@webiny/project-aws 0.0.0-unstable.61c048f412

package/pulumi/apps/core/CoreOpenSearch.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["path","pulumi","aws","random","createAppModule","getAwsAccountId","CoreVpc","LAMBDA_RUNTIME","LogDynamo","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","OS_ENGINE_VERSION","OpenSearch","name","config","app","params","isProduction","env","vpc","getModule","optional","logDynamoDbTable","domain","domainPolicy","process","AWS_OS_DOMAIN_NAME","domainName","String","addRemoteResource","opensearch","getDomain","async","randomId","RandomId","byteLength","namePrefix","getParam","create","pulumiResourceNamePrefix","domainLogicalName","domainPhysicalName","hex","apply","slice","addResource","Domain","engineVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","accountId","DomainPolicy","accessPolicies","all","arn","domainArn","JSON","stringify","Version","Statement","Effect","Principal","AWS","Action","Resource","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","globalSecondaryIndexes","projectionType","ttl","attributeName","enabled","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","handler","timeout","memorySize","environment","variables","DEBUG","OPENSEARCH_ENDPOINT","endpoint","DB_TABLE_LOG","description","code","asset","AssetArchive","FileArchive","join","paths","workspace","vpcConfig","loggingConfig","logFormat","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","opensearchDomainArn","opensearchDomainEndpoint","opensearchDynamodbTableArn","opensearchDynamodbTableName","dynamoToElastic","Policy","Sid","interpolate"],"sources":["CoreOpenSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as random from \"@pulumi/random\";\nimport {\n    createAppModule,\n    type PulumiApp,\n    type PulumiAppRemoteResource,\n    type PulumiAppResource,\n    type PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\nimport { LogDynamo } from \"~/pulumi/apps/core/LogDynamo.js\";\n\nexport interface OpenSearchParams {\n    protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n    return {\n        instanceType: \"t3.small.search\"\n    };\n}\n\nfunction getProdClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n    return {\n        // For production deployments, we create 3 instances and configure multi-AZ across 3 zones.\n        instanceType: \"t3.medium.search\",\n        instanceCount: 3,\n        zoneAwarenessEnabled: true,\n        zoneAwarenessConfig: {\n            availabilityZoneCount: 3\n        }\n    };\n}\n\nconst OS_ENGINE_VERSION = \"OpenSearch_3.3\";\n\nexport const OpenSearch = createAppModule({\n    name: \"OpenSearch\",\n    config(app, params: OpenSearchParams) {\n        const isProduction = app.env.isProduction;\n\n        const vpc = app.getModule(CoreVpc, { optional: true });\n\n        const logDynamoDbTable = app.getModule(LogDynamo);\n\n        // This needs to be implemented in order to be able to use a shared OpenSearch cluster.\n        let domain:\n            | PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain>>\n            | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>;\n\n        let domainPolicy;\n\n        if (process.env.AWS_OS_DOMAIN_NAME) {\n            const domainName = String(process.env.AWS_OS_DOMAIN_NAME);\n            // This can be useful for testing purposes in ephemeral environments. More information here:\n            // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n            domain = app.addRemoteResource(domainName, () => {\n                return aws.opensearch.getDomain({ domainName }, { async: true });\n            });\n        } else {\n            const randomId = new random.RandomId(\"osDomainRandomId\", { byteLength: 8 });\n            const namePrefix = app.getParam(app.params.create.pulumiResourceNamePrefix) || \"\";\n\n            const domainLogicalName = \"webiny-js\";\n            const domainPhysicalName = randomId.hex.apply((hex: string) => {\n                return `${namePrefix}${domainLogicalName}-${hex.slice(-7)}`;\n            });\n\n            domain = app.addResource(aws.opensearch.Domain, {\n                name: domainLogicalName,\n                config: {\n                    domainName: domainPhysicalName,\n                    engineVersion: OS_ENGINE_VERSION,\n                    clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n                    vpcOptions: vpc\n                        ? {\n                              subnetIds: vpc.subnets.private.map(s => s.output.id),\n                              securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                          }\n                        : undefined,\n                    ebsOptions: {\n                        ebsEnabled: true,\n                        volumeSize: 10,\n                        volumeType: \"gp2\"\n                    },\n                    advancedOptions: {\n                        \"rest.action.multi.allow_explicit_index\": \"true\"\n                    },\n                    snapshotOptions: {\n                        automatedSnapshotStartHour: 23\n                    }\n                },\n                opts: { protect: params.protect }\n            });\n\n            /**\n             * Domain policy defines who can access your OpenSearch Domain.\n             * For details on OpenSearch security, read the official documentation:\n             * https://docs.aws.amazon.com/openSearch-service/latest/developerguide/security.html\n             */\n            const accountId = getAwsAccountId(app);\n\n            domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {\n                name: `${domainLogicalName}-policy`,\n                config: {\n                    domainName: domain.output.domainName,\n                    accessPolicies: pulumi\n                        .all([accountId, domain.output.arn])\n                        .apply(([accountId, domainArn]) => {\n                            return JSON.stringify({\n                                Version: \"2012-10-17\",\n                                Statement: [\n                                    /**\n                                     * Allow requests signed with current account\n                                     */\n                                    {\n                                        Effect: \"Allow\",\n                                        Principal: {\n                                            AWS: accountId\n                                        },\n                                        Action: \"es:*\",\n                                        Resource: `${domainArn}/*`\n                                    }\n                                ]\n                            });\n                        })\n                },\n                opts: { protect: params.protect }\n            });\n        }\n\n        /**\n         * Create a table for OpenSearch records. All ES records are stored in this table to dramatically improve\n         * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n         * a single source of truth for your OpenSearch domain. Streaming is enabled on this table, and it will\n         * allow asynchronous synchronization of data with OpenSearch domain.\n         */\n        const table = app.addResource(aws.dynamodb.Table, {\n            name: \"webiny-es\",\n            config: {\n                attributes: [\n                    { name: \"PK\", type: \"S\" },\n                    { name: \"SK\", type: \"S\" },\n                    { name: \"GSI_TENANT\", type: \"S\" }\n                ],\n                streamEnabled: true,\n                streamViewType: \"NEW_AND_OLD_IMAGES\",\n                billingMode: \"PAY_PER_REQUEST\",\n                hashKey: \"PK\",\n                rangeKey: \"SK\",\n                globalSecondaryIndexes: [\n                    {\n                        name: \"GSI_TENANT\",\n                        hashKey: \"GSI_TENANT\",\n                        projectionType: \"KEYS_ONLY\"\n                    }\n                ],\n                ttl: {\n                    attributeName: \"expiresAt\",\n                    enabled: true\n                }\n            },\n            opts: { protect: params.protect }\n        });\n\n        const roleName = \"dynamo-to-elastic-lambda-role\";\n\n        const role = app.addResource(aws.iam.Role, {\n            name: roleName,\n            config: {\n                assumeRolePolicy: {\n                    Version: \"2012-10-17\",\n                    Statement: [\n                        {\n                            Action: \"sts:AssumeRole\",\n                            Principal: {\n                                Service: \"lambda.amazonaws.com\"\n                            },\n                            Effect: \"Allow\"\n                        }\n                    ]\n                }\n            },\n            meta: { isLambdaFunctionRole: true }\n        });\n\n        const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n            config: {\n                role: role.output,\n                policyArn: policy.output.arn\n            }\n        });\n\n        // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n        if (vpc) {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n                }\n            });\n        } else {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaBasicExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n                }\n            });\n        }\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n            config: {\n                role: role.output,\n                policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n            }\n        });\n\n        /**\n         * This Lambda will process the stream events from DynamoDB table that contains OpenSearch items.\n         * OpenSearch can't take large amount of individual writes in a short period of time, so this way\n         * we store data for OpenSearch in a DynamoDB table, and asynchronously insert it into OpenSearch\n         * using batching.\n         */\n        const lambda = app.addResource(aws.lambda.Function, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                role: role.output.arn,\n                runtime: LAMBDA_RUNTIME,\n                handler: \"handler.handler\",\n                timeout: 900,\n                memorySize: 1024,\n                environment: {\n                    variables: {\n                        DEBUG: String(process.env.DEBUG),\n                        OPENSEARCH_ENDPOINT: domain.output.endpoint,\n                        DB_TABLE_LOG: logDynamoDbTable.output.name\n                    }\n                },\n                description: \"Process DynamoDB Stream.