npm - @webiny/project-aws - Versions diffs - 0.0.0-unstable.61c048f412 - Mend

@webiny/project-aws 0.0.0-unstable.61c048f412

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (547) hide show

package/LICENSE +21 -0
package/README.md +11 -0
package/_templates/appTemplates/admin/src/App.scss +2 -0
package/_templates/appTemplates/admin/src/App.tsx +13 -0
package/_templates/appTemplates/admin/src/Extensions.tsx +7 -0
package/_templates/appTemplates/admin/src/index.tsx +11 -0
package/_templates/appTemplates/admin/tsconfig.json +7 -0
package/_templates/appTemplates/admin/webiny.application.ts +3 -0
package/_templates/appTemplates/admin/webiny.config.ts +3 -0
package/_templates/appTemplates/api/graphql/package.json +31 -0
package/_templates/appTemplates/api/graphql/src/extensions.ts +9 -0
package/_templates/appTemplates/api/graphql/src/index.ts +80 -0
package/_templates/appTemplates/api/graphql/src/security.ts +43 -0
package/_templates/appTemplates/api/graphql/tsconfig.json +7 -0
package/_templates/appTemplates/api/graphql/webiny.config.ts +8 -0
package/_templates/appTemplates/api/migration/src/index.ts +23 -0
package/_templates/appTemplates/api/migration/tsconfig.json +7 -0
package/_templates/appTemplates/api/migration/webiny.config.ts +8 -0
package/_templates/appTemplates/api/webiny.application.ts +3 -0
package/_templates/appTemplates/blueGreen/webiny.application.ts +3 -0
package/_templates/appTemplates/core/webiny.application.ts +3 -0
package/_templates/appTemplates/syncSystem/webiny.application.ts +3 -0
package/_templates/extensions/OpenSearch/api/graphql/src/index.ts +84 -0
package/_templates/extensions/OpenSearch/api/migration/src/index.ts +33 -0
package/_templates/extensions/OpenSearch/coreDdbToEsHandler/dynamoToElastic/src/index.ts +15 -0
package/_templates/extensions/OpenSearch/coreDdbToEsHandler/dynamoToElastic/tsconfig.json +7 -0
package/_templates/extensions/OpenSearch/coreDdbToEsHandler/dynamoToElastic/webiny.config.ts +8 -0
package/abstractions/ApiGqlClient.d.ts +23 -0
package/abstractions/ApiGqlClient.js +4 -0
package/abstractions/ApiGqlClient.js.map +1 -0
package/abstractions/InvokeLambdaFunction.d.ts +18 -0
package/abstractions/InvokeLambdaFunction.js +4 -0
package/abstractions/InvokeLambdaFunction.js.map +1 -0
package/abstractions/index.d.ts +5 -0
package/abstractions/index.js +7 -0
package/abstractions/index.js.map +1 -0
package/abstractions/services/AdminStackOutputService.d.ts +13 -0
package/abstractions/services/AdminStackOutputService.js +4 -0
package/abstractions/services/AdminStackOutputService.js.map +1 -0
package/abstractions/services/ApiStackOutputService.d.ts +30 -0
package/abstractions/services/ApiStackOutputService.js +4 -0
package/abstractions/services/ApiStackOutputService.js.map +1 -0
package/abstractions/services/CoreStackOutputService.d.ts +16 -0
package/abstractions/services/CoreStackOutputService.js +4 -0
package/abstractions/services/CoreStackOutputService.js.map +1 -0
package/admin.d.ts +22 -0
package/admin.js +7 -0
package/admin.js.map +1 -0
package/api.d.ts +22 -0
package/api.js +7 -0
package/api.js.map +1 -0
package/apps/createAdminApp.d.ts +13 -0
package/apps/createAdminApp.js +15 -0
package/apps/createAdminApp.js.map +1 -0
package/apps/createAdminAppConfig.d.ts +2 -0
package/apps/createAdminAppConfig.js +21 -0
package/apps/createAdminAppConfig.js.map +1 -0
package/apps/createApiApp.d.ts +65 -0
package/apps/createApiApp.js +25 -0
package/apps/createApiApp.js.map +1 -0
package/apps/createBlueGreenApp.d.ts +24 -0
package/apps/createBlueGreenApp.js +20 -0
package/apps/createBlueGreenApp.js.map +1 -0
package/apps/createCoreApp.d.ts +36 -0
package/apps/createCoreApp.js +16 -0
package/apps/createCoreApp.js.map +1 -0
package/apps/createReactAppConfig.d.ts +53 -0
package/apps/createReactAppConfig.js +79 -0
package/apps/createReactAppConfig.js.map +1 -0
package/apps/createSyncSystemApp.d.ts +21 -0
package/apps/createSyncSystemApp.js +11 -0
package/apps/createSyncSystemApp.js.map +1 -0
package/apps/index.d.ts +7 -0
package/apps/index.js +9 -0
package/apps/index.js.map +1 -0
package/cli.d.ts +9 -0
package/cli.js +6 -0
package/cli.js.map +1 -0
package/exports/extensions.d.ts +7 -0
package/exports/extensions.js +9 -0
package/exports/extensions.js.map +1 -0
package/exports/infra/admin.d.ts +1 -0
package/exports/infra/admin.js +3 -0
package/exports/infra/admin.js.map +1 -0
package/exports/infra/api.d.ts +1 -0
package/exports/infra/api.js +3 -0
package/exports/infra/api.js.map +1 -0
package/exports/infra/core.d.ts +1 -0
package/exports/infra/core.js +3 -0
package/exports/infra/core.js.map +1 -0
package/extensions/AwsDefaultRegion.d.ts +5 -0
package/extensions/AwsDefaultRegion.js +10 -0
package/extensions/AwsDefaultRegion.js.map +1 -0
package/extensions/OpenSearch/EnsureOsServiceRoleBeforeCoreDeploy.d.ts +10 -0
package/extensions/OpenSearch/EnsureOsServiceRoleBeforeCoreDeploy.js +40 -0
package/extensions/OpenSearch/EnsureOsServiceRoleBeforeCoreDeploy.js.map +1 -0
package/extensions/OpenSearch/EnsureOsWasDeployed.d.ts +11 -0
package/extensions/OpenSearch/EnsureOsWasDeployed.js +34 -0
package/extensions/OpenSearch/EnsureOsWasDeployed.js.map +1 -0
package/extensions/OpenSearch/InjectDdbEsLambdaFnHandler.d.ts +12 -0
package/extensions/OpenSearch/InjectDdbEsLambdaFnHandler.js +31 -0
package/extensions/OpenSearch/InjectDdbEsLambdaFnHandler.js.map +1 -0
package/extensions/OpenSearch/ReplaceApiLambdaFnHandlers.d.ts +12 -0
package/extensions/OpenSearch/ReplaceApiLambdaFnHandlers.js +32 -0
package/extensions/OpenSearch/ReplaceApiLambdaFnHandlers.js.map +1 -0
package/extensions/OpenSearch.d.ts +17 -0
package/extensions/OpenSearch.js +36 -0
package/extensions/OpenSearch.js.map +1 -0
package/extensions/ProjectAws/AdminStackOutputService.d.ts +1 -0
package/extensions/ProjectAws/AdminStackOutputService.js +3 -0
package/extensions/ProjectAws/AdminStackOutputService.js.map +1 -0
package/extensions/ProjectAws/ApiStackOutputService.d.ts +1 -0
package/extensions/ProjectAws/ApiStackOutputService.js +3 -0
package/extensions/ProjectAws/ApiStackOutputService.js.map +1 -0
package/extensions/ProjectAws/AutoInstall/AutoInstallAfterApiDeploy.d.ts +17 -0
package/extensions/ProjectAws/AutoInstall/AutoInstallAfterApiDeploy.js +108 -0
package/extensions/ProjectAws/AutoInstall/AutoInstallAfterApiDeploy.js.map +1 -0
package/extensions/ProjectAws/AutoInstall.d.ts +33 -0
package/extensions/ProjectAws/AutoInstall.js +19 -0
package/extensions/ProjectAws/AutoInstall.js.map +1 -0
package/extensions/ProjectAws/BlueGreenDeployments/EnsureVariantBeforeDeploy.d.ts +10 -0
package/extensions/ProjectAws/BlueGreenDeployments/EnsureVariantBeforeDeploy.js +27 -0
package/extensions/ProjectAws/BlueGreenDeployments/EnsureVariantBeforeDeploy.js.map +1 -0
package/extensions/ProjectAws/BlueGreenDeployments/PrintDeploymentInfoAfterDeploy.d.ts +20 -0
package/extensions/ProjectAws/BlueGreenDeployments/PrintDeploymentInfoAfterDeploy.js +54 -0
package/extensions/ProjectAws/BlueGreenDeployments/PrintDeploymentInfoAfterDeploy.js.map +1 -0
package/extensions/ProjectAws/BlueGreenDeployments/SetPrimaryVariantCliCommand.d.ts +18 -0
package/extensions/ProjectAws/BlueGreenDeployments/SetPrimaryVariantCliCommand.js +60 -0
package/extensions/ProjectAws/BlueGreenDeployments/SetPrimaryVariantCliCommand.js.map +1 -0
package/extensions/ProjectAws/BuildAppWorkspace.d.ts +12 -0
package/extensions/ProjectAws/BuildAppWorkspace.js +66 -0
package/extensions/ProjectAws/BuildAppWorkspace.js.map +1 -0
package/extensions/ProjectAws/CoreStackOutputService.d.ts +1 -0
package/extensions/ProjectAws/CoreStackOutputService.js +3 -0
package/extensions/ProjectAws/CoreStackOutputService.js.map +1 -0
package/extensions/ProjectAws/ExecuteDataMigrations.d.ts +16 -0
package/extensions/ProjectAws/ExecuteDataMigrations.js +69 -0
package/extensions/ProjectAws/ExecuteDataMigrations.js.map +1 -0
package/extensions/ProjectAws/SetAdminEnvVars/SetAdminEnvVars.d.ts +13 -0
package/extensions/ProjectAws/SetAdminEnvVars/SetAdminEnvVars.js +43 -0
package/extensions/ProjectAws/SetAdminEnvVars/SetAdminEnvVars.js.map +1 -0
package/extensions/ProjectAws/SetAdminEnvVars/SetAdminEnvVarsBeforeBuild.d.ts +13 -0
package/extensions/ProjectAws/SetAdminEnvVars/SetAdminEnvVarsBeforeBuild.js +24 -0
package/extensions/ProjectAws/SetAdminEnvVars/SetAdminEnvVarsBeforeBuild.js.map +1 -0
package/extensions/ProjectAws/SetAdminEnvVars/SetAdminEnvVarsBeforeWatch.d.ts +13 -0
package/extensions/ProjectAws/SetAdminEnvVars/SetAdminEnvVarsBeforeWatch.js +24 -0
package/extensions/ProjectAws/SetAdminEnvVars/SetAdminEnvVarsBeforeWatch.js.map +1 -0
package/extensions/ProjectAws/SetDatabaseSetupOutput.d.ts +10 -0
package/extensions/ProjectAws/SetDatabaseSetupOutput.js +29 -0
package/extensions/ProjectAws/SetDatabaseSetupOutput.js.map +1 -0
package/extensions/ProjectAws/UploadAdminAppToS3.d.ts +13 -0
package/extensions/ProjectAws/UploadAdminAppToS3.js +69 -0
package/extensions/ProjectAws/UploadAdminAppToS3.js.map +1 -0
package/extensions/ProjectAws/definitions.d.ts +3 -0
package/extensions/ProjectAws/definitions.js +11 -0
package/extensions/ProjectAws/definitions.js.map +1 -0
package/extensions/ProjectAws.d.ts +2 -0
package/extensions/ProjectAws.js +49 -0
package/extensions/ProjectAws.js.map +1 -0
package/extensions/index.d.ts +4 -0
package/extensions/index.js +6 -0
package/extensions/index.js.map +1 -0
package/features/ApiGqlClient.d.ts +21 -0
package/features/ApiGqlClient.js +59 -0
package/features/ApiGqlClient.js.map +1 -0
package/features/InvokeLambdaFunction.d.ts +10 -0
package/features/InvokeLambdaFunction.js +38 -0
package/features/InvokeLambdaFunction.js.map +1 -0
package/features/index.d.ts +2 -0
package/features/index.js +4 -0
package/features/index.js.map +1 -0
package/index.d.ts +7 -0
package/index.js +9 -0
package/index.js.map +1 -0
package/infra.d.ts +399 -0
package/infra.js +49 -0
package/infra.js.map +1 -0
package/package.json +63 -0
package/project.d.ts +48 -0
package/project.js +9 -0
package/project.js.map +1 -0
package/pulumi/apps/admin/createAdminPulumiApp.d.ts +10 -0
package/pulumi/apps/admin/createAdminPulumiApp.js +52 -0
