@studion/infra-code-blocks 0.1.9 → 0.2.1

package/dist/components/nuxt-ssr.js

@@ -0,0 +1,277 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NuxtSSR = void 0;
+const pulumi = require("@pulumi/pulumi");
+const aws = require("@pulumi/aws");
+const random = require("@pulumi/random");
+const constants_1 = require("../constants");
+const acm_certificate_1 = require("./acm-certificate");
+const ecs_service_1 = require("./ecs-service");
+const defaults = {
+    healthCheckPath: '/',
+};
+class NuxtSSR extends pulumi.ComponentResource {
+    constructor(name, args, opts = {}) {
+        super('studion:NuxtSSR', name, args, opts);
+        const { vpcId, domain, hostedZoneId, tags } = args;
+        const hasCustomDomain = domain && hostedZoneId;
+        if (domain && !hostedZoneId) {
+            throw new Error('NuxtSSR:hostedZoneId must be provided when the domain is specified');
+        }
+        this.name = name;
+        if (hasCustomDomain) {
+            this.certificate = this.createTlsCertificate({ domain, hostedZoneId });
+        }
+        this.customCFHeader = this.createCustomCFHeader();
+        const { lb, lbTargetGroup, lbHttpListener, lbSecurityGroup } = this.createLoadBalancer(args);
+        this.lb = lb;
+        this.lbTargetGroup = lbTargetGroup;
+        this.lbHttpListener = lbHttpListener;
+        this.lbSecurityGroup = lbSecurityGroup;
+        this.serviceSecurityGroup = this.createSecurityGroup(vpcId);
+        this.service = this.createEcsService(args);
+        this.cloudfront = this.createCloudfrontDistribution({ domain, tags });
+        if (hasCustomDomain) {
+            this.createDnsRecord({ domain, hostedZoneId });
+        }
+        this.registerOutputs();
+    }
+    createTlsCertificate({ domain, hostedZoneId, }) {
+        const certificate = new acm_certificate_1.AcmCertificate(`${domain}-acm-certificate`, {
+            domain,
+            hostedZoneId,
+        }, { parent: this });
+        return certificate;
+    }
+    createCustomCFHeader() {
+        const headerNameOpts = {
+            length: 4,
+            special: false,
+            numeric: false,
+            lower: false,
+            upper: true,
+        };
+        const headerNameSegment1 = new random.RandomString(`${this.name}-cf-header-name-segment1`, headerNameOpts, { parent: this });
+        const headerNameSegment2 = new random.RandomString(`${this.name}-cf-header-name-segment2`, headerNameOpts, { parent: this });
+        const headerValue = new random.RandomString(`${this.name}-cf-header-value`, {
+            length: 36,
+            special: false,
+            numeric: true,
+            lower: true,
+            upper: true,
+        }, { parent: this });
+        const headerName = pulumi
+            .all([headerNameSegment1.result, headerNameSegment2.result])
+            .apply(([segment1, segment2]) => {
+            return `X-${segment1}-${segment2}`;
+        });
+        return { name: headerName, value: headerValue.result };
+    }
+    createLoadBalancer({ vpcId, publicSubnetIds, port, healthCheckPath, }) {
+        const lbSecurityGroup = new aws.ec2.SecurityGroup(`${this.name}-lb-security-group`, {
+            vpcId,
+            ingress: [
+                {
+                    protocol: 'tcp',
+                    fromPort: 80,
+                    toPort: 80,
+                    cidrBlocks: ['0.0.0.0/0'],
+                },
+            ],
+            egress: [
+                {
+                    fromPort: 0,
+                    toPort: 0,
+                    protocol: '-1',
+                    cidrBlocks: ['0.0.0.0/0'],
+                },
+            ],
+            tags: constants_1.commonTags,
+        }, { parent: this });
+        const lb = new aws.lb.LoadBalancer(`${this.name}-lb`, {
+            namePrefix: 'lb-',
+            loadBalancerType: 'application',
+            subnets: publicSubnetIds,
+            securityGroups: [lbSecurityGroup.id],
+            internal: false,
+            ipAddressType: 'ipv4',
+            tags: Object.assign(Object.assign({}, constants_1.commonTags), { Name: `${this.name}-lb` }),