\",\n                code: new pulumi.asset.AssetArchive({\n                    \".\": new pulumi.asset.FileArchive(\n                        path.join(app.paths.workspace, \"dynamoToElastic/build\")\n                    )\n                }),\n                vpcConfig: vpc\n                    ? {\n                          subnetIds: vpc.subnets.private.map(s => s.output.id),\n                          securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                      }\n                    : undefined,\n                loggingConfig: {\n                    logFormat: \"JSON\"\n                }\n            }\n        });\n\n        const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                eventSourceArn: table.output.streamArn,\n                functionName: lambda.output.arn,\n                startingPosition: \"LATEST\",\n                maximumRetryAttempts: 3,\n                batchSize: 50,\n                maximumBatchingWindowInSeconds: 1\n            }\n        });\n\n        app.addOutputs({\n            opensearchDomainArn: domain.output.arn,\n            opensearchDomainEndpoint: domain.output.endpoint,\n            opensearchDynamodbTableArn: table.output.arn,\n            opensearchDynamodbTableName: table.output.name\n        });\n\n        return {\n            domain,\n            domainPolicy,\n            table,\n            dynamoToElastic: {\n                role,\n                policy,\n                lambda,\n                eventSourceMapping\n            }\n        };\n    }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n    app: PulumiApp,\n    domain: pulumi.Output<aws.opensearch.Domain | aws.opensearch.GetDomainResult>\n) {\n    return app.addResource(aws.iam.Policy, {\n        name: \"DynamoDbToElasticLambdaPolicy-updated\",\n        config: {\n            description: \"This policy enables access to ES and Dynamodb streams\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForES\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"es:ESHttpGet\",\n                            \"es:ESHttpDelete\",\n                            \"es:ESHttpPatch\",\n                            \"es:ESHttpPost\",\n                            \"es:ESHttpPut\",\n                            \"dynamodb:BatchGetItem\",\n                            \"dynamodb:BatchWriteItem\",\n                            \"dynamodb:PutItem\",\n                            \"dynamodb:GetItem\",\n                            \"dynamodb:DeleteItem\",\n                            \"dynamodb:Query\",\n                            \"dynamodb:UpdateItem\"\n                        ],\n                        Resource: [\n                            pulumi.interpolate`${domain.arn}`,\n                            pulumi.interpolate`${domain.arn}/*`\n                        ]\n                    }\n                ]\n            }\n        }\n    });\n}\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA,OAAOA,IAAI,MAAM,MAAM;AACvB,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,GAAG,MAAM,aAAa;AAClC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SACIC,eAAe,QAKZ,gBAAgB;AAEvB,SAASC,eAAe;AACxB,SAASC,OAAO;AAChB,SAASC,cAAc;AACvB,SAASC,SAAS;AAMlB,SAASC,mBAAmBA,CAAA,EAAmD;EAC3E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAmD;EAC5E,OAAO;IACH;IACAD,YAAY,EAAE,kBAAkB;IAChCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEA,MAAMC,iBAAiB,GAAG,gBAAgB;AAE1C,OAAO,MAAMC,UAAU,GAAGb,eAAe,CAAC;EACtCc,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAG,EAAEC,MAAwB,EAAE;IAClC,MAAMC,YAAY,GAAGF,GAAG,CAACG,GAAG,CAACD,YAAY;IAEzC,MAAME,GAAG,GAAGJ,GAAG,CAACK,SAAS,CAACnB,OAAO,EAAE;MAAEoB,QAAQ,EAAE;IAAK,CAAC,CAAC;IAEtD,MAAMC,gBAAgB,GAAGP,GAAG,CAACK,SAAS,CAACjB,SAAS,CAAC;;IAEjD;IACA,IAAIoB,MAEyD;IAE7D,IAAIC,YAAY;IAEhB,IAAIC,OAAO,CAACP,GAAG,CAACQ,kBAAkB,EAAE;MAChC,MAAMC,UAAU,GAAGC,MAAM,CAACH,OAAO,CAACP,GAAG,CAACQ,kBAAkB,CAAC;MACzD;MACA;MACAH,MAAM,GAAGR,GAAG,CAACc,iBAAiB,CAACF,UAAU,EAAE,MAAM;QAC7C,OAAO9B,GAAG,CAACiC,UAAU,CAACC,SAAS,CAAC;UAAEJ;QAAW,CAAC,EAAE;UAAEK,KAAK,EAAE;QAAK,CAAC,CAAC;MACpE,CAAC,CAAC;IACN,CAAC,MAAM;MACH,MAAMC,QAAQ,GAAG,IAAInC,MAAM,CAACoC,QAAQ,CAAC,kBAAkB,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAC3E,MAAMC,UAAU,GAAGrB,GAAG,CAACsB,QAAQ,CAACtB,GAAG,CAACC,MAAM,CAACsB,MAAM,CAACC,wBAAwB,CAAC,IAAI,EAAE;MAEjF,MAAMC,iBAAiB,GAAG,WAAW;MACrC,MAAMC,kBAAkB,GAAGR,QAAQ,CAACS,GAAG,CAACC,KAAK,CAAED,GAAW,IAAK;QAC3D,OAAO,GAAGN,UAAU,GAAGI,iBAAiB,IAAIE,GAAG,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;MAC/D,CAAC,CAAC;MAEFrB,MAAM,GAAGR,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACiC,UAAU,CAACgB,MAAM,EAAE;QAC5CjC,IAAI,EAAE2B,iBAAiB;QACvB1B,MAAM,EAAE;UACJa,UAAU,EAAEc,kBAAkB;UAC9BM,aAAa,EAAEpC,iBAAiB;UAChCqC,aAAa,EAAE/B,YAAY,GAAGX,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5E6C,UAAU,EAAE9B,GAAG,GACT;YACI+B,SAAS,EAAE/B,GAAG,CAACgC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAACtC,GAAG,CAACA,GAAG,CAACoC,MAAM,CAACG,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAEpD,MAAM,CAACoD;QAAQ;MACpC,CAAC,CAAC;;MAEF;AACZ;AACA;AACA;AACA;MACY,MAAMC,SAAS,GAAGrE,eAAe,CAACe,GAAG,CAAC;MAEtCS,YAAY,GAAGT,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACiC,UAAU,CAACwC,YAAY,EAAE;QACxDzD,IAAI,EAAE,GAAG2B,iBAAiB,SAAS;QACnC1B,MAAM,EAAE;UACJa,UAAU,EAAEJ,MAAM,CAACgC,MAAM,CAAC5B,UAAU;UACpC4C,cAAc,EAAE3E,MAAM,CACjB4E,GAAG,CAAC,CAACH,SAAS,EAAE9C,MAAM,CAACgC,MAAM,CAACkB,GAAG,CAAC,CAAC,CACnC9B,KAAK,CAAC,CAAC,CAAC0B,SAAS,EAAEK,SAAS,CAAC,KAAK;YAC/B,OAAOC,IAAI,CAACC,SAAS,CAAC;cAClBC,OAAO,EAAE,YAAY;cACrBC,SAAS,EAAE;cACP;AACpC;AACA;cACoC;gBACIC,MAAM,EAAE,OAAO;gBACfC,SAAS,EAAE;kBACPC,GAAG,EAAEZ;gBACT,CAAC;gBACDa,MAAM,EAAE,MAAM;gBACdC,QAAQ,EAAE,GAAGT,SAAS;cAC1B,CAAC;YAET,CAAC,CAAC;UACN,CAAC;QACT,CAAC;QACDP,IAAI,EAAE;UAAEC,OAAO,EAAEpD,MAAM,CAACoD;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMgB,KAAK,GAAGrE,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACwF,QAAQ,CAACC,KAAK,EAAE;MAC9CzE,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJyE,UAAU,EAAE,CACR;UAAE1E,IAAI,EAAE,IAAI;UAAE2E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE3E,IAAI,EAAE,IAAI;UAAE2E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE3E,IAAI,EAAE,YAAY;UAAE2E,IAAI,EAAE;QAAI,CAAC,CACpC;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACIjF,IAAI,EAAE,YAAY;UAClB+E,OAAO,EAAE,YAAY;UACrBG,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDC,aAAa,EAAE,WAAW;UAC1BC,OAAO,EAAE;QACb;MACJ,CAAC;MACD/B,IAAI,EAAE;QAAEC,OAAO,EAAEpD,MAAM,CAACoD;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAM+B,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAGrF,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACwG,GAAG,CAACC,IAAI,EAAE;MACvCzF,IAAI,EAAEsF,QAAQ;MACdrF,MAAM,EAAE;QACJyF,gBAAgB,EAAE;UACd1B,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACPwB,OAAO,EAAE;YACb,CAAC;YACDzB,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACD0B,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAAC7F,GAAG,EAAEQ,MAAM,CAACgC,MAAM,CAAC;IAEnExC,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACwG,GAAG,CAACQ,oBAAoB,EAAE;MAC1ChG,IAAI,EAAE,GAAGsF,QAAQ,gCAAgC;MACjDrF,MAAM,EAAE;QACJsF,IAAI,EAAEA,IAAI,CAAC7C,MAAM;QACjBuD,SAAS,EAAEH,MAAM,CAACpD,MAAM,CAACkB;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAItD,GAAG,EAAE;MACLJ,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACwG,GAAG,CAACQ,oBAAoB,EAAE;QAC1ChG,IAAI,EAAE,GAAGsF,QAAQ,kCAAkC;QACnDrF,MAAM,EAAE;UACJsF,IAAI,EAAEA,IAAI,CAAC7C,MAAM;UACjBuD,SAAS,EAAEjH,GAAG,CAACwG,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHjG,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACwG,GAAG,CAACQ,oBAAoB,EAAE;QAC1ChG,IAAI,EAAE,GAAGsF,QAAQ,8BAA8B;QAC/CrF,MAAM,EAAE;UACJsF,IAAI,EAAEA,IAAI,CAAC7C,MAAM;UACjBuD,SAAS,EAAEjH,GAAG,CAACwG,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEAlG,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACwG,GAAG,CAACQ,oBAAoB,EAAE;MAC1ChG,IAAI,EAAE,GAAGsF,QAAQ,iCAAiC;MAClDrF,MAAM,EAAE;QACJsF,IAAI,EAAEA,IAAI,CAAC7C,MAAM;QACjBuD,SAAS,EAAEjH,GAAG,CAACwG,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAGpG,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACsH,MAAM,CAACC,QAAQ,EAAE;MAChDvG,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJsF,IAAI,EAAEA,IAAI,CAAC7C,MAAM,CAACkB,GAAG;QACrB4C,OAAO,EAAEnH,cAAc;QACvBoH,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE/F,MAAM,CAACH,OAAO,CAACP,GAAG,CAACyG,KAAK,CAAC;YAChCC,mBAAmB,EAAErG,MAAM,CAACgC,MAAM,CAACsE,QAAQ;YAC3CC,YAAY,EAAExG,gBAAgB,CAACiC,MAAM,CAAC1C;UAC1C;QACJ,CAAC;QACDkH,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAIpI,MAAM,CAACqI,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAItI,MAAM,CAACqI,KAAK,CAACE,WAAW,CAC7BxI,IAAI,CAACyI,IAAI,CAACrH,GAAG,CAACsH,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAEpH,GAAG,GACR;UACI+B,SAAS,EAAE/B,GAAG,CAACgC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAACtC,GAAG,CAACA,GAAG,CAACoC,MAAM,CAACG,sBAAsB;QAC5D,CAAC,GACDC,SAAS;QACf6E,aAAa,EAAE;UACXC,SAAS,EAAE;QACf;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,kBAAkB,GAAG3H,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACsH,MAAM,CAACwB,kBAAkB,EAAE;MACtE9H,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJ8H,cAAc,EAAExD,KAAK,CAAC7B,MAAM,CAACsF,SAAS;QACtCC,YAAY,EAAE3B,MAAM,CAAC5D,MAAM,CAACkB,GAAG;QAC/BsE,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,EAAE;QACbC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFnI,GAAG,CAACoI,UAAU,CAAC;MACXC,mBAAmB,EAAE7H,MAAM,CAACgC,MAAM,CAACkB,GAAG;MACtC4E,wBAAwB,EAAE9H,MAAM,CAACgC,MAAM,CAACsE,QAAQ;MAChDyB,0BAA0B,EAAElE,KAAK,CAAC7B,MAAM,CAACkB,GAAG;MAC5C8E,2BAA2B,EAAEnE,KAAK,CAAC7B,MAAM,CAAC1C;IAC9C,CAAC,CAAC;IAEF,OAAO;MACHU,MAAM;MACNC,YAAY;MACZ4D,KAAK;MACLoE,eAAe,EAAE;QACbpD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNuB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS9B,gCAAgCA,CACrC7F,GAAc,EACdQ,MAA6E,EAC/E;EACE,OAAOR,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACwG,GAAG,CAACoD,MAAM,EAAE;IACnC5I,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJiH,WAAW,EAAE,uDAAuD;MACpEpB,MAAM,EAAE;QACJ9B,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACI4E,GAAG,EAAE,iBAAiB;UACtB3E,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,EAChB,qBAAqB,CACxB;UACDC,QAAQ,EAAE,CACNvF,MAAM,CAAC+J,WAAW,GAAGpI,MAAM,CAACkD,GAAG,EAAE,EACjC7E,MAAM,CAAC+J,WAAW,GAAGpI,MAAM,CAACkD,GAAG,IAAI;QAE3C,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}

