+            engineVersion: '15.3',
             allocatedStorage: argsWithDefaults.allocatedStorage,
             maxAllocatedStorage: argsWithDefaults.maxAllocatedStorage,
             instanceClass: argsWithDefaults.instanceClass,
             dbName: argsWithDefaults.dbName,
             username: argsWithDefaults.username,
-            password: argsWithDefaults.password,
+            password,
             dbSubnetGroupName: this.dbSubnetGroup.name,
             vpcSecurityGroupIds: [this.dbSecurityGroup.id],
             storageEncrypted: true,
@@ -97,7 +106,7 @@ class Database extends pulumi.ComponentResource {
             backupRetentionPeriod: 14,
             tags: Object.assign(Object.assign({}, constants_1.commonTags), argsWithDefaults.tags),
         }, { parent: this });
-        return instance;
+        return { instance, passwordSecret };
     }
 }
 exports.Database = Database;

package/dist/components/ec2-ssm-connect.js

@@ -6,6 +6,17 @@ const aws = require("@pulumi/aws");
 const constants_1 = require("../constants");
 const config = new pulumi.Config('aws');
 const awsRegion = config.require('region');
+const AmazonLinux2023_ARM_EC2_AMI = aws.ec2.getAmiOutput({
+    filters: [
+        { name: 'architecture', values: ['arm64'] },
+        { name: 'root-device-type', values: ['ebs'] },
+        { name: 'virtualization-type', values: ['hvm'] },
+        { name: 'ena-support', values: ['true'] },
+    ],
+    owners: ['amazon'],
+    nameRegex: 'al2023-ami-2023.2.20231030.1-kernel-6.1-arm64',
+    mostRecent: true,
+});
 class Ec2SSMConnect extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {
         super('studion:Ec2BastionSSMConnect', name, {}, opts);
@@ -55,7 +66,7 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
             tags: constants_1.commonTags,
         }, { parent: this, dependsOn: [ssmPolicyAttachment] });
         this.ec2 = new aws.ec2.Instance(`${name}-ec2`, {
-            ami: constants_1.Ec2AMI.AmazonLinux2023.ARM,
+            ami: AmazonLinux2023_ARM_EC2_AMI.id,
             associatePublicIpAddress: false,
             instanceType: 't4g.nano',
             iamInstanceProfile: ssmProfile.name,

package/dist/components/project.js

@@ -109,8 +109,6 @@ class Project extends pulumi.ComponentResource {
     }
     createStaticSiteService(options) {
         const { serviceName } = options, staticSiteOptions = __rest(options, ["serviceName"]);
-        if (!this.hostedZoneId)
-            throw new MissingHostedZoneId(options.type);
         const service = new static_site_1.StaticSite(serviceName, Object.assign(Object.assign({}, staticSiteOptions), { hostedZoneId: this.hostedZoneId }), { parent: this });
         this.services[serviceName] = service;
     }

package/dist/components/static-site.d.ts

@@ -6,11 +6,11 @@ export type StaticSiteArgs = {
      * The domain which will be used to access the static site.
      * The domain or subdomain must belong to the provided hostedZone.
      */
-    domain: pulumi.Input<string>;
+    domain?: pulumi.Input<string>;
     /**
      * The ID of the hosted zone.
      */
-    hostedZoneId: pulumi.Input<string>;
+    hostedZoneId?: pulumi.Input<string>;
     /**
      * A map of tags to assign to the resource.
      */
@@ -20,7 +20,7 @@ export type StaticSiteArgs = {
 };
 export declare class StaticSite extends pulumi.ComponentResource {
     name: string;
-    certificate: AcmCertificate;
+    certificate?: AcmCertificate;
     bucket: aws.s3.Bucket;
     cloudfront: aws.cloudfront.Distribution;
     constructor(name: string, args: StaticSiteArgs, opts?: pulumi.ComponentResourceOptions);

