@studion/infra-code-blocks 0.1.8 → 0.2.0

package/dist/components/web-server.d.ts

@@ -1,106 +1,37 @@
 import * as pulumi from '@pulumi/pulumi';
 import * as aws from '@pulumi/aws';
-import * as awsx from '@pulumi/awsx';
-import { Size } from '../types/size';
 import { AcmCertificate } from './acm-certificate';
-export type RoleInlinePolicy = {
-    /**
-     * Name of the role policy.
-     */
-    name?: pulumi.Input<string>;
-    /**
-     * Policy document as a JSON formatted string.
-     */
-    policy?: pulumi.Input<string>;
-};
-export type WebServerArgs = {
-    /**
-     * The ECR image used to start a container.
-     */
-    image: pulumi.Input<string>;
-    /**
-     * Exposed service port.
-     */
-    port: pulumi.Input<number>;
+import { EcsService, EcsServiceArgs } from './ecs-service';
+export type WebServerArgs = Pick<EcsServiceArgs, 'image' | 'port' | 'cluster' | 'vpcId' | 'vpcCidrBlock' | 'desiredCount' | 'autoscaling' | 'size' | 'environment' | 'secrets' | 'taskExecutionRoleInlinePolicies' | 'taskRoleInlinePolicies' | 'tags'> & {
+    publicSubnetIds: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The domain which will be used to access the service.
      * The domain or subdomain must belong to the provided hostedZone.
      */
-    domain: pulumi.Input<string>;
-    /**
-     * The aws.ecs.Cluster resource.
-     */
-    cluster: aws.ecs.Cluster;
+    domain?: pulumi.Input<string>;
     /**
      * The ID of the hosted zone.
      */
-    hostedZoneId: pulumi.Input<string>;
-    /**
-     * The awsx.ec2.Vpc resource.
-     */
-    vpc: awsx.ec2.Vpc;
-    /**
-     * Number of instances of the task definition to place and keep running. Defaults to 1.
-     */
-    desiredCount?: pulumi.Input<number>;
-    /**
-     * Min capacity of the scalable target. Defaults to 1.
-     */
-    minCount?: pulumi.Input<number>;
-    /**
-     * Max capacity of the scalable target. Defaults to 10.
-     */
-    maxCount?: pulumi.Input<number>;
-    /**
-     * CPU and memory size used for running the container. Defaults to "small".
-     * Available predefined options are:
-     * - small (0.25 vCPU, 0.5 GB memory)
-     * - medium (0.5 vCPU, 1 GB memory)
-     * - large (1 vCPU memory, 2 GB memory)
-     * - xlarge (2 vCPU, 4 GB memory)
-     */
-    size?: pulumi.Input<Size>;
-    /**
-     * The environment variables to pass to a container. Don't use this field for
-     * sensitive information such as passwords, API keys, etc. For that purpose,
-     * please use the `secrets` property.
-     * Defaults to [].
-     */
-    environment?: aws.ecs.KeyValuePair[];
-    /**
-     * The secrets to pass to the container. Defaults to [].
-     */
-    secrets?: aws.ecs.Secret[];
-    /**
-     * Path for the health check request. Defaults to "/healtcheck".
-     */
-    healtCheckPath?: pulumi.Input<string>;
-    taskExecutionRoleInlinePolicies?: pulumi.Input<pulumi.Input<RoleInlinePolicy>[]>;
-    taskRoleInlinePolicies?: pulumi.Input<pulumi.Input<RoleInlinePolicy>[]>;
+    hostedZoneId?: pulumi.Input<string>;
     /**
-     * A map of tags to assign to the resource.
+     * Path for the health check request. Defaults to "/healthcheck".
      */
-    tags?: pulumi.Input<{
-        [key: string]: pulumi.Input<string>;
-    }>;
+    healthCheckPath?: pulumi.Input<string>;
 };
 export declare class WebServer extends pulumi.ComponentResource {
     name: string;
-    certificate: AcmCertificate;
-    logGroup: aws.cloudwatch.LogGroup;
+    service: EcsService;
     lbSecurityGroup: aws.ec2.SecurityGroup;
+    serviceSecurityGroup: aws.ec2.SecurityGroup;
     lb: aws.lb.LoadBalancer;
     lbTargetGroup: aws.lb.TargetGroup;
     lbHttpListener: aws.lb.Listener;
-    lbTlsListener: aws.lb.Listener;
-    taskDefinition: aws.ecs.TaskDefinition;
-    service: aws.ecs.Service;
+    certificate?: AcmCertificate;
+    lbTlsListener?: aws.lb.Listener;
     constructor(name: string, args: WebServerArgs, opts?: pulumi.ComponentResourceOptions);
     private createTlsCertificate;
-    private createLogGroup;
     private createLoadBalancer;
-    private createTaskDefinition;
+    private createSecurityGroup;
     private createEcsService;
     private createDnsRecord;
-    private enableAutoscaling;
 }