package/pulumi/apps/core/CoreVpc.d.ts

@@ -0,0 +1,13 @@
+import { type PulumiAppModule } from "@webiny/pulumi";
+export type CoreVpc = PulumiAppModule<typeof CoreVpc>;
+export declare const CoreVpc: import("@webiny/pulumi").PulumiAppModuleDefinition<{
+    vpc: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/vpc").Vpc>;
+    subnets: {
+        public: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/subnet").Subnet>[];
+        private: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/subnet").Subnet>[];
+    };
+    routeTables: {
+        privateSubnets: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/routeTable").RouteTable>;
+        publicSubnets: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/routeTable").RouteTable>;
+    };
+}, void>;

package/pulumi/apps/core/CoreVpc.js

@@ -0,0 +1,160 @@
+import * as aws from "@pulumi/aws";
+import { createAppModule } from "@webiny/pulumi";
+export const CoreVpc = createAppModule({
+  name: "CoreVpc",
+  config(app) {
+    // Create VPC.
+    const vpc = app.addResource(aws.ec2.Vpc, {
+      name: "webiny",
+      config: {
+        cidrBlock: "10.0.0.0/16"
+      }
+    });
+
+    // Create one public and three private subnets.
+    // The third subnet will use the third AZ if available, otherwise reuses the first AZ.
+    const publicSubnet = app.addResource(aws.ec2.Subnet, {
+      name: "public",
+      config: {
+        vpcId: vpc.output.id,
+        cidrBlock: "10.0.0.0/24",
+        tags: {
+          Name: "public-subnet"
+        }
+      }
+    });
+    const availabilityZones = app.addHandler(() => {
+      return aws.getAvailabilityZones({
+        state: "available"
+      });
+    });
+    const privateSubnet1 = app.addResource(aws.ec2.Subnet, {
+      name: "private-subnet-1",
+      config: {
+        vpcId: vpc.output.id,
+        cidrBlock: "10.0.1.0/24",
+        availabilityZone: availabilityZones.apply(zone => zone.names[0]),
+        tags: {
+          Name: "private-subnet-1"
+        }
+      }
+    });
+    const privateSubnet2 = app.addResource(aws.ec2.Subnet, {
+      name: "private-subnet-2",
+      config: {
+        vpcId: vpc.output.id,
+        cidrBlock: "10.0.2.0/24",
+        availabilityZone: availabilityZones.apply(zone => zone.names[1] || zone.names[0]),
+        tags: {
+          Name: "private-subnet-2"
+        }
+      }
+    });
+    const privateSubnet3 = app.addResource(aws.ec2.Subnet, {
+      name: "private-subnet-3",
+      config: {
+        vpcId: vpc.output.id,
+        cidrBlock: "10.0.3.0/24",
+        availabilityZone: availabilityZones.apply(zone => zone.names[2] || zone.names[0]),
+        tags: {
+          Name: "private-subnet-3"
+        }
+      }
+    });
+
+    // Create Internet gateway.
+    const internetGateway = app.addResource(aws.ec2.InternetGateway, {
+      name: "internet-gateway",
+      config: {
+        vpcId: vpc.output.id
+      }
+    });
+
+    // Create NAT gateway.z
+    const elasticIpAllocation = app.addResource(aws.ec2.Eip, {
+      name: "nat-gateway-elastic-ip",
+      config: {
+        domain: "vpc"
+      }
+    });
+    const natGateway = app.addResource(aws.ec2.NatGateway, {
+      name: "nat-gateway",
+      config: {
+        allocationId: elasticIpAllocation.output.id,
+        subnetId: publicSubnet.output.id
+      }
+    });
+
+    // Create a route table for both subnets.
+    const publicSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {
+      name: "public",
+      config: {
+        vpcId: vpc.output.id,
+        routes: [{
+          cidrBlock: "0.0.0.0/0",
+          gatewayId: internetGateway.output.id
+        }]
+      }
+    });
+    const privateSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {
+      name: "private",
+      config: {
+        vpcId: vpc.output.id,
+        routes: [{
+          cidrBlock: "0.0.0.0/0",
+          natGatewayId: natGateway.output.id
+        }]
+      }
+    });
+
+    // Create route table associations - links between subnets and route tables.
+    app.addResource(aws.ec2.RouteTableAssociation, {
+      name: "public-subnet-route-table-association",
+      config: {
+        subnetId: publicSubnet.output.id,
+        routeTableId: publicSubnetRouteTable.output.id
+      }
+    });
+    app.addResource(aws.ec2.RouteTableAssociation, {
+      name: "private-subnet-1-route-table-association",
+      config: {
+        subnetId: privateSubnet1.output.id,
+        routeTableId: privateSubnetRouteTable.output.id
+      }
+    });
+    app.addResource(aws.ec2.RouteTableAssociation, {
+      name: "private-subnet-2-route-table-association",
+      config: {
+        subnetId: privateSubnet2.output.id,
+        routeTableId: privateSubnetRouteTable.output.id
+      }
+    });
+    app.addResource(aws.ec2.RouteTableAssociation, {
+      name: "private-subnet-3-route-table-association",
+      config: {
+        subnetId: privateSubnet3.output.id,
+        routeTableId: privateSubnetRouteTable.output.id
+      }
+    });
+    const subnets = {
+      public: [publicSubnet],
+      private: [privateSubnet1, privateSubnet2, privateSubnet3]
+    };
+    const routeTables = {
+      privateSubnets: privateSubnetRouteTable,
+      publicSubnets: publicSubnetRouteTable
+    };
+    app.addOutputs({
+      vpcPublicSubnetIds: subnets.public.map(subNet => subNet.output.id),
+      vpcPrivateSubnetIds: subnets.private.map(subNet => subNet.output.id),
+      vpcSecurityGroupIds: [vpc.output.defaultSecurityGroupId]
+    });
+    return {
+      vpc,
+      subnets,
+      routeTables
+    };
+  }
+});
+
+//# sourceMappingURL=CoreVpc.js.map

