@studion/infra-code-blocks 0.1.9 → 0.2.1

package/dist/components/web-server.js

@@ -5,49 +5,33 @@ const pulumi = require("@pulumi/pulumi");
 const aws = require("@pulumi/aws");
 const constants_1 = require("../constants");
 const acm_certificate_1 = require("./acm-certificate");
-const config = new pulumi.Config('aws');
-const awsRegion = config.require('region');
-const assumeRolePolicy = {
-    Version: '2012-10-17',
-    Statement: [
-        {
-            Action: 'sts:AssumeRole',
-            Principal: {
-                Service: 'ecs-tasks.amazonaws.com',
-            },
-            Effect: 'Allow',
-            Sid: '',
-        },
-    ],
-};
+const ecs_service_1 = require("./ecs-service");
 const defaults = {
-    desiredCount: 1,
-    minCount: 1,
-    maxCount: 10,
-    size: 'small',
-    environment: [],
-    secrets: [],
-    healtCheckPath: '/healtcheck',
-    taskExecutionRoleInlinePolicies: [],
-    taskRoleInlinePolicies: [],
+    healthCheckPath: '/healthcheck',
 };
 class WebServer extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {
-        super('studion:WebServer', name, {}, opts);
+        super('studion:WebServer', name, args, opts);
+        const { vpcId, domain, hostedZoneId } = args;
+        const hasCustomDomain = !!domain && !!hostedZoneId;
+        if (domain && !hostedZoneId) {
+            throw new Error('WebServer:hostedZoneId must be provided when the domain is specified');
+        }
         this.name = name;
-        const { domain, hostedZoneId, vpc, port, healtCheckPath } = args;
-        this.certificate = this.createTlsCertificate({ domain, hostedZoneId });
-        this.logGroup = this.createLogGroup();
-        const { lb, lbTargetGroup, lbHttpListener, lbTlsListener, lbSecurityGroup, } = this.createLoadBalancer({ vpc, port, healtCheckPath });
+        if (hasCustomDomain) {
+            this.certificate = this.createTlsCertificate({ domain, hostedZoneId });
+        }
+        const { lb, lbTargetGroup, lbHttpListener, lbTlsListener, lbSecurityGroup, } = this.createLoadBalancer(args);
         this.lb = lb;
         this.lbTargetGroup = lbTargetGroup;
         this.lbHttpListener = lbHttpListener;
         this.lbTlsListener = lbTlsListener;
         this.lbSecurityGroup = lbSecurityGroup;
-        this.taskDefinition = this.createTaskDefinition(args);
+        this.serviceSecurityGroup = this.createSecurityGroup(vpcId);
         this.service = this.createEcsService(args);
-        this.createDnsRecord({ domain, hostedZoneId });
-        this.enableAutoscaling(args);
+        if (hasCustomDomain) {
+            this.createDnsRecord({ domain, hostedZoneId });
+        }
         this.registerOutputs();
     }
     createTlsCertificate({ domain, hostedZoneId, }) {
@@ -57,17 +41,9 @@ class WebServer extends pulumi.ComponentResource {
         }, { parent: this });
         return certificate;
     }
-    createLogGroup() {
-        const logGroup = new aws.cloudwatch.LogGroup(`${this.name}-log-group`, {
-            retentionInDays: 14,
-            namePrefix: `/ecs/${this.name}-`,
-            tags: constants_1.commonTags,
-        }, { parent: this });
-        return logGroup;
-    }
-    createLoadBalancer({ vpc, port, healtCheckPath, }) {
+    createLoadBalancer({ vpcId, publicSubnetIds, port, healthCheckPath, }) {
         const lbSecurityGroup = new aws.ec2.SecurityGroup(`${this.name}-lb-security-group`, {
-            vpcId: vpc.vpcId,
+            vpcId,
             ingress: [
                 {
                     protocol: 'tcp',
@@ -95,7 +71,7 @@ class WebServer extends pulumi.ComponentResource {
         const lb = new aws.lb.LoadBalancer(`${this.name}-lb`, {
             namePrefix: 'lb-',
             loadBalancerType: 'application',
-            subnets: vpc.publicSubnetIds,
+            subnets: publicSubnetIds,
             securityGroups: [lbSecurityGroup.id],
             internal: false,
             ipAddressType: 'ipv4',
@@ -106,45 +82,52 @@ class WebServer extends pulumi.ComponentResource {
             port,
             protocol: 'HTTP',
             targetType: 'ip',
-            vpcId: vpc.vpcId,
+            vpcId,
             healthCheck: {
                 healthyThreshold: 3,
                 unhealthyThreshold: 2,
                 interval: 60,
                 timeout: 5,
-                path: healtCheckPath || defaults.healtCheckPath,