+        }, { parent: this });
+        const lbTargetGroup = new aws.lb.TargetGroup(`${this.name}-lb-tg`, {
+            namePrefix: 'lb-tg-',
+            port,
+            protocol: 'HTTP',
+            targetType: 'ip',
+            vpcId,
+            healthCheck: {
+                healthyThreshold: 3,
+                unhealthyThreshold: 2,
+                interval: 60,
+                timeout: 5,
+                path: healthCheckPath || defaults.healthCheckPath,
+            },
+            tags: Object.assign(Object.assign({}, constants_1.commonTags), { Name: `${this.name}-lb-target-group` }),
+        }, { parent: this, dependsOn: [this.lb] });
+        const lbHttpListener = new aws.lb.Listener(`${this.name}-lb-listener-80`, {
+            loadBalancerArn: lb.arn,
+            port: 80,
+            defaultActions: [
+                {
+                    type: 'fixed-response',
+                    fixedResponse: {
+                        statusCode: '403',
+                        messageBody: 'Not Allowed',
+                        contentType: 'text/plain',
+                    },
+                },
+            ],
+            tags: constants_1.commonTags,
+        }, { parent: this });
+        const lbHttpListenerRule = new aws.lb.ListenerRule(`${this.name}-lb-listener-rule`, {
+            listenerArn: lbHttpListener.arn,
+            priority: 1,
+            actions: [
+                {
+                    type: 'forward',
+                    targetGroupArn: lbTargetGroup.arn,
+                },
+            ],
+            conditions: [
+                {
+                    httpHeader: {
+                        httpHeaderName: this.customCFHeader.name,
+                        values: [this.customCFHeader.value],
+                    },
+                },
+            ],
+        }, { parent: this });
+        return {
+            lb,
+            lbTargetGroup,
+            lbHttpListener,
+            lbSecurityGroup,
+        };
+    }
+    createSecurityGroup(vpcId) {
+        const securityGroup = new aws.ec2.SecurityGroup(`${this.name}-security-group`, {
+            vpcId,
+            ingress: [
+                {
+                    fromPort: 0,
+                    toPort: 0,
+                    protocol: '-1',
+                    securityGroups: [this.lbSecurityGroup.id],
+                },
+            ],
+            egress: [
+                {
+                    fromPort: 0,
+                    toPort: 0,
+                    protocol: '-1',
+                    cidrBlocks: ['0.0.0.0/0'],
+                },
+            ],
+            tags: constants_1.commonTags,
+        }, { parent: this });
+        return securityGroup;
+    }
+    createEcsService(args) {
+        const service = new ecs_service_1.EcsService(this.name, Object.assign(Object.assign({}, args), { enableServiceAutoDiscovery: false, lbTargetGroupArn: this.lbTargetGroup.arn, assignPublicIp: true, subnetIds: args.publicSubnetIds, securityGroup: this.serviceSecurityGroup }), {
+            parent: this,
+            dependsOn: [this.lb, this.lbTargetGroup, this.lbHttpListener],
+        });
+        return service;
+    }
+    createCloudfrontDistribution({ domain, tags, }) {
+        const cachePolicy = new aws.cloudfront.CachePolicy(`${this.name}-cf-cache-policy`, {
+            comment: 'This cache policy is managed by Pulumi, changing its values will impact multiple services.',
+            defaultTtl: 0,
+            maxTtl: 31536000,
+            minTtl: 0,
+            parametersInCacheKeyAndForwardedToOrigin: {
+                cookiesConfig: {
+                    cookieBehavior: 'none',
+                },
+                headersConfig: {
+                    headerBehavior: 'none',
+                },
+                queryStringsConfig: {
+                    queryStringBehavior: 'all',
+                },
+            },
+        }, { parent: this });
+        const originRequestPolicyId = aws.cloudfront
+            .getOriginRequestPolicyOutput({