package/pulumi/apps/core/CoreVpc.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["aws","createAppModule","CoreVpc","name","config","app","vpc","addResource","ec2","Vpc","cidrBlock","publicSubnet","Subnet","vpcId","output","id","tags","Name","availabilityZones","addHandler","getAvailabilityZones","state","privateSubnet1","availabilityZone","apply","zone","names","privateSubnet2","privateSubnet3","internetGateway","InternetGateway","elasticIpAllocation","Eip","domain","natGateway","NatGateway","allocationId","subnetId","publicSubnetRouteTable","RouteTable","routes","gatewayId","privateSubnetRouteTable","natGatewayId","RouteTableAssociation","routeTableId","subnets","public","private","routeTables","privateSubnets","publicSubnets","addOutputs","vpcPublicSubnetIds","map","subNet","vpcPrivateSubnetIds","vpcSecurityGroupIds","defaultSecurityGroupId"],"sources":["CoreVpc.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, type PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type CoreVpc = PulumiAppModule<typeof CoreVpc>;\n\nexport const CoreVpc = createAppModule({\n    name: \"CoreVpc\",\n    config(app) {\n        // Create VPC.\n        const vpc = app.addResource(aws.ec2.Vpc, {\n            name: \"webiny\",\n            config: {\n                cidrBlock: \"10.0.0.0/16\"\n            }\n        });\n\n        // Create one public and three private subnets.\n        // The third subnet will use the third AZ if available, otherwise reuses the first AZ.\n        const publicSubnet = app.addResource(aws.ec2.Subnet, {\n            name: \"public\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.0.0/24\",\n                tags: { Name: \"public-subnet\" }\n            }\n        });\n\n        const availabilityZones = app.addHandler(() => {\n            return aws.getAvailabilityZones({\n                state: \"available\"\n            });\n        });\n\n        const privateSubnet1 = app.addResource(aws.ec2.Subnet, {\n            name: \"private-subnet-1\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.1.0/24\",\n                availabilityZone: availabilityZones.apply(zone => zone.names[0]),\n                tags: { Name: \"private-subnet-1\" }\n            }\n        });\n\n        const privateSubnet2 = app.addResource(aws.ec2.Subnet, {\n            name: \"private-subnet-2\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.2.0/24\",\n                availabilityZone: availabilityZones.apply(zone => zone.names[1] || zone.names[0]),\n                tags: { Name: \"private-subnet-2\" }\n            }\n        });\n\n        const privateSubnet3 = app.addResource(aws.ec2.Subnet, {\n            name: \"private-subnet-3\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.3.0/24\",\n                availabilityZone: availabilityZones.apply(zone => zone.names[2] || zone.names[0]),\n                tags: { Name: \"private-subnet-3\" }\n            }\n        });\n\n        // Create Internet gateway.\n        const internetGateway = app.addResource(aws.ec2.InternetGateway, {\n            name: \"internet-gateway\",\n            config: {\n                vpcId: vpc.output.id\n            }\n        });\n\n        // Create NAT gateway.z\n        const elasticIpAllocation = app.addResource(aws.ec2.Eip, {\n            name: \"nat-gateway-elastic-ip\",\n            config: {\n                domain: \"vpc\"\n            }\n        });\n\n        const natGateway = app.addResource(aws.ec2.NatGateway, {\n            name: \"nat-gateway\",\n            config: {\n                allocationId: elasticIpAllocation.output.id,\n                subnetId: publicSubnet.output.id\n            }\n        });\n\n        // Create a route table for both subnets.\n        const publicSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {\n            name: \"public\",\n            config: {\n                vpcId: vpc.output.id,\n                routes: [\n                    {\n                        cidrBlock: \"0.0.0.0/0\",\n                        gatewayId: internetGateway.output.id\n                    }\n                ]\n            }\n        });\n\n        const privateSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {\n            name: \"private\",\n            config: {\n                vpcId: vpc.output.id,\n                routes: [\n                    {\n                        cidrBlock: \"0.0.0.0/0\",\n                        natGatewayId: natGateway.output.id\n                    }\n                ]\n            }\n        });\n\n        // Create route table associations - links between subnets and route tables.\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"public-subnet-route-table-association\",\n            config: {\n                subnetId: publicSubnet.output.id,\n                routeTableId: publicSubnetRouteTable.output.id\n            }\n        });\n\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"private-subnet-1-route-table-association\",\n            config: {\n                subnetId: privateSubnet1.output.id,\n                routeTableId: privateSubnetRouteTable.output.id\n            }\n        });\n\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"private-subnet-2-route-table-association\",\n            config: {\n                subnetId: privateSubnet2.output.id,\n                routeTableId: privateSubnetRouteTable.output.id\n            }\n        });\n\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"private-subnet-3-route-table-association\",\n            config: {\n                subnetId: privateSubnet3.output.id,\n                routeTableId: privateSubnetRouteTable.output.id\n            }\n        });\n\n        const subnets = {\n            public: [publicSubnet],\n            private: [privateSubnet1, privateSubnet2, privateSubnet3]\n        };\n\n        const routeTables = {\n            privateSubnets: privateSubnetRouteTable,\n            publicSubnets: publicSubnetRouteTable\n        };\n\n        app.addOutputs({\n            vpcPublicSubnetIds: subnets.public.map(subNet => subNet.output.id),\n            vpcPrivateSubnetIds: subnets.private.map(subNet => subNet.output.id),\n            vpcSecurityGroupIds: [vpc.output.defaultSecurityGroupId]\n        });\n\n        return {\n            vpc,\n            subnets,\n            routeTables\n        };\n    }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,QAA8B,gBAAgB;AAItE,OAAO,MAAMC,OAAO,GAAGD,eAAe,CAAC;EACnCE,IAAI,EAAE,SAAS;EACfC,MAAMA,CAACC,GAAG,EAAE;IACR;IACA,MAAMC,GAAG,GAAGD,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACC,GAAG,EAAE;MACrCN,IAAI,EAAE,QAAQ;MACdC,MAAM,EAAE;QACJM,SAAS,EAAE;MACf;IACJ,CAAC,CAAC;;IAEF;IACA;IACA,MAAMC,YAAY,GAAGN,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACI,MAAM,EAAE;MACjDT,IAAI,EAAE,QAAQ;MACdC,MAAM,EAAE;QACJS,KAAK,EAAEP,GAAG,CAACQ,MAAM,CAACC,EAAE;QACpBL,SAAS,EAAE,aAAa;QACxBM,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAgB;MAClC;IACJ,CAAC,CAAC;IAEF,MAAMC,iBAAiB,GAAGb,GAAG,CAACc,UAAU,CAAC,MAAM;MAC3C,OAAOnB,GAAG,CAACoB,oBAAoB,CAAC;QAC5BC,KAAK,EAAE;MACX,CAAC,CAAC;IACN,CAAC,CAAC;IAEF,MAAMC,cAAc,GAAGjB,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACI,MAAM,EAAE;MACnDT,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;QACJS,KAAK,EAAEP,GAAG,CAACQ,MAAM,CAACC,EAAE;QACpBL,SAAS,EAAE,aAAa;QACxBa,gBAAgB,EAAEL,iBAAiB,CAACM,KAAK,CAACC,IAAI,IAAIA,IAAI,CAACC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChEV,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAmB;MACrC;IACJ,CAAC,CAAC;IAEF,MAAMU,cAAc,GAAGtB,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACI,MAAM,EAAE;MACnDT,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;QACJS,KAAK,EAAEP,GAAG,CAACQ,MAAM,CAACC,EAAE;QACpBL,SAAS,EAAE,aAAa;QACxBa,gBAAgB,EAAEL,iBAAiB,CAACM,KAAK,CAACC,IAAI,IAAIA,IAAI,CAACC,KAAK,CAAC,CAAC,CAAC,IAAID,IAAI,CAACC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjFV,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAmB;MACrC;IACJ,CAAC,CAAC;IAEF,MAAMW,cAAc,GAAGvB,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACI,MAAM,EAAE;MACnDT,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;QACJS,KAAK,EAAEP,GAAG,CAACQ,MAAM,CAACC,EAAE;QACpBL,SAAS,EAAE,aAAa;QACxBa,gBAAgB,EAAEL,iBAAiB,CAACM,KAAK,CAACC,IAAI,IAAIA,IAAI,CAACC,KAAK,CAAC,CAAC,CAAC,IAAID,IAAI,CAACC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjFV,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAmB;MACrC;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMY,eAAe,GAAGxB,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACsB,eAAe,EAAE;MAC7D3B,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;QACJS,KAAK,EAAEP,GAAG,CAACQ,MAAM,CAACC;MACtB;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMgB,mBAAmB,GAAG1B,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACwB,GAAG,EAAE;MACrD7B,IAAI,EAAE,wBAAwB;MAC9BC,MAAM,EAAE;QACJ6B,MAAM,EAAE;MACZ;IACJ,CAAC,CAAC;IAEF,MAAMC,UAAU,GAAG7B,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAAC2B,UAAU,EAAE;MACnDhC,IAAI,EAAE,aAAa;MACnBC,MAAM,EAAE;QACJgC,YAAY,EAAEL,mBAAmB,CAACjB,MAAM,CAACC,EAAE;QAC3CsB,QAAQ,EAAE1B,YAAY,CAACG,MAAM,CAACC;MAClC;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMuB,sBAAsB,GAAGjC,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAAC+B,UAAU,EAAE;MAC/DpC,IAAI,EAAE,QAAQ;MACdC,MAAM,EAAE;QACJS,KAAK,EAAEP,GAAG,CAACQ,MAAM,CAACC,EAAE;QACpByB,MAAM,EAAE,CACJ;UACI9B,SAAS,EAAE,WAAW;UACtB+B,SAAS,EAAEZ,eAAe,CAACf,MAAM,CAACC;QACtC,CAAC;MAET;IACJ,CAAC,CAAC;IAEF,MAAM2B,uBAAuB,GAAGrC,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAAC+B,UAAU,EAAE;MAChEpC,IAAI,EAAE,SAAS;MACfC,MAAM,EAAE;QACJS,KAAK,EAAEP,GAAG,CAACQ,MAAM,CAACC,EAAE;QACpByB,MAAM,EAAE,CACJ;UACI9B,SAAS,EAAE,WAAW;UACtBiC,YAAY,EAAET,UAAU,CAACpB,MAAM,CAACC;QACpC,CAAC;MAET;IACJ,CAAC,CAAC;;IAEF;IACAV,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACoC,qBAAqB,EAAE;MAC3CzC,IAAI,EAAE,uCAAuC;MAC7CC,MAAM,EAAE;QACJiC,QAAQ,EAAE1B,YAAY,CAACG,MAAM,CAACC,EAAE;QAChC8B,YAAY,EAAEP,sBAAsB,CAACxB,MAAM,CAACC;MAChD;IACJ,CAAC,CAAC;IAEFV,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACoC,qBAAqB,EAAE;MAC3CzC,IAAI,EAAE,0CAA0C;MAChDC,MAAM,EAAE;QACJiC,QAAQ,EAAEf,cAAc,CAACR,MAAM,CAACC,EAAE;QAClC8B,YAAY,EAAEH,uBAAuB,CAAC5B,MAAM,CAACC;MACjD;IACJ,CAAC,CAAC;IAEFV,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACoC,qBAAqB,EAAE;MAC3CzC,IAAI,EAAE,0CAA0C;MAChDC,MAAM,EAAE;QACJiC,QAAQ,EAAEV,cAAc,CAACb,MAAM,CAACC,EAAE;QAClC8B,YAAY,EAAEH,uBAAuB,CAAC5B,MAAM,CAACC;MACjD;IACJ,CAAC,CAAC;IAEFV,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACoC,qBAAqB,EAAE;MAC3CzC,IAAI,EAAE,0CAA0C;MAChDC,MAAM,EAAE;QACJiC,QAAQ,EAAET,cAAc,CAACd,MAAM,CAACC,EAAE;QAClC8B,YAAY,EAAEH,uBAAuB,CAAC5B,MAAM,CAACC;MACjD;IACJ,CAAC,CAAC;IAEF,MAAM+B,OAAO,GAAG;MACZC,MAAM,EAAE,CAACpC,YAAY,CAAC;MACtBqC,OAAO,EAAE,CAAC1B,cAAc,EAAEK,cAAc,EAAEC,cAAc;IAC5D,CAAC;IAED,MAAMqB,WAAW,GAAG;MAChBC,cAAc,EAAER,uBAAuB;MACvCS,aAAa,EAAEb;IACnB,CAAC;IAEDjC,GAAG,CAAC+C,UAAU,CAAC;MACXC,kBAAkB,EAAEP,OAAO,CAACC,MAAM,CAACO,GAAG,CAACC,MAAM,IAAIA,MAAM,CAACzC,MAAM,CAACC,EAAE,CAAC;MAClEyC,mBAAmB,EAAEV,OAAO,CAACE,OAAO,CAACM,GAAG,CAACC,MAAM,IAAIA,MAAM,CAACzC,MAAM,CAACC,EAAE,CAAC;MACpE0C,mBAAmB,EAAE,CAACnD,GAAG,CAACQ,MAAM,CAAC4C,sBAAsB;IAC3D,CAAC,CAAC;IAEF,OAAO;MACHpD,GAAG;MACHwC,OAAO;MACPG;IACJ,CAAC;EACL;AACJ,CAAC,CAAC","ignoreList":[]}