package/pulumi/apps/admin/createAdminPulumiApp.js.map +1 -0
package/pulumi/apps/admin/index.d.ts +1 -0
package/pulumi/apps/admin/index.js +3 -0
package/pulumi/apps/admin/index.js.map +1 -0
package/pulumi/apps/api/ApiBackgroundTask.d.ts +12 -0
package/pulumi/apps/api/ApiBackgroundTask.js +148 -0
package/pulumi/apps/api/ApiBackgroundTask.js.map +1 -0
package/pulumi/apps/api/ApiCloudfront.d.ts +3 -0
package/pulumi/apps/api/ApiCloudfront.js +136 -0
package/pulumi/apps/api/ApiCloudfront.js.map +1 -0
package/pulumi/apps/api/ApiFileManager.d.ts +11 -0
package/pulumi/apps/api/ApiFileManager.js +39 -0
package/pulumi/apps/api/ApiFileManager.js.map +1 -0
package/pulumi/apps/api/ApiGateway.d.ts +18 -0
package/pulumi/apps/api/ApiGateway.js +80 -0
package/pulumi/apps/api/ApiGateway.js.map +1 -0
package/pulumi/apps/api/ApiGraphql.d.ts +22 -0
package/pulumi/apps/api/ApiGraphql.js +164 -0
package/pulumi/apps/api/ApiGraphql.js.map +1 -0
package/pulumi/apps/api/ApiMigration.d.ts +5 -0
package/pulumi/apps/api/ApiMigration.js +83 -0
package/pulumi/apps/api/ApiMigration.js.map +1 -0
package/pulumi/apps/api/ApiOutput.d.ts +23 -0
package/pulumi/apps/api/ApiOutput.js +36 -0
package/pulumi/apps/api/ApiOutput.js.map +1 -0
package/pulumi/apps/api/ApiScheduler.d.ts +8 -0
package/pulumi/apps/api/ApiScheduler.js +100 -0
package/pulumi/apps/api/ApiScheduler.js.map +1 -0
package/pulumi/apps/api/ApiWebsocket.d.ts +14 -0
package/pulumi/apps/api/ApiWebsocket.js +138 -0
package/pulumi/apps/api/ApiWebsocket.js.map +1 -0
package/pulumi/apps/api/backgroundTask/definition.d.ts +7 -0
package/pulumi/apps/api/backgroundTask/definition.js +149 -0
package/pulumi/apps/api/backgroundTask/definition.js.map +1 -0
package/pulumi/apps/api/backgroundTask/policy.d.ts +8 -0
package/pulumi/apps/api/backgroundTask/policy.js +26 -0
package/pulumi/apps/api/backgroundTask/policy.js.map +1 -0
package/pulumi/apps/api/backgroundTask/role.d.ts +9 -0
package/pulumi/apps/api/backgroundTask/role.js +32 -0
package/pulumi/apps/api/backgroundTask/role.js.map +1 -0
package/pulumi/apps/api/backgroundTask/types.d.ts +91 -0
package/pulumi/apps/api/backgroundTask/types.js +14 -0
package/pulumi/apps/api/backgroundTask/types.js.map +1 -0
package/pulumi/apps/api/createApiPulumiApp.d.ts +57 -0
package/pulumi/apps/api/createApiPulumiApp.js +282 -0
package/pulumi/apps/api/createApiPulumiApp.js.map +1 -0
package/pulumi/apps/api/handleGuardDutyEvents.d.ts +2 -0
package/pulumi/apps/api/handleGuardDutyEvents.js +55 -0
package/pulumi/apps/api/handleGuardDutyEvents.js.map +1 -0
package/pulumi/apps/api/index.d.ts +9 -0
package/pulumi/apps/api/index.js +11 -0
package/pulumi/apps/api/index.js.map +1 -0
package/pulumi/apps/awsUtils.d.ts +5 -0
package/pulumi/apps/awsUtils.js +34 -0
package/pulumi/apps/awsUtils.js.map +1 -0
package/pulumi/apps/blueGreen/BlueGreenRouterApiGateway.d.ts +11 -0
package/pulumi/apps/blueGreen/BlueGreenRouterApiGateway.js +44 -0
package/pulumi/apps/blueGreen/BlueGreenRouterApiGateway.js.map +1 -0
package/pulumi/apps/blueGreen/BlueGreenRouterCloudFront.d.ts +17 -0
package/pulumi/apps/blueGreen/BlueGreenRouterCloudFront.js +100 -0
package/pulumi/apps/blueGreen/BlueGreenRouterCloudFront.js.map +1 -0
package/pulumi/apps/blueGreen/BlueGreenRouterCloudFrontStore.d.ts +10 -0
package/pulumi/apps/blueGreen/BlueGreenRouterCloudFrontStore.js +20 -0
package/pulumi/apps/blueGreen/BlueGreenRouterCloudFrontStore.js.map +1 -0
package/pulumi/apps/blueGreen/cloudfront/createCloudFrontDefaultCacheBehaviorPolicies.d.ts +7 -0
package/pulumi/apps/blueGreen/cloudfront/createCloudFrontDefaultCacheBehaviorPolicies.js +15 -0
package/pulumi/apps/blueGreen/cloudfront/createCloudFrontDefaultCacheBehaviorPolicies.js.map +1 -0
package/pulumi/apps/blueGreen/cloudfront/createCloudFrontFunctionDomainMap.d.ts +14 -0
package/pulumi/apps/blueGreen/cloudfront/createCloudFrontFunctionDomainMap.js +23 -0
package/pulumi/apps/blueGreen/cloudfront/createCloudFrontFunctionDomainMap.js.map +1 -0
package/pulumi/apps/blueGreen/cloudfront/createOriginId.d.ts +11 -0
package/pulumi/apps/blueGreen/cloudfront/createOriginId.js +10 -0
package/pulumi/apps/blueGreen/cloudfront/createOriginId.js.map +1 -0
package/pulumi/apps/blueGreen/constants.d.ts +3 -0
package/pulumi/apps/blueGreen/constants.js +5 -0
package/pulumi/apps/blueGreen/constants.js.map +1 -0
package/pulumi/apps/blueGreen/createBlueGreenPulumiApp.d.ts +15 -0
package/pulumi/apps/blueGreen/createBlueGreenPulumiApp.js +122 -0
package/pulumi/apps/blueGreen/createBlueGreenPulumiApp.js.map +1 -0
package/pulumi/apps/blueGreen/domains/attachDomainsToOutput.d.ts +9 -0
package/pulumi/apps/blueGreen/domains/attachDomainsToOutput.js +30 -0
package/pulumi/apps/blueGreen/domains/attachDomainsToOutput.js.map +1 -0
package/pulumi/apps/blueGreen/domains/convertApplicationDomains.d.ts +6 -0
package/pulumi/apps/blueGreen/domains/convertApplicationDomains.js +23 -0
package/pulumi/apps/blueGreen/domains/convertApplicationDomains.js.map +1 -0
package/pulumi/apps/blueGreen/domains/getApplicationDomains.d.ts +18 -0
package/pulumi/apps/blueGreen/domains/getApplicationDomains.js +73 -0
package/pulumi/apps/blueGreen/domains/getApplicationDomains.js.map +1 -0
package/pulumi/apps/blueGreen/domains/resolveDomains.d.ts +6 -0
package/pulumi/apps/blueGreen/domains/resolveDomains.js +41 -0
package/pulumi/apps/blueGreen/domains/resolveDomains.js.map +1 -0
package/pulumi/apps/blueGreen/functions/buildHandlerFunction.d.ts +15 -0
package/pulumi/apps/blueGreen/functions/buildHandlerFunction.js +18 -0
package/pulumi/apps/blueGreen/functions/buildHandlerFunction.js.map +1 -0
package/pulumi/apps/blueGreen/functions/handler.d.ts +1 -0
package/pulumi/apps/blueGreen/functions/handler.js +60 -0
package/pulumi/apps/blueGreen/functions/handler.js.map +1 -0
package/pulumi/apps/blueGreen/types.d.ts +77 -0
package/pulumi/apps/blueGreen/types.js +3 -0
package/pulumi/apps/blueGreen/types.js.map +1 -0
package/pulumi/apps/blueGreen/validation/validateDeployments.d.ts +2 -0
package/pulumi/apps/blueGreen/validation/validateDeployments.js +33 -0
package/pulumi/apps/blueGreen/validation/validateDeployments.js.map +1 -0
package/pulumi/apps/common/CoreOutput.d.ts +38 -0
package/pulumi/apps/common/CoreOutput.js +46 -0
package/pulumi/apps/common/CoreOutput.js.map +1 -0
package/pulumi/apps/common/VpcConfig.d.ts +8 -0
package/pulumi/apps/common/VpcConfig.js +25 -0
package/pulumi/apps/common/VpcConfig.js.map +1 -0
package/pulumi/apps/common/index.d.ts +2 -0
package/pulumi/apps/common/index.js +4 -0
package/pulumi/apps/common/index.js.map +1 -0
package/pulumi/apps/core/CoreAuditLogsDynamo.d.ts +5 -0
package/pulumi/apps/core/CoreAuditLogsDynamo.js +138 -0
package/pulumi/apps/core/CoreAuditLogsDynamo.js.map +1 -0
package/pulumi/apps/core/CoreCognito.d.ts +10 -0
package/pulumi/apps/core/CoreCognito.js +110 -0
package/pulumi/apps/core/CoreCognito.js.map +1 -0
package/pulumi/apps/core/CoreDynamo.d.ts +5 -0
package/pulumi/apps/core/CoreDynamo.js +61 -0
package/pulumi/apps/core/CoreDynamo.js.map +1 -0
package/pulumi/apps/core/CoreEventBus.d.ts +1 -0
package/pulumi/apps/core/CoreEventBus.js +13 -0
package/pulumi/apps/core/CoreEventBus.js.map +1 -0
package/pulumi/apps/core/CoreFileManager.d.ts +8 -0
package/pulumi/apps/core/CoreFileManager.js +44 -0
package/pulumi/apps/core/CoreFileManager.js.map +1 -0
package/pulumi/apps/core/CoreOpenSearch.d.ts +16 -0
package/pulumi/apps/core/CoreOpenSearch.js +299 -0
package/pulumi/apps/core/CoreOpenSearch.js.map +1 -0
package/pulumi/apps/core/CoreVpc.d.ts +13 -0
package/pulumi/apps/core/CoreVpc.js +160 -0
package/pulumi/apps/core/CoreVpc.js.map +1 -0
package/pulumi/apps/core/LogDynamo.d.ts +5 -0
package/pulumi/apps/core/LogDynamo.js +94 -0
package/pulumi/apps/core/LogDynamo.js.map +1 -0
package/pulumi/apps/core/WatchCommand.d.ts +7 -0
package/pulumi/apps/core/WatchCommand.js +105 -0
package/pulumi/apps/core/WatchCommand.js.map +1 -0
package/pulumi/apps/core/cognitoIdentityProviders/amazon.d.ts +9 -0
package/pulumi/apps/core/cognitoIdentityProviders/amazon.js +24 -0
package/pulumi/apps/core/cognitoIdentityProviders/amazon.js.map +1 -0
package/pulumi/apps/core/cognitoIdentityProviders/apple.d.ts +4 -0
package/pulumi/apps/core/cognitoIdentityProviders/apple.js +19 -0
package/pulumi/apps/core/cognitoIdentityProviders/apple.js.map +1 -0
package/pulumi/apps/core/cognitoIdentityProviders/configure.d.ts +28 -0
package/pulumi/apps/core/cognitoIdentityProviders/configure.js +57 -0
package/pulumi/apps/core/cognitoIdentityProviders/configure.js.map +1 -0
package/pulumi/apps/core/cognitoIdentityProviders/facebook.d.ts +4 -0
package/pulumi/apps/core/cognitoIdentityProviders/facebook.js +19 -0
package/pulumi/apps/core/cognitoIdentityProviders/facebook.js.map +1 -0
package/pulumi/apps/core/cognitoIdentityProviders/getIdpConfig.d.ts +3 -0
package/pulumi/apps/core/cognitoIdentityProviders/getIdpConfig.js +17 -0
package/pulumi/apps/core/cognitoIdentityProviders/getIdpConfig.js.map +1 -0
package/pulumi/apps/core/cognitoIdentityProviders/google.d.ts +4 -0
package/pulumi/apps/core/cognitoIdentityProviders/google.js +19 -0
package/pulumi/apps/core/cognitoIdentityProviders/google.js.map +1 -0
package/pulumi/apps/core/cognitoIdentityProviders/index.d.ts +1 -0
package/pulumi/apps/core/cognitoIdentityProviders/index.js +3 -0
package/pulumi/apps/core/cognitoIdentityProviders/index.js.map +1 -0
package/pulumi/apps/core/cognitoIdentityProviders/oidc.d.ts +4 -0
package/pulumi/apps/core/cognitoIdentityProviders/oidc.js +20 -0
package/pulumi/apps/core/cognitoIdentityProviders/oidc.js.map +1 -0
package/pulumi/apps/core/configureS3BucketMalwareProtection.d.ts +2 -0
package/pulumi/apps/core/configureS3BucketMalwareProtection.js +195 -0
package/pulumi/apps/core/configureS3BucketMalwareProtection.js.map +1 -0
package/pulumi/apps/core/createCorePulumiApp.d.ts +32 -0
package/pulumi/apps/core/createCorePulumiApp.js +296 -0
package/pulumi/apps/core/createCorePulumiApp.js.map +1 -0
package/pulumi/apps/core/index.d.ts +8 -0
package/pulumi/apps/core/index.js +10 -0
package/pulumi/apps/core/index.js.map +1 -0
package/pulumi/apps/core/webinyWatchCommand/handler.d.ts +28 -0
