@studion/infra-code-blocks 2.0.0-alpha.3 → 2.0.0-alpha.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/components/acm-certificate/index.js +6 -1
- package/dist/components/cloudfront/index.d.ts.map +1 -1
- package/dist/components/cloudfront/index.js +93 -46
- package/dist/components/cloudfront/lb-cache-strategy.js +9 -1
- package/dist/components/cloudfront/s3-cache-strategy.js +12 -4
- package/dist/components/database/builder.js +34 -7
- package/dist/components/database/database-replica.js +27 -3
- package/dist/components/database/ec2-ssm-connect.d.ts +2 -2
- package/dist/components/database/ec2-ssm-connect.d.ts.map +1 -1
- package/dist/components/database/ec2-ssm-connect.js +40 -23
- package/dist/components/database/index.js +55 -7
- package/dist/components/ecs-service/index.d.ts +15 -0
- package/dist/components/ecs-service/index.d.ts.map +1 -1
- package/dist/components/ecs-service/index.js +73 -30
- package/dist/components/grafana/dashboards/panels.js +23 -17
- package/dist/components/grafana/dashboards/web-server-slo.js +4 -1
- package/dist/components/password/index.js +7 -1
- package/dist/components/prometheus/queries.test.js +10 -19
- package/dist/components/redis/elasticache-redis.js +6 -1
- package/dist/components/redis/upstash-redis.js +8 -2
- package/dist/components/static-site/index.js +7 -1
- package/dist/components/static-site/s3-assets.js +4 -1
- package/dist/components/vpc/index.d.ts.map +1 -1
- package/dist/components/vpc/index.js +6 -2
- package/dist/components/web-server/builder.d.ts +4 -4
- package/dist/components/web-server/builder.d.ts.map +1 -1
- package/dist/components/web-server/builder.js +41 -12
- package/dist/components/web-server/index.d.ts +1 -1
- package/dist/components/web-server/index.d.ts.map +1 -1
- package/dist/components/web-server/index.js +49 -14
- package/dist/components/web-server/load-balancer.js +13 -3
- package/dist/otel/builder.js +4 -1
- package/dist/otel/config.js +11 -14
- package/dist/otel/index.js +7 -3
- package/package.json +34 -44
|
@@ -5,8 +5,13 @@ const pulumi = require("@pulumi/pulumi");
|
|
|
5
5
|
const aws = require("@pulumi/aws");
|
|
6
6
|
const common_tags_1 = require("../../shared/common-tags");
|
|
7
7
|
class AcmCertificate extends pulumi.ComponentResource {
|
|
8
|
+
certificate;
|
|
9
|
+
certificateValidation;
|
|
8
10
|
constructor(name, args, opts = {}) {
|
|
9
|
-
super('studion:acm-certificate:AcmCertificate', name, {},
|
|
11
|
+
super('studion:acm-certificate:AcmCertificate', name, {}, {
|
|
12
|
+
...opts,
|
|
13
|
+
aliases: [...(opts.aliases || []), { type: 'studion:acm:Certificate' }],
|
|
14
|
+
});
|
|
10
15
|
this.certificate = new aws.acm.Certificate(`${args.domain}-certificate`, {
|
|
11
16
|
domainName: args.domain,
|
|
12
17
|
subjectAlternativeNames: args.subjectAlternativeNames,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/components/cloudfront/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,aAAa,CAAC;AACnC,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AAEzC,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAIpD,qBAAa,UAAW,SAAQ,MAAM,CAAC,iBAAiB;IACtD,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC;IAC1C,cAAc,CAAC,EAAE,cAAc,CAAC;gBAG9B,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,UAAU,CAAC,IAAI,EACrB,IAAI,GAAE,MAAM,CAAC,wBAA6B;IA4D5C,OAAO,CAAC,yBAAyB;IAwCjC,OAAO,CAAC,gBAAgB;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/components/cloudfront/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,aAAa,CAAC;AACnC,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AAEzC,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAIpD,qBAAa,UAAW,SAAQ,MAAM,CAAC,iBAAiB;IACtD,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC;IAC1C,cAAc,CAAC,EAAE,cAAc,CAAC;gBAG9B,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,UAAU,CAAC,IAAI,EACrB,IAAI,GAAE,MAAM,CAAC,wBAA6B;IA4D5C,OAAO,CAAC,yBAAyB;IAwCjC,OAAO,CAAC,gBAAgB;IAgFxB,OAAO,CAAC,iBAAiB;IAiBzB,OAAO,CAAC,kBAAkB;IA0D1B,OAAO,CAAC,iBAAiB;CA4B1B;AAED,yBAAiB,UAAU,CAAC;IAC1B,MAAM,MAAM,YAAY;QACtB,EAAE,OAAO;QACT,EAAE,OAAO;QACT,MAAM,WAAW;KAClB;IAED,MAAM,MAAM,UAAU,GAAG,YAAY,GAAG;QACtC,IAAI,EAAE,YAAY,CAAC,EAAE,CAAC;QACtB,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC;QACpC,aAAa,EAAE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,0BAA0B,CAAC,CAAC;QAC/D;;;WAGG;QACH,QAAQ,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;KACjC,CAAC;IAEF,MAAM,MAAM,UAAU,GAAG,YAAY,GAAG;QACtC,IAAI,EAAE,YAAY,CAAC,EAAE,CAAC;QACtB,YAAY,EAAE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC;QAKhD,OAAO,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;KAChC,CAAC;IAEF,MAAM,MAAM,cAAc,GAAG,YAAY,GAAG;QAC1C,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC;QAC1B,QAAQ,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,UAAU,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