@webiny/project-aws 0.0.0-unstable.61c048f412

package/pulumi/apps/core/createCorePulumiApp.js

@@ -0,0 +1,296 @@
+import * as aws from "@pulumi/aws";
+import { createPulumiApp, isResourceOfType } from "@webiny/pulumi";
+import { CoreCognito } from "./CoreCognito.js";
+import { CoreDynamo } from "./CoreDynamo.js";
+import { OpenSearch } from "./CoreOpenSearch.js";
+import { CoreEventBus } from "./CoreEventBus.js";
+import { CoreFileManger } from "./CoreFileManager.js";
+import { CoreVpc } from "./CoreVpc.js";
+import { WatchCommand } from "./WatchCommand.js";
+import { withServiceManifest } from "../../utils/withServiceManifest.js";
+import { addServiceManifestTableItem } from "../../utils/addServiceManifestTableItem.js";
+import * as random from "@pulumi/random";
+import { LogDynamo } from "./LogDynamo.js";
+import { getProjectSdk } from "@webiny/project";
+import { CorePulumi } from "@webiny/project/abstractions/index.js";
+import { getOsConfigFromExtension } from "../extensions/getOsConfigFromExtension.js";
+import { getVpcConfigFromExtension } from "../extensions/getVpcConfigFromExtension.js";
+import { applyAwsResourceTags, getAwsRegion } from "../awsUtils.js";
+import { License } from "@webiny/wcp";
+import { configureS3BucketMalwareProtection } from "./configureS3BucketMalwareProtection.js";
+import * as pulumi from "@pulumi/pulumi";
+import { CoreAuditLogsDynamo } from "../../index.js";
+export function createCorePulumiApp() {
+  const baseApp = createPulumiApp({
+    name: "core",
+    path: "apps/core",
+    program: async app => {
+      const sdk = await getProjectSdk();
+      const projectConfig = await sdk.getProjectConfig();
+      const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();
+      const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);
+      const opensearchExtensionConfig = getOsConfigFromExtension(projectConfig);
+      const deploymentId = new random.RandomId("deploymentId", {
+        byteLength: 8
+      });
+      let searchEngineType = null;
+      let searchEngineParams = null;
+      if (opensearchExtensionConfig) {
+        searchEngineParams = opensearchExtensionConfig;
+        searchEngineType = "opensearch";
+      }
+      if (searchEngineParams) {
+        const params = searchEngineParams;
+        if (typeof params === "object") {
+          if (params.domainName) {
+            process.env.AWS_OS_DOMAIN_NAME = params.domainName;
+          }
+          if (params.indexPrefix) {
+            process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;
+          }
+          if (params.sharedIndexes) {
+            process.env.OPENSEARCH_SHARED_INDEXES = "true";
+          }
+        }
+      }
+      if (pulumiResourceNamePrefix) {
+        app.onResource(resource => {
+          if (!resource.name.startsWith(pulumiResourceNamePrefix)) {
+            resource.name = `${pulumiResourceNamePrefix}${resource.name}`;
+          }
+        });
+      }
+
+      // <-------------------- Enterprise start -------------------->
+      app.addHandler(async () => {
+        const usingAdvancedVpcParams = vpcExtensionsConfig && typeof vpcExtensionsConfig !== "boolean";
+        const license = await License.fromEnvironment();
+        if (license.canUseFileManagerThreatDetection()) {
+          configureS3BucketMalwareProtection(app);
+        }
+
+        // Not using advanced VPC params? Then immediately exit.
+        if (!usingAdvancedVpcParams) {
+          return;
+        }
+        const {
+          resources,
+          addResource,
+          onResource
+        } = app;
+        const {
+          useExistingVpc,
+          useVpcEndpoints
+        } = vpcExtensionsConfig;
+
+        // 1. We first deal with "existing VPC" setup.
+        if (useExistingVpc) {
+          if ("useVpcEndpoints" in vpcExtensionsConfig) {
+            throw new Error("Cannot specify `useVpcEndpoints` parameter when using an existing VPC. The VPC endpoints configurations should be already defined within the existing VPC.");
+          }
+          if (opensearchExtensionConfig) {
+            if (!useExistingVpc.openSearchDomainVpcConfig) {
+              throw new Error("Cannot specify `useExistingVpc` parameter because the `openSearchDomainVpcConfig` parameter wasn't provided.");
+            }
+            onResource(resource => {
+              if (isResourceOfType(resource, aws.opensearch.Domain)) {
+                resource.config.vpcOptions(useExistingVpc.openSearchDomainVpcConfig);
+              }
+            });
+          }
+          if (!useExistingVpc.lambdaFunctionsVpcConfig) {
+            throw new Error("Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.");
+          }
+          onResource(resource => {
+            if (isResourceOfType(resource, aws.lambda.Function)) {
+              const canUseVpc = resource.meta.canUseVpc !== false;
+              if (canUseVpc) {
+                resource.config.vpcConfig(useExistingVpc.lambdaFunctionsVpcConfig);
+              }
+            }
+            if (isResourceOfType(resource, aws.iam.Role)) {
+              if (resource.meta.isLambdaFunctionRole) {
+                addResource(aws.iam.RolePolicyAttachment, {
+                  name: `${resource.name}-vpc-access-execution-role`,
+                  config: {
+                    role: resource.output.name,
+                    policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole
+                  }
+                });
+              }
+            }
+          });
+          return;
+        }
+
+        // 2. Now we deal with "non-existing VPC" setup.
+        if (useVpcEndpoints) {
+          const region = getAwsRegion(app);
+          onResource(resource => {
+            if (isResourceOfType(resource, aws.ec2.Vpc)) {
+              resource.config.enableDnsSupport(true);
+              resource.config.enableDnsHostnames(true);
+            }
+          });
+          const {
+            vpc,
+            subnets,
+            routeTables
+          } = resources.vpc;
+          addResource(aws.ec2.VpcEndpoint, {
+            name: "vpc-s3-vpc-endpoint",
+            config: {
+              vpcId: vpc.output.id,
+              serviceName: pulumi.interpolate`com.amazonaws.${region}.s3`,
+              routeTableIds: [routeTables.privateSubnets.output.id]
+            }
+          });
+          addResource(aws.ec2.VpcEndpoint, {
+            name: "vpc-dynamodb-vpc-endpoint",
+            config: {
+              vpcId: vpc.output.id,
+              serviceName: pulumi.interpolate`com.amazonaws.${region}.dynamodb`,
+              routeTableIds: [routeTables.privateSubnets.output.id]
+            }
+          });
+          addResource(aws.ec2.VpcEndpoint, {
+            name: "vpc-sqs-vpc-endpoint",
+            config: {
+              vpcId: vpc.output.id,
+              serviceName: pulumi.interpolate`com.amazonaws.${region}.sqs`,
+              vpcEndpointType: "Interface",
+              privateDnsEnabled: true,
+              securityGroupIds: [vpc.output.defaultSecurityGroupId],
+              subnetIds: subnets.private.map(subNet => subNet.output.id)
+            }
+          });
+          addResource(aws.ec2.VpcEndpoint, {
+            name: "vpc-events-vpc-endpoint",
+            config: {
+              vpcId: vpc.output.id,
+              serviceName: pulumi.interpolate`com.amazonaws.${region}.events`,
+              vpcEndpointType: "Interface",
+              privateDnsEnabled: true,
+              securityGroupIds: [vpc.output.defaultSecurityGroupId],
+              subnetIds: subnets.private.map(subNet => subNet.output.id)
+            }
+          });
+        }
+      });
+      // <-------------------- Enterprise end -------------------->
+
+      // Overrides must be applied via a handler, registered at the very start of the program.
+      // By doing this, we're ensuring user's adjustments are not applied to late.
+      const pulumiHandlers = sdk.getContainer().resolve(CorePulumi);
+      app.addHandler(() => {
+        return pulumiHandlers.execute(app);
+      });
+      const isProduction = app.env.isProduction;
+      const protect = isProduction;
+
+      // Setup DynamoDB table
+      const dynamoDbTable = app.addModule(CoreDynamo, {
+        protect
+      });
+      const logDynamoDbTable = app.addModule(LogDynamo, {
+        protect
+      });
+      const auditLogsDynamoDbTable = app.addModule(CoreAuditLogsDynamo, {
+        protect
+      });
+
+      // Setup VPC
+      const vpcEnabled = vpcExtensionsConfig === true || typeof vpcExtensionsConfig === "object" || isProduction;
+      const vpc = vpcEnabled ? app.addModule(CoreVpc) : null;
+
+      // Setup Cognito
+      const cognito = app.addModule(CoreCognito, {
+        protect,
+        useEmailAsUsername: false
+      });
+
+      // Setup event bus
+      const eventBus = app.addModule(CoreEventBus);
+
+      // Setup file core bucket
+      const {
+        bucket: fileManagerBucket
+      } = app.addModule(CoreFileManger, {
+        protect
+      });
+      let opensearch;
+      if (searchEngineType === "opensearch") {
+        opensearch = app.addModule(OpenSearch, {
+          protect
+        });
+      }
+      app.addModule(WatchCommand, {
+        deploymentId: deploymentId.hex
+      });
+      app.addOutputs({
+        deploymentId: deploymentId.hex,
+        region: aws.config.region,
+        fileManagerBucketId: fileManagerBucket.output.id,
+        primaryDynamodbTableArn: dynamoDbTable.output.arn,
+        primaryDynamodbTableName: dynamoDbTable.output.name,
+        primaryDynamodbTableHashKey: dynamoDbTable.output.hashKey,
+        primaryDynamodbTableRangeKey: dynamoDbTable.output.rangeKey,
+        logDynamodbTableArn: logDynamoDbTable.output.arn,
+        logDynamodbTableName: logDynamoDbTable.output.name,
+        logDynamodbTableHashKey: logDynamoDbTable.output.hashKey,
+        logDynamodbTableRangeKey: logDynamoDbTable.output.rangeKey,
+        auditLogsDynamodbTableArn: auditLogsDynamoDbTable.output.arn,
+        auditLogsDynamodbTableName: auditLogsDynamoDbTable.output.name,
+        auditLogsDynamodbTableHashKey: auditLogsDynamoDbTable.output.hashKey,
+        auditLogsDynamodbTableRangeKey: auditLogsDynamoDbTable.output.rangeKey,
+        cognitoUserPoolId: cognito.userPool.output.id,
+        cognitoUserPoolArn: cognito.userPool.output.arn,
+        cognitoUserPoolPasswordPolicy: cognito.userPool.output.passwordPolicy,
+        cognitoAppClientId: cognito.userPoolClient.output.id,
+        eventBusName: eventBus.output.name,
+        eventBusArn: eventBus.output.arn
+      });
+
+      // Applies internal and user-defined AWS tags.
+      await applyAwsResourceTags("core");
+      return {
+        dynamoDbTable,
+        logDynamoDbTable,
+        vpc,
+        ...cognito,
+        fileManagerBucket,
+        eventBus,
+        opensearch
+      };
+    }
+  });
+  const app = withServiceManifest(baseApp, manifests => {
+    const dynamoTable = baseApp.resources.dynamoDbTable;
+    const table = {
+      tableName: dynamoTable.output.name,
+      hashKey: dynamoTable.output.hashKey,
+      rangeKey: dynamoTable.output.rangeKey
+    };
+    manifests.forEach(manifest => addServiceManifestTableItem(baseApp, table, manifest));
+  });
+  app.addHandler(() => {
+    app.addServiceManifest({
+      name: "core",
+      manifest: {
+        eventBus: {
+          arn: baseApp.resources.eventBus.output.arn,
+          name: baseApp.resources.eventBus.output.name
+        },
+        dynamodbTable: {
+          arn: baseApp.resources.dynamoDbTable.output.arn,
+          name: baseApp.resources.dynamoDbTable.output.name,
+          hashKey: baseApp.resources.dynamoDbTable.output.hashKey,
+          rangeKey: baseApp.resources.dynamoDbTable.output.rangeKey
+        }
+      }
+    });
+  });
+  return app;
+}
+
+//# sourceMappingURL=createCorePulumiApp.js.map