package/pulumi/apps/core/webinyWatchCommand/handler.js +37 -0
package/pulumi/apps/core/webinyWatchCommand/handler.js.map +1 -0
package/pulumi/apps/createAppBucket.d.ts +13 -0
package/pulumi/apps/createAppBucket.js +112 -0
package/pulumi/apps/createAppBucket.js.map +1 -0
package/pulumi/apps/customDomain.d.ts +9 -0
package/pulumi/apps/customDomain.js +9 -0
package/pulumi/apps/customDomain.js.map +1 -0
package/pulumi/apps/extensions/getAwsTagsFromExtension.d.ts +2 -0
package/pulumi/apps/extensions/getAwsTagsFromExtension.js +10 -0
package/pulumi/apps/extensions/getAwsTagsFromExtension.js.map +1 -0
package/pulumi/apps/extensions/getBgDeploymentsConfigFromExtension.d.ts +23 -0
package/pulumi/apps/extensions/getBgDeploymentsConfigFromExtension.js +10 -0
package/pulumi/apps/extensions/getBgDeploymentsConfigFromExtension.js.map +1 -0
package/pulumi/apps/extensions/getOsConfigFromExtension.d.ts +7 -0
package/pulumi/apps/extensions/getOsConfigFromExtension.js +33 -0
package/pulumi/apps/extensions/getOsConfigFromExtension.js.map +1 -0
package/pulumi/apps/extensions/getVpcConfigFromExtension.d.ts +15 -0
package/pulumi/apps/extensions/getVpcConfigFromExtension.js +29 -0
package/pulumi/apps/extensions/getVpcConfigFromExtension.js.map +1 -0
package/pulumi/apps/index.d.ts +6 -0
package/pulumi/apps/index.js +8 -0
package/pulumi/apps/index.js.map +1 -0
package/pulumi/apps/lambdaUtils.d.ts +11 -0
package/pulumi/apps/lambdaUtils.js +70 -0
package/pulumi/apps/lambdaUtils.js.map +1 -0
package/pulumi/apps/react/createReactPulumiApp.d.ts +30 -0
package/pulumi/apps/react/createReactPulumiApp.js +150 -0
package/pulumi/apps/react/createReactPulumiApp.js.map +1 -0
package/pulumi/apps/react/index.d.ts +1 -0
package/pulumi/apps/react/index.js +3 -0
package/pulumi/apps/react/index.js.map +1 -0
package/pulumi/apps/syncSystem/SyncSystemDynamo.d.ts +5 -0
package/pulumi/apps/syncSystem/SyncSystemDynamo.js +56 -0
package/pulumi/apps/syncSystem/SyncSystemDynamo.js.map +1 -0
package/pulumi/apps/syncSystem/SyncSystemDynamoDb.d.ts +3 -0
package/pulumi/apps/syncSystem/SyncSystemDynamoDb.js +52 -0
package/pulumi/apps/syncSystem/SyncSystemDynamoDb.js.map +1 -0
package/pulumi/apps/syncSystem/SyncSystemEventBus.d.ts +6 -0
package/pulumi/apps/syncSystem/SyncSystemEventBus.js +77 -0
package/pulumi/apps/syncSystem/SyncSystemEventBus.js.map +1 -0
package/pulumi/apps/syncSystem/SyncSystemLambda.d.ts +11 -0
package/pulumi/apps/syncSystem/SyncSystemLambda.js +99 -0
package/pulumi/apps/syncSystem/SyncSystemLambda.js.map +1 -0
package/pulumi/apps/syncSystem/SyncSystemOutput.d.ts +3 -0
package/pulumi/apps/syncSystem/SyncSystemOutput.js +18 -0
package/pulumi/apps/syncSystem/SyncSystemOutput.js.map +1 -0
package/pulumi/apps/syncSystem/SyncSystemResolverLambda.d.ts +8 -0
package/pulumi/apps/syncSystem/SyncSystemResolverLambda.js +73 -0
package/pulumi/apps/syncSystem/SyncSystemResolverLambda.js.map +1 -0
package/pulumi/apps/syncSystem/SyncSystemSQS.d.ts +3 -0
package/pulumi/apps/syncSystem/SyncSystemSQS.js +54 -0
package/pulumi/apps/syncSystem/SyncSystemSQS.js.map +1 -0
package/pulumi/apps/syncSystem/SyncSystemWorkerLambda.d.ts +7 -0
package/pulumi/apps/syncSystem/SyncSystemWorkerLambda.js +52 -0
package/pulumi/apps/syncSystem/SyncSystemWorkerLambda.js.map +1 -0
package/pulumi/apps/syncSystem/addTableItems.d.ts +8 -0
package/pulumi/apps/syncSystem/addTableItems.js +51 -0
package/pulumi/apps/syncSystem/addTableItems.js.map +1 -0
package/pulumi/apps/syncSystem/api/addServiceManifest.d.ts +8 -0
package/pulumi/apps/syncSystem/api/addServiceManifest.js +18 -0
package/pulumi/apps/syncSystem/api/addServiceManifest.js.map +1 -0
package/pulumi/apps/syncSystem/api/attachCognitoPermissions.d.ts +14 -0
package/pulumi/apps/syncSystem/api/attachCognitoPermissions.js +59 -0
package/pulumi/apps/syncSystem/api/attachCognitoPermissions.js.map +1 -0
package/pulumi/apps/syncSystem/api/attachDynamoDbPermissions.d.ts +13 -0
package/pulumi/apps/syncSystem/api/attachDynamoDbPermissions.js +44 -0
package/pulumi/apps/syncSystem/api/attachDynamoDbPermissions.js.map +1 -0
package/pulumi/apps/syncSystem/api/attachEventBusPermissions.d.ts +17 -0
package/pulumi/apps/syncSystem/api/attachEventBusPermissions.js +48 -0
package/pulumi/apps/syncSystem/api/attachEventBusPermissions.js.map +1 -0
package/pulumi/apps/syncSystem/api/attachS3Permissions.d.ts +14 -0
package/pulumi/apps/syncSystem/api/attachS3Permissions.js +51 -0
package/pulumi/apps/syncSystem/api/attachS3Permissions.js.map +1 -0
package/pulumi/apps/syncSystem/api/index.d.ts +8 -0
package/pulumi/apps/syncSystem/api/index.js +55 -0
package/pulumi/apps/syncSystem/api/index.js.map +1 -0
package/pulumi/apps/syncSystem/constants.d.ts +1 -0
package/pulumi/apps/syncSystem/constants.js +3 -0
package/pulumi/apps/syncSystem/constants.js.map +1 -0
package/pulumi/apps/syncSystem/createSyncResourceName.d.ts +4 -0
package/pulumi/apps/syncSystem/createSyncResourceName.js +10 -0
package/pulumi/apps/syncSystem/createSyncResourceName.js.map +1 -0
package/pulumi/apps/syncSystem/createSyncSystemPulumiApp.d.ts +26 -0
package/pulumi/apps/syncSystem/createSyncSystemPulumiApp.js +181 -0
package/pulumi/apps/syncSystem/createSyncSystemPulumiApp.js.map +1 -0
package/pulumi/apps/syncSystem/customApp.d.ts +6 -0
package/pulumi/apps/syncSystem/customApp.js +19 -0
package/pulumi/apps/syncSystem/customApp.js.map +1 -0
package/pulumi/apps/syncSystem/getSyncSystemOutput.d.ts +3 -0
package/pulumi/apps/syncSystem/getSyncSystemOutput.js +10 -0
package/pulumi/apps/syncSystem/getSyncSystemOutput.js.map +1 -0
package/pulumi/apps/syncSystem/lambda/createSyncSystemResolverLambdaPolicy.d.ts +7 -0
package/pulumi/apps/syncSystem/lambda/createSyncSystemResolverLambdaPolicy.js +48 -0
package/pulumi/apps/syncSystem/lambda/createSyncSystemResolverLambdaPolicy.js.map +1 -0
package/pulumi/apps/syncSystem/types.d.ts +56 -0
package/pulumi/apps/syncSystem/types.js +3 -0
package/pulumi/apps/syncSystem/types.js.map +1 -0
package/pulumi/constants.d.ts +1 -0
package/pulumi/constants.js +4 -0
package/pulumi/constants.js.map +1 -0
package/pulumi/env/awsRegion.d.ts +1 -0
package/pulumi/env/awsRegion.js +6 -0
package/pulumi/env/awsRegion.js.map +1 -0
package/pulumi/env/base.d.ts +15 -0
package/pulumi/env/base.js +29 -0
package/pulumi/env/base.js.map +1 -0
package/pulumi/env/env.d.ts +1 -0
package/pulumi/env/env.js +6 -0
package/pulumi/env/env.js.map +1 -0
package/pulumi/env/projectName.d.ts +1 -0
package/pulumi/env/projectName.js +6 -0
package/pulumi/env/projectName.js.map +1 -0
package/pulumi/env/variant.d.ts +1 -0
package/pulumi/env/variant.js +7 -0
package/pulumi/env/variant.js.map +1 -0
package/pulumi/extensions/AdminCustomDomains.d.ts +14 -0
package/pulumi/extensions/AdminCustomDomains.js +16 -0
package/pulumi/extensions/AdminCustomDomains.js.map +1 -0
package/pulumi/extensions/AwsTags.d.ts +8 -0
package/pulumi/extensions/AwsTags.js +15 -0
package/pulumi/extensions/AwsTags.js.map +1 -0
package/pulumi/extensions/BlueGreenDeployments.d.ts +134 -0
package/pulumi/extensions/BlueGreenDeployments.js +34 -0
package/pulumi/extensions/BlueGreenDeployments.js.map +1 -0
package/pulumi/extensions/OpenSearch.d.ts +17 -0
package/pulumi/extensions/OpenSearch.js +17 -0
package/pulumi/extensions/OpenSearch.js.map +1 -0
package/pulumi/extensions/Vpc.d.ts +71 -0
package/pulumi/extensions/Vpc.js +25 -0
package/pulumi/extensions/Vpc.js.map +1 -0
package/pulumi/extensions/index.d.ts +220 -0
package/pulumi/extensions/index.js +13 -0
package/pulumi/extensions/index.js.map +1 -0
package/pulumi/index.d.ts +3 -0
package/pulumi/index.js +5 -0
package/pulumi/index.js.map +1 -0
package/pulumi/types.d.ts +44 -0
package/pulumi/types.js +3 -0
package/pulumi/types.js.map +1 -0
package/pulumi/utils/addDomainsUrlsOutputs.d.ts +18 -0
package/pulumi/utils/addDomainsUrlsOutputs.js +40 -0
package/pulumi/utils/addDomainsUrlsOutputs.js.map +1 -0
package/pulumi/utils/addServiceManifestTableItem.d.ts +12 -0
package/pulumi/utils/addServiceManifestTableItem.js +28 -0
package/pulumi/utils/addServiceManifestTableItem.js.map +1 -0
package/pulumi/utils/crawlDirectory.d.ts +1 -0
package/pulumi/utils/crawlDirectory.js +19 -0
package/pulumi/utils/crawlDirectory.js.map +1 -0
package/pulumi/utils/createAssetArchive.d.ts +2 -0
package/pulumi/utils/createAssetArchive.js +8 -0
package/pulumi/utils/createAssetArchive.js.map +1 -0
package/pulumi/utils/dynamodb.d.ts +14 -0
package/pulumi/utils/dynamodb.js +29 -0
package/pulumi/utils/dynamodb.js.map +1 -0
package/pulumi/utils/getPresignedPost.d.ts +11 -0
package/pulumi/utils/getPresignedPost.js +34 -0
package/pulumi/utils/getPresignedPost.js.map +1 -0
package/pulumi/utils/index.d.ts +5 -0
package/pulumi/utils/index.js +7 -0
package/pulumi/utils/index.js.map +1 -0
package/pulumi/utils/lambdaEnvVariables.d.ts +20 -0
package/pulumi/utils/lambdaEnvVariables.js +62 -0
package/pulumi/utils/lambdaEnvVariables.js.map +1 -0
package/pulumi/utils/tagResources.d.ts +5 -0
package/pulumi/utils/tagResources.js +33 -0
package/pulumi/utils/tagResources.js.map +1 -0
package/pulumi/utils/uploadFolderToS3.d.ts +26 -0
package/pulumi/utils/uploadFolderToS3.js +147 -0
package/pulumi/utils/uploadFolderToS3.js.map +1 -0
package/pulumi/utils/withServiceManifest.d.ts +14 -0
package/pulumi/utils/withServiceManifest.js +45 -0
package/pulumi/utils/withServiceManifest.js.map +1 -0
package/security.d.ts +356 -0
package/security.js +53 -0
package/security.js.map +1 -0
package/services/AdminStackOutputService.d.ts +10 -0
package/services/AdminStackOutputService.js +16 -0
package/services/AdminStackOutputService.js.map +1 -0
package/services/ApiStackOutputService.d.ts +10 -0
package/services/ApiStackOutputService.js +16 -0
package/services/ApiStackOutputService.js.map +1 -0
package/services/CoreStackOutputService.d.ts +10 -0
package/services/CoreStackOutputService.js +16 -0
package/services/CoreStackOutputService.js.map +1 -0
package/utils/getTemplatesFolderPath.d.ts +1 -0
package/utils/getTemplatesFolderPath.js +16 -0
package/utils/getTemplatesFolderPath.js.map +1 -0
package/utils/index.d.ts +1 -0
package/utils/index.js +3 -0
package/utils/index.js.map +1 -0

