@studion/infra-code-blocks 0.6.12 → 0.7.0

package/README.md

@@ -171,6 +171,14 @@ export type WebServerServiceOptions = {
   }>;
   size?: pulumi.Input<Size>;
   healthCheckPath?: pulumi.Input<string>;
+  persistentStorageConfig?: pulumi.Input<{
+    volumes: { name: string }[];
+    mountPoints: {
+      sourceVolume: string;
+      containerPath: string;
+      readOnly?: boolean;
+    }[];
+  }>;
   taskExecutionRoleInlinePolicies?: pulumi.Input<
     pulumi.Input<RoleInlinePolicy>[]
   >;
@@ -219,6 +227,14 @@ type MongoServiceOptions = {
   password?: pulumi.Input<string>;
   port?: pulumi.Input<number>;
   size?: pulumi.Input<Size>;
+  persistentStorageConfig?: pulumi.Input<{
+    volumes: { name: string }[];
+    mountPoints: {
+      sourceVolume: string;
+      containerPath: string;
+      readOnly?: boolean;
+    }[];
+  }>;
   tags?: pulumi.Input<{
     [key: string]: pulumi.Input<string>;
   }>;
@@ -233,7 +249,14 @@ type EcsServiceOptions = {
   port: pulumi.Input<number>;
   enableServiceAutoDiscovery: pulumi.Input<boolean>;
   lbTargetGroupArn?: aws.lb.TargetGroup['arn'];
-  persistentStorageVolumePath?: pulumi.Input<string>;
+  persistentStorageConfig?: pulumi.Input<{
+    volumes: { name: string }[];
+    mountPoints: {
+      sourceVolume: string;
+      containerPath: string;
+      readOnly?: boolean;
+    }[];
+  }>;
   securityGroup?: aws.ec2.SecurityGroup;
   assignPublicIp?: pulumi.Input<boolean>;
   dockerCommand?: pulumi.Input<string[]>;
@@ -339,6 +362,37 @@ const project = new studion.Project('demo-project', {
 });
 ```
 
+### Persistent Storage Configuration
+
+Services that require persistent storage (e.g. `ECS`, `Mongo`) can be configured with multiple EFS volumes and mount points.
+Currently, only one access point is configured, with root directory set to `/data`.
+The configuration consists of two main parts:
+
+1. `volumes`: Define the EFS volumes to be created
+2. `mountPoints`: Specify where these volumes should be mounted in the container
+
+Example configuration:
+
+```ts
+persistentStorageConfig: {
+  volumes: [
+    { name: 'data-volume' },
+    { name: 'config-volume' }
+  ],
+  mountPoints: [
+    {
+      sourceVolume: 'data-volume',
+      containerPath: '/data',
+    },
+    {
+      sourceVolume: 'config-volume',
+      containerPath: '/config',
+      readOnly: true
+    }
+  ]
+}
+```
+
 ### Database
 
 AWS RDS Postgres instance.
@@ -559,6 +613,14 @@ export type WebServerArgs = {
   environment?: aws.ecs.KeyValuePair[];
   secrets?: aws.ecs.Secret[];
   healthCheckPath?: pulumi.Input<string>;
+  persistentStorageConfig?: pulumi.Input<{
+    volumes: { name: string }[];
+    mountPoints: {
+      sourceVolume: string;
+      containerPath: string;
+      readOnly?: boolean;
+    }[];
+  }>;
   taskExecutionRoleInlinePolicies?: pulumi.Input<
     pulumi.Input<RoleInlinePolicy>[]
   >;
@@ -655,6 +717,14 @@ export type MongoArgs = {
   password?: pulumi.Input<string>;
   port?: pulumi.Input<number>;
   size?: pulumi.Input<Size>;
+  persistentStorageConfig?: pulumi.Input<{
+    volumes: { name: string }[];
+    mountPoints: {
+      sourceVolume: string;
+      containerPath: string;
+      readOnly?: boolean;
+    }[];
+  }>;
   tags?: pulumi.Input<{
     [key: string]: pulumi.Input<string>;
   }>;
@@ -665,6 +735,8 @@ If the password is not specified it will be autogenerated.
 The Mongo password is stored as a secret inside AWS Secret Manager.
 The secret will be available on the `Mongo` resource as `password.secret`.
 
+The Mongo component comes with a default persistent storage configuration that mounts an EFS volume `mongo` to `/data/db`. You can override this by providing your own `persistentStorageConfig`.
+
 ### Ecs Service
 
 AWS ECS Fargate.