+            name: 'Managed-AllViewer',
+        })
+            .apply(policy => policy.id);
+        const responseHeadersPolicyId = aws.cloudfront
+            .getResponseHeadersPolicyOutput({
+            name: 'Managed-SecurityHeadersPolicy',
+        })
+            .apply(policy => policy.id);
+        const cloudfront = new aws.cloudfront.Distribution(`${this.name}-cloudfront`, Object.assign(Object.assign({ enabled: true }, (domain && { aliases: [domain] })), { isIpv6Enabled: true, waitForDeployment: true, httpVersion: 'http2and3', viewerCertificate: Object.assign({}, (this.certificate
+                ? {
+                    acmCertificateArn: this.certificate.certificate.arn,
+                    sslSupportMethod: 'sni-only',
+                    minimumProtocolVersion: 'TLSv1.2_2021',
+                }
+                : {
+                    cloudfrontDefaultCertificate: true,
+                })), origins: [
+                {
+                    originId: this.lb.arn,
+                    domainName: this.lb.dnsName,
+                    connectionAttempts: 3,
+                    connectionTimeout: 10,
+                    customOriginConfig: {
+                        originProtocolPolicy: 'http-only',
+                        httpPort: 80,
+                        httpsPort: 443,
+                        originSslProtocols: ['SSLv3'],
+                    },
+                    customHeaders: [
+                        { name: 'X-Forwarded-Port', value: '443' },
+                        { name: 'X-Forwarded-Ssl', value: 'on' },
+                        this.customCFHeader,
+                    ],
+                },
+            ], defaultCacheBehavior: {
+                targetOriginId: this.lb.arn,
+                viewerProtocolPolicy: 'redirect-to-https',
+                allowedMethods: [
+                    'GET',
+                    'HEAD',
+                    'OPTIONS',
+                    'PUT',
+                    'POST',
+                    'PATCH',
+                    'DELETE',
+                ],
+                cachedMethods: ['GET', 'HEAD'],
+                compress: true,
+                cachePolicyId: cachePolicy.id,
+                originRequestPolicyId,
+                responseHeadersPolicyId,
+            }, priceClass: 'PriceClass_100', restrictions: {
+                geoRestriction: { restrictionType: 'none' },
+            }, tags: Object.assign(Object.assign({}, constants_1.commonTags), tags) }), { parent: this });
+        return cloudfront;
+    }
+    createDnsRecord({ domain, hostedZoneId, }) {
+        const cdnAliasRecord = new aws.route53.Record(`${this.name}-cdn-route53-record`, {
+            type: 'A',
+            name: domain,
+            zoneId: hostedZoneId,
+            aliases: [
+                {
+                    name: this.cloudfront.domainName,
+                    zoneId: this.cloudfront.hostedZoneId,
+                    evaluateTargetHealth: true,
+                },
+            ],
+        }, { parent: this });
+        return cdnAliasRecord;
+    }
+}
+exports.NuxtSSR = NuxtSSR;

package/dist/components/project.d.ts

@@ -4,10 +4,13 @@ import * as awsx from '@pulumi/awsx';
 import * as upstash from '@upstash/pulumi';
 import { Database, DatabaseArgs } from './database';
 import { WebServer, WebServerArgs } from './web-server';
+import { Mongo, MongoArgs } from './mongo';
 import { Redis, RedisArgs } from './redis';
 import { StaticSite, StaticSiteArgs } from './static-site';
 import { Ec2SSMConnect } from './ec2-ssm-connect';
-export type Service = Database | Redis | StaticSite | WebServer;
+import { EcsService, EcsServiceArgs } from './ecs-service';
+import { NuxtSSR, NuxtSSRArgs } from './nuxt-ssr';
+export type Service = Database | Redis | StaticSite | WebServer | NuxtSSR | Mongo | EcsService;
 export type Services = Record<string, Service>;
 type ServiceArgs = {
     /**
@@ -15,33 +18,44 @@ type ServiceArgs = {
      */
     serviceName: string;
 };
-export type DatabaseService = {
+export type DatabaseServiceOptions = {
     type: 'DATABASE';