package/pulumi/apps/core/cognitoIdentityProviders/configure.js ADDED Viewed

@@ -0,0 +1,57 @@
+import * as aws from "@pulumi/aws";
+import * as pulumi from "@pulumi/pulumi";
+import { getIdpConfig } from "./getIdpConfig.js";
+import { getEnvVariableAwsRegion } from "../../../env/awsRegion.js";
+const isString = value => {
+  return typeof value === "string";
+};
+export const configureAdminCognitoFederation = (app, config) => {
+  const region = getEnvVariableAwsRegion();
+  const userPool = app.resources.userPool;
+  const appClient = app.resources.userPoolClient;
+  /**
+   * We need to create a user pool domain, which is used to interact with the federated identity providers.
+   */
+  const userPoolDomain = app.addResource(aws.cognito.UserPoolDomain, {
+    name: "cognitoUserPoolDomain",
+    config: {
+      domain: isString(config.domain) ? config.domain : config.domain.name,
+      certificateArn: isString(config.domain) ? undefined : config.domain.certificateArn,
+      userPoolId: userPool.output.id
+    }
+  });
+  app.addOutput("cognitoUserPoolDomain", pulumi.interpolate`${userPoolDomain.output.domain}.auth.${region}.amazoncognito.com`);
+  const idpConfigs = [];
+  for (const idp of config.identityProviders) {
+    const config = getIdpConfig(idp.type, userPool.output.id, idp);
+    // The idea to lowercase the provider name emerged while working on backwards compatibility issue.
+    // Basically, in cases where a user used the OIDC provider and did not specify a name, instead of
+    // using `OIDC` as the name, we wanted to ensure `oidc` is used. But, what I soon realized is that
+    // by simply lowercasing the name, we can avoid the need to check for the provider type and name.
+    // And although this will now happen for all providers, it's not a problem since Pulumi requires
+    // names to be all lowercase anyway.
+    const name = config.providerName.toString().toLowerCase();
+    app.addResource(aws.cognito.IdentityProvider, {
+      name,
+      config
+    });
+    idpConfigs.push(config);
+  }
+  appClient.config.supportedIdentityProviders(["COGNITO", ...idpConfigs.map(config => {
+    // For built-in identity providers, we use the type as the name. Only for OIDC,
+    // we allow the user to provide a custom name, and we only use the type as a fallback.
+    if (config.providerType === "OIDC") {
+      return config.providerName;
+    }
+    return config.providerType;
+  })]);
+  appClient.config.allowedOauthScopes(["profile", "email", "openid"]);
+  appClient.config.allowedOauthFlows(["implicit", "code"]);
+  appClient.config.allowedOauthFlowsUserPoolClient(true);
+  appClient.config.callbackUrls(config.callbackUrls);
+  appClient.config.logoutUrls(config.logoutUrls ?? config.callbackUrls);
+};
+//# sourceMappingURL=configure.js.map