@@ -708,7 +780,14 @@ export type EcsServiceArgs = {
   environment?: aws.ecs.KeyValuePair[];
   secrets?: aws.ecs.Secret[];
   enableServiceAutoDiscovery: pulumi.Input<boolean>;
-  persistentStorageVolumePath?: pulumi.Input<string>;
+  persistentStorageConfig?: pulumi.Input<{
+    volumes: { name: string }[];
+    mountPoints: {
+      sourceVolume: string;
+      containerPath: string;
+      readOnly?: boolean;
+    }[];
+  }>;
   dockerCommand?: pulumi.Input<string[]>;
   lbTargetGroupArn?: aws.lb.TargetGroup['arn'];
   securityGroup?: aws.ec2.SecurityGroup;

package/dist/components/database-replica.d.ts

@@ -49,7 +49,7 @@ export type DatabaseReplicaArgs = {
      */
     parameterGroupName?: pulumi.Input<string>;
     /**
-     * The DB engine version. Defaults to '15.5'.
+     * The DB engine version. Defaults to '17.2'.
      */
     engineVersion?: pulumi.Input<string>;
     /**

package/dist/components/database-replica.js

@@ -11,7 +11,7 @@ const defaults = {
     maxAllocatedStorage: 100,
     instanceClass: 'db.t4g.micro',
     enableMonitoring: false,
-    engineVersion: '15.5',
+    engineVersion: '17.2',
 };
 class DatabaseReplica extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {

package/dist/components/database.d.ts

@@ -69,7 +69,7 @@ export type DatabaseArgs = {
      */
     snapshotIdentifier?: pulumi.Input<string>;
     /**
-     * The DB engine version. Defaults to '15.5'.
+     * The DB engine version. Defaults to '17.2'.
      */
     engineVersion?: pulumi.Input<string>;
     /**

package/dist/components/database.js

@@ -14,7 +14,7 @@ const defaults = {
     instanceClass: 'db.t4g.micro',
     enableMonitoring: false,
     allowMajorVersionUpgrade: false,
-    engineVersion: '15.5',
+    engineVersion: '17.2',
 };
 class Database extends pulumi.ComponentResource {
     constructor(name, args, opts = {}) {

package/dist/components/ecs-service.d.ts

@@ -13,6 +13,18 @@ export type RoleInlinePolicy = {
      */
     policy?: pulumi.Input<string>;
 };
+export type PersistentStorageMountPoint = {
+    sourceVolume: string;
+    containerPath: string;
+    readOnly?: boolean;
+};
+export type PersistentStorageVolume = {
+    name: string;
+};
+export type PersistentStorageConfig = {
+    volumes: PersistentStorageVolume[];
+    mountPoints: PersistentStorageMountPoint[];
+};
 export type EcsServiceArgs = {
     /**
      * The ECR image used to start a container.
@@ -70,9 +82,10 @@ export type EcsServiceArgs = {
      */
     enableServiceAutoDiscovery: pulumi.Input<boolean>;
     /**
-     * Location of persistent storage volume.
+     * Configuration for multiple EFS volumes and their mount points.
+     * Each mount point specifies a container path where the EFS volume will be mounted.
      */
-    persistentStorageVolumePath?: pulumi.Input<string>;
+    persistentStorageConfig?: pulumi.Input<PersistentStorageConfig>;
     /**
      * Alternate docker CMD instruction.
      */

package/dist/components/ecs-service.js

@@ -19,6 +19,18 @@ exports.assumeRolePolicy = {
         },
     ],
 };
+/**
+ * Standard directory permissions:
+ * - Owner: read, write, execute (7)
+ * - Group: read, execute (5)
+ * - Others: read, execute (5)
+ */
+const STANDARD_DIRECTORY_PERMISSIONS = '0755';
+const FIRST_POSIX_NON_ROOT_USER = {
+    userId: 1000,
+    groupId: 1000,
+    permissions: STANDARD_DIRECTORY_PERMISSIONS
+};
 const defaults = {
     desiredCount: 1,
     size: 'small',
@@ -167,6 +179,22 @@ class EcsService extends pulumi.ComponentResource {
             }
             throw Error('Incorrect EcsService size argument');
         });
+        const fileSystemId = this.createPersistentStorage(argsWithDefaults).id;
+        const accessPoint = new aws.efs.AccessPoint(`${this.name}-efs-ap`, {
+            fileSystemId,
+            posixUser: {
+                uid: FIRST_POSIX_NON_ROOT_USER.userId,
+                gid: FIRST_POSIX_NON_ROOT_USER.groupId,
+            },
+            rootDirectory: {
+                path: '/data',
+                creationInfo: {
+                    ownerUid: FIRST_POSIX_NON_ROOT_USER.userId,
+                    ownerGid: FIRST_POSIX_NON_ROOT_USER.groupId,
+                    permissions: FIRST_POSIX_NON_ROOT_USER.permissions,
+                },
+            },
+        });