package/pulumi/apps/core/createCorePulumiApp.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["aws","createPulumiApp","isResourceOfType","CoreCognito","CoreDynamo","OpenSearch","CoreEventBus","CoreFileManger","CoreVpc","WatchCommand","withServiceManifest","addServiceManifestTableItem","random","LogDynamo","getProjectSdk","CorePulumi","getOsConfigFromExtension","getVpcConfigFromExtension","applyAwsResourceTags","getAwsRegion","License","configureS3BucketMalwareProtection","pulumi","CoreAuditLogsDynamo","createCorePulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","opensearchExtensionConfig","deploymentId","RandomId","byteLength","searchEngineType","searchEngineParams","params","domainName","process","env","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","onResource","resource","startsWith","addHandler","usingAdvancedVpcParams","license","fromEnvironment","canUseFileManagerThreatDetection","resources","addResource","useExistingVpc","useVpcEndpoints","Error","openSearchDomainVpcConfig","opensearch","Domain","config","vpcOptions","lambdaFunctionsVpcConfig","lambda","Function","canUseVpc","meta","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","region","ec2","Vpc","enableDnsSupport","enableDnsHostnames","vpc","subnets","routeTables","VpcEndpoint","vpcId","id","serviceName","interpolate","routeTableIds","privateSubnets","vpcEndpointType","privateDnsEnabled","securityGroupIds","defaultSecurityGroupId","subnetIds","private","map","subNet","pulumiHandlers","getContainer","resolve","execute","isProduction","protect","dynamoDbTable","addModule","logDynamoDbTable","auditLogsDynamoDbTable","vpcEnabled","cognito","useEmailAsUsername","eventBus","bucket","fileManagerBucket","hex","addOutputs","fileManagerBucketId","primaryDynamodbTableArn","arn","primaryDynamodbTableName","primaryDynamodbTableHashKey","hashKey","primaryDynamodbTableRangeKey","rangeKey","logDynamodbTableArn","logDynamodbTableName","logDynamodbTableHashKey","logDynamodbTableRangeKey","auditLogsDynamodbTableArn","auditLogsDynamodbTableName","auditLogsDynamodbTableHashKey","auditLogsDynamodbTableRangeKey","cognitoUserPoolId","userPool","cognitoUserPoolArn","cognitoUserPoolPasswordPolicy","passwordPolicy","cognitoAppClientId","userPoolClient","eventBusName","eventBusArn","manifests","dynamoTable","table","tableName","forEach","manifest","addServiceManifest","dynamodbTable"],"sources":["createCorePulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType } from \"@webiny/pulumi\";\nimport { CoreCognito } from \"./CoreCognito.js\";\nimport { CoreDynamo } from \"./CoreDynamo.js\";\nimport { OpenSearch } from \"./CoreOpenSearch.js\";\nimport { CoreEventBus } from \"./CoreEventBus.js\";\nimport { CoreFileManger } from \"./CoreFileManager.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { WatchCommand } from \"./WatchCommand.js\";\nimport { withServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport {\n    addServiceManifestTableItem,\n    type TableDefinition\n} from \"~/pulumi/utils/addServiceManifestTableItem.js\";\nimport * as random from \"@pulumi/random\";\nimport { LogDynamo } from \"./LogDynamo.js\";\nimport { getProjectSdk } from \"@webiny/project\";\nimport { CorePulumi } from \"@webiny/project/abstractions/index.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { applyAwsResourceTags, getAwsRegion } from \"~/pulumi/apps/awsUtils.js\";\nimport { License } from \"@webiny/wcp\";\nimport { configureS3BucketMalwareProtection } from \"./configureS3BucketMalwareProtection.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport { CoreAuditLogsDynamo } from \"~/pulumi/index.js\";\n\nexport type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;\n\nexport function createCorePulumiApp() {\n    const baseApp = createPulumiApp({\n        name: \"core\",\n        path: \"apps/core\",\n        program: async app => {\n            const sdk = await getProjectSdk();\n            const projectConfig = await sdk.getProjectConfig();\n\n            const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n            const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n            const opensearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n            const deploymentId = new random.RandomId(\"deploymentId\", { byteLength: 8 });\n\n            let searchEngineType: \"opensearch\" | null = null;\n            let searchEngineParams: typeof opensearchExtensionConfig | null = null;\n\n            if (opensearchExtensionConfig) {\n                searchEngineParams = opensearchExtensionConfig;\n                searchEngineType = \"opensearch\";\n            }\n\n            if (searchEngineParams) {\n                const params = searchEngineParams;\n                if (typeof params === \"object\") {\n                    if (params.domainName) {\n                        process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n                    }\n\n                    if (params.indexPrefix) {\n                        process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n                    }\n\n                    if (params.sharedIndexes) {\n                        process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n                    }\n                }\n            }\n\n            if (pulumiResourceNamePrefix) {\n                app.onResource(resource => {\n                    if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n                        resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n                    }\n                });\n            }\n\n            // <-------------------- Enterprise start -------------------->\n            app.addHandler(async () => {\n                const usingAdvancedVpcParams =\n                    vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n                const license = await License.fromEnvironment();\n                if (license.canUseFileManagerThreatDetection()) {\n                    configureS3BucketMalwareProtection(app as CorePulumiApp);\n                }\n\n                // Not using advanced VPC params? Then immediately exit.\n                if (!usingAdvancedVpcParams) {\n                    return;\n                }\n\n                const { resources, addResource, onResource } = app as CorePulumiApp;\n                const { useExistingVpc, useVpcEndpoints } = vpcExtensionsConfig;\n\n                // 1. We first deal with \"existing VPC\" setup.\n                if (useExistingVpc) {\n                    if (\"useVpcEndpoints\" in vpcExtensionsConfig) {\n                        throw new Error(\n                            \"Cannot specify `useVpcEndpoints` parameter when using an existing VPC. The VPC endpoints configurations should be already defined within the existing VPC.\"\n                        );\n                    }\n\n                    if (opensearchExtensionConfig) {\n                        if (!useExistingVpc.openSearchDomainVpcConfig) {\n                            throw new Error(\n                                \"Cannot specify `useExistingVpc` parameter because the `openSearchDomainVpcConfig` parameter wasn't provided.\"\n                            );\n                        }\n\n                        onResource(resource => {\n                            if (isResourceOfType(resource, aws.opensearch.Domain)) {\n                                resource.config.vpcOptions(\n                                    useExistingVpc!.openSearchDomainVpcConfig\n                                );\n                            }\n                        });\n                    }\n\n                    if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n                        throw new Error(\n                            \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n                        );\n                    }\n\n                    onResource(resource => {\n                        if (isResourceOfType(resource, aws.lambda.Function)) {\n                            const canUseVpc = resource.meta.canUseVpc !