package/pulumi/apps/core/cognitoIdentityProviders/configure.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["aws","pulumi","getIdpConfig","getEnvVariableAwsRegion","isString","value","configureAdminCognitoFederation","app","config","region","userPool","resources","appClient","userPoolClient","userPoolDomain","addResource","cognito","UserPoolDomain","name","domain","certificateArn","undefined","userPoolId","output","id","addOutput","interpolate","idpConfigs","idp","identityProviders","type","providerName","toString","toLowerCase","IdentityProvider","push","supportedIdentityProviders","map","providerType","allowedOauthScopes","allowedOauthFlows","allowedOauthFlowsUserPoolClient","callbackUrls","logoutUrls"],"sources":["configure.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { type UserPoolDomainArgs } from \"@pulumi/aws/cognito/userPoolDomain.js\";\nimport { type IdentityProviderArgs } from \"@pulumi/aws/cognito/index.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport {\n type PulumiApp,\n type PulumiAppResource,\n type PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\nimport { getIdpConfig } from \"./getIdpConfig.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n\nexport type IdentityAttributeMapping = {\n \"custom:id\": string;\n username: string;\n email: string;\n family_name: string;\n given_name: string;\n [key: string]: string;\n};\n\nexport interface CognitoIdentityProvidersConfig {\n domain:\n | string\n | {\n name: UserPoolDomainArgs[\"domain\"];\n certificateArn?: UserPoolDomainArgs[\"certificateArn\"];\n };\n identityProviders: CognitoIdentityProviderConfig[];\n callbackUrls: string[];\n logoutUrls?: string[];\n}\n\nexport interface CognitoIdentityProviderConfig {\n name?: string;\n type: \"google\" | \"facebook\" | \"amazon\" | \"apple\" | \"oidc\";\n providerDetails: IdentityProviderArgs[\"providerDetails\"];\n idpIdentifiers?: IdentityProviderArgs[\"idpIdentifiers\"];\n attributeMapping?: IdentityAttributeMapping;\n}\n\nconst isString = (value?: any): value is string => {\n return typeof value === \"string\";\n};\n\nexport const configureAdminCognitoFederation = (\n app: PulumiApp,\n config: CognitoIdentityProvidersConfig\n) => {\n const region = getEnvVariableAwsRegion();\n\n const userPool = app.resources.userPool as PulumiAppResource<\n PulumiAppResourceConstructor<aws.cognito.UserPool>\n >;\n\n const appClient = app.resources.userPoolClient as PulumiAppResource<\n PulumiAppResourceConstructor<aws.cognito.UserPoolClient>\n >;\n\n /**\n * We need to create a user pool domain, which is used to interact with the federated identity providers.\n */\n const userPoolDomain = app.addResource(aws.cognito.UserPoolDomain, {\n name: \"cognitoUserPoolDomain\",\n config: {\n domain: isString(config.domain) ? config.domain : config.domain.name,\n certificateArn: isString(config.domain) ? undefined : config.domain.certificateArn,\n userPoolId: userPool.output.id\n }\n });\n\n app.addOutput(\n \"cognitoUserPoolDomain\",\n pulumi.interpolate`${userPoolDomain.output.domain}.auth.${region}.amazoncognito.com`\n );\n\n const idpConfigs: aws.cognito.IdentityProviderArgs[] = [];\n\n for (const idp of config.identityProviders) {\n const config = getIdpConfig(idp.type, userPool.output.id, idp);\n\n // The idea to lowercase the provider name emerged while working on backwards compatibility issue.\n // Basically, in cases where a user used the OIDC provider and did not specify a name, instead of\n // using `OIDC` as the name, we wanted to ensure `oidc` is used. But, what I soon realized is that\n // by simply lowercasing the name, we can avoid the need to check for the provider type and name.\n // And although this will now happen for all providers, it's not a problem since Pulumi requires\n // names to be all lowercase anyway.\n const name = config.providerName.toString().toLowerCase();\n\n app.addResource(aws.cognito.IdentityProvider, { name, config });\n\n idpConfigs.push(config);\n }\n\n appClient.config.supportedIdentityProviders([\n \"COGNITO\",\n ...idpConfigs.map(config => {\n // For built-in identity providers, we use the type as the name. Only for OIDC,\n // we allow the user to provide a custom name, and we only use the type as a fallback.\n if (config.providerType === \"OIDC\") {\n return config.providerName;\n }\n return config.providerType;\n })\n ]);\n\n appClient.config.allowedOauthScopes([\"profile\", \"email\", \"openid\"]);\n appClient.config.allowedOauthFlows([\"implicit\", \"code\"]);\n appClient.config.allowedOauthFlowsUserPoolClient(true);\n appClient.config.callbackUrls(config.callbackUrls);\n appClient.config.logoutUrls(config.logoutUrls ?? config.callbackUrls);\n};\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAGlC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AAMxC,SAASC,YAAY;AACrB,SAASC,uBAAuB;AA+BhC,MAAMC,QAAQ,GAAIC,KAAW,IAAsB;EAC/C,OAAO,OAAOA,KAAK,KAAK,QAAQ;AACpC,CAAC;AAED,OAAO,MAAMC,+BAA+B,GAAGA,CAC3CC,GAAc,EACdC,MAAsC,KACrC;EACD,MAAMC,MAAM,GAAGN,uBAAuB,CAAC,CAAC;EAExC,MAAMO,QAAQ,GAAGH,GAAG,CAACI,SAAS,CAACD,QAE9B;EAED,MAAME,SAAS,GAAGL,GAAG,CAACI,SAAS,CAACE,cAE/B;;EAED;AACJ;AACA;EACI,MAAMC,cAAc,GAAGP,GAAG,CAACQ,WAAW,CAACf,GAAG,CAACgB,OAAO,CAACC,cAAc,EAAE;IAC/DC,IAAI,EAAE,uBAAuB;IAC7BV,MAAM,EAAE;MACJW,MAAM,EAAEf,QAAQ,CAACI,MAAM,CAACW,MAAM,CAAC,GAAGX,MAAM,CAACW,MAAM,GAAGX,MAAM,CAACW,MAAM,CAACD,IAAI;MACpEE,cAAc,EAAEhB,QAAQ,CAACI,MAAM,CAACW,MAAM,CAAC,GAAGE,SAAS,GAAGb,MAAM,CAACW,MAAM,CAACC,cAAc;MAClFE,UAAU,EAAEZ,QAAQ,CAACa,MAAM,CAACC;IAChC;EACJ,CAAC,CAAC;EAEFjB,GAAG,CAACkB,SAAS,CACT,uBAAuB,EACvBxB,MAAM,CAACyB,WAAW,GAAGZ,cAAc,CAACS,MAAM,CAACJ,MAAM,SAASV,MAAM,oBACpE,CAAC;EAED,MAAMkB,UAA8C,GAAG,EAAE;EAEzD,KAAK,MAAMC,GAAG,IAAIpB,MAAM,CAACqB,iBAAiB,EAAE;IACxC,MAAMrB,MAAM,GAAGN,YAAY,CAAC0B,GAAG,CAACE,IAAI,EAAEpB,QAAQ,CAACa,MAAM,CAACC,EAAE,EAAEI,GAAG,CAAC;;IAE9D;IACA;IACA;IACA;IACA;IACA;IACA,MAAMV,IAAI,GAAGV,MAAM,CAACuB,YAAY,CAACC,QAAQ,CAAC,CAAC,CAACC,WAAW,CAAC,CAAC;IAEzD1B,GAAG,CAACQ,WAAW,CAACf,GAAG,CAACgB,OAAO,CAACkB,gBAAgB,EAAE;MAAEhB,IAAI;MAAEV;IAAO,CAAC,CAAC;IAE/DmB,UAAU,CAACQ,IAAI,CAAC3B,MAAM,CAAC;EAC3B;EAEAI,SAAS,CAACJ,MAAM,CAAC4B,0BAA0B,CAAC,CACxC,SAAS,EACT,GAAGT,UAAU,CAACU,GAAG,CAAC7B,MAAM,IAAI;IACxB;IACA;IACA,IAAIA,MAAM,CAAC8B,YAAY,KAAK,MAAM,EAAE;MAChC,OAAO9B,MAAM,CAACuB,YAAY;IAC9B;IACA,OAAOvB,MAAM,CAAC8B,YAAY;EAC9B,CAAC,CAAC,CACL,CAAC;EAEF1B,SAAS,CAACJ,MAAM,CAAC+B,kBAAkB,CAAC,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;EACnE3B,SAAS,CAACJ,MAAM,CAACgC,iBAAiB,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;EACxD5B,SAAS,CAACJ,MAAM,CAACiC,+BAA+B,CAAC,IAAI,CAAC;EACtD7B,SAAS,CAACJ,MAAM,CAACkC,YAAY,CAAClC,MAAM,CAACkC,YAAY,CAAC;EAClD9B,SAAS,CAACJ,MAAM,CAACmC,UAAU,CAACnC,MAAM,CAACmC,UAAU,IAAInC,MAAM,CAACkC,YAAY,CAAC;AACzE,CAAC","ignoreList":[]}

package/pulumi/apps/core/cognitoIdentityProviders/facebook.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type * as pulumi from "@pulumi/pulumi";
+import { type CognitoIdentityProviderConfig } from "./configure.js";
+import { type IdentityProviderArgs } from "@pulumi/aws/cognito/index.js";
+export declare const getFacebookIdpConfig: (userPoolId: pulumi.Input<string>, config: CognitoIdentityProviderConfig) => IdentityProviderArgs;

package/pulumi/apps/core/cognitoIdentityProviders/facebook.js ADDED Viewed

@@ -0,0 +1,19 @@
+export const getFacebookIdpConfig = (userPoolId, config) => {
+  return {
+    userPoolId,
+    providerName: "Facebook",
+    providerType: "Facebook",
+    providerDetails: config.providerDetails,
+    idpIdentifiers: config.idpIdentifiers,
+    attributeMapping: {
+      "custom:id": "id",
+      username: "id",
+      email: "email",
+      given_name: "first_name",
+      family_name: "last_name",
+      ...config.attributeMapping
+    }
+  };
+};
+//# sourceMappingURL=facebook.js.map

package/pulumi/apps/core/cognitoIdentityProviders/facebook.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["getFacebookIdpConfig","userPoolId","config","providerName","providerType","providerDetails","idpIdentifiers","attributeMapping","username","email","given_name","family_name"],"sources":["facebook.ts"],"sourcesContent":["import type * as pulumi from \"@pulumi/pulumi\";\nimport { type CognitoIdentityProviderConfig } from \"./configure.js\";\nimport { type IdentityProviderArgs } from \"@pulumi/aws/cognito/index.js\";\n\nexport const getFacebookIdpConfig = (\n userPoolId: pulumi.Input<string>,\n config: CognitoIdentityProviderConfig\n): IdentityProviderArgs => {\n return {\n userPoolId,\n providerName: \"Facebook\",\n providerType: \"Facebook\",\n providerDetails: config.providerDetails,\n idpIdentifiers: config.idpIdentifiers,\n attributeMapping: {\n \"custom:id\": \"id\",\n username: \"id\",\n email: \"email\",\n given_name: \"first_name\",\n family_name: \"last_name\",\n ...config.attributeMapping\n }\n };\n};\n"],"mappings":"AAIA,OAAO,MAAMA,oBAAoB,GAAGA,CAChCC,UAAgC,EAChCC,MAAqC,KACd;EACvB,OAAO;IACHD,UAAU;IACVE,YAAY,EAAE,UAAU;IACxBC,YAAY,EAAE,UAAU;IACxBC,eAAe,EAAEH,MAAM,CAACG,eAAe;IACvCC,cAAc,EAAEJ,MAAM,CAACI,cAAc;IACrCC,gBAAgB,EAAE;MACd,WAAW,EAAE,IAAI;MACjBC,QAAQ,EAAE,IAAI;MACdC,KAAK,EAAE,OAAO;MACdC,UAAU,EAAE,YAAY;MACxBC,WAAW,EAAE,WAAW;MACxB,GAAGT,MAAM,CAACK;IACd;EACJ,CAAC;AACL,CAAC","ignoreList":[]}

package/pulumi/apps/core/cognitoIdentityProviders/getIdpConfig.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type * as pulumi from "@pulumi/pulumi";
+import { type CognitoIdentityProviderConfig } from "./configure.js";
+export declare const getIdpConfig: (type: CognitoIdentityProviderConfig["type"], userPoolId: pulumi.Input<string>, config: CognitoIdentityProviderConfig) => import("@pulumi/aws/cognito/identityProvider.js").IdentityProviderArgs;

package/pulumi/apps/core/cognitoIdentityProviders/getIdpConfig.js ADDED Viewed

@@ -0,0 +1,17 @@
+import { getGoogleIdpConfig } from "./google.js";
+import { getFacebookIdpConfig } from "./facebook.js";
+import { getAppleIdpConfig } from "./apple.js";
+import { getAmazonIdpConfig } from "./amazon.js";
+import { getOidcIdpConfig } from "./oidc.js";
+const idpMap = {
+  google: getGoogleIdpConfig,
+  facebook: getFacebookIdpConfig,
+  amazon: getAmazonIdpConfig,
+  apple: getAppleIdpConfig,
+  oidc: getOidcIdpConfig
+};
+export const getIdpConfig = (type, userPoolId, config) => {
+  return idpMap[type](userPoolId, config);
+};
+//# sourceMappingURL=getIdpConfig.js.map

package/pulumi/apps/core/cognitoIdentityProviders/getIdpConfig.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["getGoogleIdpConfig","getFacebookIdpConfig","getAppleIdpConfig","getAmazonIdpConfig","getOidcIdpConfig","idpMap","google","facebook","amazon","apple","oidc","getIdpConfig","type","userPoolId","config"],"sources":["getIdpConfig.ts"],"sourcesContent":["import type * as pulumi from \"@pulumi/pulumi\";\nimport { type CognitoIdentityProviderConfig } from \"./configure.js\";\nimport { getGoogleIdpConfig } from \"./google.js\";\nimport { getFacebookIdpConfig } from \"./facebook.js\";\nimport { getAppleIdpConfig } from \"./apple.js\";\nimport { getAmazonIdpConfig } from \"./amazon.js\";\nimport { getOidcIdpConfig } from \"./oidc.js\";\n\nconst idpMap = {\n google: getGoogleIdpConfig,\n facebook: getFacebookIdpConfig,\n amazon: getAmazonIdpConfig,\n apple: getAppleIdpConfig,\n oidc: getOidcIdpConfig\n};\n\nexport const getIdpConfig = (\n type: CognitoIdentityProviderConfig[\"type\"],\n userPoolId: pulumi.Input<string>,\n config: CognitoIdentityProviderConfig\n) => {\n return idpMap[type](userPoolId, config);\n};\n"],"mappings":"AAEA,SAASA,kBAAkB;AAC3B,SAASC,oBAAoB;AAC7B,SAASC,iBAAiB;AAC1B,SAASC,kBAAkB;AAC3B,SAASC,gBAAgB;AAEzB,MAAMC,MAAM,GAAG;EACXC,MAAM,EAAEN,kBAAkB;EAC1BO,QAAQ,EAAEN,oBAAoB;EAC9BO,MAAM,EAAEL,kBAAkB;EAC1BM,KAAK,EAAEP,iBAAiB;EACxBQ,IAAI,EAAEN;AACV,CAAC;AAED,OAAO,MAAMO,YAAY,GAAGA,CACxBC,IAA2C,EAC3CC,UAAgC,EAChCC,MAAqC,KACpC;EACD,OAAOT,MAAM,CAACO,IAAI,CAAC,CAACC,UAAU,EAAEC,MAAM,CAAC;AAC3C,CAAC","ignoreList":[]}