package/dist/components/static-site.js

@@ -10,10 +10,18 @@ class StaticSite extends pulumi.ComponentResource {
         super('studion:StaticSite', name, {}, opts);
         this.name = name;
         const { domain, hostedZoneId, tags } = args;
-        this.certificate = this.createTlsCertificate({ domain, hostedZoneId });
+        const hasCustomDomain = domain && hostedZoneId;
+        if (domain && !hostedZoneId) {
+            throw new Error('StaticSite:hostedZoneId must be provided when the domain is specified');
+        }
+        if (hasCustomDomain) {
+            this.certificate = this.createTlsCertificate({ domain, hostedZoneId });
+        }
         this.bucket = this.createPublicBucket({ tags });
         this.cloudfront = this.createCloudfrontDistribution({ domain, tags });
-        this.createDnsRecord({ domain, hostedZoneId });
+        if (hasCustomDomain) {
+            this.createDnsRecord({ domain, hostedZoneId });
+        }
         this.registerOutputs();
     }
     createTlsCertificate({ domain, hostedZoneId, }) {
@@ -59,19 +67,15 @@ class StaticSite extends pulumi.ComponentResource {
         return bucket;
     }
     createCloudfrontDistribution({ domain, tags, }) {
-        const cloudfront = new aws.cloudfront.Distribution(`${this.name}-cloudfront`, {
-            enabled: true,
-            defaultRootObject: 'index.html',
-            aliases: [domain],
-            isIpv6Enabled: true,
-            waitForDeployment: true,
-            httpVersion: 'http2and3',
-            viewerCertificate: {
-                acmCertificateArn: this.certificate.certificate.arn,
-                sslSupportMethod: 'sni-only',
-                minimumProtocolVersion: 'TLSv1.2_2021',
-            },
-            origins: [
+        const cloudfront = new aws.cloudfront.Distribution(`${this.name}-cloudfront`, Object.assign(Object.assign({ enabled: true, defaultRootObject: 'index.html' }, (domain && { aliases: [domain] })), { isIpv6Enabled: true, waitForDeployment: true, httpVersion: 'http2and3', viewerCertificate: Object.assign({}, (this.certificate
+                ? {
+                    acmCertificateArn: this.certificate.certificate.arn,
+                    sslSupportMethod: 'sni-only',
+                    minimumProtocolVersion: 'TLSv1.2_2021',
+                }
+                : {
+                    cloudfrontDefaultCertificate: true,
+                })), origins: [
                 {
                     originId: this.bucket.arn,
                     domainName: this.bucket.websiteEndpoint,
@@ -84,8 +88,7 @@ class StaticSite extends pulumi.ComponentResource {
                         originSslProtocols: ['TLSv1.2'],
                     },
                 },
-            ],
-            defaultCacheBehavior: {
+            ], defaultCacheBehavior: {
                 targetOriginId: this.bucket.arn,
                 viewerProtocolPolicy: 'redirect-to-https',
                 allowedMethods: ['GET', 'HEAD', 'OPTIONS'],
@@ -98,13 +101,9 @@ class StaticSite extends pulumi.ComponentResource {
                     cookies: { forward: 'none' },
                     queryString: false,
                 },
-            },
-            priceClass: 'PriceClass_100',
-            restrictions: {
+            }, priceClass: 'PriceClass_100', restrictions: {
                 geoRestriction: { restrictionType: 'none' },
-            },
-            tags: Object.assign(Object.assign({}, constants_1.commonTags), tags),
-        }, { parent: this });
+            }, tags: Object.assign(Object.assign({}, constants_1.commonTags), tags) }), { parent: this });
         return cloudfront;
     }
     createDnsRecord({ domain, hostedZoneId, }) {

package/dist/constants.d.ts

@@ -16,11 +16,6 @@ export declare const PredefinedSize: {
         readonly memory: number;
     };
 };
-export declare const Ec2AMI: {
-    AmazonLinux2023: {
-        ARM: string;
-    };
-};
 export declare const commonTags: {
     Env: string;
     Project: string;

package/dist/constants.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.commonTags = exports.Ec2AMI = exports.PredefinedSize = void 0;
+exports.commonTags = exports.PredefinedSize = void 0;
 const pulumi = require("@pulumi/pulumi");
 const CPU_1_VCPU = 1024;
 const MEMORY_1GB = 1024;
@@ -22,11 +22,6 @@ exports.PredefinedSize = {
         memory: MEMORY_1GB * 4, // 4 GB memory
     },
 };
-exports.Ec2AMI = {
-    AmazonLinux2023: {
-        ARM: 'ami-0b40baa8c6b882e6c',
-    },
-};
 exports.commonTags = {
     Env: pulumi.getStack(),
     Project: pulumi.getProject(),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@studion/infra-code-blocks",
-  "version": "0.1.8",
+  "version": "0.1.9",
   "description": "Studion common infra components",
   "keywords": [
     "infrastructure",
@@ -35,6 +35,7 @@
     "@pulumi/aws": "^5.0.0",
     "@pulumi/awsx": "^1.0.0",
     "@pulumi/pulumi": "^3.0.0",
+    "@pulumi/random": "^4.14.0",
     "@upstash/pulumi": "^0.2.0"
   },
   "devDependencies": {