+                path: healthCheckPath || defaults.healthCheckPath,
             },
             tags: Object.assign(Object.assign({}, constants_1.commonTags), { Name: `${this.name}-lb-target-group` }),
         }, { parent: this, dependsOn: [this.lb] });
+        const defaultAction = this.certificate
+            ? {
+                type: 'redirect',
+                redirect: {
+                    port: '443',
+                    protocol: 'HTTPS',
+                    statusCode: 'HTTP_301',
+                },
+            }
+            : {
+                type: 'forward',
+                targetGroupArn: lbTargetGroup.arn,
+            };
         const lbHttpListener = new aws.lb.Listener(`${this.name}-lb-listener-80`, {
             loadBalancerArn: lb.arn,
             port: 80,
-            defaultActions: [
-                {
-                    type: 'redirect',
-                    redirect: {
-                        port: '443',
-                        protocol: 'HTTPS',
-                        statusCode: 'HTTP_301',
-                    },
-                },
-            ],
-            tags: constants_1.commonTags,
-        }, { parent: this });
-        const lbTlsListener = new aws.lb.Listener(`${this.name}-lb-listener-443`, {
-            loadBalancerArn: lb.arn,
-            port: 443,
-            protocol: 'HTTPS',
-            sslPolicy: 'ELBSecurityPolicy-2016-08',
-            certificateArn: this.certificate.certificate.arn,
-            defaultActions: [
-                {
-                    type: 'forward',
-                    targetGroupArn: lbTargetGroup.arn,
-                },
-            ],
+            defaultActions: [defaultAction],
             tags: constants_1.commonTags,
         }, { parent: this });
+        let lbTlsListener = undefined;
+        if (this.certificate) {
+            lbTlsListener = new aws.lb.Listener(`${this.name}-lb-listener-443`, {
+                loadBalancerArn: lb.arn,
+                port: 443,
+                protocol: 'HTTPS',
+                sslPolicy: 'ELBSecurityPolicy-2016-08',
+                certificateArn: this.certificate.certificate.arn,
+                defaultActions: [
+                    {
+                        type: 'forward',
+                        targetGroupArn: lbTargetGroup.arn,
+                    },
+                ],
+                tags: constants_1.commonTags,
+            }, { parent: this });
+        }
         return {
             lb,
             lbTargetGroup,
@@ -153,129 +136,9 @@ class WebServer extends pulumi.ComponentResource {
             lbSecurityGroup,
         };
     }
-    createTaskDefinition(args) {
-        const argsWithDefaults = Object.assign({}, defaults, args);
-        const stack = pulumi.getStack();
-        const secretManagerSecretsInlinePolicy = {
-            name: `${this.name}-secret-manager-access`,
-            policy: JSON.stringify({
-                Version: '2012-10-17',
-                Statement: [
-                    {
-                        Sid: 'AllowContainerToGetSecretManagerSecrets',
-                        Effect: 'Allow',
-                        Action: ['secretsmanager:GetSecretValue'],
-                        Resource: '*',
-                    },
-                ],
-            }),
-        };
-        const taskExecutionRole = new aws.iam.Role(`${this.name}-ecs-task-exec-role`, {
-            namePrefix: `${this.name}-ecs-task-exec-role-`,
-            assumeRolePolicy,
-            managedPolicyArns: [
-                'arn:aws:iam::aws:policy/CloudWatchFullAccess',
-                'arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess',
-            ],
-            inlinePolicies: [
-                secretManagerSecretsInlinePolicy,
-                ...argsWithDefaults.taskExecutionRoleInlinePolicies,
-            ],
-            tags: constants_1.commonTags,
-        }, { parent: this });
-        const execCmdInlinePolicy = {
-            name: `${this.name}-ecs-exec`,
-            policy: JSON.stringify({
-                Version: '2012-10-17',
-                Statement: [
-                    {
-                        Sid: 'AllowContainerToCreateECSExecSSMChannel',
-                        Effect: 'Allow',
-                        Action: [
-                            'ssmmessages:CreateControlChannel',