package/pulumi/apps/core/cognitoIdentityProviders/google.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type * as pulumi from "@pulumi/pulumi";
+import { type CognitoIdentityProviderConfig } from "./configure.js";
+import { type IdentityProviderArgs } from "@pulumi/aws/cognito/index.js";
+export declare const getGoogleIdpConfig: (userPoolId: pulumi.Input<string>, config: CognitoIdentityProviderConfig) => IdentityProviderArgs;

package/pulumi/apps/core/cognitoIdentityProviders/google.js ADDED Viewed

@@ -0,0 +1,19 @@
+export const getGoogleIdpConfig = (userPoolId, config) => {
+  return {
+    userPoolId,
+    providerName: "Google",
+    providerType: "Google",
+    providerDetails: config.providerDetails,
+    idpIdentifiers: config.idpIdentifiers,
+    attributeMapping: {
+      "custom:id": "sub",
+      username: "sub",
+      email: "email",
+      given_name: "given_name",
+      family_name: "family_name",
+      ...config.attributeMapping
+    }
+  };
+};
+//# sourceMappingURL=google.js.map

package/pulumi/apps/core/cognitoIdentityProviders/google.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["getGoogleIdpConfig","userPoolId","config","providerName","providerType","providerDetails","idpIdentifiers","attributeMapping","username","email","given_name","family_name"],"sources":["google.ts"],"sourcesContent":["import type * as pulumi from \"@pulumi/pulumi\";\nimport { type CognitoIdentityProviderConfig } from \"./configure.js\";\nimport { type IdentityProviderArgs } from \"@pulumi/aws/cognito/index.js\";\n\nexport const getGoogleIdpConfig = (\n userPoolId: pulumi.Input<string>,\n config: CognitoIdentityProviderConfig\n): IdentityProviderArgs => {\n return {\n userPoolId,\n providerName: \"Google\",\n providerType: \"Google\",\n providerDetails: config.providerDetails,\n idpIdentifiers: config.idpIdentifiers,\n attributeMapping: {\n \"custom:id\": \"sub\",\n username: \"sub\",\n email: \"email\",\n given_name: \"given_name\",\n family_name: \"family_name\",\n ...config.attributeMapping\n }\n };\n};\n"],"mappings":"AAIA,OAAO,MAAMA,kBAAkB,GAAGA,CAC9BC,UAAgC,EAChCC,MAAqC,KACd;EACvB,OAAO;IACHD,UAAU;IACVE,YAAY,EAAE,QAAQ;IACtBC,YAAY,EAAE,QAAQ;IACtBC,eAAe,EAAEH,MAAM,CAACG,eAAe;IACvCC,cAAc,EAAEJ,MAAM,CAACI,cAAc;IACrCC,gBAAgB,EAAE;MACd,WAAW,EAAE,KAAK;MAClBC,QAAQ,EAAE,KAAK;MACfC,KAAK,EAAE,OAAO;MACdC,UAAU,EAAE,YAAY;MACxBC,WAAW,EAAE,aAAa;MAC1B,GAAGT,MAAM,CAACK;IACd;EACJ,CAAC;AACL,CAAC","ignoreList":[]}

package/pulumi/apps/core/cognitoIdentityProviders/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from "./configure.js";

package/pulumi/apps/core/cognitoIdentityProviders/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+export * from "./configure.js";
+//# sourceMappingURL=index.js.map

package/pulumi/apps/core/cognitoIdentityProviders/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"names":[],"sources":["index.ts"],"sourcesContent":["export * from \"./configure.js\";\n"],"mappings":"AAAA","ignoreList":[]}

package/pulumi/apps/core/cognitoIdentityProviders/oidc.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type * as pulumi from "@pulumi/pulumi";
+import { type CognitoIdentityProviderConfig } from "./configure.js";
+import { type IdentityProviderArgs } from "@pulumi/aws/cognito/index.js";
+export declare const getOidcIdpConfig: (userPoolId: pulumi.Input<string>, config: CognitoIdentityProviderConfig) => IdentityProviderArgs;

package/pulumi/apps/core/cognitoIdentityProviders/oidc.js ADDED Viewed

@@ -0,0 +1,20 @@
+export const getOidcIdpConfig = (userPoolId, config) => {
+  return {
+    userPoolId,
+    providerName: config.name || "OIDC",
+    providerType: "OIDC",
+    providerDetails: config.providerDetails,
+    idpIdentifiers: config.idpIdentifiers,
+    attributeMapping: {
+      "custom:id": "sub",
+      username: "sub",
+      email: "email",
+      given_name: "given_name",
+      family_name: "family_name",
+      preferred_username: "email",
+      ...config.attributeMapping
+    }
+  };
+};
+//# sourceMappingURL=oidc.js.map

package/pulumi/apps/core/cognitoIdentityProviders/oidc.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["getOidcIdpConfig","userPoolId","config","providerName","name","providerType","providerDetails","idpIdentifiers","attributeMapping","username","email","given_name","family_name","preferred_username"],"sources":["oidc.ts"],"sourcesContent":["import type * as pulumi from \"@pulumi/pulumi\";\nimport { type CognitoIdentityProviderConfig } from \"./configure.js\";\nimport { type IdentityProviderArgs } from \"@pulumi/aws/cognito/index.js\";\n\nexport const getOidcIdpConfig = (\n userPoolId: pulumi.Input<string>,\n config: CognitoIdentityProviderConfig\n): IdentityProviderArgs => {\n return {\n userPoolId,\n providerName: config.name || \"OIDC\",\n providerType: \"OIDC\",\n providerDetails: config.providerDetails,\n idpIdentifiers: config.idpIdentifiers,\n attributeMapping: {\n \"custom:id\": \"sub\",\n username: \"sub\",\n email: \"email\",\n given_name: \"given_name\",\n family_name: \"family_name\",\n preferred_username: \"email\",\n ...config.attributeMapping\n }\n };\n};\n"],"mappings":"AAIA,OAAO,MAAMA,gBAAgB,GAAGA,CAC5BC,UAAgC,EAChCC,MAAqC,KACd;EACvB,OAAO;IACHD,UAAU;IACVE,YAAY,EAAED,MAAM,CAACE,IAAI,IAAI,MAAM;IACnCC,YAAY,EAAE,MAAM;IACpBC,eAAe,EAAEJ,MAAM,CAACI,eAAe;IACvCC,cAAc,EAAEL,MAAM,CAACK,cAAc;IACrCC,gBAAgB,EAAE;MACd,WAAW,EAAE,KAAK;MAClBC,QAAQ,EAAE,KAAK;MACfC,KAAK,EAAE,OAAO;MACdC,UAAU,EAAE,YAAY;MACxBC,WAAW,EAAE,aAAa;MAC1BC,kBAAkB,EAAE,OAAO;MAC3B,GAAGX,MAAM,CAACM;IACd;EACJ,CAAC;AACL,CAAC","ignoreList":[]}

package/pulumi/apps/core/configureS3BucketMalwareProtection.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { CorePulumiApp } from "../../../pulumi/apps/core/index.js";
2	+ export declare const configureS3BucketMalwareProtection: (app: CorePulumiApp) => void;

package/pulumi/apps/core/configureS3BucketMalwareProtection.js ADDED Viewed

@@ -0,0 +1,195 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as aws from "@pulumi/aws";
+import { getAwsAccountId, getAwsRegion } from "../awsUtils.js";
+export const configureS3BucketMalwareProtection = app => {
+  const awsAccountId = getAwsAccountId(app);
+  const awsRegion = getAwsRegion(app);
+  const eventBus = app.resources.eventBus;
+  const bucket = app.resources.fileManagerBucket.output;
+  const currentAccount = {
+    StringEquals: {
+      "aws:ResourceAccount": awsAccountId
+    }
+  };
+  const managedByGuardDuty = {
+    StringEquals: {
+      "events:ManagedBy": "malware-protection-plan.guardduty.amazonaws.com"
+    }
+  };
+  const assumeRole = aws.iam.getPolicyDocument({
+    statements: [{
+      effect: "Allow",
+      principals: [{
+        type: "Service",
+        identifiers: ["malware-protection-plan.guardduty.amazonaws.com"]
+      }],
+      actions: ["sts:AssumeRole"]
+    }]
+  });
+  const role = app.addResource(aws.iam.Role, {
+    name: "fm-bucket-guardduty-role",
+    config: {
+      assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json)
+    }
+  });
+  const policy = app.addResource(aws.iam.Policy, {
+    name: `fm-bucket-guardduty-role-policy`,
+    config: {
+      description: "This policy enables GuardDuty to interact with the S3 bucket.",
+      policy: {
+        Version: "2012-10-17",
+        Statement: [{
+          Sid: "AllowManagedRuleToSendS3EventsToGuardDuty",
+          Effect: "Allow",
+          Action: ["events:PutRule"],
+          Resource: [pulumi.interpolate`arn:aws:events:${awsRegion}:${awsAccountId}:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*`],
+          Condition: {
+            ...managedByGuardDuty,
+            "ForAllValues:StringEquals": {
+              "events:source": "aws.s3",
+              "events:detail-type": ["Object Created", "AWS API Call via CloudTrail"]
+            },
+            Null: {
+              "events:source": "false",
+              "events:detail-type": "false"
+            }
+          }
+        }, {
+          Sid: "AllowUpdateTargetAndDeleteManagedRule",
+          Effect: "Allow",
+          Action: ["events:DeleteRule", "events:PutTargets", "events:RemoveTargets"],
+          Resource: [pulumi.interpolate`arn:aws:events:${awsRegion}:${awsAccountId}:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*`],
+          Condition: {
+            ...managedByGuardDuty
+          }
+        }, {
+          Sid: "AllowGuardDutyToMonitorEventBridgeManagedRule",
+          Effect: "Allow",
+          Action: ["events:DescribeRule", "events:ListTargetsByRule"],
+          Resource: [pulumi.interpolate`arn:aws:events:${awsRegion}:${awsAccountId}:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*`]
+        }, {
+          Sid: "AllowPostScanTag",
+          Effect: "Allow",
+          Action: ["s3:GetObjectTagging", "s3:GetObjectVersionTagging", "s3:PutObjectTagging", "s3:PutObjectVersionTagging"],
+          Resource: [pulumi.interpolate`arn:aws:s3:::${bucket.bucket}/*`],
+          Condition: {
+            ...currentAccount
+          }
+        }, {
+          Sid: "AllowEnableS3EventBridgeEvents",
+          Effect: "Allow",
+          Action: ["s3:PutBucketNotification", "s3:GetBucketNotification"],
+          Resource: [pulumi.interpolate`arn:aws:s3:::${bucket.bucket}`],
+          Condition: {
+            ...currentAccount
+          }
+        }, {
+          Sid: "AllowPutValidationObject",
+          Effect: "Allow",
+          Action: ["s3:PutObject"],
+          Resource: [pulumi.interpolate`arn:aws:s3:::${bucket.bucket}/malware-protection-resource-validation-object`],
+          Condition: {
+            ...currentAccount
+          }
+        }, {
+          Sid: "AllowCheckBucketOwnership",
+          Effect: "Allow",
+          Action: ["s3:ListBucket"],
+          Resource: [pulumi.interpolate`arn:aws:s3:::${bucket.bucket}`],
+          Condition: {
+            ...currentAccount
+          }
+        }, {
+          Sid: "AllowMalwareScan",
+          Effect: "Allow",
+          Action: ["s3:GetObject", "s3:GetObjectVersion"],
+          Resource: [pulumi.interpolate`arn:aws:s3:::${bucket.bucket}/*`],
+          Condition: {
+            ...currentAccount
+          }
+        }]
+      }
+    }
+  });
+  app.addResource(aws.iam.RolePolicyAttachment, {
+    name: `fm-bucket-malware-protection-role-policy-attachment`,
+    config: {
+      role: role.output.name,
+      policyArn: policy.output.arn
+    }
+  });
+  app.addResource(aws.guardduty.MalwareProtectionPlan, {
+    name: `fm-bucket-malware-protection-plan`,
+    config: {
+      role: role.output.arn,
+      protectedResource: {
+        s3Bucket: {
+          bucketName: bucket.bucket
+        }
+      }
+    }
+  });
+  // FORWARD EVENTS FROM "DEFAULT" TO CUSTOM EVENT BUS.
+  // Create an IAM Role for EventBridge to forward events
+  const eventBridgeRole = app.addResource(aws.iam.Role, {
+    name: "guard-duty-forward-events-role",
+    config: {
+      assumeRolePolicy: JSON.stringify({
+        Version: "2012-10-17",
+        Statement: [{
+          Effect: "Allow",
+          Principal: {
+            Service: "events.amazonaws.com"
+          },
+          Action: "sts:AssumeRole"
+        }]
+      })
+    }
+  });
+  // Attach Policy to Allow EventBridge to PutEvents on Custom Event Bus
+  app.addResource(aws.iam.RolePolicy, {
+    name: "guard-duty-forward-events-policy",
+    config: {
+      role: eventBridgeRole.output,
+      policy: pulumi.output(eventBus.output.arn).apply(arn => JSON.stringify({
+        Version: "2012-10-17",
+        Statement: [{
+          Effect: "Allow",
+          Action: "events:PutEvents",
+          Resource: arn
+        }]
+      }))
+    }
+  });
+  const forwardToCustomBusRule = app.addResource(aws.cloudwatch.EventRule, {
+    name: "forward-events-from-default-to-custom-bus-rule",
+    config: {
+      eventBusName: "default",
+      eventPattern: bucket.bucket.apply(name => JSON.stringify({
+        source: ["aws.guardduty"],
+        "detail-type": ["GuardDuty Malware Protection Object Scan Result"],
+        detail: {
+          s3ObjectDetails: {
+            bucketName: [name]
+          }
+        }
+      }))
+    }
+  });
+  // Target: Send events to the custom event bus
+  app.addResource(aws.cloudwatch.EventTarget, {
+    name: "forward-events-from-default-to-custom-bus-target",
+    config: {
+      rule: forwardToCustomBusRule.output.name,
+      roleArn: eventBridgeRole.output.arn,
+      eventBusName: "default",
+      arn: eventBus.output.arn
+    }
+  });
+};
+//# sourceMappingURL=configureS3BucketMalwareProtection.js.map