package/dist/components/web-server.js

@@ -5,49 +5,33 @@ const pulumi = require("@pulumi/pulumi");
 const aws = require("@pulumi/aws");
 const constants_1 = require("../constants");
 const acm_certificate_1 = require("./acm-certificate");
-const config = new pulumi.Config('aws');
-const awsRegion = config.require('region');
-const assumeRolePolicy = {
-    Version: '2012-10-17',
-    Statement: [
-        {
-            Action: 'sts:AssumeRole',
-            Principal: {
-                Service: 'ecs-tasks.amazonaws.com',
-            },
-            Effect: 'Allow',
-            Sid: '',
-        },
-    ],
-};
+const ecs_service_1 = require("./ecs-service");
 const defaults = {
-    desiredCount: 1,
-    minCount: 1,
-    maxCount: 10,
-    size: 'small',
-    environment: [],
-    secrets: [],
-    healtCheckPath: '/healtcheck',
-    taskExecutionRoleInlinePolicies: [],
-    taskRoleInlinePolicies: [],
+    healthCheckPath: '/healthcheck',
 };
 class WebServer extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {
-        super('studion:WebServer', name, {}, opts);
+        super('studion:WebServer', name, args, opts);
+        const { vpcId, domain, hostedZoneId } = args;
+        const hasCustomDomain = !!domain && !!hostedZoneId;
+        if (domain && !hostedZoneId) {
+            throw new Error('WebServer:hostedZoneId must be provided when the domain is specified');
+        }
         this.name = name;
-        const { domain, hostedZoneId, vpc, port, healtCheckPath } = args;
-        this.certificate = this.createTlsCertificate({ domain, hostedZoneId });
-        this.logGroup = this.createLogGroup();
-        const { lb, lbTargetGroup, lbHttpListener, lbTlsListener, lbSecurityGroup, } = this.createLoadBalancer({ vpc, port, healtCheckPath });
+        if (hasCustomDomain) {
+            this.certificate = this.createTlsCertificate({ domain, hostedZoneId });
+        }
+        const { lb, lbTargetGroup, lbHttpListener, lbTlsListener, lbSecurityGroup, } = this.createLoadBalancer(args);
         this.lb = lb;
         this.lbTargetGroup = lbTargetGroup;
         this.lbHttpListener = lbHttpListener;
         this.lbTlsListener = lbTlsListener;
         this.lbSecurityGroup = lbSecurityGroup;
-        this.taskDefinition = this.createTaskDefinition(args);
+        this.serviceSecurityGroup = this.createSecurityGroup(vpcId);
         this.service = this.createEcsService(args);
-        this.createDnsRecord({ domain, hostedZoneId });
-        this.enableAutoscaling(args);
+        if (hasCustomDomain) {
+            this.createDnsRecord({ domain, hostedZoneId });
+        }
         this.registerOutputs();
     }
     createTlsCertificate({ domain, hostedZoneId, }) {
@@ -57,17 +41,9 @@ class WebServer extends pulumi.ComponentResource {
         }, { parent: this });
         return certificate;
     }
-    createLogGroup() {
-        const logGroup = new aws.cloudwatch.LogGroup(`${this.name}-log-group`, {
-            retentionInDays: 14,
-            namePrefix: `/ecs/${this.name}-`,
-            tags: constants_1.commonTags,
-        }, { parent: this });
-        return logGroup;
-    }
-    createLoadBalancer({ vpc, port, healtCheckPath, }) {
+    createLoadBalancer({ vpcId, publicSubnetIds, port, healthCheckPath, }) {
         const lbSecurityGroup = new aws.ec2.SecurityGroup(`${this.name}-lb-security-group`, {
-            vpcId: vpc.vpcId,
+            vpcId,
             ingress: [
                 {
                     protocol: 'tcp',
@@ -95,7 +71,7 @@ class WebServer extends pulumi.ComponentResource {
         const lb = new aws.lb.LoadBalancer(`${this.name}-lb`, {
             namePrefix: 'lb-',
             loadBalancerType: 'application',
-            subnets: vpc.publicSubnetIds,
+            subnets: publicSubnetIds,
             securityGroups: [lbSecurityGroup.id],
             internal: false,
             ipAddressType: 'ipv4',
@@ -106,13 +82,13 @@ class WebServer extends pulumi.ComponentResource {
             port,
             protocol: 'HTTP',
             targetType: 'ip',
-            vpcId: vpc.vpcId,
+            vpcId,
             healthCheck: {
                 healthyThreshold: 3,
                 unhealthyThreshold: 2,
                 interval: 60,
                 timeout: 5,
-                path: healtCheckPath || defaults.healtCheckPath,
+                path: healthCheckPath || defaults.healthCheckPath,
             },
             tags: Object.assign(Object.assign({}, constants_1.commonTags), { Name: `${this.name}-lb-target-group` }),
         }, { parent: this, dependsOn: [this.lb] });
@@ -131,20 +107,23 @@ class WebServer extends pulumi.ComponentResource {
             ],
             tags: constants_1.commonTags,
         }, { parent: this });
-        const lbTlsListener = new aws.lb.Listener(`${this.name}-lb-listener-443`, {
-            loadBalancerArn: lb.arn,
-            port: 443,
-            protocol: 'HTTPS',
-            sslPolicy: 'ELBSecurityPolicy-2016-08',
-            certificateArn: this.certificate.certificate.arn,
-            defaultActions: [
-                {
-                    type: 'forward',