package/pulumi/apps/core/LogDynamo.d.ts

@@ -0,0 +1,5 @@
+import { type PulumiAppModule } from "@webiny/pulumi";
+export type LogDynamo = PulumiAppModule<typeof LogDynamo>;
+export declare const LogDynamo: import("@webiny/pulumi").PulumiAppModuleDefinition<import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/table").Table>, {
+    protect: boolean;
+}>;

package/pulumi/apps/core/LogDynamo.js

@@ -0,0 +1,94 @@
+import * as aws from "@pulumi/aws";
+import { createAppModule } from "@webiny/pulumi";
+export const LogDynamo = createAppModule({
+  name: "DynamoDbLog",
+  config(app, params) {
+    return app.addResource(aws.dynamodb.Table, {
+      name: "webiny-log",
+      config: {
+        attributes: [{
+          name: "PK",
+          type: "S"
+        }, {
+          name: "SK",
+          type: "S"
+        }, {
+          name: "GSI_TENANT",
+          type: "S"
+        }, {
+          name: "GSI1_PK",
+          type: "S"
+        }, {
+          name: "GSI1_SK",
+          type: "S"
+        }, {
+          name: "GSI2_PK",
+          type: "S"
+        }, {
+          name: "GSI2_SK",
+          type: "S"
+        }, {
+          name: "GSI3_PK",
+          type: "S"
+        }, {
+          name: "GSI3_SK",
+          type: "S"
+        }, {
+          name: "GSI4_PK",
+          type: "S"
+        }, {
+          name: "GSI4_SK",
+          type: "S"
+        }, {
+          name: "GSI5_PK",
+          type: "S"
+        }, {
+          name: "GSI5_SK",
+          type: "S"
+        }],
+        billingMode: "PAY_PER_REQUEST",
+        hashKey: "PK",
+        rangeKey: "SK",
+        globalSecondaryIndexes: [{
+          name: "GSI_TENANT",
+          hashKey: "GSI_TENANT",
+          projectionType: "KEYS_ONLY"
+        }, {
+          name: "GSI1",
+          hashKey: "GSI1_PK",
+          rangeKey: "GSI1_SK",
+          projectionType: "ALL"
+        }, {
+          name: "GSI2",
+          hashKey: "GSI2_PK",
+          rangeKey: "GSI2_SK",
+          projectionType: "ALL"
+        }, {
+          name: "GSI3",
+          hashKey: "GSI3_PK",
+          rangeKey: "GSI3_SK",
+          projectionType: "ALL"
+        }, {
+          name: "GSI4",
+          hashKey: "GSI4_PK",
+          rangeKey: "GSI4_SK",
+          projectionType: "ALL"
+        }, {
+          name: "GSI5",
+          hashKey: "GSI5_PK",
+          rangeKey: "GSI5_SK",
+          projectionType: "ALL"
+        }],
+        ttl: {
+          attributeName: "expiresAt",
+          enabled: true
+        }
+      },
+      opts: {
+        protect: params.protect
+      }
+    });
+  }
+});
+
+//# sourceMappingURL=LogDynamo.js.map

