@webiny/project-aws 0.0.0-unstable.61c048f412

package/pulumi/apps/syncSystem/api/attachCognitoPermissions.d.ts

@@ -0,0 +1,14 @@
+import type { PulumiApp } from "@webiny/pulumi";
+import type { WithServiceManifest } from "../../../../pulumi/utils/withServiceManifest.js";
+import type { IGetSyncSystemOutputResult } from "../../../../pulumi/apps/syncSystem/types.js";
+import type { CoreOutput } from "../../../../apps/index.js";
+export interface IAttachCognitoPermissionsParams {
+    app: PulumiApp & WithServiceManifest;
+    syncSystem: IGetSyncSystemOutputResult;
+    core: CoreOutput;
+}
+export declare const attachCognitoPermissions: (params: IAttachCognitoPermissionsParams) => {
+    cognitoPolicy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/policy").Policy>;
+    workerLambdaS3PolicyAttachment: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/rolePolicyAttachment").RolePolicyAttachment>;
+    resolverLambdaS3PolicyAttachment: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/rolePolicyAttachment").RolePolicyAttachment>;
+} | null;

package/pulumi/apps/syncSystem/api/attachCognitoPermissions.js

@@ -0,0 +1,59 @@
+import * as aws from "@pulumi/aws";
+import { createSyncResourceName } from "../createSyncResourceName.js";
+export const attachCognitoPermissions = params => {
+  const {
+    app,
+    syncSystem,
+    core
+  } = params;
+  /**
+   * TODO there must be a way to skip this if Cognito is not used in the Webiny deployment.
+   */
+  if (!core.cognitoUserPoolArn) {
+    return null;
+  }
+  const {
+    resolverLambdaRoleName,
+    workerLambdaRoleName
+  } = syncSystem;
+  const resolverLambdaToS3ResourceName = createSyncResourceName(`resolver-lambda-to-cognito`);
+  const workerLambdaToS3ResourceName = createSyncResourceName(`worker-lambda-to-cognito`);
+  const cognitoPolicy = app.addResource(aws.iam.Policy, {
+    name: `${resolverLambdaToS3ResourceName}-policy`,
+    config: {
+      description: "This policy enables access from Sync System Resolver and Worker Lambda to Webiny Cognito.",
+      policy: {
+        Version: "2012-10-17",
+        Statement: [{
+          Sid: "PermissionForSyncLambdaToCognito",
+          Effect: "Allow",
+          Action: ["cognito-idp:*"],
+          Resource: core.cognitoUserPoolArn.apply(arn => {
+            return [arn, `${arn}/*`];
+          })
+        }]
+      }
+    }
+  });
+  const resolverLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {
+    name: `${resolverLambdaToS3ResourceName}-policy-attachment`,
+    config: {
+      role: resolverLambdaRoleName,
+      policyArn: cognitoPolicy.output.arn
+    }
+  });
+  const workerLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {
+    name: `${workerLambdaToS3ResourceName}-policy-attachment`,
+    config: {
+      role: workerLambdaRoleName,
+      policyArn: cognitoPolicy.output.arn
+    }
+  });
+  return {
+    cognitoPolicy,
+    workerLambdaS3PolicyAttachment,
+    resolverLambdaS3PolicyAttachment
+  };
+};
+
+//# sourceMappingURL=attachCognitoPermissions.js.map