-                    targetGroupArn: lbTargetGroup.arn,
-                },
-            ],
-            tags: constants_1.commonTags,
-        }, { parent: this });
+        let lbTlsListener = undefined;
+        if (this.certificate) {
+            lbTlsListener = new aws.lb.Listener(`${this.name}-lb-listener-443`, {
+                loadBalancerArn: lb.arn,
+                port: 443,
+                protocol: 'HTTPS',
+                sslPolicy: 'ELBSecurityPolicy-2016-08',
+                certificateArn: this.certificate.certificate.arn,
+                defaultActions: [
+                    {
+                        type: 'forward',
+                        targetGroupArn: lbTargetGroup.arn,
+                    },
+                ],
+                tags: constants_1.commonTags,
+            }, { parent: this });
+        }
         return {
             lb,
             lbTargetGroup,
@@ -153,129 +132,9 @@ class WebServer extends pulumi.ComponentResource {
             lbSecurityGroup,
         };
     }
-    createTaskDefinition(args) {
-        const argsWithDefaults = Object.assign({}, defaults, args);
-        const stack = pulumi.getStack();
-        const secretManagerSecretsInlinePolicy = {
-            name: `${this.name}-secret-manager-access`,
-            policy: JSON.stringify({
-                Version: '2012-10-17',
-                Statement: [
-                    {
-                        Sid: 'AllowContainerToGetSecretManagerSecrets',
-                        Effect: 'Allow',
-                        Action: ['secretsmanager:GetSecretValue'],
-                        Resource: '*',
-                    },
-                ],
-            }),
-        };
-        const taskExecutionRole = new aws.iam.Role(`${this.name}-ecs-task-exec-role`, {
-            namePrefix: `${this.name}-ecs-task-exec-role-`,
-            assumeRolePolicy,
-            managedPolicyArns: [
-                'arn:aws:iam::aws:policy/CloudWatchFullAccess',
-                'arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess',
-            ],
-            inlinePolicies: [
-                secretManagerSecretsInlinePolicy,
-                ...argsWithDefaults.taskExecutionRoleInlinePolicies,
-            ],
-            tags: constants_1.commonTags,
-        }, { parent: this });
-        const execCmdInlinePolicy = {
-            name: `${this.name}-ecs-exec`,
-            policy: JSON.stringify({
-                Version: '2012-10-17',
-                Statement: [
-                    {
-                        Sid: 'AllowContainerToCreateECSExecSSMChannel',
-                        Effect: 'Allow',
-                        Action: [
-                            'ssmmessages:CreateControlChannel',
-                            'ssmmessages:CreateDataChannel',
-                            'ssmmessages:OpenControlChannel',
-                            'ssmmessages:OpenDataChannel',
-                        ],
-                        Resource: '*',
-                    },
-                ],
-            }),
-        };
-        const taskRole = new aws.iam.Role(`${this.name}-ecs-task-role`, {
-            namePrefix: `${this.name}-ecs-task-role-`,
-            assumeRolePolicy,
-            inlinePolicies: [
-                execCmdInlinePolicy,
-                ...argsWithDefaults.taskRoleInlinePolicies,
-            ],
-            tags: constants_1.commonTags,
-        }, { parent: this });
-        const parsedSize = pulumi.all([argsWithDefaults.size]).apply(([size]) => {
-            const mapCapabilities = ({ cpu, memory }) => ({
-                cpu: String(cpu),
-                memory: String(memory),
-            });
-            if (typeof size === 'string') {
-                return mapCapabilities(constants_1.PredefinedSize[size]);
-            }
-            if (typeof size === 'object') {
-                return mapCapabilities(size);
-            }
-            throw Error('Incorrect EcsService size argument');
-        });
-        const taskDefinition = new aws.ecs.TaskDefinition(`${this.name}-task-definition`, {
-            family: `${this.name}-task-definition-${stack}`,
-            networkMode: 'awsvpc',
-            executionRoleArn: taskExecutionRole.arn,
-            taskRoleArn: taskRole.arn,
-            cpu: parsedSize.cpu,
-            memory: parsedSize.memory,
-            requiresCompatibilities: ['FARGATE'],
-            containerDefinitions: pulumi
-                .all([
-                this.name,
-                argsWithDefaults.image,
-                argsWithDefaults.port,
-                argsWithDefaults.environment,
-                argsWithDefaults.secrets,
-                this.logGroup.name,
-                awsRegion,
-            ])
-                .apply(([containerName, image, port, environment, secrets, logGroup, region,]) => {
-                return JSON.stringify([
-                    {
-                        readonlyRootFilesystem: false,
-                        name: containerName,
-                        image,
-                        essential: true,