,oBAAoB,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC5C,cAAc,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACtD,aAAa,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACrD,QAAQ,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACjC,iBAAiB,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACzC,aAAa,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACrC,qBAAqB,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC7C,uBAAuB,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;KAChD,CAAC;IAEF,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,UAAU,GAAG,cAAc,CAAC;IAEhE,MAAM,MAAM,IAAI,GAAG;QACjB;;;;;;;WAOG;QACH,SAAS,EAAE,QAAQ,EAAE,CAAC;QACtB;;;;;;;;WAQG;QACH,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC9B;;;;;;;;;;;WAWG;QACH,WAAW,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAChD;;;WAGG;QACH,YAAY,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC;YAClB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;SACrC,CAAC,CAAC;KACJ,CAAC;IAEF,KAAK,YAAY,GAAG;QAClB,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;;CACH"}
|
|
@@ -8,6 +8,9 @@ const acm_certificate_1 = require("../acm-certificate");
|
|
|
8
8
|
const s3_cache_strategy_1 = require("./s3-cache-strategy");
|
|
9
9
|
const lb_cache_strategy_1 = require("./lb-cache-strategy");
|
|
10
10
|
class CloudFront extends pulumi.ComponentResource {
|
|
11
|
+
name;
|
|
12
|
+
distribution;
|
|
13
|
+
acmCertificate;
|
|
11
14
|
constructor(name, args, opts = {}) {
|
|
12
15
|
super('studion:cloudfront:CloudFront', name, {}, opts);
|
|
13
16
|
this.name = name;
|
|
@@ -33,11 +36,14 @@ class CloudFront extends pulumi.ComponentResource {
|
|
|
33
36
|
origins: this.createDistributionOrigins(behaviors),
|
|
34
37
|
defaultCache: this.getCacheBehavior(defaultBehavior),
|
|
35
38
|
orderedCaches: orderedBehaviors.length
|
|
36
|
-
? orderedBehaviors.map((it, idx) => (
|
|
39
|
+
? orderedBehaviors.map((it, idx) => ({
|
|
40
|
+
pathPattern: it.pathPattern,
|
|
41
|
+
...this.getCacheBehavior(it, idx),
|
|
42
|
+
}))
|
|
37
43
|
: undefined,
|
|
38
44
|
domain,
|
|
39
45
|
certificate: certificate || this.acmCertificate
|
|
40
|
-
? pulumi.output(certificate
|
|
46
|
+
? pulumi.output(certificate ?? this.acmCertificate.certificate)
|
|
41
47
|
: undefined,
|
|
42
48
|
certificateValidation: this.acmCertificate
|
|
43
49
|
? this.acmCertificate.certificateValidation
|
|
@@ -53,7 +59,6 @@ class CloudFront extends pulumi.ComponentResource {
|
|
|
53
59
|
createDistributionOrigins(behaviors) {
|
|
54
60
|
return pulumi.output(behaviors).apply(entries => {
|
|
55
61
|
const origins = entries.map(it => {
|
|
56
|
-
var _a;
|
|
57
62
|
if (isS3BehaviorType(it)) {
|
|
58
63
|
return getOriginWithDefaults({
|
|
59
64
|
originId: it.bucket.arn,
|
|
@@ -66,16 +71,18 @@ class CloudFront extends pulumi.ComponentResource {
|
|
|
66
71
|
else if (isLbBehaviorType(it)) {
|
|
67
72
|
return getOriginWithDefaults({
|
|
68
73
|
originId: it.loadBalancer.arn,
|
|
69
|
-
domainName:
|
|
74
|
+
domainName: it.dnsName ?? it.loadBalancer.dnsName,
|
|
70
75
|
});
|
|
71
76
|
}
|
|
72
77
|
else if (isCustomBehaviorType(it)) {
|
|
73
78
|
return getOriginWithDefaults({
|
|
74
79
|
originId: it.originId,
|
|
75
80
|
domainName: it.domainName,
|
|
76
|
-
customOriginConfig:
|
|
77
|
-
|
|
78
|
-
|
|
81
|
+
customOriginConfig: {
|
|
82
|
+
...(it.originProtocolPolicy
|
|
83
|
+
? { originProtocolPolicy: it.originProtocolPolicy }
|
|
84
|
+
: undefined),
|
|
85
|
+
},
|
|
79
86
|
});
|
|
80
87
|
}
|
|
81
88
|
else {
|
|
@@ -87,7 +94,6 @@ class CloudFront extends pulumi.ComponentResource {
|
|
|
87
94
|
});
|
|
88
95
|
}
|
|
89
96
|
getCacheBehavior(behavior, order) {
|
|
90
|
-
var _a, _b, _c, _d, _e;
|
|
91
97
|
const isDefault = isDefaultBehavior(behavior);
|
|
92
98
|
const getStrategyName = (backend) => {
|
|
93
99
|
const suffix = isDefault ? 'default' : `ordered-${order}`;
|
|
@@ -109,7 +115,9 @@ class CloudFront extends pulumi.ComponentResource {
|
|
|
109
115
|
return strategy.config;
|
|
110
116
|
}
|
|
111
117
|
else if (isCustomBehaviorType(behavior)) {
|
|
112
|
-
return
|
|
118
|
+
return {
|
|
119
|
+
targetOriginId: behavior.originId,
|
|
120
|
+
allowedMethods: behavior.allowedMethods ?? [
|
|
113
121
|
'GET',
|
|
114
122
|
'HEAD',
|
|
115
123
|
'OPTIONS',
|
|
@@ -117,17 +125,29 @@ class CloudFront extends pulumi.ComponentResource {
|
|
|
117
125
|
'POST',
|
|
118
126
|
'PATCH',
|
|
119
127
|
'DELETE',
|
|
120
|
-
],
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
128
|
+
],
|
|
129
|
+
cachedMethods: behavior.cachedMethods ?? ['GET', 'HEAD'],
|
|
130
|
+
...(behavior.compress != null && { compress: behavior.compress }),
|
|
131
|
+
viewerProtocolPolicy: 'redirect-to-https',
|
|
132
|
+
cachePolicyId: behavior.cachePolicyId ??