== false;\n                            if (canUseVpc) {\n                                resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n                            }\n                        }\n\n                        if (isResourceOfType(resource, aws.iam.Role)) {\n                            if (resource.meta.isLambdaFunctionRole) {\n                                addResource(aws.iam.RolePolicyAttachment, {\n                                    name: `${resource.name}-vpc-access-execution-role`,\n                                    config: {\n                                        role: resource.output.name,\n                                        policyArn:\n                                            aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n                                    }\n                                });\n                            }\n                        }\n                    });\n\n                    return;\n                }\n\n                // 2. Now we deal with \"non-existing VPC\" setup.\n                if (useVpcEndpoints) {\n                    const region = getAwsRegion(app);\n\n                    onResource(resource => {\n                        if (isResourceOfType(resource, aws.ec2.Vpc)) {\n                            resource.config.enableDnsSupport(true);\n                            resource.config.enableDnsHostnames(true);\n                        }\n                    });\n\n                    const { vpc, subnets, routeTables } = resources.vpc!;\n                    addResource(aws.ec2.VpcEndpoint, {\n                        name: \"vpc-s3-vpc-endpoint\",\n                        config: {\n                            vpcId: vpc.output.id,\n                            serviceName: pulumi.interpolate`com.amazonaws.${region}.s3`,\n                            routeTableIds: [routeTables.privateSubnets.output.id]\n                        }\n                    });\n\n                    addResource(aws.ec2.VpcEndpoint, {\n                        name: \"vpc-dynamodb-vpc-endpoint\",\n                        config: {\n                            vpcId: vpc.output.id,\n                            serviceName: pulumi.interpolate`com.amazonaws.${region}.dynamodb`,\n                            routeTableIds: [routeTables.privateSubnets.output.id]\n                        }\n                    });\n\n                    addResource(aws.ec2.VpcEndpoint, {\n                        name: \"vpc-sqs-vpc-endpoint\",\n                        config: {\n                            vpcId: vpc.output.id,\n                            serviceName: pulumi.interpolate`com.amazonaws.${region}.sqs`,\n                            vpcEndpointType: \"Interface\",\n                            privateDnsEnabled: true,\n                            securityGroupIds: [vpc.output.defaultSecurityGroupId],\n                            subnetIds: subnets.private.map(subNet => subNet.output.id)\n                        }\n                    });\n\n                    addResource(aws.ec2.VpcEndpoint, {\n                        name: \"vpc-events-vpc-endpoint\",\n                        config: {\n                            vpcId: vpc.output.id,\n                            serviceName: pulumi.interpolate`com.amazonaws.${region}.events`,\n                            vpcEndpointType: \"Interface\",\n                            privateDnsEnabled: true,\n                            securityGroupIds: [vpc.output.defaultSecurityGroupId],\n                            subnetIds: subnets.private.map(subNet => subNet.output.id)\n                        }\n                    });\n                }\n            });\n            // <-------------------- Enterprise end -------------------->\n\n            // Overrides must be applied via a handler, registered at the very start of the program.\n            // By doing this, we're ensuring user's adjustments are not applied to late.\n            const pulumiHandlers = sdk.getContainer().resolve(CorePulumi);\n\n            app.addHandler(() => {\n                return pulumiHandlers.execute(app as unknown as CorePulumiApp);\n            });\n\n            const isProduction = app.env.isProduction;\n            const protect = isProduction;\n\n            // Setup DynamoDB table\n            const dynamoDbTable = app.addModule(CoreDynamo, { protect });\n            const logDynamoDbTable = app.addModule(LogDynamo, { protect });\n            const auditLogsDynamoDbTable = app.addModule(CoreAuditLogsDynamo, { protect });\n\n            // Setup VPC\n            const vpcEnabled =\n                vpcExtensionsConfig === true ||\n                typeof vpcExtensionsConfig === \"object\" ||\n                isProduction;\n\n            const vpc = vpcEnabled ? app.addModule(CoreVpc) : null;\n\n            // Setup Cognito\n            const cognito = app.addModule(CoreCognito, {\n                protect,\n                useEmailAsUsername: false\n            });\n\n            // Setup event bus\n            const eventBus = app.addModule(CoreEventBus);\n\n            // Setup file core bucket\n            const { bucket: fileManagerBucket } = app.addModule(CoreFileManger, { protect });\n\n            let opensearch;\n            if (searchEngineType === \"opensearch\") {\n                opensearch = app.addModule(OpenSearch, { protect });\n            }\n\n            app.addModule(WatchCommand, { deploymentId: deploymentId.hex });\n\n            app.addOutputs({\n                deploymentId: deploymentId.hex,\n                region: aws.config.region,\n                fileManagerBucketId: fileManagerBucket.output.id,\n                primaryDynamodbTableArn: dynamoDbTable.output.arn,\n                primaryDynamodbTableName: dynamoDbTable.output.name,\n                primaryDynamodbTableHashKey: dynamoDbTable.output.hashKey,\n                primaryDynamodbTableRangeKey: dynamoDbTable.output.rangeKey,\n                logDynamodbTableArn: logDynamoDbTable.output.arn,\n                logDynamodbTableName: logDynamoDbTable.output.name,\n                logDynamodbTableHashKey: logDynamoDbTable.output.hashKey,\n                logDynamodbTableRangeKey: logDynamoDbTable.output.rangeKey,\n                auditLogsDynamodbTableArn: auditLogsDynamoDbTable.output.arn,\n                auditLogsDynamodbTableName: auditLogsDynamoDbTable.output.name,\n                auditLogsDynamodbTableHashKey: auditLogsDynamoDbTable.output.hashKey,\n                auditLogsDynamodbTableRangeKey: auditLogsDynamoDbTable.output.rangeKey,\n                cognitoUserPoolId: cognito.userPool.output.id,\n                cognitoUserPoolArn: cognito.userPool.output.arn,\n                cognitoUserPoolPasswordPolicy: cognito.userPool.output.passwordPolicy,\n                cognitoAppClientId: cognito.userPoolClient.output.id,\n                eventBusName: eventBus.output.name,\n                eventBusArn: eventBus.output.arn\n            });\n\n            // Applies internal and user-defined AWS tags.\n            await applyAwsResourceTags(\"core\");\n\n            return {\n                dynamoDbTable,\n                logDynamoDbTable,\n                vpc,\n                ...cognito,\n                fileManagerBucket,\n                eventBus,\n                opensearch\n            };\n        }\n    });\n\n    const app = withServiceManifest(baseApp, manifests => {\n        const dynamoTable = baseApp.resources.dynamoDbTable;\n\n        const table: TableDefinition = {\n            tableName: dynamoTable.output.name,\n            hashKey: dynamoTable.output.hashKey,\n            rangeKey: dynamoTable.output.rangeKey\n        };\n\n        manifests.forEach(manifest => addServiceManifestTableItem(baseApp, table, manifest));\n    });\n\n    app.addHandler(() => {\n        app.addServiceManifest({\n            name: \"core\",\n            manifest: {\n                eventBus: {\n                    arn: baseApp.resources.eventBus.output.arn,\n                    name: baseApp.resources.eventBus.output.name\n                },\n                dynamodbTable: {\n                    arn: baseApp.resources.dynamoDbTable.output.arn,\n                    name: baseApp.resources.dynamoDbTable.output.name,\n                    hashKey: baseApp.resources.dynamoDbTable.output.hashKey,\n                    rangeKey: baseApp.resources.dynamoDbTable.output.rangeKey\n                }\n            }\n        });\n    });\n\n    return app;\n}\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAQ,gBAAgB;AAClE,SAASC,WAAW;AACpB,SAASC,UAAU;AACnB,SAASC,UAAU;AACnB,SAASC,YAAY;AACrB,SAASC,cAAc;AACvB,SAASC,OAAO;AAChB,SAASC,YAAY;AACrB,SAASC,mBAAmB;AAC5B,SACIC,2BAA2B;AAG/B,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SAASC,SAAS;AAClB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,UAAU,QAAQ,uCAAuC;AAClE,SAASC,wBAAwB;AACjC,SAASC,yBAAyB;AAClC,SAASC,oBAAoB,EAAEC,YAAY;AAC3C,SAASC,OAAO,QAAQ,aAAa;AACrC,SAASC,kCAAkC;AAC3C,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SAASC,mBAAmB;AAI5B,OAAO,SAASC,mBAAmBA,CAAA,EAAG;EAClC,MAAMC,OAAO,GAAGxB,eAAe,CAAC;IAC5ByB,IAAI,EAAE,MAAM;IACZC,IAAI,EAAE,WAAW;IACjBC,OAAO,EAAE,MAAMC,GAAG,IAAI;MAClB,MAAMC,GAAG,GAAG,MAAMhB,aAAa,CAAC,CAAC;MACjC,MAAMiB,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGlB,yBAAyB,CAACc,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGpB,wBAAwB,CAACe,aAAa,CAAC;MAEzE,MAAMM,YAAY,GAAG,IAAIzB,MAAM,CAAC0B,QAAQ,CAAC,cAAc,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAE3E,IAAIC,gBAAqC,GAAG,IAAI;MAChD,IAAIC,kBAA2D,GAAG,IAAI;MAEtE,IAAIL,yBAAyB,EAAE;QAC3BK,kBAAkB,GAAGL,yBAAyB;QAC9CI,gBAAgB,GAAG,YAAY;MACnC;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,UAAU,EAAE;YACnBC,OAAO,CAACC,GAAG,CAACC,kBAAkB,GAAGJ,MAAM,CAACC,UAAU;UACtD;UAEA,IAAID,MAAM,CAACK,WAAW,EAAE;YACpBH,OAAO,CAACC,GAAG,CAACG,uBAAuB,GAAGN,MAAM,CAACK,WAAW;UAC5D;UAEA,IAAIL,MAAM,CAACO,aAAa,EAAE;YACtBL,OAAO,CAACC,GAAG,CAACK,yBAAyB,GAAG,MAAM;UAClD;QACJ;MACJ;MAEA,IAAIjB,wBAAwB,EAAE;QAC1BJ,GAAG,CAACsB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAAC1B,IAAI,CAAC2B,UAAU,CAACpB,wBAAwB,CAAC,EAAE;YACrDmB,QAAQ,CAAC1B,IAAI,GAAG,GAAGO,wBAAwB,GAAGmB,QAAQ,CAAC1B,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAACyB,UAAU,CAAC,YAAY;QACvB,MAAMC,sBAAsB,GACxBpB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,MAAMqB,OAAO,GAAG,MAAMpC,OAAO,CAACqC,eAAe,CAAC,CAAC;QAC/C,IAAID,OAAO,CAACE,gCAAgC,CAAC,CAAC,EAAE;UAC5CrC,kCAAkC,CAACQ,GAAoB,CAAC;QAC5D;;QAEA;QACA,IAAI,CAAC0B,sBAAsB,EAAE;UACzB;QACJ;QAEA,MAAM;UAAEI,SAAS;UAAEC,WAAW;UAAET;QAAW,CAAC,GAAGtB,GAAoB;QACnE,MAAM;UAAEgC,cAAc;UAAEC;QAAgB,CAAC,GAAG3B,mBAAmB;;QAE/D;QACA,IAAI0B,cAAc,EAAE;UAChB,IAAI,iBAAiB,IAAI1B,mBAAmB,EAAE;YAC1C,MAAM,IAAI4B,KAAK,CACX,4JACJ,CAAC;UACL;UAEA,IAAI3B,yBAAyB,EAAE;YAC3B,IAAI,CAACyB,cAAc,CAACG,yBAAyB,EAAE;cAC3C,MAAM,IAAID,KAAK,CACX,8GACJ,CAAC;YACL;YAEAZ,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAIlD,gBAAgB,CAACkD,QAAQ,EAAEpD,GAAG,CAACiE,UAAU,CAACC,MAAM,CAAC,EAAE;gBACnDd,QAAQ,CAACe,MAAM,CAACC,UAAU,CACtBP,cAAc,CAAEG,yBACpB,CAAC;cACL;YACJ,CAAC,CAAC;UACN;UAEA,IAAI,CAACH,cAAc,CAACQ,wBAAwB,EAAE;YAC1C,MAAM,IAAIN,KAAK,CACX,6GACJ,CAAC;UACL;UAEAZ,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAIlD,gBAAgB,CAACkD,QAAQ,EAAEpD,GAAG,CAACsE,MAAM,CAACC,QAAQ,CAAC,EAAE;cACjD,MAAMC,SAAS,GAAGpB,QAAQ,CAACqB,IAAI,CAACD,SAAS,KAAK,KAAK;cACnD,IAAIA,SAAS,EAAE;gBACXpB,QAAQ,CAACe,MAAM,CAACO,SAAS,CAACb,cAAc,CAAEQ,wBAAwB,CAAC;cACvE;YACJ;YAEA,IAAInE,gBAAgB,CAACkD,QAAQ,EAAEpD,GAAG,CAAC2E,GAAG,CAACC,IAAI,CAAC,EAAE;cAC1C,IAAIxB,QAAQ,CAACqB,IAAI,CAACI,oBAAoB,EAAE;gBACpCjB,WAAW,CAAC5D,GAAG,CAAC2E,GAAG,CAACG,oBAAoB,EAAE;kBACtCpD,IAAI,EAAE,GAAG0B,QAAQ,CAAC1B,IAAI,4BAA4B;kBAClDyC,MAAM,EAAE;oBACJY,IAAI,EAAE3B,QAAQ,CAAC4B,MAAM,CAACtD,IAAI;oBAC1BuD,SAAS,EACLjF,GAAG,CAAC2E,GAAG,CAACO,aAAa,CAACC;kBAC9B;gBACJ,CAAC,CAAC;cACN;YACJ;UACJ,CAAC,CAAC;UAEF;QACJ;;QAEA;QACA,IAAIrB,eAAe,EAAE;UACjB,MAAMsB,MAAM,GAAGjE,YAAY,CAACU,GAAG,CAAC;UAEhCsB,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAIlD,gBAAgB,CAACkD,QAAQ,EAAEpD,GAAG,CAACqF,GAAG,CAACC,GAAG,CAAC,EAAE;cACzClC,QAAQ,CAACe,MAAM,CAACoB,gBAAgB,CAAC,IAAI,CAAC;cACtCnC,QAAQ,CAACe,MAAM,CAACqB,kBAAkB,CAAC,IAAI,CAAC;YAC5C;UACJ,CAAC,CAAC;UAEF,MAAM;YAAEC,GAAG;YAAEC,OAAO;YAAEC;UAAY,CAAC,GAAGhC,SAAS,CAAC8B,GAAI;UACpD7B,WAAW,CAAC5D,GAAG,CAACqF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,qBAAqB;YAC3ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,KAAK;cAC3Da,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC5D,GAAG,CAACqF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,2BAA2B;YACjCyC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,WAAW;cACjEa,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC5D,GAAG,CAACqF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,sBAAsB;YAC5ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,MAAM;cAC5De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC5D,GAAG,CAACqF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,yBAAyB;YAC/ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,SAAS;cAC/De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;QACN;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMa,cAAc,GAAG7E,GAAG,CAAC8E,YAAY,CAAC,CAAC,CAACC,OAAO,CAAC9F,UAAU,CAAC;MAE7Dc,GAAG,CAACyB,UAAU,CAAC,MAAM;QACjB,OAAOqD,cAAc,CAACG,OAAO,CAACjF,GAA+B,CAAC;MAClE,CAAC,CAAC;MAEF,MAAMkF,YAAY,GAAGlF,GAAG,CAACgB,GAAG,CAACkE,YAAY;MACzC,MAAMC,OAAO,GAAGD,YAAY;;MAE5B;MACA,MAAME,aAAa,GAAGpF,GAAG,CAACqF,SAAS,CAAC9G,UAAU,EAAE;QAAE4G;MAAQ,CAAC,CAAC;MAC5D,MAAMG,gBAAgB,GAAGtF,GAAG,CAACqF,SAAS,CAACrG,SAAS,EAAE;QAAEmG;MAAQ,CAAC,CAAC;MAC9D,MAAMI,sBAAsB,GAAGvF,GAAG,CAACqF,SAAS,CAAC3F,mBAAmB,EAAE;QAAEyF;MAAQ,CAAC,CAAC;;MAE9E;MACA,MAAMK,UAAU,GACZlF,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvC4E,YAAY;MAEhB,MAAMtB,GAAG,GAAG4B,UAAU,GAAGxF,GAAG,CAACqF,SAAS,CAAC1G,OAAO,CAAC,GAAG,IAAI;;MAEtD;MACA,MAAM8G,OAAO,GAAGzF,GAAG,CAACqF,SAAS,CAAC/G,WAAW,EAAE;QACvC6G,OAAO;QACPO,kBAAkB,EAAE;MACxB,CAAC,CAAC;;MAEF;MACA,MAAMC,QAAQ,GAAG3F,GAAG,CAACqF,SAAS,CAAC5G,YAAY,CAAC;;MAE5C;MACA,MAAM;QAAEmH,MAAM,EAAEC;MAAkB,CAAC,GAAG7F,GAAG,CAACqF,SAAS,CAAC3G,cAAc,EAAE;QAAEyG;MAAQ,CAAC,CAAC;MAEhF,IAAI/C,UAAU;MACd,IAAIzB,gBAAgB,KAAK,YAAY,EAAE;QACnCyB,UAAU,GAAGpC,GAAG,CAACqF,SAAS,CAAC7G,UAAU,EAAE;UAAE2G;QAAQ,CAAC,CAAC;MACvD;MAEAnF,GAAG,CAACqF,SAAS,CAACzG,YAAY,EAAE;QAAE4B,YAAY,EAAEA,YAAY,CAACsF;MAAI,CAAC,CAAC;MAE/D9F,GAAG,CAAC+F,UAAU,CAAC;QACXvF,YAAY,EAAEA,YAAY,CAACsF,GAAG;QAC9BvC,MAAM,EAAEpF,GAAG,CAACmE,MAAM,CAACiB,MAAM;QACzByC,mBAAmB,EAAEH,iBAAiB,CAAC1C,MAAM,CAACc,EAAE;QAChDgC,uBAAuB,EAAEb,aAAa,CAACjC,MAAM,CAAC+C,GAAG;QACjDC,wBAAwB,EAAEf,aAAa,CAACjC,MAAM,CAACtD,IAAI;QACnDuG,2BAA2B,EAAEhB,aAAa,CAACjC,MAAM,CAACkD,OAAO;QACzDC,4BAA4B,EAAElB,aAAa,CAACjC,MAAM,CAACoD,QAAQ;QAC3DC,mBAAmB,EAAElB,gBAAgB,CAACnC,MAAM,CAAC+C,GAAG;QAChDO,oBAAoB,EAAEnB,gBAAgB,CAACnC,MAAM,CAACtD,IAAI;QAClD6G,uBAAuB,EAAEpB,gBAAgB,CAACnC,MAAM,CAACkD,OAAO;QACxDM,wBAAwB,EAAErB,gBAAgB,CAACnC,MAAM,CAACoD,QAAQ;QAC1DK,yBAAyB,EAAErB,sBAAsB,CAACpC,MAAM,CAAC+C,GAAG;QAC5DW,0BAA0B,EAAEtB,sBAAsB,CAACpC,MAAM,CAACtD,IAAI;QAC9DiH,6BAA6B,EAAEvB,sBAAsB,CAACpC,MAAM,CAACkD,OAAO;QACpEU,8BAA8B,EAAExB,sBAAsB,CAACpC,MAAM,CAACoD,QAAQ;QACtES,iBAAiB,EAAEvB,OAAO,CAACwB,QAAQ,CAAC9D,MAAM,CAACc,EAAE;QAC7CiD,kBAAkB,EAAEzB,OAAO,CAACwB,QAAQ,CAAC9D,MAAM,CAAC+C,GAAG;QAC/CiB,6BAA6B,EAAE1B,OAAO,CAACwB,QAAQ,CAAC9D,MAAM,CAACiE,cAAc;QACrEC,kBAAkB,EAAE5B,OAAO,CAAC6B,cAAc,CAACnE,MAAM,CAACc,EAAE;QACpDsD,YAAY,EAAE5B,QAAQ,CAACxC,MAAM,CAACtD,IAAI;QAClC2H,WAAW,EAAE7B,QAAQ,CAACxC,MAAM,CAAC+C;MACjC,CAAC,CAAC;;MAEF;MACA,MAAM7G,oBAAoB,CAAC,MAAM,CAAC;MAElC,OAAO;QACH+F,aAAa;QACbE,gBAAgB;QAChB1B,GAAG;QACH,GAAG6B,OAAO;QACVI,iBAAiB;QACjBF,QAAQ;QACRvD;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMpC,GAAG,GAAGnB,mBAAmB,CAACe,OAAO,EAAE6H,SAAS,IAAI;IAClD,MAAMC,WAAW,GAAG9H,OAAO,CAACkC,SAAS,CAACsD,aAAa;IAEnD,MAAMuC,KAAsB,GAAG;MAC3BC,SAAS,EAAEF,WAAW,CAACvE,MAAM,CAACtD,IAAI;MAClCwG,OAAO,EAAEqB,WAAW,CAACvE,MAAM,CAACkD,OAAO;MACnCE,QAAQ,EAAEmB,WAAW,CAACvE,MAAM,CAACoD;IACjC,CAAC;IAEDkB,SAAS,CAACI,OAAO,CAACC,QAAQ,IAAIhJ,2BAA2B,CAACc,OAAO,EAAE+H,KAAK,EAAEG,QAAQ,CAAC,CAAC;EACxF,CAAC,CAAC;EAEF9H,GAAG,CAACyB,UAAU,CAAC,MAAM;IACjBzB,GAAG,CAAC+H,kBAAkB,CAAC;MACnBlI,IAAI,EAAE,MAAM;MACZiI,QAAQ,EAAE;QACNnC,QAAQ,EAAE;UACNO,GAAG,EAAEtG,OAAO,CAACkC,SAAS,CAAC6D,QAAQ,CAACxC,MAAM,CAAC+C,GAAG;UAC1CrG,IAAI,EAAED,OAAO,CAACkC,SAAS,CAAC6D,QAAQ,CAACxC,MAAM,CAACtD;QAC5C,CAAC;QACDmI,aAAa,EAAE;UACX9B,GAAG,EAAEtG,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAAC+C,GAAG;UAC/CrG,IAAI,EAAED,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACtD,IAAI;UACjDwG,OAAO,EAAEzG,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACkD,OAAO;UACvDE,QAAQ,EAAE3G,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACoD;QACrD;MACJ;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAOvG,GAAG;AACd","ignoreList":[]}