-                        portMappings: [
-                            {
-                                containerPort: port,
-                                protocol: 'tcp',
-                            },
-                        ],
-                        logConfiguration: {
-                            logDriver: 'awslogs',
-                            options: {
-                                'awslogs-group': logGroup,
-                                'awslogs-region': region,
-                                'awslogs-stream-prefix': 'ecs',
-                            },
-                        },
-                        environment,
-                        secrets,
-                    },
-                ]);
-            }),
-            tags: Object.assign(Object.assign({}, constants_1.commonTags), argsWithDefaults.tags),
-        }, { parent: this });
-        return taskDefinition;
-    }
-    createEcsService(args) {
-        const argsWithDefaults = Object.assign({}, defaults, args);
-        const serviceSecurityGroup = new aws.ec2.SecurityGroup(`${this.name}-security-group`, {
-            vpcId: argsWithDefaults.vpc.vpcId,
+    createSecurityGroup(vpcId) {
+        const securityGroup = new aws.ec2.SecurityGroup(`${this.name}-security-group`, {
+            vpcId,
             ingress: [
                 {
                     fromPort: 0,
@@ -294,34 +153,12 @@ class WebServer extends pulumi.ComponentResource {
             ],
             tags: constants_1.commonTags,
         }, { parent: this });
-        const service = new aws.ecs.Service(`${this.name}-service`, {
-            name: this.name,
-            cluster: argsWithDefaults.cluster.id,
-            launchType: 'FARGATE',
-            desiredCount: argsWithDefaults.desiredCount,
-            taskDefinition: this.taskDefinition.arn,
-            enableExecuteCommand: true,
-            loadBalancers: [
-                {
-                    containerName: this.name,
-                    containerPort: argsWithDefaults.port,
-                    targetGroupArn: this.lbTargetGroup.arn,
-                },
-            ],
-            networkConfiguration: {
-                assignPublicIp: true,
-                subnets: argsWithDefaults.vpc.publicSubnetIds,
-                securityGroups: [serviceSecurityGroup.id],
-            },
-            tags: Object.assign(Object.assign({}, constants_1.commonTags), argsWithDefaults.tags),
-        }, {
+        return securityGroup;
+    }
+    createEcsService(args) {
+        const service = new ecs_service_1.EcsService(this.name, Object.assign(Object.assign({}, args), { enableServiceAutoDiscovery: false, lbTargetGroupArn: this.lbTargetGroup.arn, assignPublicIp: true, subnetIds: args.publicSubnetIds, securityGroup: this.serviceSecurityGroup }), {
             parent: this,
-            dependsOn: [
-                this.lb,
-                this.lbTargetGroup,
-                this.lbHttpListener,
-                this.lbTlsListener,
-            ],
+            dependsOn: [this.lb, this.lbTargetGroup],
         });
         return service;
     }
@@ -339,40 +176,5 @@ class WebServer extends pulumi.ComponentResource {
             ],
         }, { parent: this });
     }
-    enableAutoscaling(args) {
-        const argsWithDefaults = Object.assign({}, defaults, args);
-        const autoscalingTarget = new aws.appautoscaling.Target(`${this.name}-autoscale-target`, {
-            minCapacity: argsWithDefaults.minCount,
-            maxCapacity: argsWithDefaults.maxCount,
-            resourceId: pulumi.interpolate `service/${argsWithDefaults.cluster.name}/${this.service.name}`,
-            serviceNamespace: 'ecs',
-            scalableDimension: 'ecs:service:DesiredCount',
-            tags: constants_1.commonTags,
-        }, { parent: this });
-        const memoryAutoscalingPolicy = new aws.appautoscaling.Policy(`${this.name}-memory-autoscale-policy`, {
-            policyType: 'TargetTrackingScaling',
-            resourceId: autoscalingTarget.resourceId,
-            scalableDimension: autoscalingTarget.scalableDimension,
-            serviceNamespace: autoscalingTarget.serviceNamespace,
-            targetTrackingScalingPolicyConfiguration: {
-                predefinedMetricSpecification: {
-                    predefinedMetricType: 'ECSServiceAverageMemoryUtilization',
-                },
-                targetValue: 80,
-            },
-        }, { parent: this });
-        const cpuAutoscalingPolicy = new aws.appautoscaling.Policy(`${this.name}-cpu-autoscale-policy`, {
-            policyType: 'TargetTrackingScaling',
-            resourceId: autoscalingTarget.resourceId,
-            scalableDimension: autoscalingTarget.scalableDimension,
-            serviceNamespace: autoscalingTarget.serviceNamespace,
-            targetTrackingScalingPolicyConfiguration: {
-                predefinedMetricSpecification: {
-                    predefinedMetricType: 'ECSServiceAverageCPUUtilization',
-                },
-                targetValue: 60,
-            },
-        }, { parent: this });
-    }
 }
 exports.WebServer = WebServer;