|
|
133
|
+
aws.cloudfront
|
|
134
|
+
.getCachePolicyOutput({ name: 'Managed-CachingDisabled' })
|
|
135
|
+
.apply(p => p.id),
|
|
136
|
+
originRequestPolicyId: behavior.originRequestPolicyId ??
|
|
137
|
+
isS3Domain(behavior.domainName).apply(isS3 => aws.cloudfront
|
|
138
|
+
.getOriginRequestPolicyOutput({
|
|
139
|
+
name: isS3
|
|
140
|
+
? 'Managed-CORS-S3Origin'
|
|
141
|
+
: 'Managed-AllViewerExceptHostHeader',
|
|
142
|
+
})
|
|
143
|
+
.apply(p => p.id)),
|
|
144
|
+
responseHeadersPolicyId: behavior.responseHeadersPolicyId ??
|
|
145
|
+
aws.cloudfront
|
|
146
|
+
.getResponseHeadersPolicyOutput({
|
|
147
|
+
name: 'Managed-SecurityHeadersPolicy',
|
|
148
|
+
})
|
|
149
|
+
.apply(p => p.id),
|
|
150
|
+
};
|
|
131
151
|
}
|
|
132
152
|
else {
|
|
133
153
|
throw new Error('Unknown CloudFront behavior encountered during mapping to distribution cache behaviors.');
|
|
@@ -141,34 +161,51 @@ class CloudFront extends pulumi.ComponentResource {
|
|
|
141
161
|
}, { parent: this });
|
|
142
162
|
}
|
|
143
163
|
createDistribution({ origins, defaultCache, orderedCaches, domain, certificate, certificateValidation, defaultRootObject, tags, }) {
|
|
144
|
-
return new aws.cloudfront.Distribution(`${this.name}-distribution`,
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
164
|
+
return new aws.cloudfront.Distribution(`${this.name}-distribution`, {
|
|
165
|
+
enabled: true,
|
|
166
|
+
isIpv6Enabled: true,
|
|
167
|
+
waitForDeployment: true,
|
|
168
|
+
httpVersion: 'http2and3',
|
|
169
|
+
...(defaultRootObject && { defaultRootObject }),
|
|
170
|
+
...(certificate
|
|
171
|
+
? {
|
|
172
|
+
aliases: domain
|
|
173
|
+
? [domain]
|
|
174
|
+
: pulumi
|
|
175
|
+
.all([
|
|
176
|
+
certificate.domainName,
|
|
177
|
+
certificate.subjectAlternativeNames,
|
|
178
|
+
])
|
|
179
|
+
.apply(([dn, sans = []]) => [...new Set([dn, ...sans])]),
|
|
180
|
+
viewerCertificate: {
|
|
181
|
+
acmCertificateArn: certificate.arn,
|
|
182
|
+
sslSupportMethod: 'sni-only',
|
|
183
|
+
minimumProtocolVersion: 'TLSv1.2_2021',
|
|
184
|
+
},
|
|
185
|
+
}
|
|
186
|
+
: {
|
|
187
|
+
viewerCertificate: {
|
|
188
|
+
cloudfrontDefaultCertificate: true,
|
|
189
|
+
},
|
|
190
|
+
}),
|
|
191
|
+
origins,
|
|
192
|
+
defaultCacheBehavior: defaultCache,
|
|
193
|
+
...(orderedCaches && { orderedCacheBehaviors: orderedCaches }),
|
|
194
|
+
priceClass: 'PriceClass_100',
|
|
195
|
+
restrictions: {
|
|
165
196
|
geoRestriction: { restrictionType: 'none' },
|
|
166
|
-
},
|
|
167
|
-
|
|
168
|
-
|
|
197
|
+
},
|
|
198
|
+
tags: { ...common_tags_1.commonTags, ...tags },
|
|
199
|
+
}, {
|
|
200
|
+
parent: this,
|
|
201
|
+
aliases: [{ name: `${this.name}-cloudfront` }],
|
|
202
|
+
...(certificateValidation
|
|
203
|
+
? { dependsOn: [certificateValidation] }
|
|
204
|
+
: undefined),
|
|
205
|
+
});
|
|
169
206
|
}
|
|
170
207
|
createAliasRecord({ hostedZoneId, }) {
|
|
171
|
-
return this.distribution.aliases.apply(aliases => aliases
|
|
208
|
+
return this.distribution.aliases.apply(aliases => aliases?.map((alias, index) => new aws.route53.Record(`${this.name}-cloudfront-alias-record-${index}`, {
|
|
172
209
|
type: 'A',
|
|
173
210
|
name: alias,
|
|
174
211
|
zoneId: hostedZoneId,
|
|
@@ -194,6 +231,7 @@ exports.CloudFront = CloudFront;
|
|
|
194
231
|
BehaviorType["CUSTOM"] = "custom";
|
|
195
232
|
})(BehaviorType = CloudFront.BehaviorType || (CloudFront.BehaviorType = {}));
|
|
196
233
|