package/pulumi/apps/core/index.d.ts

@@ -0,0 +1,8 @@
+export * from "./CoreCognito.js";
+export * from "./CoreDynamo.js";
+export * from "./CoreEventBus.js";
+export * from "./CoreFileManager.js";
+export * from "./CoreVpc.js";
+export * from "./cognitoIdentityProviders/index.js";
+export * from "./createCorePulumiApp.js";
+export * from "./CoreAuditLogsDynamo.js";

package/pulumi/apps/core/index.js

@@ -0,0 +1,10 @@
+export * from "./CoreCognito.js";
+export * from "./CoreDynamo.js";
+export * from "./CoreEventBus.js";
+export * from "./CoreFileManager.js";
+export * from "./CoreVpc.js";
+export * from "./cognitoIdentityProviders/index.js";
+export * from "./createCorePulumiApp.js";
+export * from "./CoreAuditLogsDynamo.js";
+
+//# sourceMappingURL=index.js.map

package/pulumi/apps/core/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":[],"sources":["index.ts"],"sourcesContent":["export * from \"./CoreCognito.js\";\nexport * from \"./CoreDynamo.js\";\nexport * from \"./CoreEventBus.js\";\nexport * from \"./CoreFileManager.js\";\nexport * from \"./CoreVpc.js\";\nexport * from \"./cognitoIdentityProviders/index.js\";\nexport * from \"./createCorePulumiApp.js\";\nexport * from \"./CoreAuditLogsDynamo.js\";\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","ignoreList":[]}