-} & ServiceArgs & Omit<DatabaseArgs, 'vpc'>;
-export type RedisService = {
+} & ServiceArgs & Omit<DatabaseArgs, 'vpcId' | 'vpcCidrBlock' | 'isolatedSubnetIds'>;
+export type RedisServiceOptions = {
     type: 'REDIS';
-} & ServiceArgs & Pick<RedisArgs, 'dbName' | 'region'>;
-export type StaticSiteService = {
+} & ServiceArgs & RedisArgs;
+export type StaticSiteServiceOptions = {
     type: 'STATIC_SITE';
-} & ServiceArgs & Omit<StaticSiteArgs, 'hostedZoneId'>;
-export type WebServerService = {
+} & ServiceArgs & StaticSiteArgs;
+export type WebServerServiceOptions = {
     type: 'WEB_SERVER';
     environment?: aws.ecs.KeyValuePair[] | ((services: Services) => aws.ecs.KeyValuePair[]);
     secrets?: aws.ecs.Secret[] | ((services: Services) => aws.ecs.Secret[]);
-} & ServiceArgs & Omit<WebServerArgs, 'cluster' | 'vpc' | 'hostedZoneId' | 'environment' | 'secrets'>;
+} & ServiceArgs & Omit<WebServerArgs, 'cluster' | 'vpcId' | 'vpcCidrBlock' | 'publicSubnetIds' | 'environment' | 'secrets'>;
+export type NuxtSSRServiceOptions = {
+    type: 'NUXT_SSR';
+    environment?: aws.ecs.KeyValuePair[] | ((services: Services) => aws.ecs.KeyValuePair[]);
+    secrets?: aws.ecs.Secret[] | ((services: Services) => aws.ecs.Secret[]);
+} & ServiceArgs & Omit<NuxtSSRArgs, 'cluster' | 'vpcId' | 'vpcCidrBlock' | 'publicSubnetIds' | 'environment' | 'secrets'>;
+export type MongoServiceOptions = {
+    type: 'MONGO';
+} & ServiceArgs & Omit<MongoArgs, 'cluster' | 'vpcId' | 'vpcCidrBlock' | 'privateSubnetIds' | 'environment' | 'secrets'>;
+export type EcsServiceOptions = {
+    type: 'ECS_SERVICE';
+    environment?: aws.ecs.KeyValuePair[] | ((services: Services) => aws.ecs.KeyValuePair[]);
+    secrets?: aws.ecs.Secret[] | ((services: Services) => aws.ecs.Secret[]);
+} & ServiceArgs & Omit<EcsServiceArgs, 'cluster' | 'vpcId' | 'vpcCidrBlock' | 'subnetIds' | 'environment' | 'secrets'>;
 export type ProjectArgs = {
-    services: (DatabaseService | RedisService | StaticSiteService | WebServerService)[];
-    hostedZoneId?: pulumi.Input<string>;
+    services: (DatabaseServiceOptions | RedisServiceOptions | StaticSiteServiceOptions | WebServerServiceOptions | NuxtSSRServiceOptions | MongoServiceOptions | EcsServiceOptions)[];
     enableSSMConnect?: pulumi.Input<boolean>;
 };
-export declare class MissingHostedZoneId extends Error {
-    constructor(serviceType: string);
+export declare class MissingEcsCluster extends Error {
+    constructor();
 }
 export declare class Project extends pulumi.ComponentResource {
     name: string;
     vpc: awsx.ec2.Vpc;
     cluster?: aws.ecs.Cluster;
-    hostedZoneId?: pulumi.Input<string>;
     upstashProvider?: upstash.Provider;
     ec2SSMConnect?: Ec2SSMConnect;
     services: Services;
@@ -49,10 +63,13 @@ export declare class Project extends pulumi.ComponentResource {
     private createVpc;
     private createServices;
     private createRedisPrerequisites;
-    private createWebServerPrerequisites;
+    private createEcsCluster;
     private createDatabaseService;
     private createRedisService;
     private createStaticSiteService;
     private createWebServerService;
+    private createNuxtSSRService;
+    private createMongoService;
+    private createEcsService;
 }
 export {};

package/dist/components/project.js

@@ -11,37 +11,39 @@ var __rest = (this && this.__rest) || function (s, e) {
     return t;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Project = exports.MissingHostedZoneId = void 0;
+exports.Project = exports.MissingEcsCluster = void 0;
 const pulumi = require("@pulumi/pulumi");
 const aws = require("@pulumi/aws");
 const awsx = require("@pulumi/awsx");
 const upstash = require("@upstash/pulumi");
 const database_1 = require("./database");
 const web_server_1 = require("./web-server");
+const mongo_1 = require("./mongo");
 const redis_1 = require("./redis");
 const static_site_1 = require("./static-site");
 const ec2_ssm_connect_1 = require("./ec2-ssm-connect");
 const constants_1 = require("../constants");
-class MissingHostedZoneId extends Error {
-    constructor(serviceType) {