})(CloudFront || (exports.CloudFront = CloudFront = {}));
|
|
234
|
+
const S3_DOMAIN_REGEX = /\.s3(?:[.\-][a-z0-9]+(?:-[a-z0-9]+)*)*\.amazonaws\.com$/;
|
|
197
235
|
function isDefaultBehavior(value) {
|
|
198
236
|
return value.pathPattern === '*' || value.pathPattern === '/*';
|
|
199
237
|
}
|
|
@@ -206,10 +244,19 @@ function isLbBehaviorType(value) {
|
|
|
206
244
|
function isCustomBehaviorType(value) {
|
|
207
245
|
return value.type === CloudFront.BehaviorType.CUSTOM;
|
|
208
246
|
}
|
|
247
|
+
function isS3Domain(domainName) {
|
|
248
|
+
return pulumi.output(domainName).apply(dn => S3_DOMAIN_REGEX.test(dn));
|
|
249
|
+
}
|
|
209
250
|
function getOriginWithDefaults({ originId, domainName, customOriginConfig, }) {
|
|
210
251
|
return {
|
|
211
252
|
originId,
|
|
212
253
|
domainName,
|
|
213
|
-
customOriginConfig:
|
|
254
|
+
customOriginConfig: {
|
|
255
|
+
originProtocolPolicy: 'https-only',
|
|
256
|
+
httpPort: 80,
|
|
257
|
+
httpsPort: 443,
|
|
258
|
+
originSslProtocols: ['TLSv1.2'],
|
|
259
|
+
...customOriginConfig,
|
|
260
|
+
},
|
|
214
261
|
};
|
|
215
262
|
}
|
|
@@ -4,6 +4,11 @@ exports.LbCacheStrategy = void 0;
|
|
|
4
4
|
const aws = require("@pulumi/aws");
|
|
5
5
|
const pulumi = require("@pulumi/pulumi");
|
|
6
6
|
class LbCacheStrategy extends pulumi.ComponentResource {
|
|
7
|
+
name;
|
|
8
|
+
pathPattern;
|
|
9
|
+
config;
|
|
10
|
+
cachePolicy;
|
|
11
|
+
responseHeadersPolicy;
|
|
7
12
|
constructor(name, args, opts = {}) {
|
|
8
13
|
super('studion:cloudfront:LbCacheStrategy', name, {}, opts);
|
|
9
14
|
this.name = name;
|
|
@@ -87,7 +92,10 @@ class LbCacheStrategy extends pulumi.ComponentResource {
|
|
|
87
92
|
}, { parent: this });
|
|
88
93
|
}
|
|
89
94
|
getPathConfig() {
|
|
90
|
-
return
|
|
95
|
+
return {
|
|
96
|
+
pathPattern: this.pathPattern,
|
|
97
|
+
...this.config,
|
|
98
|
+
};
|
|
91
99
|
}
|
|
92
100
|
}
|
|
93
101
|
exports.LbCacheStrategy = LbCacheStrategy;
|
|
@@ -4,6 +4,11 @@ exports.S3CacheStrategy = void 0;
|
|
|
4
4
|
const aws = require("@pulumi/aws");
|
|
5
5
|
const pulumi = require("@pulumi/pulumi");
|
|
6
6
|
class S3CacheStrategy extends pulumi.ComponentResource {
|
|
7
|
+
name;
|
|
8
|
+
pathPattern;
|
|
9
|
+
config;
|
|
10
|
+
cachePolicy;
|
|
11
|
+
responseHeadersPolicy;
|
|
7
12
|
constructor(name, args, opts = {}) {
|
|
8
13
|
super('studion:cloudfront:S3CacheStrategy', name, {}, opts);
|
|
9
14
|
this.name = name;
|
|
@@ -25,9 +30,9 @@ class S3CacheStrategy extends pulumi.ComponentResource {
|
|
|
25
30
|
createCachePolicy(ttl) {
|
|
26
31
|
const enableEncoding = pulumi.output(ttl).apply(val => val !== 0);
|
|
27
32
|
return new aws.cloudfront.CachePolicy(`${this.name}-cache-policy`, {
|
|
28
|
-
defaultTtl: ttl
|
|
29
|
-
minTtl: ttl
|
|
30
|
-
maxTtl: ttl
|
|
33
|
+
defaultTtl: ttl ?? 86400, // default to 1 day
|
|
34
|
+
minTtl: ttl ?? 60, // default to 1 minute
|
|
35
|
+
maxTtl: ttl ?? 31536000, // default to 1 year
|
|
31
36
|
parametersInCacheKeyAndForwardedToOrigin: {
|
|
32
37
|
cookiesConfig: {
|
|
33
38
|
cookieBehavior: 'none',
|
|
@@ -73,7 +78,10 @@ class S3CacheStrategy extends pulumi.ComponentResource {
|
|
|
73
78
|
}, { parent: this });
|
|
74
79
|
}
|
|
75
80
|
getPathConfig() {
|
|
76
|
-
return
|
|
81
|
+
return {
|
|
82
|
+
pathPattern: this.pathPattern,
|
|
83
|
+
...this.config,
|
|
84
|
+
};
|
|
77
85
|
}
|
|
78
86
|
}
|
|
79
87
|
exports.S3CacheStrategy = S3CacheStrategy;
|
|