         const taskDefinition = new aws.ecs.TaskDefinition(`${this.name}-task-definition`, Object.assign(Object.assign({ family: `${this.name}-task-definition-${stack}`, networkMode: 'awsvpc', executionRoleArn: taskExecutionRole.arn, taskRoleArn: taskRole.arn, cpu: parsedSize.cpu, memory: parsedSize.memory, requiresCompatibilities: ['FARGATE'], containerDefinitions: pulumi
                 .all([
                 this.name,
@@ -174,25 +202,27 @@ class EcsService extends pulumi.ComponentResource {
                 argsWithDefaults.port,
                 argsWithDefaults.environment,
                 argsWithDefaults.secrets,
-                argsWithDefaults.persistentStorageVolumePath,
+                argsWithDefaults.persistentStorageConfig,
                 argsWithDefaults.dockerCommand,
                 this.logGroup.name,
                 exports.awsRegion,
             ])
-                .apply(([containerName, image, port, environment, secrets, persistentStorageVolumePath, command, logGroup, region,]) => {
+                .apply(([containerName, image, port, environment, secrets, persistentStorageConfig, command, logGroup, region,]) => {
                 return JSON.stringify([
                     Object.assign(Object.assign({ readonlyRootFilesystem: false, name: containerName, image, essential: true, portMappings: [
                             {
                                 containerPort: port,
                                 protocol: 'tcp',
                             },
-                        ] }, (persistentStorageVolumePath && {
-                        mountPoints: [
-                            {
-                                containerPath: persistentStorageVolumePath,
-                                sourceVolume: `${this.name}-volume`,
-                            },
-                        ],
+                        ] }, (persistentStorageConfig && {
+                        mountPoints: persistentStorageConfig.mountPoints.map(mountPoint => {
+                            var _a;
+                            return ({
+                                containerPath: mountPoint.containerPath,
+                                sourceVolume: mountPoint.sourceVolume,
+                                readOnly: (_a = mountPoint.readOnly) !== null && _a !== void 0 ? _a : false,
+                            });
+                        }),
                     })), { logConfiguration: {
                             logDriver: 'awslogs',
                             options: {
@@ -204,16 +234,20 @@ class EcsService extends pulumi.ComponentResource {
                         environment,
                         secrets }),
                 ]);
-            }) }, (argsWithDefaults.persistentStorageVolumePath && {
-            volumes: [
-                {
-                    name: `${this.name}-volume`,
-                    efsVolumeConfiguration: {
-                        fileSystemId: this.createPersistentStorage(argsWithDefaults).id,
-                        transitEncryption: 'ENABLED',
+            }) }, (argsWithDefaults.persistentStorageConfig && {
+            volumes: argsWithDefaults.persistentStorageConfig
+                .volumes
+                .map(volume => ({
+                name: volume.name,
+                efsVolumeConfiguration: {
+                    fileSystemId,
+                    transitEncryption: 'ENABLED',
+                    authorizationConfig: {
+                        accessPointId: accessPoint.id,
+                        iam: 'ENABLED',
                     },
-                },
-            ],
+                }
+            })),
         })), { tags: Object.assign(Object.assign({}, constants_1.commonTags), argsWithDefaults.tags) }), { parent: this });
         return taskDefinition;
     }

package/dist/components/mongo.d.ts

@@ -21,9 +21,11 @@ export type MongoArgs = Pick<EcsServiceArgs, 'size' | 'clusterId' | 'clusterName
      */
     port?: pulumi.Input<number>;
     /**
-     * Persistent storage volume path. Defaults to '/data/db'.
+     * Configuration for persistent storage using EFS volumes.
+     * By default, creates a volume named 'mongo' mounted at '/data/db'.
+     * You can override this by providing your own volume and mount point configuration.