-        super(`Project::hostedZoneId argument must be provided 
-      in order to create ${serviceType} service`);
+const ecs_service_1 = require("./ecs-service");
+const nuxt_ssr_1 = require("./nuxt-ssr");
+class MissingEcsCluster extends Error {
+    constructor() {
+        super('Ecs Cluster does not exist');
         this.name = this.constructor.name;
     }
 }
-exports.MissingHostedZoneId = MissingHostedZoneId;
+exports.MissingEcsCluster = MissingEcsCluster;
 class Project extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {
         super('studion:Project', name, {}, opts);
         this.services = {};
-        const { services, hostedZoneId } = args;
         this.name = name;
-        this.hostedZoneId = hostedZoneId;
         this.vpc = this.createVpc();
-        this.createServices(services);
+        this.createServices(args.services);
         if (args.enableSSMConnect) {
             this.ec2SSMConnect = new ec2_ssm_connect_1.Ec2SSMConnect(`${name}-ssm-connect`, {
-                vpc: this.vpc,
+                vpcId: this.vpc.vpcId,
+                privateSubnetId: this.vpc.privateSubnetIds.apply(ids => ids[0]),
+                vpcCidrBlock: this.vpc.vpc.cidrBlock,
             });
         }
         this.registerOutputs();
@@ -62,11 +64,14 @@ class Project extends pulumi.ComponentResource {
     }
     createServices(services) {
         const hasRedisService = services.some(it => it.type === 'REDIS');
-        const hasWebServerService = services.some(it => it.type === 'WEB_SERVER');
+        const shouldCreateEcsCluster = services.some(it => it.type === 'WEB_SERVER' ||
+            it.type === 'NUXT_SSR' ||
+            it.type === 'MONGO' ||
+            it.type === 'ECS_SERVICE') && !this.cluster;
         if (hasRedisService)
             this.createRedisPrerequisites();
-        if (hasWebServerService)
-            this.createWebServerPrerequisites();
+        if (shouldCreateEcsCluster)
+            this.createEcsCluster();
         services.forEach(it => {
             if (it.type === 'DATABASE')
                 this.createDatabaseService(it);
@@ -76,6 +81,12 @@ class Project extends pulumi.ComponentResource {
                 this.createStaticSiteService(it);
             if (it.type === 'WEB_SERVER')
                 this.createWebServerService(it);
+            if (it.type === 'NUXT_SSR')
+                this.createNuxtSSRService(it);
+            if (it.type === 'MONGO')
+                this.createMongoService(it);
+            if (it.type === 'ECS_SERVICE')
+                this.createEcsService(it);
         });
     }
     createRedisPrerequisites() {
@@ -85,7 +96,7 @@ class Project extends pulumi.ComponentResource {
             apiKey: upstashConfig.requireSecret('apiKey'),
         });
     }
-    createWebServerPrerequisites() {
+    createEcsCluster() {
         const stack = pulumi.getStack();
         this.cluster = new aws.ecs.Cluster(`${this.name}-cluster`, {
             name: `${this.name}-${stack}`,
@@ -94,7 +105,7 @@ class Project extends pulumi.ComponentResource {
     }
     createDatabaseService(options) {
         const { serviceName, type } = options, databaseOptions = __rest(options, ["serviceName", "type"]);
-        const service = new database_1.Database(serviceName, Object.assign(Object.assign({}, databaseOptions), { vpc: this.vpc }), { parent: this });
+        const service = new database_1.Database(serviceName, Object.assign(Object.assign({}, databaseOptions), { vpcId: this.vpc.vpcId, isolatedSubnetIds: this.vpc.isolatedSubnetIds, vpcCidrBlock: this.vpc.vpc.cidrBlock }), { parent: this });
         this.services[serviceName] = service;
     }
     createRedisService(options) {
@@ -109,20 +120,51 @@ class Project extends pulumi.ComponentResource {
     }
     createStaticSiteService(options) {
         const { serviceName } = options, staticSiteOptions = __rest(options, ["serviceName"]);
-        const service = new static_site_1.StaticSite(serviceName, Object.assign(Object.assign({}, staticSiteOptions), { hostedZoneId: this.hostedZoneId }), { parent: this });