package/pulumi/apps/core/LogDynamo.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["aws","createAppModule","LogDynamo","name","config","app","params","addResource","dynamodb","Table","attributes","type","billingMode","hashKey","rangeKey","globalSecondaryIndexes","projectionType","ttl","attributeName","enabled","opts","protect"],"sources":["LogDynamo.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, type PulumiApp, type PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type LogDynamo = PulumiAppModule<typeof LogDynamo>;\n\nexport const LogDynamo = createAppModule({\n    name: \"DynamoDbLog\",\n    config(app: PulumiApp, params: { protect: boolean }) {\n        return app.addResource(aws.dynamodb.Table, {\n            name: \"webiny-log\",\n            config: {\n                attributes: [\n                    { name: \"PK\", type: \"S\" },\n                    { name: \"SK\", type: \"S\" },\n                    { name: \"GSI_TENANT\", type: \"S\" },\n                    { name: \"GSI1_PK\", type: \"S\" },\n                    { name: \"GSI1_SK\", type: \"S\" },\n                    { name: \"GSI2_PK\", type: \"S\" },\n                    { name: \"GSI2_SK\", type: \"S\" },\n                    { name: \"GSI3_PK\", type: \"S\" },\n                    { name: \"GSI3_SK\", type: \"S\" },\n                    { name: \"GSI4_PK\", type: \"S\" },\n                    { name: \"GSI4_SK\", type: \"S\" },\n                    { name: \"GSI5_PK\", type: \"S\" },\n                    { name: \"GSI5_SK\", type: \"S\" }\n                ],\n                billingMode: \"PAY_PER_REQUEST\",\n                hashKey: \"PK\",\n                rangeKey: \"SK\",\n                globalSecondaryIndexes: [\n                    {\n                        name: \"GSI_TENANT\",\n                        hashKey: \"GSI_TENANT\",\n                        projectionType: \"KEYS_ONLY\"\n                    },\n                    {\n                        name: \"GSI1\",\n                        hashKey: \"GSI1_PK\",\n                        rangeKey: \"GSI1_SK\",\n                        projectionType: \"ALL\"\n                    },\n                    {\n                        name: \"GSI2\",\n                        hashKey: \"GSI2_PK\",\n                        rangeKey: \"GSI2_SK\",\n                        projectionType: \"ALL\"\n                    },\n                    {\n                        name: \"GSI3\",\n                        hashKey: \"GSI3_PK\",\n                        rangeKey: \"GSI3_SK\",\n                        projectionType: \"ALL\"\n                    },\n                    {\n                        name: \"GSI4\",\n                        hashKey: \"GSI4_PK\",\n                        rangeKey: \"GSI4_SK\",\n                        projectionType: \"ALL\"\n                    },\n                    {\n                        name: \"GSI5\",\n                        hashKey: \"GSI5_PK\",\n                        rangeKey: \"GSI5_SK\",\n                        projectionType: \"ALL\"\n                    }\n                ],\n                ttl: {\n                    attributeName: \"expiresAt\",\n                    enabled: true\n                }\n            },\n            opts: {\n                protect: params.protect\n            }\n        });\n    }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,QAA8C,gBAAgB;AAItF,OAAO,MAAMC,SAAS,GAAGD,eAAe,CAAC;EACrCE,IAAI,EAAE,aAAa;EACnBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,OAAOD,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,QAAQ,CAACC,KAAK,EAAE;MACvCN,IAAI,EAAE,YAAY;MAClBC,MAAM,EAAE;QACJM,UAAU,EAAE,CACR;UAAEP,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,YAAY;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACjC;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,CACjC;QACDC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACIZ,IAAI,EAAE,YAAY;UAClBU,OAAO,EAAE,YAAY;UACrBG,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDC,aAAa,EAAE,WAAW;UAC1BC,OAAO,EAAE;QACb;MACJ,CAAC;MACDC,IAAI,EAAE;QACFC,OAAO,EAAEf,MAAM,CAACe;MACpB;IACJ,CAAC,CAAC;EACN;AACJ,CAAC,CAAC","ignoreList":[]}

package/pulumi/apps/core/WatchCommand.d.ts

@@ -0,0 +1,7 @@
+import * as pulumi from "@pulumi/pulumi";
+export interface WatchCommandParams {
+    deploymentId: pulumi.Output<string>;
+}
+export declare const WatchCommand: import("@webiny/pulumi").PulumiAppModuleDefinition<{
+    iotAuthorizerFunction: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
+}, WatchCommandParams>;

package/pulumi/apps/core/WatchCommand.js

@@ -0,0 +1,105 @@
+import * as aws from "@pulumi/aws";
+import { createAppModule } from "@webiny/pulumi";
+import { LAMBDA_RUNTIME } from "../../constants.js";
+import * as pulumi from "@pulumi/pulumi";
+import path from "path";
+import { CoreVpc } from "../index.js";
+export const WatchCommand = createAppModule({
+  name: "WatchCommand",
+  config(app, params) {
+    const roleName = "iot-authorizer-lambda-role";
+    const role = app.addResource(aws.iam.Role, {
+      name: roleName,
+      config: {
+        assumeRolePolicy: {
+          Version: "2012-10-17",
+          Statement: [{
+            Action: "sts:AssumeRole",
+            Principal: {
+              Service: "lambda.amazonaws.com"
+            },
+            Effect: "Allow"
+          }]
+        }
+      },
+      meta: {
+        isLambdaFunctionRole: true
+      }
+    });
+    const vpc = app.getModule(CoreVpc, {
+      optional: true
+    });
+
+    // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.
+    if (vpc) {
+      app.addResource(aws.iam.RolePolicyAttachment, {
+        name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,
+        config: {
+          role: role.output,
+          policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole
+        }
+      });
+    } else {
+      app.addResource(aws.iam.RolePolicyAttachment, {
+        name: `${roleName}-AWSLambdaBasicExecutionRole`,
+        config: {
+          role: role.output,
+          policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole
+        }
+      });
+    }
+    const iotAuthorizerFunction = app.addResource(aws.lambda.Function, {
+      name: "watch-command-iot-authorizer",
+      config: {
+        role: role.output.arn,
+        runtime: LAMBDA_RUNTIME,
+        handler: "handler.handler",
+        timeout: 10,
+        memorySize: 128,
+        description: "Authorizes 'webiny watch' command communication.",
+        code: new pulumi.asset.AssetArchive({
+          ".": new pulumi.asset.FileArchive(path.join(import.meta.dirname, "webinyWatchCommand"))
+        }),
+        environment: {
+          variables: {
+            WEBINY_WATCH_COMMAND_TOPIC: params.deploymentId.apply(deploymentId => {
+              return `webiny-watch-${deploymentId}`;
+            })
+          }
+        },
+        vpcConfig: vpc ? {
+          subnetIds: vpc.subnets.private.map(s => s.output.id),
+          securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]
+        } : undefined,
+        loggingConfig: {
+          logFormat: "JSON"
+        }
+      }
+    });
+    const iotAuthorizer = app.addResource(aws.iot.Authorizer, {
+      name: "watch-command-iot-authorizer",
+      config: {
+        signingDisabled: true,
+        authorizerFunctionArn: iotAuthorizerFunction.output.arn,
+        status: "ACTIVE"
+      }
+    });
+    app.addResource(aws.lambda.Permission, {
+      name: "webiny-watch-iot-authorizer",
+      config: {
+        principal: "iot.amazonaws.com",
+        function: iotAuthorizerFunction.output.arn,
+        sourceArn: iotAuthorizer.output.arn,
+        action: "lambda:InvokeFunction"
+      }
+    });
+    app.addOutputs({
+      iotAuthorizerName: iotAuthorizer.output.name
+    });
+    return {
+      iotAuthorizerFunction
+    };
+  }
+});
+
+//# sourceMappingURL=WatchCommand.js.map