@@ -4,6 +4,20 @@ exports.DatabaseBuilder = void 0;
|
|
|
4
4
|
const _1 = require(".");
|
|
5
5
|
const pulumi = require("@pulumi/pulumi");
|
|
6
6
|
class DatabaseBuilder {
|
|
7
|
+
name;
|
|
8
|
+
instanceConfig;
|
|
9
|
+
credentialsConfig;
|
|
10
|
+
storageConfig;
|
|
11
|
+
vpc;
|
|
12
|
+
enableMonitoring;
|
|
13
|
+
snapshotIdentifier;
|
|
14
|
+
kmsKeyId;
|
|
15
|
+
parameterGroupName;
|
|
16
|
+
tags;
|
|
17
|
+
createReplica;
|
|
18
|
+
replicaConfig;
|
|
19
|
+
enableSSMConnect;
|
|
20
|
+
ssmConnectConfig;
|
|
7
21
|
constructor(name) {
|
|
8
22
|
this.name = name;
|
|
9
23
|
}
|
|
@@ -54,20 +68,19 @@ class DatabaseBuilder {
|
|
|
54
68
|
return this;
|
|
55
69
|
}
|
|
56
70
|
build(opts = {}) {
|
|
57
|
-
|
|
58
|
-
if (!this.snapshotIdentifier && !((_a = this.instanceConfig) === null || _a === void 0 ? void 0 : _a.dbName)) {
|
|
71
|
+
if (!this.snapshotIdentifier && !this.instanceConfig?.dbName) {
|
|
59
72
|
throw new Error('DbName not provided. Make sure to call DatabaseBuilder.withInstance() and set dbName.');
|
|
60
73
|
}
|
|
61
|
-
if (!this.snapshotIdentifier && !
|
|
74
|
+
if (!this.snapshotIdentifier && !this.credentialsConfig?.username) {
|
|
62
75
|
throw new Error('Username not provided. Make sure to call DatabaseBuilder.withCredentials() and set username.');
|
|
63
76
|
}
|
|
64
|
-
if (this.snapshotIdentifier &&
|
|
77
|
+
if (this.snapshotIdentifier && this.instanceConfig?.dbName) {
|
|
65
78
|
throw new Error(`You can't set dbName when using snapshotIdentifier.`);
|
|
66
79
|
}
|
|
67
|
-
if (this.snapshotIdentifier &&
|
|
80
|
+
if (this.snapshotIdentifier && this.credentialsConfig?.username) {
|
|
68
81
|
throw new Error(`You can't set username when using snapshotIdentifier.`);
|
|
69
82
|
}
|
|
70
|
-
if (this.createReplica &&
|
|
83
|
+
if (this.createReplica && this.replicaConfig?.enableMonitoring) {
|
|
71
84
|
if (!this.enableMonitoring && !this.replicaConfig.monitoringRole) {
|
|
72
85
|
throw new Error(`If you want enable monitoring on the replica instance either provide monitoring role or
|
|
73
86
|
enable monitoring on the primary instance to reuse the same monitoring role.`);
|
|
@@ -76,7 +89,21 @@ class DatabaseBuilder {
|
|
|
76
89
|
if (!this.vpc) {
|
|
77
90
|
throw new Error('VPC not provided. Make sure to call DatabaseBuilder.withVpc().');
|
|
78
91
|
}
|
|
79
|
-
return new _1.Database(this.name,
|
|
92
|
+
return new _1.Database(this.name, {
|
|
93
|
+
...this.instanceConfig,
|
|
94
|
+
...this.credentialsConfig,
|
|
95
|
+
...this.storageConfig,
|
|
96
|
+
vpc: this.vpc,
|
|
97
|
+
enableMonitoring: this.enableMonitoring,
|
|
98
|
+
snapshotIdentifier: this.snapshotIdentifier,
|
|
99
|
+
kmsKeyId: this.kmsKeyId,
|
|
100
|
+
parameterGroupName: this.parameterGroupName,
|
|
101
|
+
tags: this.tags,
|
|
102
|
+
createReplica: this.createReplica,
|
|
103
|
+
replicaConfig: this.replicaConfig,
|
|
104
|
+
enableSSMConnect: this.enableSSMConnect,
|
|
105
|
+
ssmConnectConfig: this.ssmConnectConfig,
|
|
106
|
+
}, opts);
|
|
80
107
|
}
|
|
81
108
|
}
|
|
82
109
|
exports.DatabaseBuilder = DatabaseBuilder;
|
|
@@ -16,14 +16,18 @@ const defaults = {
|
|
|
16
16
|
engineVersion: '17.2',
|
|
17
17
|
};
|
|
18
18
|
class DatabaseReplica extends pulumi.ComponentResource {
|
|
19
|
+
name;
|
|
20
|
+
instance;
|
|
19
21
|
constructor(name, args, opts = {}) {
|
|
20
|
-
super('studion:database:DatabaseReplica', name, {},
|
|
22
|
+
super('studion:database:DatabaseReplica', name, {}, {
