@studion/infra-code-blocks 0.4.2 → 0.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md
CHANGED
|
@@ -109,11 +109,13 @@ type DatabaseServiceOptions = {
|
|
|
109
109
|
dbName: pulumi.Input<string>;
|
|
110
110
|
username: pulumi.Input<string>;
|
|
111
111
|
password?: pulumi.Input<string>;
|
|
112
|
+
multiAz?: pulumi.Input<boolean>;
|
|
112
113
|
applyImmediately?: pulumi.Input<boolean>;
|
|
113
114
|
skipFinalSnapshot?: pulumi.Input<boolean>;
|
|
114
115
|
allocatedStorage?: pulumi.Input<number>;
|
|
115
116
|
maxAllocatedStorage?: pulumi.Input<number>;
|
|
116
117
|
instanceClass?: pulumi.Input<string>;
|
|
118
|
+
enableMonitoring?: pulumi.Input<boolean>;
|
|
117
119
|
tags?: pulumi.Input<{
|
|
118
120
|
[key: string]: pulumi.Input<string>;
|
|
119
121
|
}>;
|
|
@@ -359,11 +361,13 @@ type DatabaseArgs = {
|
|
|
359
361
|
isolatedSubnetIds: pulumi.Input<pulumi.Input<string>[]>;
|
|
360
362
|
vpcCidrBlock: pulumi.Input<string>;
|
|
361
363
|
password?: pulumi.Input<string>;
|
|
364
|
+
multiAz?: pulumi.Input<boolean>;
|
|
362
365
|
applyImmediately?: pulumi.Input<boolean>;
|
|
363
366
|
skipFinalSnapshot?: pulumi.Input<boolean>;
|
|
364
367
|
allocatedStorage?: pulumi.Input<number>;
|
|
365
368
|
maxAllocatedStorage?: pulumi.Input<number>;
|
|
366
369
|
instanceClass?: pulumi.Input<string>;
|
|
370
|
+
enableMonitoring?: pulumi.Input<boolean>;
|
|
367
371
|
tags?: pulumi.Input<{
|
|
368
372
|
[key: string]: pulumi.Input<string>;
|
|
369
373
|
}>;
|
|
@@ -16,6 +16,10 @@ export type DatabaseArgs = {
|
|
|
16
16
|
* The IPv4 CIDR block for the VPC.
|
|
17
17
|
*/
|
|
18
18
|
vpcCidrBlock: pulumi.Input<string>;
|
|
19
|
+
/**
|
|
20
|
+
* Specifies if the RDS instance is multi-AZ. Defaults to false.
|
|
21
|
+
*/
|
|
22
|
+
multiAz?: pulumi.Input<boolean>;
|
|
19
23
|
/**
|
|
20
24
|
* Password for the master DB user. If not specified it will be autogenerated.
|
|
21
25
|
* The value will be stored as a secret in AWS Secret Manager.
|
|
@@ -44,6 +48,10 @@ export type DatabaseArgs = {
|
|
|
44
48
|
* The instance type of the RDS instance. Defaults to 'db.t4g.micro'.
|
|
45
49
|
*/
|
|
46
50
|
instanceClass?: pulumi.Input<string>;
|
|
51
|
+
/**
|
|
52
|
+
* Set this to true to enable database monitoring. Defaults to false.
|
|
53
|
+
*/
|
|
54
|
+
enableMonitoring?: pulumi.Input<boolean>;
|
|
47
55
|
/**
|
|
48
56
|
* A map of tags to assign to the resource.
|
|
49
57
|
*/
|
|
@@ -58,9 +66,11 @@ export declare class Database extends pulumi.ComponentResource {
|
|
|
58
66
|
dbSubnetGroup: aws.rds.SubnetGroup;
|
|
59
67
|
dbSecurityGroup: aws.ec2.SecurityGroup;
|
|
60
68
|
password: Password;
|
|
69
|
+
monitoringRole?: aws.iam.Role;
|
|
61
70
|
constructor(name: string, args: DatabaseArgs, opts?: pulumi.ComponentResourceOptions);
|
|
62
71
|
private createSubnetGroup;
|
|
63
72
|
private createSecurityGroup;
|
|
64
73
|
private createEncryptionKey;
|
|
74
|
+
private createMonitoringRole;
|
|
65
75
|
private createDatabaseInstance;
|
|
66
76
|
}
|
|
@@ -6,21 +6,27 @@ const pulumi = require("@pulumi/pulumi");
|
|
|
6
6
|
const password_1 = require("./password");
|
|
7
7
|
const constants_1 = require("../constants");
|
|
8
8
|
const defaults = {
|
|
9
|
+
multiAz: false,
|
|
9
10
|
applyImmediately: false,
|
|
10
11
|
skipFinalSnapshot: false,
|
|
11
12
|
allocatedStorage: 20,
|
|
12
13
|
maxAllocatedStorage: 100,
|
|
13
14
|
instanceClass: 'db.t4g.micro',
|
|
15
|
+
enableMonitoring: false,
|
|
14
16
|
};
|
|
15
17
|
class Database extends pulumi.ComponentResource {
|
|
16
18
|
constructor(name, args, opts = {}) {
|
|
17
19
|
super('studion:Database', name, {}, opts);
|
|
18
20
|
this.name = name;
|
|
19
|
-
const {
|
|
21
|
+
const argsWithDefaults = Object.assign({}, defaults, args);
|
|
22
|
+
const { vpcId, isolatedSubnetIds, vpcCidrBlock, enableMonitoring } = argsWithDefaults;
|
|
20
23
|
this.dbSubnetGroup = this.createSubnetGroup({ isolatedSubnetIds });
|
|
21
24
|
this.dbSecurityGroup = this.createSecurityGroup({ vpcId, vpcCidrBlock });
|
|
22
25
|
this.kms = this.createEncryptionKey();
|
|
23
26
|