+        const service = new static_site_1.StaticSite(serviceName, staticSiteOptions, {
+            parent: this,
+        });
         this.services[serviceName] = service;
     }
     createWebServerService(options) {
         if (!this.cluster)
-            return;
-        if (!this.hostedZoneId)
-            throw new MissingHostedZoneId(options.type);
+            throw new MissingEcsCluster();
+        const { serviceName, environment, secrets } = options, ecsOptions = __rest(options, ["serviceName", "environment", "secrets"]);
+        const parsedEnv = typeof environment === 'function'
+            ? environment(this.services)
+            : environment;
+        const parsedSecrets = typeof secrets === 'function' ? secrets(this.services) : secrets;
+        const service = new web_server_1.WebServer(serviceName, Object.assign(Object.assign({}, ecsOptions), { cluster: this.cluster, vpcId: this.vpc.vpcId, vpcCidrBlock: this.vpc.vpc.cidrBlock, publicSubnetIds: this.vpc.publicSubnetIds, environment: parsedEnv, secrets: parsedSecrets }), { parent: this });
+        this.services[options.serviceName] = service;
+    }
+    createNuxtSSRService(options) {
+        if (!this.cluster)
+            throw new MissingEcsCluster();
+        const { serviceName, environment, secrets } = options, ecsOptions = __rest(options, ["serviceName", "environment", "secrets"]);
+        const parsedEnv = typeof environment === 'function'
+            ? environment(this.services)
+            : environment;
+        const parsedSecrets = typeof secrets === 'function' ? secrets(this.services) : secrets;
+        const service = new nuxt_ssr_1.NuxtSSR(serviceName, Object.assign(Object.assign({}, ecsOptions), { cluster: this.cluster, vpcId: this.vpc.vpcId, vpcCidrBlock: this.vpc.vpc.cidrBlock, publicSubnetIds: this.vpc.publicSubnetIds, environment: parsedEnv, secrets: parsedSecrets }), { parent: this });
+        this.services[options.serviceName] = service;
+    }
+    createMongoService(options) {
+        if (!this.cluster)
+            throw new MissingEcsCluster();
+        const { serviceName } = options, mongoOptions = __rest(options, ["serviceName"]);
+        const service = new mongo_1.Mongo(serviceName, Object.assign(Object.assign({}, mongoOptions), { cluster: this.cluster, vpcId: this.vpc.vpcId, vpcCidrBlock: this.vpc.vpc.cidrBlock, privateSubnetIds: this.vpc.privateSubnetIds }), { parent: this });
+        this.services[options.serviceName] = service;
+    }
+    createEcsService(options) {
+        if (!this.cluster)
+            throw new MissingEcsCluster();
         const { serviceName, environment, secrets } = options, ecsOptions = __rest(options, ["serviceName", "environment", "secrets"]);
         const parsedEnv = typeof environment === 'function'
             ? environment(this.services)
             : environment;
         const parsedSecrets = typeof secrets === 'function' ? secrets(this.services) : secrets;
-        const service = new web_server_1.WebServer(serviceName, Object.assign(Object.assign({}, ecsOptions), { cluster: this.cluster, vpc: this.vpc, hostedZoneId: this.hostedZoneId, environment: parsedEnv, secrets: parsedSecrets }), { parent: this });
+        const service = new ecs_service_1.EcsService(serviceName, Object.assign(Object.assign({}, ecsOptions), { cluster: this.cluster, vpcId: this.vpc.vpcId, vpcCidrBlock: this.vpc.vpc.cidrBlock, subnetIds: ecsOptions.assignPublicIp
+                ? this.vpc.publicSubnetIds
+                : this.vpc.privateSubnetIds, environment: parsedEnv, secrets: parsedSecrets }), { parent: this });
         this.services[options.serviceName] = service;
     }
 }

package/dist/components/web-server.d.ts

@@ -1,106 +1,37 @@
 import * as pulumi from '@pulumi/pulumi';
 import * as aws from '@pulumi/aws';
-import * as awsx from '@pulumi/awsx';
-import { Size } from '../types/size';
 import { AcmCertificate } from './acm-certificate';
-export type RoleInlinePolicy = {
-    /**
-     * Name of the role policy.
-     */
-    name?: pulumi.Input<string>;
-    /**
-     * Policy document as a JSON formatted string.