      */
-    persistentStorageVolumePath?: pulumi.Input<string>;
+    persistentStorageConfig?: EcsServiceArgs['persistentStorageConfig'];
 };
 export declare class Mongo extends pulumi.ComponentResource {
     readonly name: string;

package/dist/components/mongo.js

@@ -21,7 +21,13 @@ class Mongo extends pulumi.ComponentResource {
         const image = args.image ||
             'mongo:7.0.3@sha256:238b1636bdd7820c752b91bec8a669f92568eb313ad89a1fc4a92903c1b40489';
         const port = args.port || 27017;
-        const persistentStorageVolumePath = args.persistentStorageVolumePath || '/data/db';
+        const persistentStorageConfig = args.persistentStorageConfig || {
+            volumes: [{ name: 'mongo' }],
+            mountPoints: [{
+                    sourceVolume: 'mongo',
+                    containerPath: '/data/db'
+                }]
+        };
         const { username, password, privateSubnetIds } = args, ecsServiceArgs = __rest(args, ["username", "password", "privateSubnetIds"]);
         this.name = name;
         this.host = pulumi.output(`${name}.${name}`);
@@ -29,7 +35,7 @@ class Mongo extends pulumi.ComponentResource {
         this.port = pulumi.output(port);
         this.password = new password_1.Password(`${this.name}-mongo-password`, { value: password }, { parent: this });
         this.service = new ecs_service_1.EcsService(name, Object.assign(Object.assign({}, ecsServiceArgs), { port,
-            image, desiredCount: 1, autoscaling: { enabled: false }, enableServiceAutoDiscovery: true, persistentStorageVolumePath, dockerCommand: ['mongod', '--port', port.toString()], assignPublicIp: false, subnetIds: privateSubnetIds, environment: [
+            image, desiredCount: 1, autoscaling: { enabled: false }, enableServiceAutoDiscovery: true, persistentStorageConfig, dockerCommand: ['mongod', '--port', port.toString()], assignPublicIp: false, subnetIds: privateSubnetIds, environment: [
                 {
                     name: 'MONGO_INITDB_ROOT_USERNAME',
                     value: username,

package/dist/components/web-server.d.ts

@@ -2,7 +2,7 @@ import * as pulumi from '@pulumi/pulumi';
 import * as aws from '@pulumi/aws';
 import { AcmCertificate } from './acm-certificate';
 import { EcsService, EcsServiceArgs } from './ecs-service';
-export type WebServerArgs = Pick<EcsServiceArgs, 'image' | 'port' | 'clusterId' | 'clusterName' | 'vpcId' | 'vpcCidrBlock' | 'desiredCount' | 'autoscaling' | 'size' | 'environment' | 'secrets' | 'taskExecutionRoleInlinePolicies' | 'taskRoleInlinePolicies' | 'tags'> & {
+export type WebServerArgs = Pick<EcsServiceArgs, 'image' | 'port' | 'clusterId' | 'clusterName' | 'vpcId' | 'vpcCidrBlock' | 'desiredCount' | 'autoscaling' | 'size' | 'environment' | 'secrets' | 'persistentStorageConfig' | 'taskExecutionRoleInlinePolicies' | 'taskRoleInlinePolicies' | 'tags'> & {
     publicSubnetIds: pulumi.Input<pulumi.Input<string>[]>;
     /**
      * The domain which will be used to access the service.

package/dist/constants.js

@@ -6,19 +6,19 @@ const CPU_1_VCPU = 1024;
 const MEMORY_1GB = 1024;
 exports.PredefinedSize = {
     small: {
-        cpu: CPU_1_VCPU / 4,
+        cpu: CPU_1_VCPU / 4, // 0.25 vCPU
         memory: MEMORY_1GB / 2, // 0.5 GB memory
     },
     medium: {
-        cpu: CPU_1_VCPU / 2,
+        cpu: CPU_1_VCPU / 2, // 0.5 vCPU
         memory: MEMORY_1GB, // 1 GB memory
     },
     large: {
-        cpu: CPU_1_VCPU,
+        cpu: CPU_1_VCPU, // 1 vCPU
         memory: MEMORY_1GB * 2, // 2 GB memory
     },
     xlarge: {
-        cpu: CPU_1_VCPU * 2,
+        cpu: CPU_1_VCPU * 2, // 2 vCPU
         memory: MEMORY_1GB * 4, // 4 GB memory
     },
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@studion/infra-code-blocks",
-  "version": "0.6.12",
+  "version": "0.7.0",
   "description": "Studion common infra components",
   "keywords": [
     "infrastructure",
@@ -32,18 +32,18 @@
   },
   "prettier": "@studion/prettier-config",
   "dependencies": {
-    "@pulumi/aws": "^5.0.0",
-    "@pulumi/awsx": "^1.0.0",
-    "@pulumi/pulumi": "^3.0.0",
-    "@pulumi/random": "^4.14.0",
-    "@upstash/pulumi": "^0.2.0"
+    "@pulumi/aws": "^6.66.3",
+    "@pulumi/awsx": "^2.21.0",
+    "@pulumi/pulumi": "^3.146.0",
+    "@pulumi/random": "^4.17.0",
+    "@upstash/pulumi": "^0.3.14"
   },
   "devDependencies": {
     "@studion/prettier-config": "^0.1.0",
-    "@types/node": "^18",
-    "prettier": "^3.0.3",
-    "release-it": "^16.2.1",
-    "typescript": "^5.2.2"
+    "@types/node": "^22",
+    "prettier": "^3.4.2",
+    "release-it": "^18.1.1",
+    "typescript": "^5.7.3"
   },
   "publishConfig": {
     "access": "public"