-                            'ssmmessages:CreateDataChannel',
-                            'ssmmessages:OpenControlChannel',
-                            'ssmmessages:OpenDataChannel',
-                        ],
-                        Resource: '*',
-                    },
-                ],
-            }),
-        };
-        const taskRole = new aws.iam.Role(`${this.name}-ecs-task-role`, {
-            namePrefix: `${this.name}-ecs-task-role-`,
-            assumeRolePolicy,
-            inlinePolicies: [
-                execCmdInlinePolicy,
-                ...argsWithDefaults.taskRoleInlinePolicies,
-            ],
-            tags: constants_1.commonTags,
-        }, { parent: this });
-        const parsedSize = pulumi.all([argsWithDefaults.size]).apply(([size]) => {
-            const mapCapabilities = ({ cpu, memory }) => ({
-                cpu: String(cpu),
-                memory: String(memory),
-            });
-            if (typeof size === 'string') {
-                return mapCapabilities(constants_1.PredefinedSize[size]);
-            }
-            if (typeof size === 'object') {
-                return mapCapabilities(size);
-            }
-            throw Error('Incorrect EcsService size argument');
-        });
-        const taskDefinition = new aws.ecs.TaskDefinition(`${this.name}-task-definition`, {
-            family: `${this.name}-task-definition-${stack}`,
-            networkMode: 'awsvpc',
-            executionRoleArn: taskExecutionRole.arn,
-            taskRoleArn: taskRole.arn,
-            cpu: parsedSize.cpu,
-            memory: parsedSize.memory,
-            requiresCompatibilities: ['FARGATE'],
-            containerDefinitions: pulumi
-                .all([
-                this.name,
-                argsWithDefaults.image,
-                argsWithDefaults.port,
-                argsWithDefaults.environment,
-                argsWithDefaults.secrets,
-                this.logGroup.name,
-                awsRegion,
-            ])
-                .apply(([containerName, image, port, environment, secrets, logGroup, region,]) => {
-                return JSON.stringify([
-                    {
-                        readonlyRootFilesystem: false,
-                        name: containerName,
-                        image,
-                        essential: true,
-                        portMappings: [
-                            {
-                                containerPort: port,
-                                protocol: 'tcp',
-                            },
-                        ],
-                        logConfiguration: {
-                            logDriver: 'awslogs',
-                            options: {
-                                'awslogs-group': logGroup,
-                                'awslogs-region': region,
-                                'awslogs-stream-prefix': 'ecs',
-                            },
-                        },
-                        environment,
-                        secrets,
-                    },
-                ]);
-            }),
-            tags: Object.assign(Object.assign({}, constants_1.commonTags), argsWithDefaults.tags),
-        }, { parent: this });
-        return taskDefinition;
-    }
-    createEcsService(args) {
-        const argsWithDefaults = Object.assign({}, defaults, args);
-        const serviceSecurityGroup = new aws.ec2.SecurityGroup(`${this.name}-security-group`, {
-            vpcId: argsWithDefaults.vpc.vpcId,
+    createSecurityGroup(vpcId) {
+        const securityGroup = new aws.ec2.SecurityGroup(`${this.name}-security-group`, {
+            vpcId,
             ingress: [
                 {
                     fromPort: 0,
@@ -294,34 +157,12 @@ class WebServer extends pulumi.ComponentResource {
             ],
             tags: constants_1.commonTags,
         }, { parent: this });
-        const service = new aws.ecs.Service(`${this.name}-service`, {
-            name: this.name,
-            cluster: argsWithDefaults.cluster.id,
-            launchType: 'FARGATE',
-            desiredCount: argsWithDefaults.desiredCount,
-            taskDefinition: this.taskDefinition.arn,
-            enableExecuteCommand: true,
-            loadBalancers: [
-                {
-                    containerName: this.name,