|
|
23
|
+
...opts,
|
|
24
|
+
aliases: [...(opts.aliases || []), { type: 'studion:DatabaseReplica' }],
|
|
25
|
+
});
|
|
21
26
|
this.name = name;
|
|
22
27
|
this.instance = this.createDatabaseInstance(args, opts);
|
|
23
28
|
this.registerOutputs();
|
|
24
29
|
}
|
|
25
30
|
createDatabaseInstance(args, opts) {
|
|
26
|
-
var _a;
|
|
27
31
|
const argsWithDefaults = (0, merge_with_defaults_1.mergeWithDefaults)(defaults, args);
|
|
28
32
|
const monitoringOptions = argsWithDefaults.monitoringRole
|
|
29
33
|
? {
|
|
@@ -33,7 +37,27 @@ class DatabaseReplica extends pulumi.ComponentResource {
|
|
|
33
37
|
performanceInsightsRetentionPeriod: 7,
|
|
34
38
|
}
|
|
35
39
|
: {};
|
|
36
|
-
const instance = new aws.rds.Instance(`${this.name}-rds`,
|
|
40
|
+
const instance = new aws.rds.Instance(`${this.name}-rds`, {
|
|
41
|
+
identifierPrefix: `${this.name}-`,
|
|
42
|
+
engine: 'postgres',
|
|
43
|
+
engineVersion: argsWithDefaults.engineVersion,
|
|
44
|
+
allocatedStorage: argsWithDefaults.allocatedStorage,
|
|
45
|
+
maxAllocatedStorage: argsWithDefaults.maxAllocatedStorage,
|
|
46
|
+
instanceClass: argsWithDefaults.instanceClass,
|
|
47
|
+
vpcSecurityGroupIds: [argsWithDefaults.dbSecurityGroup.id],
|
|
48
|
+
dbSubnetGroupName: argsWithDefaults.dbSubnetGroup?.name,
|
|
49
|
+
multiAz: argsWithDefaults.multiAz,
|
|
50
|
+
applyImmediately: argsWithDefaults.applyImmediately,
|
|
51
|
+
allowMajorVersionUpgrade: argsWithDefaults.allowMajorVersionUpgrade,
|
|
52
|
+
autoMinorVersionUpgrade: argsWithDefaults.autoMinorVersionUpgrade,
|
|
53
|
+
replicateSourceDb: argsWithDefaults.replicateSourceDb,
|
|
54
|
+
parameterGroupName: argsWithDefaults.parameterGroupName,
|
|
55
|
+
storageEncrypted: true,
|
|
56
|
+
publiclyAccessible: false,
|
|
57
|
+
skipFinalSnapshot: true,
|
|
58
|
+
...monitoringOptions,
|
|
59
|
+
tags: { ...common_tags_1.commonTags, ...argsWithDefaults.tags },
|
|
60
|
+
}, { parent: this, dependsOn: opts.dependsOn });
|
|
37
61
|
return instance;
|
|
38
62
|
}
|
|
39
63
|
}
|
|
@@ -4,6 +4,7 @@ import * as pulumi from '@pulumi/pulumi';
|
|
|
4
4
|
export declare namespace Ec2SSMConnect {
|
|
5
5
|
type Args = {
|
|
6
6
|
vpc: pulumi.Input<awsx.ec2.Vpc>;
|
|
7
|
+
ami?: pulumi.Input<string>;
|
|
7
8
|
instanceType?: pulumi.Input<string>;
|
|
8
9
|
tags?: pulumi.Input<{
|
|
9
10
|
[key: string]: pulumi.Input<string>;
|
|
@@ -12,7 +13,6 @@ export declare namespace Ec2SSMConnect {
|
|
|
12
13
|
}
|
|
13
14
|
export declare class Ec2SSMConnect extends pulumi.ComponentResource {
|
|
14
15
|
name: string;
|
|
15
|
-
vpc: pulumi.Output<awsx.ec2.Vpc>;
|
|
16
16
|
ec2SecurityGroup: aws.ec2.SecurityGroup;
|
|
17
17
|
role: aws.iam.Role;
|
|
18
18
|
ssmProfile: aws.iam.InstanceProfile;
|
|
@@ -20,7 +20,7 @@ export declare class Ec2SSMConnect extends pulumi.ComponentResource {
|
|
|
20
20
|
ec2MessagesVpcEndpoint: aws.ec2.VpcEndpoint;
|
|
21
21
|
ssmMessagesVpcEndpoint: aws.ec2.VpcEndpoint;
|
|
22
22
|
ec2: aws.ec2.Instance;
|
|
23
|
-
|
|
23
|
+
amiResult?: pulumi.Output<aws.ec2.GetAmiResult>;
|
|
24
24
|
constructor(name: string, args: Ec2SSMConnect.Args, opts?: pulumi.ComponentResourceOptions);
|
|
25
25
|
}
|
|
26
26
|