package/pulumi/apps/core/webinyWatchCommand/handler.d.ts

@@ -0,0 +1,28 @@
+export function handler(event: any): Promise<{
+    isAuthenticated: boolean;
+    principalId?: undefined;
+    policyDocuments?: undefined;
+    disconnectAfterInSeconds?: undefined;
+    refreshAfterInSeconds?: undefined;
+} | {
+    isAuthenticated: boolean;
+    principalId: string;
+    policyDocuments: {
+        Version: string;
+        Statement: ({
+            Effect: string;
+            Action: string;
+            Resource: string;
+        } | {
+            Effect: string;
+            Action: string;
+            Resource: string[];
+        } | {
+            Effect: string;
+            Action: string[];
+            Resource: string[];
+        })[];
+    }[];
+    disconnectAfterInSeconds: number;
+    refreshAfterInSeconds: number;
+}>;

package/pulumi/apps/core/webinyWatchCommand/handler.js

@@ -0,0 +1,37 @@
+exports.handler = async event => {
+  const urlParams = new URLSearchParams(event.protocolData.http.queryString);
+  const WEBINY_WATCH_COMMAND_TOPIC = process.env.WEBINY_WATCH_COMMAND_TOPIC;
+  if (urlParams.get("x-webiny-watch-command-topic") !== WEBINY_WATCH_COMMAND_TOPIC) {
+    return {
+      isAuthenticated: false
+    };
+  }
+  return {
+    isAuthenticated: true,
+    principalId: "Unauthenticated",
+    policyDocuments: [{
+      Version: "2012-10-17",
+      Statement: [{
+        Effect: "Allow",
+        Action: "iot:Connect",
+        Resource: "arn:aws:iot:*:*:client/*"
+      }, {
+        Effect: "Allow",
+        Action: "iot:Subscribe",
+        Resource: [`arn:aws:iot:*:*:topicfilter/${WEBINY_WATCH_COMMAND_TOPIC}`]
+      }, {
+        Effect: "Allow",
+        Action: "iot:Publish",
+        Resource: [`arn:aws:iot:*:*:topic/${WEBINY_WATCH_COMMAND_TOPIC}`]
+      }, {
+        Effect: "Allow",
+        Action: ["iot:Receive"],
+        Resource: [`arn:aws:iot:*:*:topic/${WEBINY_WATCH_COMMAND_TOPIC}`]
+      }]
+    }],
+    disconnectAfterInSeconds: 3600,
+    refreshAfterInSeconds: 300
+  };
+};
+
+//# sourceMappingURL=handler.js.map

package/pulumi/apps/core/webinyWatchCommand/handler.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["exports","handler","event","urlParams","URLSearchParams","protocolData","http","queryString","WEBINY_WATCH_COMMAND_TOPIC","process","env","get","isAuthenticated","principalId","policyDocuments","Version","Statement","Effect","Action","Resource","disconnectAfterInSeconds","refreshAfterInSeconds"],"sources":["handler.js"],"sourcesContent":["exports.handler = async event => {\n    const urlParams = new URLSearchParams(event.protocolData.http.queryString);\n\n    const WEBINY_WATCH_COMMAND_TOPIC = process.env.WEBINY_WATCH_COMMAND_TOPIC;\n    if (urlParams.get(\"x-webiny-watch-command-topic\") !== WEBINY_WATCH_COMMAND_TOPIC) {\n        return {\n            isAuthenticated: false\n        };\n    }\n\n    return {\n        isAuthenticated: true,\n        principalId: \"Unauthenticated\",\n        policyDocuments: [\n            {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Effect: \"Allow\",\n                        Action: \"iot:Connect\",\n                        Resource: \"arn:aws:iot:*:*:client/*\"\n                    },\n                    {\n                        Effect: \"Allow\",\n                        Action: \"iot:Subscribe\",\n                        Resource: [`arn:aws:iot:*:*:topicfilter/${WEBINY_WATCH_COMMAND_TOPIC}`]\n                    },\n                    {\n                        Effect: \"Allow\",\n                        Action: \"iot:Publish\",\n                        Resource: [`arn:aws:iot:*:*:topic/${WEBINY_WATCH_COMMAND_TOPIC}`]\n                    },\n                    {\n                        Effect: \"Allow\",\n                        Action: [\"iot:Receive\"],\n                        Resource: [`arn:aws:iot:*:*:topic/${WEBINY_WATCH_COMMAND_TOPIC}`]\n                    }\n                ]\n            }\n        ],\n        disconnectAfterInSeconds: 3600,\n        refreshAfterInSeconds: 300\n    };\n};\n"],"mappings":"AAAAA,OAAO,CAACC,OAAO,GAAG,MAAMC,KAAK,IAAI;EAC7B,MAAMC,SAAS,GAAG,IAAIC,eAAe,CAACF,KAAK,CAACG,YAAY,CAACC,IAAI,CAACC,WAAW,CAAC;EAE1E,MAAMC,0BAA0B,GAAGC,OAAO,CAACC,GAAG,CAACF,0BAA0B;EACzE,IAAIL,SAAS,CAACQ,GAAG,CAAC,8BAA8B,CAAC,KAAKH,0BAA0B,EAAE;IAC9E,OAAO;MACHI,eAAe,EAAE;IACrB,CAAC;EACL;EAEA,OAAO;IACHA,eAAe,EAAE,IAAI;IACrBC,WAAW,EAAE,iBAAiB;IAC9BC,eAAe,EAAE,CACb;MACIC,OAAO,EAAE,YAAY;MACrBC,SAAS,EAAE,CACP;QACIC,MAAM,EAAE,OAAO;QACfC,MAAM,EAAE,aAAa;QACrBC,QAAQ,EAAE;MACd,CAAC,EACD;QACIF,MAAM,EAAE,OAAO;QACfC,MAAM,EAAE,eAAe;QACvBC,QAAQ,EAAE,CAAC,+BAA+BX,0BAA0B,EAAE;MAC1E,CAAC,EACD;QACIS,MAAM,EAAE,OAAO;QACfC,MAAM,EAAE,aAAa;QACrBC,QAAQ,EAAE,CAAC,yBAAyBX,0BAA0B,EAAE;MACpE,CAAC,EACD;QACIS,MAAM,EAAE,OAAO;QACfC,MAAM,EAAE,CAAC,aAAa,CAAC;QACvBC,QAAQ,EAAE,CAAC,yBAAyBX,0BAA0B,EAAE;MACpE,CAAC;IAET,CAAC,CACJ;IACDY,wBAAwB,EAAE,IAAI;IAC9BC,qBAAqB,EAAE;EAC3B,CAAC;AACL,CAAC","ignoreList":[]}

package/pulumi/apps/createAppBucket.d.ts

@@ -0,0 +1,13 @@
+import * as aws from "@pulumi/aws";
+import { type PulumiApp } from "@webiny/pulumi";
+export declare function createPublicAppBucket(app: PulumiApp, name: string): {
+    bucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
+    origin: aws.types.input.cloudfront.DistributionOrigin;
+};
+export declare function createPrivateAppBucket(app: PulumiApp, name: string): {
+    bucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
+    originIdentity: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/originAccessIdentity").OriginAccessIdentity>;
+    origin: aws.types.input.cloudfront.DistributionOrigin;
+    bucketPublicAccessBlock: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPublicAccessBlock").BucketPublicAccessBlock>;
+    bucketPolicy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPolicy").BucketPolicy>;
+};