package/pulumi/apps/syncSystem/api/attachCognitoPermissions.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["aws","createSyncResourceName","attachCognitoPermissions","params","app","syncSystem","core","cognitoUserPoolArn","resolverLambdaRoleName","workerLambdaRoleName","resolverLambdaToS3ResourceName","workerLambdaToS3ResourceName","cognitoPolicy","addResource","iam","Policy","name","config","description","policy","Version","Statement","Sid","Effect","Action","Resource","apply","arn","resolverLambdaS3PolicyAttachment","RolePolicyAttachment","role","policyArn","output","workerLambdaS3PolicyAttachment"],"sources":["attachCognitoPermissions.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport type { PulumiApp } from \"@webiny/pulumi\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport type { IGetSyncSystemOutputResult } from \"~/pulumi/apps/syncSystem/types.js\";\nimport type { CoreOutput } from \"~/apps/index.js\";\nimport { createSyncResourceName } from \"~/pulumi/apps/syncSystem/createSyncResourceName.js\";\n\nexport interface IAttachCognitoPermissionsParams {\n    app: PulumiApp & WithServiceManifest;\n    syncSystem: IGetSyncSystemOutputResult;\n    core: CoreOutput;\n}\n\nexport const attachCognitoPermissions = (params: IAttachCognitoPermissionsParams) => {\n    const { app, syncSystem, core } = params;\n    /**\n     * TODO there must be a way to skip this if Cognito is not used in the Webiny deployment.\n     */\n    if (!core.cognitoUserPoolArn) {\n        return null;\n    }\n\n    const { resolverLambdaRoleName, workerLambdaRoleName } = syncSystem;\n\n    const resolverLambdaToS3ResourceName = createSyncResourceName(`resolver-lambda-to-cognito`);\n    const workerLambdaToS3ResourceName = createSyncResourceName(`worker-lambda-to-cognito`);\n\n    const cognitoPolicy = app.addResource(aws.iam.Policy, {\n        name: `${resolverLambdaToS3ResourceName}-policy`,\n        config: {\n            description:\n                \"This policy enables access from Sync System Resolver and Worker Lambda to Webiny Cognito.\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForSyncLambdaToCognito\",\n                        Effect: \"Allow\",\n                        Action: [\"cognito-idp:*\"],\n                        Resource: core.cognitoUserPoolArn.apply(arn => {\n                            return [arn, `${arn}/*`];\n                        })\n                    }\n                ]\n            }\n        }\n    });\n\n    const resolverLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${resolverLambdaToS3ResourceName}-policy-attachment`,\n        config: {\n            role: resolverLambdaRoleName,\n            policyArn: cognitoPolicy.output.arn\n        }\n    });\n\n    const workerLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${workerLambdaToS3ResourceName}-policy-attachment`,\n        config: {\n            role: workerLambdaRoleName,\n            policyArn: cognitoPolicy.output.arn\n        }\n    });\n\n    return {\n        cognitoPolicy,\n        workerLambdaS3PolicyAttachment,\n        resolverLambdaS3PolicyAttachment\n    };\n};\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAKlC,SAASC,sBAAsB;AAQ/B,OAAO,MAAMC,wBAAwB,GAAIC,MAAuC,IAAK;EACjF,MAAM;IAAEC,GAAG;IAAEC,UAAU;IAAEC;EAAK,CAAC,GAAGH,MAAM;EACxC;AACJ;AACA;EACI,IAAI,CAACG,IAAI,CAACC,kBAAkB,EAAE;IAC1B,OAAO,IAAI;EACf;EAEA,MAAM;IAAEC,sBAAsB;IAAEC;EAAqB,CAAC,GAAGJ,UAAU;EAEnE,MAAMK,8BAA8B,GAAGT,sBAAsB,CAAC,4BAA4B,CAAC;EAC3F,MAAMU,4BAA4B,GAAGV,sBAAsB,CAAC,0BAA0B,CAAC;EAEvF,MAAMW,aAAa,GAAGR,GAAG,CAACS,WAAW,CAACb,GAAG,CAACc,GAAG,CAACC,MAAM,EAAE;IAClDC,IAAI,EAAE,GAAGN,8BAA8B,SAAS;IAChDO,MAAM,EAAE;MACJC,WAAW,EACP,2FAA2F;MAC/FC,MAAM,EAAE;QACJC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,kCAAkC;UACvCC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,eAAe,CAAC;UACzBC,QAAQ,EAAEnB,IAAI,CAACC,kBAAkB,CAACmB,KAAK,CAACC,GAAG,IAAI;YAC3C,OAAO,CAACA,GAAG,EAAE,GAAGA,GAAG,IAAI,CAAC;UAC5B,CAAC;QACL,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMC,gCAAgC,GAAGxB,GAAG,CAACS,WAAW,CAACb,GAAG,CAACc,GAAG,CAACe,oBAAoB,EAAE;IACnFb,IAAI,EAAE,GAAGN,8BAA8B,oBAAoB;IAC3DO,MAAM,EAAE;MACJa,IAAI,EAAEtB,sBAAsB;MAC5BuB,SAAS,EAAEnB,aAAa,CAACoB,MAAM,CAACL;IACpC;EACJ,CAAC,CAAC;EAEF,MAAMM,8BAA8B,GAAG7B,GAAG,CAACS,WAAW,CAACb,GAAG,CAACc,GAAG,CAACe,oBAAoB,EAAE;IACjFb,IAAI,EAAE,GAAGL,4BAA4B,oBAAoB;IACzDM,MAAM,EAAE;MACJa,IAAI,EAAErB,oBAAoB;MAC1BsB,SAAS,EAAEnB,aAAa,CAACoB,MAAM,CAACL;IACpC;EACJ,CAAC,CAAC;EAEF,OAAO;IACHf,aAAa;IACbqB,8BAA8B;IAC9BL;EACJ,CAAC;AACL,CAAC","ignoreList":[]}