package/pulumi/apps/core/configureS3BucketMalwareProtection.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["pulumi","aws","getAwsAccountId","getAwsRegion","configureS3BucketMalwareProtection","app","awsAccountId","awsRegion","eventBus","resources","bucket","fileManagerBucket","output","currentAccount","StringEquals","managedByGuardDuty","assumeRole","iam","getPolicyDocument","statements","effect","principals","type","identifiers","actions","role","addResource","Role","name","config","assumeRolePolicy","then","json","policy","Policy","description","Version","Statement","Sid","Effect","Action","Resource","interpolate","Condition","Null","RolePolicyAttachment","policyArn","arn","guardduty","MalwareProtectionPlan","protectedResource","s3Bucket","bucketName","eventBridgeRole","JSON","stringify","Principal","Service","RolePolicy","apply","forwardToCustomBusRule","cloudwatch","EventRule","eventBusName","eventPattern","source","detail","s3ObjectDetails","EventTarget","rule","roleArn"],"sources":["configureS3BucketMalwareProtection.ts"],"sourcesContent":["import * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport type { CorePulumiApp } from \"~/pulumi/apps/core/index.js\";\nimport { getAwsAccountId, getAwsRegion } from \"~/pulumi/apps/awsUtils.js\";\n\nexport const configureS3BucketMalwareProtection = (app: CorePulumiApp) => {\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n const eventBus = app.resources.eventBus;\n\n const bucket = app.resources.fileManagerBucket.output;\n\n const currentAccount = {\n StringEquals: {\n \"aws:ResourceAccount\": awsAccountId\n }\n };\n\n const managedByGuardDuty = {\n StringEquals: {\n \"events:ManagedBy\": \"malware-protection-plan.guardduty.amazonaws.com\"\n }\n };\n\n const assumeRole = aws.iam.getPolicyDocument({\n statements: [\n {\n effect: \"Allow\",\n principals: [\n {\n type: \"Service\",\n identifiers: [\"malware-protection-plan.guardduty.amazonaws.com\"]\n }\n ],\n actions: [\"sts:AssumeRole\"]\n }\n ]\n });\n\n const role = app.addResource(aws.iam.Role, {\n name: \"fm-bucket-guardduty-role\",\n config: {\n assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json)\n }\n });\n\n const policy = app.addResource(aws.iam.Policy, {\n name: `fm-bucket-guardduty-role-policy`,\n config: {\n description: \"This policy enables GuardDuty to interact with the S3 bucket.\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"AllowManagedRuleToSendS3EventsToGuardDuty\",\n Effect: \"Allow\",\n Action: [\"events:PutRule\"],\n Resource: [\n pulumi.interpolate`arn:aws:events:${awsRegion}:${awsAccountId}:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*`\n ],\n Condition: {\n ...managedByGuardDuty,\n \"ForAllValues:StringEquals\": {\n \"events:source\": \"aws.s3\",\n \"events:detail-type\": [\n \"Object Created\",\n \"AWS API Call via CloudTrail\"\n ]\n },\n Null: {\n \"events:source\": \"false\",\n \"events:detail-type\": \"false\"\n }\n }\n },\n {\n Sid: \"AllowUpdateTargetAndDeleteManagedRule\",\n Effect: \"Allow\",\n Action: [\"events:DeleteRule\", \"events:PutTargets\", \"events:RemoveTargets\"],\n Resource: [\n pulumi.interpolate`arn:aws:events:${awsRegion}:${awsAccountId}:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*`\n ],\n Condition: {\n ...managedByGuardDuty\n }\n },\n {\n Sid: \"AllowGuardDutyToMonitorEventBridgeManagedRule\",\n Effect: \"Allow\",\n Action: [\"events:DescribeRule\", \"events:ListTargetsByRule\"],\n Resource: [\n pulumi.interpolate`arn:aws:events:${awsRegion}:${awsAccountId}:rule/DO-NOT-DELETE-AmazonGuardDutyMalwareProtectionS3*`\n ]\n },\n {\n Sid: \"AllowPostScanTag\",\n Effect: \"Allow\",\n Action: [\n \"s3:GetObjectTagging\",\n \"s3:GetObjectVersionTagging\",\n \"s3:PutObjectTagging\",\n \"s3:PutObjectVersionTagging\"\n ],\n Resource: [pulumi.interpolate`arn:aws:s3:::${bucket.bucket}/*`],\n Condition: {\n ...currentAccount\n }\n },\n {\n Sid: \"AllowEnableS3EventBridgeEvents\",\n Effect: \"Allow\",\n Action: [\"s3:PutBucketNotification\", \"s3:GetBucketNotification\"],\n Resource: [pulumi.interpolate`arn:aws:s3:::${bucket.bucket}`],\n Condition: {\n ...currentAccount\n }\n },\n {\n Sid: \"AllowPutValidationObject\",\n Effect: \"Allow\",\n Action: [\"s3:PutObject\"],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${bucket.bucket}/malware-protection-resource-validation-object`\n ],\n Condition: {\n ...currentAccount\n }\n },\n {\n Sid: \"AllowCheckBucketOwnership\",\n Effect: \"Allow\",\n Action: [\"s3:ListBucket\"],\n Resource: [pulumi.interpolate`arn:aws:s3:::${bucket.bucket}`],\n Condition: {\n ...currentAccount\n }\n },\n {\n Sid: \"AllowMalwareScan\",\n Effect: \"Allow\",\n Action: [\"s3:GetObject\", \"s3:GetObjectVersion\"],\n Resource: [pulumi.interpolate`arn:aws:s3:::${bucket.bucket}/*`],\n Condition: {\n ...currentAccount\n }\n }\n ]\n }\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `fm-bucket-malware-protection-role-policy-attachment`,\n config: {\n role: role.output.name,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.guardduty.MalwareProtectionPlan, {\n name: `fm-bucket-malware-protection-plan`,\n config: {\n role: role.output.arn,\n protectedResource: {\n s3Bucket: {\n bucketName: bucket.bucket\n }\n }\n }\n });\n\n // FORWARD EVENTS FROM \"DEFAULT\" TO CUSTOM EVENT BUS.\n\n // Create an IAM Role for EventBridge to forward events\n const eventBridgeRole = app.addResource(aws.iam.Role, {\n name: \"guard-duty-forward-events-role\",\n config: {\n assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Principal: { Service: \"events.amazonaws.com\" },\n Action: \"sts:AssumeRole\"\n }\n ]\n })\n }\n });\n\n // Attach Policy to Allow EventBridge to PutEvents on Custom Event Bus\n app.addResource(aws.iam.RolePolicy, {\n name: \"guard-duty-forward-events-policy\",\n config: {\n role: eventBridgeRole.output,\n policy: pulumi.output(eventBus.output.arn).apply(arn =>\n JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: \"events:PutEvents\",\n Resource: arn\n }\n ]\n })\n )\n }\n });\n\n const forwardToCustomBusRule = app.addResource(aws.cloudwatch.EventRule, {\n name: \"forward-events-from-default-to-custom-bus-rule\",\n config: {\n eventBusName: \"default\",\n eventPattern: bucket.bucket.apply(name =>\n JSON.stringify({\n source: [\"aws.guardduty\"],\n \"detail-type\": [\"GuardDuty Malware Protection Object Scan Result\"],\n detail: {\n s3ObjectDetails: {\n bucketName: [name]\n }\n }\n })\n )\n }\n });\n\n // Target: Send events to the custom event bus\n app.addResource(aws.cloudwatch.EventTarget, {\n name: \"forward-events-from-default-to-custom-bus-target\",\n config: {\n rule: forwardToCustomBusRule.output.name,\n roleArn: eventBridgeRole.output.arn,\n eventBusName: \"default\",\n arn: eventBus.output.arn\n }\n });\n};\n"],"mappings":"AAAA,OAAO,KAAKA,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,GAAG,MAAM,aAAa;AAElC,SAASC,eAAe,EAAEC,YAAY;AAEtC,OAAO,MAAMC,kCAAkC,GAAIC,GAAkB,IAAK;EACtE,MAAMC,YAAY,GAAGJ,eAAe,CAACG,GAAG,CAAC;EACzC,MAAME,SAAS,GAAGJ,YAAY,CAACE,GAAG,CAAC;EACnC,MAAMG,QAAQ,GAAGH,GAAG,CAACI,SAAS,CAACD,QAAQ;EAEvC,MAAME,MAAM,GAAGL,GAAG,CAACI,SAAS,CAACE,iBAAiB,CAACC,MAAM;EAErD,MAAMC,cAAc,GAAG;IACnBC,YAAY,EAAE;MACV,qBAAqB,EAAER;IAC3B;EACJ,CAAC;EAED,MAAMS,kBAAkB,GAAG;IACvBD,YAAY,EAAE;MACV,kBAAkB,EAAE;IACxB;EACJ,CAAC;EAED,MAAME,UAAU,GAAGf,GAAG,CAACgB,GAAG,CAACC,iBAAiB,CAAC;IACzCC,UAAU,EAAE,CACR;MACIC,MAAM,EAAE,OAAO;MACfC,UAAU,EAAE,CACR;QACIC,IAAI,EAAE,SAAS;QACfC,WAAW,EAAE,CAAC,iDAAiD;MACnE,CAAC,CACJ;MACDC,OAAO,EAAE,CAAC,gBAAgB;IAC9B,CAAC;EAET,CAAC,CAAC;EAEF,MAAMC,IAAI,GAAGpB,GAAG,CAACqB,WAAW,CAACzB,GAAG,CAACgB,GAAG,CAACU,IAAI,EAAE;IACvCC,IAAI,EAAE,0BAA0B;IAChCC,MAAM,EAAE;MACJC,gBAAgB,EAAEd,UAAU,CAACe,IAAI,CAACf,UAAU,IAAIA,UAAU,CAACgB,IAAI;IACnE;EACJ,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAG5B,GAAG,CAACqB,WAAW,CAACzB,GAAG,CAACgB,GAAG,CAACiB,MAAM,EAAE;IAC3CN,IAAI,EAAE,iCAAiC;IACvCC,MAAM,EAAE;MACJM,WAAW,EAAE,+DAA+D;MAC5EF,MAAM,EAAE;QACJG,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,2CAA2C;UAChDC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,gBAAgB,CAAC;UAC1BC,QAAQ,EAAE,CACNzC,MAAM,CAAC0C,WAAW,kBAAkBnC,SAAS,IAAID,YAAY,yDAAyD,CACzH;UACDqC,SAAS,EAAE;YACP,GAAG5B,kBAAkB;YACrB,2BAA2B,EAAE;cACzB,eAAe,EAAE,QAAQ;cACzB,oBAAoB,EAAE,CAClB,gBAAgB,EAChB,6BAA6B;YAErC,CAAC;YACD6B,IAAI,EAAE;cACF,eAAe,EAAE,OAAO;cACxB,oBAAoB,EAAE;YAC1B;UACJ;QACJ,CAAC,EACD;UACIN,GAAG,EAAE,uCAAuC;UAC5CC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,mBAAmB,EAAE,mBAAmB,EAAE,sBAAsB,CAAC;UAC1EC,QAAQ,EAAE,CACNzC,MAAM,CAAC0C,WAAW,kBAAkBnC,SAAS,IAAID,YAAY,yDAAyD,CACzH;UACDqC,SAAS,EAAE;YACP,GAAG5B;UACP;QACJ,CAAC,EACD;UACIuB,GAAG,EAAE,+CAA+C;UACpDC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,qBAAqB,EAAE,0BAA0B,CAAC;UAC3DC,QAAQ,EAAE,CACNzC,MAAM,CAAC0C,WAAW,kBAAkBnC,SAAS,IAAID,YAAY,yDAAyD;QAE9H,CAAC,EACD;UACIgC,GAAG,EAAE,kBAAkB;UACvBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,qBAAqB,EACrB,4BAA4B,EAC5B,qBAAqB,EACrB,4BAA4B,CAC/B;UACDC,QAAQ,EAAE,CAACzC,MAAM,CAAC0C,WAAW,gBAAgBhC,MAAM,CAACA,MAAM,IAAI,CAAC;UAC/DiC,SAAS,EAAE;YACP,GAAG9B;UACP;QACJ,CAAC,EACD;UACIyB,GAAG,EAAE,gCAAgC;UACrCC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,0BAA0B,EAAE,0BAA0B,CAAC;UAChEC,QAAQ,EAAE,CAACzC,MAAM,CAAC0C,WAAW,gBAAgBhC,MAAM,CAACA,MAAM,EAAE,CAAC;UAC7DiC,SAAS,EAAE;YACP,GAAG9B;UACP;QACJ,CAAC,EACD;UACIyB,GAAG,EAAE,0BAA0B;UAC/BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,cAAc,CAAC;UACxBC,QAAQ,EAAE,CACNzC,MAAM,CAAC0C,WAAW,gBAAgBhC,MAAM,CAACA,MAAM,gDAAgD,CAClG;UACDiC,SAAS,EAAE;YACP,GAAG9B;UACP;QACJ,CAAC,EACD;UACIyB,GAAG,EAAE,2BAA2B;UAChCC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,eAAe,CAAC;UACzBC,QAAQ,EAAE,CAACzC,MAAM,CAAC0C,WAAW,gBAAgBhC,MAAM,CAACA,MAAM,EAAE,CAAC;UAC7DiC,SAAS,EAAE;YACP,GAAG9B;UACP;QACJ,CAAC,EACD;UACIyB,GAAG,EAAE,kBAAkB;UACvBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,cAAc,EAAE,qBAAqB,CAAC;UAC/CC,QAAQ,EAAE,CAACzC,MAAM,CAAC0C,WAAW,gBAAgBhC,MAAM,CAACA,MAAM,IAAI,CAAC;UAC/DiC,SAAS,EAAE;YACP,GAAG9B;UACP;QACJ,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;EAEFR,GAAG,CAACqB,WAAW,CAACzB,GAAG,CAACgB,GAAG,CAAC4B,oBAAoB,EAAE;IAC1CjB,IAAI,EAAE,qDAAqD;IAC3DC,MAAM,EAAE;MACJJ,IAAI,EAAEA,IAAI,CAACb,MAAM,CAACgB,IAAI;MACtBkB,SAAS,EAAEb,MAAM,CAACrB,MAAM,CAACmC;IAC7B;EACJ,CAAC,CAAC;EAEF1C,GAAG,CAACqB,WAAW,CAACzB,GAAG,CAAC+C,SAAS,CAACC,qBAAqB,EAAE;IACjDrB,IAAI,EAAE,mCAAmC;IACzCC,MAAM,EAAE;MACJJ,IAAI,EAAEA,IAAI,CAACb,MAAM,CAACmC,GAAG;MACrBG,iBAAiB,EAAE;QACfC,QAAQ,EAAE;UACNC,UAAU,EAAE1C,MAAM,CAACA;QACvB;MACJ;IACJ;EACJ,CAAC,CAAC;;EAEF;;EAEA;EACA,MAAM2C,eAAe,GAAGhD,GAAG,CAACqB,WAAW,CAACzB,GAAG,CAACgB,GAAG,CAACU,IAAI,EAAE;IAClDC,IAAI,EAAE,gCAAgC;IACtCC,MAAM,EAAE;MACJC,gBAAgB,EAAEwB,IAAI,CAACC,SAAS,CAAC;QAC7BnB,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIE,MAAM,EAAE,OAAO;UACfiB,SAAS,EAAE;YAAEC,OAAO,EAAE;UAAuB,CAAC;UAC9CjB,MAAM,EAAE;QACZ,CAAC;MAET,CAAC;IACL;EACJ,CAAC,CAAC;;EAEF;EACAnC,GAAG,CAACqB,WAAW,CAACzB,GAAG,CAACgB,GAAG,CAACyC,UAAU,EAAE;IAChC9B,IAAI,EAAE,kCAAkC;IACxCC,MAAM,EAAE;MACJJ,IAAI,EAAE4B,eAAe,CAACzC,MAAM;MAC5BqB,MAAM,EAAEjC,MAAM,CAACY,MAAM,CAACJ,QAAQ,CAACI,MAAM,CAACmC,GAAG,CAAC,CAACY,KAAK,CAACZ,GAAG,IAChDO,IAAI,CAACC,SAAS,CAAC;QACXnB,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIE,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,kBAAkB;UAC1BC,QAAQ,EAAEM;QACd,CAAC;MAET,CAAC,CACL;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMa,sBAAsB,GAAGvD,GAAG,CAACqB,WAAW,CAACzB,GAAG,CAAC4D,UAAU,CAACC,SAAS,EAAE;IACrElC,IAAI,EAAE,gDAAgD;IACtDC,MAAM,EAAE;MACJkC,YAAY,EAAE,SAAS;MACvBC,YAAY,EAAEtD,MAAM,CAACA,MAAM,CAACiD,KAAK,CAAC/B,IAAI,IAClC0B,IAAI,CAACC,SAAS,CAAC;QACXU,MAAM,EAAE,CAAC,eAAe,CAAC;QACzB,aAAa,EAAE,CAAC,iDAAiD,CAAC;QAClEC,MAAM,EAAE;UACJC,eAAe,EAAE;YACbf,UAAU,EAAE,CAACxB,IAAI;UACrB;QACJ;MACJ,CAAC,CACL;IACJ;EACJ,CAAC,CAAC;;EAEF;EACAvB,GAAG,CAACqB,WAAW,CAACzB,GAAG,CAAC4D,UAAU,CAACO,WAAW,EAAE;IACxCxC,IAAI,EAAE,kDAAkD;IACxDC,MAAM,EAAE;MACJwC,IAAI,EAAET,sBAAsB,CAAChD,MAAM,CAACgB,IAAI;MACxC0C,OAAO,EAAEjB,eAAe,CAACzC,MAAM,CAACmC,GAAG;MACnCgB,YAAY,EAAE,SAAS;MACvBhB,GAAG,EAAEvC,QAAQ,CAACI,MAAM,CAACmC;IACzB;EACJ,CAAC,CAAC;AACN,CAAC","ignoreList":[]}