-                    containerPort: argsWithDefaults.port,
-                    targetGroupArn: this.lbTargetGroup.arn,
-                },
-            ],
-            networkConfiguration: {
-                assignPublicIp: true,
-                subnets: argsWithDefaults.vpc.publicSubnetIds,
-                securityGroups: [serviceSecurityGroup.id],
-            },
-            tags: Object.assign(Object.assign({}, constants_1.commonTags), argsWithDefaults.tags),
-        }, {
+        return securityGroup;
+    }
+    createEcsService(args) {
+        const service = new ecs_service_1.EcsService(this.name, Object.assign(Object.assign({}, args), { enableServiceAutoDiscovery: false, lbTargetGroupArn: this.lbTargetGroup.arn, assignPublicIp: true, subnetIds: args.publicSubnetIds, securityGroup: this.serviceSecurityGroup }), {
             parent: this,
-            dependsOn: [
-                this.lb,
-                this.lbTargetGroup,
-                this.lbHttpListener,
-                this.lbTlsListener,
-            ],
+            dependsOn: [this.lb, this.lbTargetGroup],
         });
         return service;
     }
@@ -339,40 +180,5 @@ class WebServer extends pulumi.ComponentResource {
             ],
         }, { parent: this });
     }
-    enableAutoscaling(args) {
-        const argsWithDefaults = Object.assign({}, defaults, args);
-        const autoscalingTarget = new aws.appautoscaling.Target(`${this.name}-autoscale-target`, {
-            minCapacity: argsWithDefaults.minCount,
-            maxCapacity: argsWithDefaults.maxCount,
-            resourceId: pulumi.interpolate `service/${argsWithDefaults.cluster.name}/${this.service.name}`,
-            serviceNamespace: 'ecs',
-            scalableDimension: 'ecs:service:DesiredCount',
-            tags: constants_1.commonTags,
-        }, { parent: this });
-        const memoryAutoscalingPolicy = new aws.appautoscaling.Policy(`${this.name}-memory-autoscale-policy`, {
-            policyType: 'TargetTrackingScaling',
-            resourceId: autoscalingTarget.resourceId,
-            scalableDimension: autoscalingTarget.scalableDimension,
-            serviceNamespace: autoscalingTarget.serviceNamespace,
-            targetTrackingScalingPolicyConfiguration: {
-                predefinedMetricSpecification: {
-                    predefinedMetricType: 'ECSServiceAverageMemoryUtilization',
-                },
-                targetValue: 80,
-            },
-        }, { parent: this });
-        const cpuAutoscalingPolicy = new aws.appautoscaling.Policy(`${this.name}-cpu-autoscale-policy`, {
-            policyType: 'TargetTrackingScaling',
-            resourceId: autoscalingTarget.resourceId,
-            scalableDimension: autoscalingTarget.scalableDimension,
-            serviceNamespace: autoscalingTarget.serviceNamespace,
-            targetTrackingScalingPolicyConfiguration: {
-                predefinedMetricSpecification: {
-                    predefinedMetricType: 'ECSServiceAverageCPUUtilization',
-                },
-                targetValue: 60,
-            },
-        }, { parent: this });
-    }
 }
 exports.WebServer = WebServer;

package/dist/index.d.ts

@@ -1,6 +1,9 @@
 export * from './components/web-server';
+export * from './components/mongo';
 export * from './components/static-site';
 export * from './components/database';
 export * from './components/redis';
 export * from './components/project';
 export * from './components/ec2-ssm-connect';
+export * from './components/ecs-service';
+export * from './components/nuxt-ssr';

package/dist/index.js

@@ -15,8 +15,11 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./components/web-server"), exports);
+__exportStar(require("./components/mongo"), exports);
 __exportStar(require("./components/static-site"), exports);
 __exportStar(require("./components/database"), exports);
 __exportStar(require("./components/redis"), exports);
 __exportStar(require("./components/project"), exports);
 __exportStar(require("./components/ec2-ssm-connect"), exports);
+__exportStar(require("./components/ecs-service"), exports);
+__exportStar(require("./components/nuxt-ssr"), exports);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@studion/infra-code-blocks",
-  "version": "0.1.9",
+  "version": "0.2.1",
   "description": "Studion common infra components",
   "keywords": [
     "infrastructure",