package/pulumi/apps/createAppBucket.js

@@ -0,0 +1,112 @@
+import * as aws from "@pulumi/aws";
+import { ApiOutput } from "./api/index.js";
+import { getEnvVariableAwsRegion } from "../env/awsRegion.js";
+export function createPublicAppBucket(app, name) {
+  const bucket = app.addResource(aws.s3.Bucket, {
+    name: name,
+    config: {
+      acl: aws.s3.CannedAcl.PublicRead,
+      forceDestroy: true,
+      website: {
+        indexDocument: "index.html",
+        errorDocument: "_NOT_FOUND_PAGE_/index.html"
+      }
+    }
+  });
+  const origin = {
+    originId: bucket.output.arn,
+    domainName: bucket.output.websiteEndpoint,
+    customOriginConfig: {
+      originProtocolPolicy: "http-only",
+      httpPort: 80,
+      httpsPort: 443,
+      originSslProtocols: ["TLSv1.2"]
+    }
+  };
+  return {
+    bucket,
+    origin
+  };
+}
+
+// Forces S3 buckets to be available only through a cloudfront distribution.
+// Requires `ApiOutput` module to be loaded.
+export function createPrivateAppBucket(app, name) {
+  const api = app.getModule(ApiOutput);
+  const bucket = app.addResource(aws.s3.Bucket, {
+    name: name,
+    config: {
+      acl: aws.s3.CannedAcl.Private,
+      forceDestroy: true
+    }
+  });
+
+  // Origin Identity is a kind of AWS user that represents Cloudfront distribution
+  // We can add IAM policies to it later, to allow accessing private S3 bucket
+  const originIdentity = app.addResource(aws.cloudfront.OriginAccessIdentity, {
+    name: `${name}-origin-identity`,
+    config: {}
+  });
+  const origin = {
+    originId: bucket.output.arn,
+    domainName: bucket.output.bucket.apply(
+    // We need to create a regional domain name. Otherwise, we'll run into the following issue:
+    // https://aws.amazon.com/premiumsupport/knowledge-center/s3-http-307-response/
+    name => `${name}.s3.${getEnvVariableAwsRegion()}.amazonaws.com`),
+    s3OriginConfig: {
+      originAccessIdentity: originIdentity.output.cloudfrontAccessIdentityPath
+    }
+  };
+
+  // block any public access
+  const bucketPublicAccessBlock = app.addResource(aws.s3.BucketPublicAccessBlock, {
+    name: `${name}-bucket-block-access`,
+    config: {
+      bucket: bucket.output.id,
+      blockPublicAcls: true,
+      blockPublicPolicy: true,
+      ignorePublicAcls: true,
+      restrictPublicBuckets: true
+    }
+  });
+
+  // Create an IAM policy to allow access to S3 bucket from cloudfront
+  const bucketPolicy = app.addResource(aws.s3.BucketPolicy, {
+    name: `${name}-bucket-policy`,
+    config: {
+      bucket: bucket.output.bucket,
+      policy: {
+        Version: "2012-10-17",
+        Statement: bucket.output.arn.apply(arn => {
+          const statements = [{
+            Effect: "Allow",
+            Principal: {
+              AWS: originIdentity.output.iamArn
+            },
+            // we need GetObject to retrieve objects from S3
+            // and ListBucket allows to properly handle non-existing files (404)
+            Action: ["s3:ListBucket", "s3:GetObject"],
+            Resource: [`${arn}`, `${arn}/*`]
+          }, {
+            Effect: "Allow",
+            Principal: {
+              AWS: api.graphqlLambdaRole
+            },
+            Action: ["s3:GetObjectAcl", "s3:DeleteObject", "s3:PutObjectAcl", "s3:PutObject", "s3:GetObject", "s3:ListBucket"],
+            Resource: [`${arn}`, `${arn}/*`]
+          }];
+          return statements;
+        })
+      }
+    }
+  });
+  return {
+    bucket,
+    originIdentity,
+    origin,
+    bucketPublicAccessBlock,
+    bucketPolicy
+  };
+}
+
+//# sourceMappingURL=createAppBucket.js.map

package/pulumi/apps/createAppBucket.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["aws","ApiOutput","getEnvVariableAwsRegion","createPublicAppBucket","app","name","bucket","addResource","s3","Bucket","config","acl","CannedAcl","PublicRead","forceDestroy","website","indexDocument","errorDocument","origin","originId","output","arn","domainName","websiteEndpoint","customOriginConfig","originProtocolPolicy","httpPort","httpsPort","originSslProtocols","createPrivateAppBucket","api","getModule","Private","originIdentity","cloudfront","OriginAccessIdentity","apply","s3OriginConfig","originAccessIdentity","cloudfrontAccessIdentityPath","bucketPublicAccessBlock","BucketPublicAccessBlock","id","blockPublicAcls","blockPublicPolicy","ignorePublicAcls","restrictPublicBuckets","bucketPolicy","BucketPolicy","policy","Version","Statement","statements","Effect","Principal","AWS","iamArn","Action","Resource","graphqlLambdaRole"],"sources":["createAppBucket.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { type PulumiApp } from \"@webiny/pulumi\";\nimport { ApiOutput } from \"~/pulumi/apps/api/index.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n\nexport function createPublicAppBucket(app: PulumiApp, name: string) {\n    const bucket = app.addResource(aws.s3.Bucket, {\n        name: name,\n        config: {\n            acl: aws.s3.CannedAcl.PublicRead,\n            forceDestroy: true,\n            website: {\n                indexDocument: \"index.html\",\n                errorDocument: \"_NOT_FOUND_PAGE_/index.html\"\n            }\n        }\n    });\n\n    const origin: aws.types.input.cloudfront.DistributionOrigin = {\n        originId: bucket.output.arn,\n        domainName: bucket.output.websiteEndpoint,\n        customOriginConfig: {\n            originProtocolPolicy: \"http-only\",\n            httpPort: 80,\n            httpsPort: 443,\n            originSslProtocols: [\"TLSv1.2\"]\n        }\n    };\n\n    return {\n        bucket,\n        origin\n    };\n}\n\n// Forces S3 buckets to be available only through a cloudfront distribution.\n// Requires `ApiOutput` module to be loaded.\nexport function createPrivateAppBucket(app: PulumiApp, name: string) {\n    const api = app.getModule(ApiOutput);\n\n    const bucket = app.addResource(aws.s3.Bucket, {\n        name: name,\n        config: {\n            acl: aws.s3.CannedAcl.Private,\n            forceDestroy: true\n        }\n    });\n\n    // Origin Identity is a kind of AWS user that represents Cloudfront distribution\n    // We can add IAM policies to it later, to allow accessing private S3 bucket\n    const originIdentity = app.addResource(aws.cloudfront.OriginAccessIdentity, {\n        name: `${name}-origin-identity`,\n        config: {}\n    });\n\n    const origin: aws.types.input.cloudfront.DistributionOrigin = {\n        originId: bucket.output.arn,\n        domainName: bucket.output.bucket.apply(\n            // We need to create a regional domain name. Otherwise, we'll run into the following issue:\n            // https://aws.amazon.com/premiumsupport/knowledge-center/s3-http-307-response/\n            name => `${name}.s3.${getEnvVariableAwsRegion()}.amazonaws.com`\n        ),\n        s3OriginConfig: {\n            originAccessIdentity: originIdentity.output.cloudfrontAccessIdentityPath\n        }\n    };\n\n    // block any public access\n    const bucketPublicAccessBlock = app.addResource(aws.s3.BucketPublicAccessBlock, {\n        name: `${name}-bucket-block-access`,\n        config: {\n            bucket: bucket.output.id,\n            blockPublicAcls: true,\n            blockPublicPolicy: true,\n            ignorePublicAcls: true,\n            restrictPublicBuckets: true\n        }\n    });\n\n    // Create an IAM policy to allow access to S3 bucket from cloudfront\n    const bucketPolicy = app.addResource(aws.s3.BucketPolicy, {\n        name: `${name}-bucket-policy`,\n        config: {\n            bucket: bucket.output.bucket,\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: bucket.output.arn.apply(arn => {\n                    const statements: aws.iam.PolicyStatement[] = [\n                        {\n                            Effect: \"Allow\",\n                            Principal: { AWS: originIdentity.output.iamArn },\n                            // we need GetObject to retrieve objects from S3\n                            // and ListBucket allows to properly handle non-existing files (404)\n                            Action: [\"s3:ListBucket\", \"s3:GetObject\"],\n                            Resource: [`${arn}`, `${arn}/*`]\n                        },\n                        {\n                            Effect: \"Allow\",\n                            Principal: {\n                                AWS: api.graphqlLambdaRole\n                            },\n                            Action: [\n                                \"s3:GetObjectAcl\",\n                                \"s3:DeleteObject\",\n                                \"s3:PutObjectAcl\",\n                                \"s3:PutObject\",\n                                \"s3:GetObject\",\n                                \"s3:ListBucket\"\n                            ],\n                            Resource: [`${arn}`, `${arn}/*`]\n                        }\n                    ];\n\n                    return statements;\n                })\n            }\n        }\n    });\n\n    return {\n        bucket,\n        originIdentity,\n        origin,\n        bucketPublicAccessBlock,\n        bucketPolicy\n    };\n}\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAElC,SAASC,SAAS;AAClB,SAASC,uBAAuB;AAEhC,OAAO,SAASC,qBAAqBA,CAACC,GAAc,EAAEC,IAAY,EAAE;EAChE,MAAMC,MAAM,GAAGF,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACC,MAAM,EAAE;IAC1CJ,IAAI,EAAEA,IAAI;IACVK,MAAM,EAAE;MACJC,GAAG,EAAEX,GAAG,CAACQ,EAAE,CAACI,SAAS,CAACC,UAAU;MAChCC,YAAY,EAAE,IAAI;MAClBC,OAAO,EAAE;QACLC,aAAa,EAAE,YAAY;QAC3BC,aAAa,EAAE;MACnB;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMC,MAAqD,GAAG;IAC1DC,QAAQ,EAAEb,MAAM,CAACc,MAAM,CAACC,GAAG;IAC3BC,UAAU,EAAEhB,MAAM,CAACc,MAAM,CAACG,eAAe;IACzCC,kBAAkB,EAAE;MAChBC,oBAAoB,EAAE,WAAW;MACjCC,QAAQ,EAAE,EAAE;MACZC,SAAS,EAAE,GAAG;MACdC,kBAAkB,EAAE,CAAC,SAAS;IAClC;EACJ,CAAC;EAED,OAAO;IACHtB,MAAM;IACNY;EACJ,CAAC;AACL;;AAEA;AACA;AACA,OAAO,SAASW,sBAAsBA,CAACzB,GAAc,EAAEC,IAAY,EAAE;EACjE,MAAMyB,GAAG,GAAG1B,GAAG,CAAC2B,SAAS,CAAC9B,SAAS,CAAC;EAEpC,MAAMK,MAAM,GAAGF,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACC,MAAM,EAAE;IAC1CJ,IAAI,EAAEA,IAAI;IACVK,MAAM,EAAE;MACJC,GAAG,EAAEX,GAAG,CAACQ,EAAE,CAACI,SAAS,CAACoB,OAAO;MAC7BlB,YAAY,EAAE;IAClB;EACJ,CAAC,CAAC;;EAEF;EACA;EACA,MAAMmB,cAAc,GAAG7B,GAAG,CAACG,WAAW,CAACP,GAAG,CAACkC,UAAU,CAACC,oBAAoB,EAAE;IACxE9B,IAAI,EAAE,GAAGA,IAAI,kBAAkB;IAC/BK,MAAM,EAAE,CAAC;EACb,CAAC,CAAC;EAEF,MAAMQ,MAAqD,GAAG;IAC1DC,QAAQ,EAAEb,MAAM,CAACc,MAAM,CAACC,GAAG;IAC3BC,UAAU,EAAEhB,MAAM,CAACc,MAAM,CAACd,MAAM,CAAC8B,KAAK;IAClC;IACA;IACA/B,IAAI,IAAI,GAAGA,IAAI,OAAOH,uBAAuB,CAAC,CAAC,gBACnD,CAAC;IACDmC,cAAc,EAAE;MACZC,oBAAoB,EAAEL,cAAc,CAACb,MAAM,CAACmB;IAChD;EACJ,CAAC;;EAED;EACA,MAAMC,uBAAuB,GAAGpC,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACiC,uBAAuB,EAAE;IAC5EpC,IAAI,EAAE,GAAGA,IAAI,sBAAsB;IACnCK,MAAM,EAAE;MACJJ,MAAM,EAAEA,MAAM,CAACc,MAAM,CAACsB,EAAE;MACxBC,eAAe,EAAE,IAAI;MACrBC,iBAAiB,EAAE,IAAI;MACvBC,gBAAgB,EAAE,IAAI;MACtBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC,CAAC;;EAEF;EACA,MAAMC,YAAY,GAAG3C,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACwC,YAAY,EAAE;IACtD3C,IAAI,EAAE,GAAGA,IAAI,gBAAgB;IAC7BK,MAAM,EAAE;MACJJ,MAAM,EAAEA,MAAM,CAACc,MAAM,CAACd,MAAM;MAC5B2C,MAAM,EAAE;QACJC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE7C,MAAM,CAACc,MAAM,CAACC,GAAG,CAACe,KAAK,CAACf,GAAG,IAAI;UACtC,MAAM+B,UAAqC,GAAG,CAC1C;YACIC,MAAM,EAAE,OAAO;YACfC,SAAS,EAAE;cAAEC,GAAG,EAAEtB,cAAc,CAACb,MAAM,CAACoC;YAAO,CAAC;YAChD;YACA;YACAC,MAAM,EAAE,CAAC,eAAe,EAAE,cAAc,CAAC;YACzCC,QAAQ,EAAE,CAAC,GAAGrC,GAAG,EAAE,EAAE,GAAGA,GAAG,IAAI;UACnC,CAAC,EACD;YACIgC,MAAM,EAAE,OAAO;YACfC,SAAS,EAAE;cACPC,GAAG,EAAEzB,GAAG,CAAC6B;YACb,CAAC;YACDF,MAAM,EAAE,CACJ,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,eAAe,CAClB;YACDC,QAAQ,EAAE,CAAC,GAAGrC,GAAG,EAAE,EAAE,GAAGA,GAAG,IAAI;UACnC,CAAC,CACJ;UAED,OAAO+B,UAAU;QACrB,CAAC;MACL;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACH9C,MAAM;IACN2B,cAAc;IACdf,MAAM;IACNsB,uBAAuB;IACvBO;EACJ,CAAC;AACL","ignoreList":[]}