package/pulumi/apps/core/createCorePulumiApp.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import * as aws from "@pulumi/aws";
+export type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;
+export declare function createCorePulumiApp(): import("@webiny/pulumi").PulumiApp<{
+    fileManagerBucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket.js").Bucket>;
+    eventBus: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventBus.js").EventBus>;
+    opensearch: {
+        domain: import("@webiny/pulumi").PulumiAppResource<import("@webiny/pulumi").PulumiAppResourceConstructor<import("@pulumi/aws/opensearch/domain.js").Domain, any>> | import("@webiny/pulumi").PulumiAppRemoteResource<aws.opensearch.GetDomainResult>;
+        domainPolicy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/opensearch/domainPolicy.js").DomainPolicy> | undefined;
+        table: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/table.js").Table>;
+        dynamoToElastic: {
+            role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role.js").Role>;
+            policy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/policy.js").Policy>;
+            lambda: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function.js").Function>;
+            eventSourceMapping: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/eventSourceMapping.js").EventSourceMapping>;
+        };
+    } | undefined;
+    userPool: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cognito/userPool.js").UserPool>;
+    userPoolClient: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cognito/userPoolClient.js").UserPoolClient>;
+    dynamoDbTable: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/table.js").Table>;
+    logDynamoDbTable: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/table.js").Table>;
+    vpc: {
+        vpc: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/vpc.js").Vpc>;
+        subnets: {
+            public: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/subnet.js").Subnet>[];
+            private: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/subnet.js").Subnet>[];
+        };
+        routeTables: {
+            privateSubnets: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/routeTable.js").RouteTable>;
+            publicSubnets: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/routeTable.js").RouteTable>;
+        };
+    } | null;
+}> & import("~/pulumi/utils/withServiceManifest.js").WithServiceManifest;