package/pulumi/apps/core/WatchCommand.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["aws","createAppModule","LAMBDA_RUNTIME","pulumi","path","CoreVpc","WatchCommand","name","config","app","params","roleName","role","addResource","iam","Role","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","meta","isLambdaFunctionRole","vpc","getModule","optional","RolePolicyAttachment","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","iotAuthorizerFunction","lambda","Function","arn","runtime","handler","timeout","memorySize","description","code","asset","AssetArchive","FileArchive","join","import","dirname","environment","variables","WEBINY_WATCH_COMMAND_TOPIC","deploymentId","apply","vpcConfig","subnetIds","subnets","private","map","s","id","securityGroupIds","defaultSecurityGroupId","undefined","loggingConfig","logFormat","iotAuthorizer","iot","Authorizer","signingDisabled","authorizerFunctionArn","status","Permission","principal","function","sourceArn","action","addOutputs","iotAuthorizerName"],"sources":["WatchCommand.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, type PulumiApp } from \"@webiny/pulumi\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport path from \"path\";\nimport { CoreVpc } from \"~/pulumi/apps/index.js\";\n\nexport interface WatchCommandParams {\n    deploymentId: pulumi.Output<string>;\n}\n\nexport const WatchCommand = createAppModule({\n    name: \"WatchCommand\",\n    config(app: PulumiApp, params: WatchCommandParams) {\n        const roleName = \"iot-authorizer-lambda-role\";\n\n        const role = app.addResource(aws.iam.Role, {\n            name: roleName,\n            config: {\n                assumeRolePolicy: {\n                    Version: \"2012-10-17\",\n                    Statement: [\n                        {\n                            Action: \"sts:AssumeRole\",\n                            Principal: {\n                                Service: \"lambda.amazonaws.com\"\n                            },\n                            Effect: \"Allow\"\n                        }\n                    ]\n                }\n            },\n            meta: { isLambdaFunctionRole: true }\n        });\n\n        const vpc = app.getModule(CoreVpc, { optional: true });\n\n        // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n        if (vpc) {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n                }\n            });\n        } else {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaBasicExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n                }\n            });\n        }\n\n        const iotAuthorizerFunction = app.addResource(aws.lambda.Function, {\n            name: \"watch-command-iot-authorizer\",\n            config: {\n                role: role.output.arn,\n                runtime: LAMBDA_RUNTIME,\n                handler: \"handler.handler\",\n                timeout: 10,\n                memorySize: 128,\n                description: \"Authorizes 'webiny watch' command communication.\",\n                code: new pulumi.asset.AssetArchive({\n                    \".\": new pulumi.asset.FileArchive(\n                        path.join(import.meta.dirname, \"webinyWatchCommand\")\n                    )\n                }),\n                environment: {\n                    variables: {\n                        WEBINY_WATCH_COMMAND_TOPIC: params.deploymentId.apply(deploymentId => {\n                            return `webiny-watch-${deploymentId}`;\n                        })\n                    }\n                },\n                vpcConfig: vpc\n                    ? {\n                          subnetIds: vpc.subnets.private.map(s => s.output.id),\n                          securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                      }\n                    : undefined,\n                loggingConfig: {\n                    logFormat: \"JSON\"\n                }\n            }\n        });\n\n        const iotAuthorizer = app.addResource(aws.iot.Authorizer, {\n            name: \"watch-command-iot-authorizer\",\n            config: {\n                signingDisabled: true,\n                authorizerFunctionArn: iotAuthorizerFunction.output.arn,\n                status: \"ACTIVE\"\n            }\n        });\n\n        app.addResource(aws.lambda.Permission, {\n            name: \"webiny-watch-iot-authorizer\",\n            config: {\n                principal: \"iot.amazonaws.com\",\n                function: iotAuthorizerFunction.output.arn,\n                sourceArn: iotAuthorizer.output.arn,\n                action: \"lambda:InvokeFunction\"\n            }\n        });\n\n        app.addOutputs({\n            iotAuthorizerName: iotAuthorizer.output.name\n        });\n\n        return { iotAuthorizerFunction };\n    }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,QAAwB,gBAAgB;AAChE,SAASC,cAAc;AACvB,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAOC,IAAI,MAAM,MAAM;AACvB,SAASC,OAAO;AAMhB,OAAO,MAAMC,YAAY,GAAGL,eAAe,CAAC;EACxCM,IAAI,EAAE,cAAc;EACpBC,MAAMA,CAACC,GAAc,EAAEC,MAA0B,EAAE;IAC/C,MAAMC,QAAQ,GAAG,4BAA4B;IAE7C,MAAMC,IAAI,GAAGH,GAAG,CAACI,WAAW,CAACb,GAAG,CAACc,GAAG,CAACC,IAAI,EAAE;MACvCR,IAAI,EAAEI,QAAQ;MACdH,MAAM,EAAE;QACJQ,gBAAgB,EAAE;UACdC,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,MAAM,EAAE,gBAAgB;YACxBC,SAAS,EAAE;cACPC,OAAO,EAAE;YACb,CAAC;YACDC,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACDC,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,GAAG,GAAGhB,GAAG,CAACiB,SAAS,CAACrB,OAAO,EAAE;MAAEsB,QAAQ,EAAE;IAAK,CAAC,CAAC;;IAEtD;IACA,IAAIF,GAAG,EAAE;MACLhB,GAAG,CAACI,WAAW,CAACb,GAAG,CAACc,GAAG,CAACc,oBAAoB,EAAE;QAC1CrB,IAAI,EAAE,GAAGI,QAAQ,kCAAkC;QACnDH,MAAM,EAAE;UACJI,IAAI,EAAEA,IAAI,CAACiB,MAAM;UACjBC,SAAS,EAAE9B,GAAG,CAACc,GAAG,CAACiB,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHvB,GAAG,CAACI,WAAW,CAACb,GAAG,CAACc,GAAG,CAACc,oBAAoB,EAAE;QAC1CrB,IAAI,EAAE,GAAGI,QAAQ,8BAA8B;QAC/CH,MAAM,EAAE;UACJI,IAAI,EAAEA,IAAI,CAACiB,MAAM;UACjBC,SAAS,EAAE9B,GAAG,CAACc,GAAG,CAACiB,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEA,MAAMC,qBAAqB,GAAGzB,GAAG,CAACI,WAAW,CAACb,GAAG,CAACmC,MAAM,CAACC,QAAQ,EAAE;MAC/D7B,IAAI,EAAE,8BAA8B;MACpCC,MAAM,EAAE;QACJI,IAAI,EAAEA,IAAI,CAACiB,MAAM,CAACQ,GAAG;QACrBC,OAAO,EAAEpC,cAAc;QACvBqC,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,EAAE;QACXC,UAAU,EAAE,GAAG;QACfC,WAAW,EAAE,kDAAkD;QAC/DC,IAAI,EAAE,IAAIxC,MAAM,CAACyC,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAI1C,MAAM,CAACyC,KAAK,CAACE,WAAW,CAC7B1C,IAAI,CAAC2C,IAAI,CAACC,MAAM,CAACzB,IAAI,CAAC0B,OAAO,EAAE,oBAAoB,CACvD;QACJ,CAAC,CAAC;QACFC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,0BAA0B,EAAE1C,MAAM,CAAC2C,YAAY,CAACC,KAAK,CAACD,YAAY,IAAI;cAClE,OAAO,gBAAgBA,YAAY,EAAE;YACzC,CAAC;UACL;QACJ,CAAC;QACDE,SAAS,EAAE9B,GAAG,GACR;UACI+B,SAAS,EAAE/B,GAAG,CAACgC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAAC/B,MAAM,CAACgC,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAACrC,GAAG,CAACA,GAAG,CAACI,MAAM,CAACkC,sBAAsB;QAC5D,CAAC,GACDC,SAAS;QACfC,aAAa,EAAE;UACXC,SAAS,EAAE;QACf;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,aAAa,GAAG1D,GAAG,CAACI,WAAW,CAACb,GAAG,CAACoE,GAAG,CAACC,UAAU,EAAE;MACtD9D,IAAI,EAAE,8BAA8B;MACpCC,MAAM,EAAE;QACJ8D,eAAe,EAAE,IAAI;QACrBC,qBAAqB,EAAErC,qBAAqB,CAACL,MAAM,CAACQ,GAAG;QACvDmC,MAAM,EAAE;MACZ;IACJ,CAAC,CAAC;IAEF/D,GAAG,CAACI,WAAW,CAACb,GAAG,CAACmC,MAAM,CAACsC,UAAU,EAAE;MACnClE,IAAI,EAAE,6BAA6B;MACnCC,MAAM,EAAE;QACJkE,SAAS,EAAE,mBAAmB;QAC9BC,QAAQ,EAAEzC,qBAAqB,CAACL,MAAM,CAACQ,GAAG;QAC1CuC,SAAS,EAAET,aAAa,CAACtC,MAAM,CAACQ,GAAG;QACnCwC,MAAM,EAAE;MACZ;IACJ,CAAC,CAAC;IAEFpE,GAAG,CAACqE,UAAU,CAAC;MACXC,iBAAiB,EAAEZ,aAAa,CAACtC,MAAM,CAACtB;IAC5C,CAAC,CAAC;IAEF,OAAO;MAAE2B;IAAsB,CAAC;EACpC;AACJ,CAAC,CAAC","ignoreList":[]}