-     */
-    policy?: pulumi.Input<string>;
-};
-export type WebServerArgs = {
-    /**
-     * The ECR image used to start a container.
-     */
-    image: pulumi.Input<string>;
-    /**
-     * Exposed service port.
-     */
-    port: pulumi.Input<number>;
+import { EcsService, EcsServiceArgs } from './ecs-service';
+export type WebServerArgs = Pick<EcsServiceArgs, 'image' | 'port' | 'cluster' | 'vpcId' | 'vpcCidrBlock' | 'desiredCount' | 'autoscaling' | 'size' | 'environment' | 'secrets' | 'taskExecutionRoleInlinePolicies' | 'taskRoleInlinePolicies' | 'tags'> & {
+    publicSubnetIds: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The domain which will be used to access the service.
      * The domain or subdomain must belong to the provided hostedZone.
      */
-    domain: pulumi.Input<string>;
-    /**
-     * The aws.ecs.Cluster resource.
-     */
-    cluster: aws.ecs.Cluster;
+    domain?: pulumi.Input<string>;
     /**
      * The ID of the hosted zone.
      */
-    hostedZoneId: pulumi.Input<string>;
-    /**
-     * The awsx.ec2.Vpc resource.
-     */
-    vpc: awsx.ec2.Vpc;
-    /**
-     * Number of instances of the task definition to place and keep running. Defaults to 1.
-     */
-    desiredCount?: pulumi.Input<number>;
-    /**
-     * Min capacity of the scalable target. Defaults to 1.
-     */
-    minCount?: pulumi.Input<number>;
-    /**
-     * Max capacity of the scalable target. Defaults to 10.
-     */
-    maxCount?: pulumi.Input<number>;
-    /**
-     * CPU and memory size used for running the container. Defaults to "small".
-     * Available predefined options are:
-     * - small (0.25 vCPU, 0.5 GB memory)
-     * - medium (0.5 vCPU, 1 GB memory)
-     * - large (1 vCPU memory, 2 GB memory)
-     * - xlarge (2 vCPU, 4 GB memory)
-     */
-    size?: pulumi.Input<Size>;
-    /**
-     * The environment variables to pass to a container. Don't use this field for
-     * sensitive information such as passwords, API keys, etc. For that purpose,
-     * please use the `secrets` property.
-     * Defaults to [].
-     */
-    environment?: aws.ecs.KeyValuePair[];
-    /**
-     * The secrets to pass to the container. Defaults to [].
-     */
-    secrets?: aws.ecs.Secret[];
-    /**
-     * Path for the health check request. Defaults to "/healtcheck".
-     */
-    healtCheckPath?: pulumi.Input<string>;
-    taskExecutionRoleInlinePolicies?: pulumi.Input<pulumi.Input<RoleInlinePolicy>[]>;
-    taskRoleInlinePolicies?: pulumi.Input<pulumi.Input<RoleInlinePolicy>[]>;
+    hostedZoneId?: pulumi.Input<string>;
     /**
-     * A map of tags to assign to the resource.
+     * Path for the health check request. Defaults to "/healthcheck".
      */
-    tags?: pulumi.Input<{
-        [key: string]: pulumi.Input<string>;
-    }>;
+    healthCheckPath?: pulumi.Input<string>;
 };
 export declare class WebServer extends pulumi.ComponentResource {
     name: string;
-    certificate: AcmCertificate;
-    logGroup: aws.cloudwatch.LogGroup;
+    service: EcsService;
     lbSecurityGroup: aws.ec2.SecurityGroup;
+    serviceSecurityGroup: aws.ec2.SecurityGroup;
     lb: aws.lb.LoadBalancer;
     lbTargetGroup: aws.lb.TargetGroup;
     lbHttpListener: aws.lb.Listener;
-    lbTlsListener: aws.lb.Listener;
-    taskDefinition: aws.ecs.TaskDefinition;
-    service: aws.ecs.Service;
+    certificate?: AcmCertificate;
+    lbTlsListener?: aws.lb.Listener;
     constructor(name: string, args: WebServerArgs, opts?: pulumi.ComponentResourceOptions);
     private createTlsCertificate;
-    private createLogGroup;
     private createLoadBalancer;
-    private createTaskDefinition;
+    private createSecurityGroup;
     private createEcsService;
     private createDnsRecord;
-    private enableAutoscaling;
 }