package/pulumi/apps/syncSystem/api/attachDynamoDbPermissions.d.ts

@@ -0,0 +1,13 @@
+import type { PulumiApp } from "@webiny/pulumi";
+import type { IGetSyncSystemOutputResult } from "../../../../pulumi/apps/syncSystem/types.js";
+import type { CoreOutput } from "../../../../pulumi/apps/common/CoreOutput.js";
+import type { WithServiceManifest } from "../../../../pulumi/utils/withServiceManifest.js";
+export interface IAttachDynamoDbPermissionsParams {
+    app: PulumiApp & WithServiceManifest;
+    syncSystem: IGetSyncSystemOutputResult;
+    core: CoreOutput;
+}
+export declare const attachDynamoDbPermissions: (params: IAttachDynamoDbPermissionsParams) => {
+    dynamoDbPolicy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/policy").Policy>;
+    lambdaRolePolicyAttachment: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/rolePolicyAttachment").RolePolicyAttachment>;
+};

package/pulumi/apps/syncSystem/api/attachDynamoDbPermissions.js

@@ -0,0 +1,44 @@
+/**
+ * We need to attach Sync System Lambda policy to access DynamoDB in the Webiny system.
+ */
+import * as aws from "@pulumi/aws";
+import { createSyncResourceName } from "../createSyncResourceName.js";
+export const attachDynamoDbPermissions = params => {
+  const {
+    app,
+    syncSystem,
+    core
+  } = params;
+  const {
+    resolverLambdaRoleName
+  } = syncSystem;
+  const lambdaToDynamoDbResourceName = createSyncResourceName(`resolver-lambda-to-dynamodb`);
+  const dynamoDbPolicy = app.addResource(aws.iam.Policy, {
+    name: `${lambdaToDynamoDbResourceName}-policy`,
+    config: {
+      description: "This policy enables access from Sync System Lambda to Webiny DynamoDB.",
+      policy: {
+        Version: "2012-10-17",
+        Statement: [{
+          Sid: "PermissionForSyncLambdaToDynamoDb",
+          Effect: "Allow",
+          Action: ["dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:ConditionCheckItem", "dynamodb:CreateBackup", "dynamodb:CreateTable", "dynamodb:CreateTableReplica", "dynamodb:DeleteBackup", "dynamodb:DeleteItem", "dynamodb:DeleteTable", "dynamodb:DeleteTableReplica", "dynamodb:DescribeBackup", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeContributorInsights", "dynamodb:DescribeExport", "dynamodb:DescribeKinesisStreamingDestination", "dynamodb:DescribeLimits", "dynamodb:DescribeReservedCapacity", "dynamodb:DescribeReservedCapacityOfferings", "dynamodb:DescribeStream", "dynamodb:DescribeTable", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "dynamodb:DisableKinesisStreamingDestination", "dynamodb:EnableKinesisStreamingDestination", "dynamodb:ExportTableToPointInTime", "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListBackups", "dynamodb:ListContributorInsights", "dynamodb:ListExports", "dynamodb:ListStreams", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLSelect", "dynamodb:PartiQLUpdate", "dynamodb:PurchaseReservedCapacityOfferings", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:RestoreTableFromBackup", "dynamodb:RestoreTableToPointInTime", "dynamodb:Scan", "dynamodb:UpdateContinuousBackups", "dynamodb:UpdateContributorInsights", "dynamodb:UpdateItem", "dynamodb:UpdateTable", "dynamodb:UpdateTableReplicaAutoScaling", "dynamodb:UpdateTimeToLive"],
+          Resource: [core.primaryDynamodbTableArn.apply(arn => arn), core.primaryDynamodbTableArn.apply(arn => `${arn}/*`)]
+        }]
+      }
+    }
+  });
+  const lambdaRolePolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {
+    name: `${lambdaToDynamoDbResourceName}-role-policy-attachment`,
+    config: {
+      role: resolverLambdaRoleName,
+      policyArn: dynamoDbPolicy.output.arn
+    }
+  });
+  return {
+    dynamoDbPolicy,
+    lambdaRolePolicyAttachment
+  };
+};
+
+//# sourceMappingURL=attachDynamoDbPermissions.js.map