package/pulumi/apps/customDomain.d.ts

@@ -0,0 +1,9 @@
+import { type Input } from "@pulumi/pulumi";
+import type * as aws from "@pulumi/aws";
+import { type PulumiAppResource } from "@webiny/pulumi";
+export interface CustomDomainParams {
+    domains: Input<string[]>;
+    acmCertificateArn: Input<string>;
+    sslSupportMethod?: Input<string>;
+}
+export declare function applyCustomDomain(cloudfront: PulumiAppResource<typeof aws.cloudfront.Distribution>, params: CustomDomainParams): void;

package/pulumi/apps/customDomain.js

@@ -0,0 +1,9 @@
+export function applyCustomDomain(cloudfront, params) {
+  cloudfront.config.aliases(params.domains);
+  cloudfront.config.viewerCertificate({
+    acmCertificateArn: params.acmCertificateArn,
+    sslSupportMethod: params.sslSupportMethod ?? "sni-only"
+  });
+}
+
+//# sourceMappingURL=customDomain.js.map

package/pulumi/apps/customDomain.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["applyCustomDomain","cloudfront","params","config","aliases","domains","viewerCertificate","acmCertificateArn","sslSupportMethod"],"sources":["customDomain.ts"],"sourcesContent":["import { type Input } from \"@pulumi/pulumi\";\nimport type * as aws from \"@pulumi/aws\";\nimport { type PulumiAppResource } from \"@webiny/pulumi\";\n\nexport interface CustomDomainParams {\n    domains: Input<string[]>;\n    acmCertificateArn: Input<string>;\n    sslSupportMethod?: Input<string>;\n}\n\nexport function applyCustomDomain(\n    cloudfront: PulumiAppResource<typeof aws.cloudfront.Distribution>,\n    params: CustomDomainParams\n) {\n    cloudfront.config.aliases(params.domains);\n\n    cloudfront.config.viewerCertificate({\n        acmCertificateArn: params.acmCertificateArn,\n        sslSupportMethod: params.sslSupportMethod ?? \"sni-only\"\n    });\n}\n"],"mappings":"AAUA,OAAO,SAASA,iBAAiBA,CAC7BC,UAAiE,EACjEC,MAA0B,EAC5B;EACED,UAAU,CAACE,MAAM,CAACC,OAAO,CAACF,MAAM,CAACG,OAAO,CAAC;EAEzCJ,UAAU,CAACE,MAAM,CAACG,iBAAiB,CAAC;IAChCC,iBAAiB,EAAEL,MAAM,CAACK,iBAAiB;IAC3CC,gBAAgB,EAAEN,MAAM,CAACM,gBAAgB,IAAI;EACjD,CAAC,CAAC;AACN","ignoreList":[]}

package/pulumi/apps/extensions/getAwsTagsFromExtension.d.ts

@@ -0,0 +1,2 @@
+import { type IProjectConfigModel } from "@webiny/project/abstractions/models/index.js";
+export declare const getAwsTagsFromExtension: (projectConfig: IProjectConfigModel) => Record<string, string>;

package/pulumi/apps/extensions/getAwsTagsFromExtension.js

@@ -0,0 +1,10 @@
+import { AwsTags as awsTagsExt } from "../../extensions/AwsTags.js";
+export const getAwsTagsFromExtension = projectConfig => {
+  const awsTags = {};
+  projectConfig.extensionsByType(awsTagsExt).forEach(ext => {
+    Object.assign(awsTags, ext.params.tags);
+  });
+  return awsTags;
+};
+
+//# sourceMappingURL=getAwsTagsFromExtension.js.map