package/dist/constants.d.ts

@@ -16,11 +16,6 @@ export declare const PredefinedSize: {
         readonly memory: number;
     };
 };
-export declare const Ec2AMI: {
-    AmazonLinux2023: {
-        ARM: string;
-    };
-};
 export declare const commonTags: {
     Env: string;
     Project: string;

package/dist/constants.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.commonTags = exports.Ec2AMI = exports.PredefinedSize = void 0;
+exports.commonTags = exports.PredefinedSize = void 0;
 const pulumi = require("@pulumi/pulumi");
 const CPU_1_VCPU = 1024;
 const MEMORY_1GB = 1024;
@@ -22,11 +22,6 @@ exports.PredefinedSize = {
         memory: MEMORY_1GB * 4, // 4 GB memory
     },
 };
-exports.Ec2AMI = {
-    AmazonLinux2023: {
-        ARM: 'ami-0b40baa8c6b882e6c',
-    },
-};
 exports.commonTags = {
     Env: pulumi.getStack(),
     Project: pulumi.getProject(),

package/dist/index.d.ts

@@ -1,6 +1,9 @@
 export * from './components/web-server';
+export * from './components/mongo';
 export * from './components/static-site';
 export * from './components/database';
 export * from './components/redis';
 export * from './components/project';
 export * from './components/ec2-ssm-connect';
+export * from './components/ecs-service';
+export * from './components/nuxt-ssr';

package/dist/index.js

@@ -15,8 +15,11 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./components/web-server"), exports);
+__exportStar(require("./components/mongo"), exports);
 __exportStar(require("./components/static-site"), exports);
 __exportStar(require("./components/database"), exports);
 __exportStar(require("./components/redis"), exports);
 __exportStar(require("./components/project"), exports);
 __exportStar(require("./components/ec2-ssm-connect"), exports);
+__exportStar(require("./components/ecs-service"), exports);
+__exportStar(require("./components/nuxt-ssr"), exports);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@studion/infra-code-blocks",
-  "version": "0.1.8",
+  "version": "0.2.0",
   "description": "Studion common infra components",
   "keywords": [
     "infrastructure",
@@ -35,6 +35,7 @@
     "@pulumi/aws": "^5.0.0",
     "@pulumi/awsx": "^1.0.0",
     "@pulumi/pulumi": "^3.0.0",
+    "@pulumi/random": "^4.14.0",
     "@upstash/pulumi": "^0.2.0"
   },
   "devDependencies": {