//# sourceMappingURL=ec2-ssm-connect.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ec2-ssm-connect.d.ts","sourceRoot":"","sources":["../../../src/components/database/ec2-ssm-connect.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,aAAa,CAAC;AACnC,OAAO,KAAK,IAAI,MAAM,cAAc,CAAC;AACrC,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AAOzC,yBAAiB,aAAa,CAAC;IAC7B,KAAY,IAAI,GAAG;QACjB,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChC,YAAY,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC;YAClB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;SACrC,CAAC,CAAC;KACJ,CAAC;CACH;AAMD,qBAAa,aAAc,SAAQ,MAAM,CAAC,iBAAiB;IACzD,IAAI,EAAE,MAAM,CAAC;IACb,
|
|
1
|
+
{"version":3,"file":"ec2-ssm-connect.d.ts","sourceRoot":"","sources":["../../../src/components/database/ec2-ssm-connect.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,GAAG,MAAM,aAAa,CAAC;AACnC,OAAO,KAAK,IAAI,MAAM,cAAc,CAAC;AACrC,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AAOzC,yBAAiB,aAAa,CAAC;IAC7B,KAAY,IAAI,GAAG;QACjB,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChC,GAAG,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC3B,YAAY,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC;YAClB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;SACrC,CAAC,CAAC;KACJ,CAAC;CACH;AAMD,qBAAa,aAAc,SAAQ,MAAM,CAAC,iBAAiB;IACzD,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,EAAE,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC;IACxC,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC;IACnB,UAAU,EAAE,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC;IACpC,cAAc,EAAE,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC;IACpC,sBAAsB,EAAE,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC;IAC5C,sBAAsB,EAAE,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC;IAC5C,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;gBAG9C,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,aAAa,CAAC,IAAI,EACxB,IAAI,GAAE,MAAM,CAAC,wBAA6B;CAqK7C"}
|
|
@@ -11,45 +11,58 @@ const defaults = {
|
|
|
11
11
|
instanceType: 't4g.nano',
|
|
12
12
|
};
|
|
13
13
|
class Ec2SSMConnect extends pulumi.ComponentResource {
|
|
14
|
+
name;
|
|
15
|
+
ec2SecurityGroup;
|
|
16
|
+
role;
|
|
17
|
+
ssmProfile;
|
|
18
|
+
ssmVpcEndpoint;
|
|
19
|
+
ec2MessagesVpcEndpoint;
|
|
20
|
+
ssmMessagesVpcEndpoint;
|
|
21
|
+
ec2;
|
|
22
|
+
amiResult;
|
|
14
23
|
constructor(name, args, opts = {}) {
|
|
15
|
-
super('studion:database:Ec2SSMConnect', name, {},
|
|
24
|
+
super('studion:database:Ec2SSMConnect', name, {}, {
|
|
25
|
+
...opts,
|
|
26
|
+
aliases: [
|
|
16
27
|
...(opts.aliases || []),
|
|
17
28
|
{ type: 'studion:Ec2BastionSSMConnect' },
|
|
18
|
-
] }));
|
|
19
|
-
const { vpc, instanceType, tags } = (0, merge_with_defaults_1.mergeWithDefaults)(defaults, args);
|
|
20
|
-
this.name = name;
|
|
21
|
-
this.vpc = pulumi.output(vpc);
|
|
22
|
-
const subnetId = this.vpc.privateSubnetIds.apply(ids => ids[0]);
|
|
23
|
-
this.ami = aws.ec2.getAmiOutput({
|
|
24
|
-
filters: [
|
|
25
|
-
{ name: 'architecture', values: ['arm64'] },
|
|
26
|
-
{ name: 'root-device-type', values: ['ebs'] },
|
|
27
|
-
{ name: 'virtualization-type', values: ['hvm'] },
|
|
28
|
-
{ name: 'ena-support', values: ['true'] },
|
|
29
29
|
],
|
|
30
|
-
owners: ['amazon'],
|
|
31
|
-
nameRegex: 'al2023-ami-2023\.[0-9]+\.[0-9]+\.[0-9]+-kernel-[0-9]+\.[0-9]+-arm64',
|
|
32
|
-
mostRecent: true,
|
|
33
30
|
});
|
|
31
|
+
const { vpc, ami, instanceType, tags } = (0, merge_with_defaults_1.mergeWithDefaults)(defaults, args);
|
|
32
|
+
this.name = name;
|
|
33
|
+
const vpcOutput = pulumi.output(vpc);
|
|
34
|
+
const subnetId = vpcOutput.privateSubnetIds.apply(ids => ids[0]);
|
|
35
|
+
const amiId = ami ??