this.password = new password_1.Password(`${this.name}-database-password`, { value: args.password }, { parent: this });
|
|
27
|
+
if (enableMonitoring) {
|
|
28
|
+
this.monitoringRole = this.createMonitoringRole();
|
|
29
|
+
}
|
|
24
30
|
this.instance = this.createDatabaseInstance(args);
|
|
25
31
|
this.registerOutputs();
|
|
26
32
|
}
|
|
@@ -58,33 +64,39 @@ class Database extends pulumi.ComponentResource {
|
|
|
58
64
|
}, { parent: this });
|
|
59
65
|
return kms;
|
|
60
66
|
}
|
|
67
|
+
createMonitoringRole() {
|
|
68
|
+
const monitoringRole = new aws.iam.Role(`${this.name}-rds-monitoring`, {
|
|
69
|
+
assumeRolePolicy: {
|
|
70
|
+
Version: '2012-10-17',
|
|
71
|
+
Statement: [
|
|
72
|
+
{
|
|
73
|
+
Action: 'sts:AssumeRole',
|
|
74
|
+
Effect: 'Allow',
|
|
75
|
+
Principal: {
|
|
76
|
+
Service: 'monitoring.rds.amazonaws.com',
|
|
77
|
+
},
|
|
78
|
+
},
|
|
79
|
+
],
|
|
80
|
+
},
|
|
81
|
+
});
|
|
82
|
+
new aws.iam.RolePolicyAttachment(`${this.name}-rds-monitoring-role-attachment`, {
|
|
83
|
+
role: monitoringRole.name,
|
|
84
|
+
policyArn: 'arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole',
|
|
85
|
+
});
|
|
86
|
+
return monitoringRole;
|
|
87
|
+
}
|
|
61
88
|
createDatabaseInstance(args) {
|
|
62
89
|
const argsWithDefaults = Object.assign({}, defaults, args);
|
|
63
90
|
const stack = pulumi.getStack();
|
|
64
|
-
const
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
password: this.password.value,
|
|
74
|
-
dbSubnetGroupName: this.dbSubnetGroup.name,
|
|
75
|
-
vpcSecurityGroupIds: [this.dbSecurityGroup.id],
|
|
76
|
-
storageEncrypted: true,
|
|
77
|
-
kmsKeyId: this.kms.arn,
|
|
78
|
-
publiclyAccessible: false,
|
|
79
|
-
skipFinalSnapshot: argsWithDefaults.skipFinalSnapshot,
|
|
80
|
-
applyImmediately: argsWithDefaults.applyImmediately,
|
|
81
|
-
autoMinorVersionUpgrade: true,
|
|
82
|
-
maintenanceWindow: 'Mon:07:00-Mon:07:30',
|
|
83
|
-
finalSnapshotIdentifier: `${this.name}-final-snapshot-${stack}`,
|
|
84
|
-
backupWindow: '06:00-06:30',
|
|
85
|
-
backupRetentionPeriod: 14,
|
|
86
|
-
tags: Object.assign(Object.assign({}, constants_1.commonTags), argsWithDefaults.tags),
|
|
87
|
-
}, { parent: this, dependsOn: [this.password] });
|
|
91
|
+
const monitoringOptions = argsWithDefaults.enableMonitoring && this.monitoringRole
|
|
92
|
+
? {
|
|
93
|
+
monitoringInterval: 60,
|
|
94
|
+
monitoringRoleArn: this.monitoringRole.arn,
|
|
95
|
+
performanceInsightsEnabled: true,
|
|
96
|
+
performanceInsightsRetentionPeriod: 7,
|
|
97
|
+
}
|
|
98
|
+
: {};
|
|
99
|
+
const instance = new aws.rds.Instance(`${this.name}-rds`, Object.assign(Object.assign({ identifierPrefix: `${this.name}-`, engine: 'postgres', engineVersion: '15.3', allocatedStorage: argsWithDefaults.allocatedStorage, maxAllocatedStorage: argsWithDefaults.maxAllocatedStorage, instanceClass: argsWithDefaults.instanceClass, dbName: argsWithDefaults.dbName, username: argsWithDefaults.username, password: this.password.value, dbSubnetGroupName: this.dbSubnetGroup.name, vpcSecurityGroupIds: [this.dbSecurityGroup.id], storageEncrypted: true, kmsKeyId: this.kms.arn, multiAz: argsWithDefaults.multiAz, publiclyAccessible: false, skipFinalSnapshot: argsWithDefaults.skipFinalSnapshot, applyImmediately: argsWithDefaults.applyImmediately, autoMinorVersionUpgrade: true, maintenanceWindow: 'Mon:07:00-Mon:07:30', finalSnapshotIdentifier: `${this.name}-final-snapshot-${stack}`, backupWindow: '06:00-06:30', backupRetentionPeriod: 14 }, monitoringOptions), { tags: Object.assign(Object.assign({}, constants_1.commonTags), argsWithDefaults.tags) }), { parent: this, dependsOn: [this.password] });
|
|
88
100
|
return instance;
|
|
89
101
|
}
|
|
90
102
|
}
|
|
@@ -18,6 +18,8 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
|
|
|
18
18
|
{ name: 'ena-support', values: ['true'] },
|
|
19
19
|
],
|
|
20
20
|
owners: ['amazon'],
|
|
21
|
+
// TODO: Improve this nameRegex property. Use * for kernel version.
|
|
22
|
+
// https://docs.aws.amazon.com/linux/al2023/ug/ec2.html
|
|
21
23
|
nameRegex: 'al2023-ami-20[0-9]+.*-kernel-6.1-arm64',
|
|
22
24
|
mostRecent: true,
|
|
23
25
|
});
|