package/pulumi/apps/core/cognitoIdentityProviders/amazon.d.ts

@@ -0,0 +1,9 @@
+import type * as pulumi from "@pulumi/pulumi";
+import { type IdentityProviderArgs } from "@pulumi/aws/cognito/index.js";
+import { type CognitoIdentityProviderConfig } from "./configure.js";
+/**
+ * Amazon doesn't provide first/last name as separate attributes. Instead, it gives you a `name`.
+ * To handle this, developers will need to set up a pre-authentication Lambda trigger on the user pool,
+ * to generate proper first/last name using custom code.
+ */
+export declare const getAmazonIdpConfig: (userPoolId: pulumi.Input<string>, config: CognitoIdentityProviderConfig) => IdentityProviderArgs;

package/pulumi/apps/core/cognitoIdentityProviders/amazon.js

@@ -0,0 +1,24 @@
+/**
+ * Amazon doesn't provide first/last name as separate attributes. Instead, it gives you a `name`.
+ * To handle this, developers will need to set up a pre-authentication Lambda trigger on the user pool,
+ * to generate proper first/last name using custom code.
+ */
+export const getAmazonIdpConfig = (userPoolId, config) => {
+  return {
+    userPoolId,
+    providerName: "Amazon",
+    providerType: "LoginWithAmazon",
+    providerDetails: config.providerDetails,
+    idpIdentifiers: config.idpIdentifiers,
+    attributeMapping: {
+      "custom:id": "user_id",
+      username: "user_id",
+      email: "email",
+      given_name: "name",
+      family_name: "name",
+      ...config.attributeMapping
+    }
+  };
+};
+
+//# sourceMappingURL=amazon.js.map

package/pulumi/apps/core/cognitoIdentityProviders/amazon.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["getAmazonIdpConfig","userPoolId","config","providerName","providerType","providerDetails","idpIdentifiers","attributeMapping","username","email","given_name","family_name"],"sources":["amazon.ts"],"sourcesContent":["import type * as pulumi from \"@pulumi/pulumi\";\nimport { type IdentityProviderArgs } from \"@pulumi/aws/cognito/index.js\";\nimport { type CognitoIdentityProviderConfig } from \"./configure.js\";\n\n/**\n * Amazon doesn't provide first/last name as separate attributes. Instead, it gives you a `name`.\n * To handle this, developers will need to set up a pre-authentication Lambda trigger on the user pool,\n * to generate proper first/last name using custom code.\n */\nexport const getAmazonIdpConfig = (\n    userPoolId: pulumi.Input<string>,\n    config: CognitoIdentityProviderConfig\n): IdentityProviderArgs => {\n    return {\n        userPoolId,\n        providerName: \"Amazon\",\n        providerType: \"LoginWithAmazon\",\n        providerDetails: config.providerDetails,\n        idpIdentifiers: config.idpIdentifiers,\n        attributeMapping: {\n            \"custom:id\": \"user_id\",\n            username: \"user_id\",\n            email: \"email\",\n            given_name: \"name\",\n            family_name: \"name\",\n            ...config.attributeMapping\n        }\n    };\n};\n"],"mappings":"AAIA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMA,kBAAkB,GAAGA,CAC9BC,UAAgC,EAChCC,MAAqC,KACd;EACvB,OAAO;IACHD,UAAU;IACVE,YAAY,EAAE,QAAQ;IACtBC,YAAY,EAAE,iBAAiB;IAC/BC,eAAe,EAAEH,MAAM,CAACG,eAAe;IACvCC,cAAc,EAAEJ,MAAM,CAACI,cAAc;IACrCC,gBAAgB,EAAE;MACd,WAAW,EAAE,SAAS;MACtBC,QAAQ,EAAE,SAAS;MACnBC,KAAK,EAAE,OAAO;MACdC,UAAU,EAAE,MAAM;MAClBC,WAAW,EAAE,MAAM;MACnB,GAAGT,MAAM,CAACK;IACd;EACJ,CAAC;AACL,CAAC","ignoreList":[]}

package/pulumi/apps/core/cognitoIdentityProviders/apple.d.ts

@@ -0,0 +1,4 @@
+import type * as pulumi from "@pulumi/pulumi";
+import { type IdentityProviderArgs } from "@pulumi/aws/cognito/index.js";
+import { type CognitoIdentityProviderConfig } from "./configure.js";
+export declare const getAppleIdpConfig: (userPoolId: pulumi.Input<string>, config: CognitoIdentityProviderConfig) => IdentityProviderArgs;

package/pulumi/apps/core/cognitoIdentityProviders/apple.js

@@ -0,0 +1,19 @@
+export const getAppleIdpConfig = (userPoolId, config) => {
+  return {
+    userPoolId,
+    providerName: "Apple",
+    providerType: "SignInWithApple",
+    providerDetails: config.providerDetails,
+    idpIdentifiers: config.idpIdentifiers,
+    attributeMapping: {
+      "custom:id": "sub",
+      username: "sub",
+      email: "email",
+      given_name: "firstName",
+      family_name: "lastName",
+      ...config.attributeMapping
+    }
+  };
+};
+
+//# sourceMappingURL=apple.js.map

package/pulumi/apps/core/cognitoIdentityProviders/apple.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["getAppleIdpConfig","userPoolId","config","providerName","providerType","providerDetails","idpIdentifiers","attributeMapping","username","email","given_name","family_name"],"sources":["apple.ts"],"sourcesContent":["import type * as pulumi from \"@pulumi/pulumi\";\nimport { type IdentityProviderArgs } from \"@pulumi/aws/cognito/index.js\";\nimport { type CognitoIdentityProviderConfig } from \"./configure.js\";\n\nexport const getAppleIdpConfig = (\n    userPoolId: pulumi.Input<string>,\n    config: CognitoIdentityProviderConfig\n): IdentityProviderArgs => {\n    return {\n        userPoolId,\n        providerName: \"Apple\",\n        providerType: \"SignInWithApple\",\n        providerDetails: config.providerDetails,\n        idpIdentifiers: config.idpIdentifiers,\n        attributeMapping: {\n            \"custom:id\": \"sub\",\n            username: \"sub\",\n            email: \"email\",\n            given_name: \"firstName\",\n            family_name: \"lastName\",\n            ...config.attributeMapping\n        }\n    };\n};\n"],"mappings":"AAIA,OAAO,MAAMA,iBAAiB,GAAGA,CAC7BC,UAAgC,EAChCC,MAAqC,KACd;EACvB,OAAO;IACHD,UAAU;IACVE,YAAY,EAAE,OAAO;IACrBC,YAAY,EAAE,iBAAiB;IAC/BC,eAAe,EAAEH,MAAM,CAACG,eAAe;IACvCC,cAAc,EAAEJ,MAAM,CAACI,cAAc;IACrCC,gBAAgB,EAAE;MACd,WAAW,EAAE,KAAK;MAClBC,QAAQ,EAAE,KAAK;MACfC,KAAK,EAAE,OAAO;MACdC,UAAU,EAAE,WAAW;MACvBC,WAAW,EAAE,UAAU;MACvB,GAAGT,MAAM,CAACK;IACd;EACJ,CAAC;AACL,CAAC","ignoreList":[]}

package/pulumi/apps/core/cognitoIdentityProviders/configure.d.ts

@@ -0,0 +1,28 @@
+import { type UserPoolDomainArgs } from "@pulumi/aws/cognito/userPoolDomain.js";
+import { type IdentityProviderArgs } from "@pulumi/aws/cognito/index.js";
+import { type PulumiApp } from "@webiny/pulumi";
+export type IdentityAttributeMapping = {
+    "custom:id": string;
+    username: string;
+    email: string;
+    family_name: string;
+    given_name: string;
+    [key: string]: string;
+};
+export interface CognitoIdentityProvidersConfig {
+    domain: string | {
+        name: UserPoolDomainArgs["domain"];
+        certificateArn?: UserPoolDomainArgs["certificateArn"];
+    };
+    identityProviders: CognitoIdentityProviderConfig[];
+    callbackUrls: string[];
+    logoutUrls?: string[];
+}
+export interface CognitoIdentityProviderConfig {
+    name?: string;
+    type: "google" | "facebook" | "amazon" | "apple" | "oidc";
+    providerDetails: IdentityProviderArgs["providerDetails"];
+    idpIdentifiers?: IdentityProviderArgs["idpIdentifiers"];
+    attributeMapping?: IdentityAttributeMapping;
+}
+export declare const configureAdminCognitoFederation: (app: PulumiApp, config: CognitoIdentityProvidersConfig) => void;