|
|
36
|
+
(this.amiResult = aws.ec2.getAmiOutput({
|
|
37
|
+
filters: [
|
|
38
|
+
{ name: 'architecture', values: ['arm64'] },
|
|
39
|
+
{ name: 'root-device-type', values: ['ebs'] },
|
|
40
|
+
{ name: 'virtualization-type', values: ['hvm'] },
|
|
41
|
+
{ name: 'ena-support', values: ['true'] },
|
|
42
|
+
],
|
|
43
|
+
owners: ['amazon'],
|
|
44
|
+
nameRegex: 'al2023-ami-2023\.[0-9]+\.[0-9]+\.[0-9]+-kernel-[0-9]+\.[0-9]+-arm64',
|
|
45
|
+
mostRecent: true,
|
|
46
|
+
})).id;
|
|
34
47
|
this.ec2SecurityGroup = new aws.ec2.SecurityGroup(`${this.name}-ec2-security-group`, {
|
|
35
48
|
ingress: [
|
|
36
49
|
{
|
|
37
50
|
protocol: 'tcp',
|
|
38
51
|
fromPort: 22,
|
|
39
52
|
toPort: 22,
|
|
40
|
-
cidrBlocks: [
|
|
53
|
+
cidrBlocks: [vpcOutput.vpc.cidrBlock],
|
|
41
54
|
},
|
|
42
55
|
{
|
|
43
56
|
protocol: 'tcp',
|
|
44
57
|
fromPort: 443,
|
|
45
58
|
toPort: 443,
|
|
46
|
-
cidrBlocks: [
|
|
59
|
+
cidrBlocks: [vpcOutput.vpc.cidrBlock],
|
|
47
60
|
},
|
|
48
61
|
],
|
|
49
62
|
egress: [
|
|
50
63
|
{ protocol: '-1', fromPort: 0, toPort: 0, cidrBlocks: ['0.0.0.0/0'] },
|
|
51
64
|
],
|
|
52
|
-
vpcId:
|
|
65
|
+
vpcId: vpcOutput.vpcId,
|
|
53
66
|
tags: common_tags_1.commonTags,
|
|
54
67
|
}, { parent: this });
|
|
55
68
|
this.role = new aws.iam.Role(`${this.name}-ec2-role`, {
|
|
@@ -76,16 +89,20 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
|
|
|
76
89
|
tags: common_tags_1.commonTags,
|
|
77
90
|
}, { parent: this, dependsOn: [ssmPolicyAttachment] });
|
|
78
91
|
this.ec2 = new aws.ec2.Instance(`${this.name}-ec2`, {
|
|
79
|
-
ami:
|
|
92
|
+
ami: amiId,
|
|
80
93
|
associatePublicIpAddress: false,
|
|
81
94
|
instanceType,
|
|
82
95
|
iamInstanceProfile: this.ssmProfile.name,
|
|
83
96
|
subnetId,
|
|
84
97
|
vpcSecurityGroupIds: [this.ec2SecurityGroup.id],
|
|
85
|
-
tags:
|
|
98
|
+
tags: {
|
|
99
|
+
...common_tags_1.commonTags,
|
|
100
|
+
Name: `${this.name}-ec2`,
|
|
101
|
+
...tags,
|
|
102
|
+
},
|
|
86
103
|
}, { parent: this });
|
|
87
104
|
this.ssmVpcEndpoint = new aws.ec2.VpcEndpoint(`${this.name}-ssm-vpc-endpoint`, {
|
|
88
|
-
vpcId:
|
|
105
|
+
vpcId: vpcOutput.vpcId,
|
|
89
106
|
ipAddressType: 'ipv4',
|
|
90
107
|
serviceName: `com.amazonaws.${awsRegion}.ssm`,
|
|
91
108
|
vpcEndpointType: 'Interface',
|
|
@@ -95,7 +112,7 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
|
|
|
95
112
|
tags: common_tags_1.commonTags,
|
|
96
113
|
}, { parent: this, dependsOn: [this.ec2] });
|
|
97
114
|
this.ec2MessagesVpcEndpoint = new aws.ec2.VpcEndpoint(`${this.name}-ec2messages-vpc-endpoint`, {
|
|
98
|
-
vpcId:
|
|
115
|
+
vpcId: vpcOutput.vpcId,
|
|
99
116
|
ipAddressType: 'ipv4',
|
|
100
117
|
serviceName: `com.amazonaws.${awsRegion}.ec2messages`,
|
|
101
118
|
vpcEndpointType: 'Interface',
|
|
@@ -105,7 +122,7 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
|
|
|
105
122
|
tags: common_tags_1.commonTags,
|
|
106
123
|
}, { parent: this, dependsOn: [this.ec2] });
|
|
107
124
|
this.ssmMessagesVpcEndpoint = new aws.ec2.VpcEndpoint(`${this.name}-ssmmessages-vpc-endpoint`, {
|
|
108
|
-
vpcId:
|
|
125
|
+
vpcId: vpcOutput.vpcId,
|
|
109
126
|
ipAddressType: 'ipv4',
|
|
110
127
|
serviceName: `com.amazonaws.${awsRegion}.ssmmessages`,
|
|
111
128
|
vpcEndpointType: 'Interface',
|