package/pulumi/apps/syncSystem/api/attachDynamoDbPermissions.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["aws","createSyncResourceName","attachDynamoDbPermissions","params","app","syncSystem","core","resolverLambdaRoleName","lambdaToDynamoDbResourceName","dynamoDbPolicy","addResource","iam","Policy","name","config","description","policy","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","apply","arn","lambdaRolePolicyAttachment","RolePolicyAttachment","role","policyArn","output"],"sources":["attachDynamoDbPermissions.ts"],"sourcesContent":["/**\n * We need to attach Sync System Lambda policy to access DynamoDB in the Webiny system.\n */\nimport * as aws from \"@pulumi/aws\";\nimport type { PulumiApp } from \"@webiny/pulumi\";\nimport type { IGetSyncSystemOutputResult } from \"~/pulumi/apps/syncSystem/types.js\";\nimport { createSyncResourceName } from \"~/pulumi/apps/syncSystem/createSyncResourceName.js\";\nimport type { CoreOutput } from \"~/pulumi/apps/common/CoreOutput.js\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\n\nexport interface IAttachDynamoDbPermissionsParams {\n    app: PulumiApp & WithServiceManifest;\n    syncSystem: IGetSyncSystemOutputResult;\n    core: CoreOutput;\n}\n\nexport const attachDynamoDbPermissions = (params: IAttachDynamoDbPermissionsParams) => {\n    const { app, syncSystem, core } = params;\n\n    const { resolverLambdaRoleName } = syncSystem;\n\n    const lambdaToDynamoDbResourceName = createSyncResourceName(`resolver-lambda-to-dynamodb`);\n\n    const dynamoDbPolicy = app.addResource(aws.iam.Policy, {\n        name: `${lambdaToDynamoDbResourceName}-policy`,\n        config: {\n            description: \"This policy enables access from Sync System Lambda to Webiny DynamoDB.\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForSyncLambdaToDynamoDb\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"dynamodb:BatchGetItem\",\n                            \"dynamodb:BatchWriteItem\",\n                            \"dynamodb:ConditionCheckItem\",\n                            \"dynamodb:CreateBackup\",\n                            \"dynamodb:CreateTable\",\n                            \"dynamodb:CreateTableReplica\",\n                            \"dynamodb:DeleteBackup\",\n                            \"dynamodb:DeleteItem\",\n                            \"dynamodb:DeleteTable\",\n                            \"dynamodb:DeleteTableReplica\",\n                            \"dynamodb:DescribeBackup\",\n                            \"dynamodb:DescribeContinuousBackups\",\n                            \"dynamodb:DescribeContributorInsights\",\n                            \"dynamodb:DescribeExport\",\n                            \"dynamodb:DescribeKinesisStreamingDestination\",\n                            \"dynamodb:DescribeLimits\",\n                            \"dynamodb:DescribeReservedCapacity\",\n                            \"dynamodb:DescribeReservedCapacityOfferings\",\n                            \"dynamodb:DescribeStream\",\n                            \"dynamodb:DescribeTable\",\n                            \"dynamodb:DescribeTableReplicaAutoScaling\",\n                            \"dynamodb:DescribeTimeToLive\",\n                            \"dynamodb:DisableKinesisStreamingDestination\",\n                            \"dynamodb:EnableKinesisStreamingDestination\",\n                            \"dynamodb:ExportTableToPointInTime\",\n                            \"dynamodb:GetItem\",\n                            \"dynamodb:GetRecords\",\n                            \"dynamodb:GetShardIterator\",\n                            \"dynamodb:ListBackups\",\n                            \"dynamodb:ListContributorInsights\",\n                            \"dynamodb:ListExports\",\n                            \"dynamodb:ListStreams\",\n                            \"dynamodb:ListTables\",\n                            \"dynamodb:ListTagsOfResource\",\n                            \"dynamodb:PartiQLDelete\",\n                            \"dynamodb:PartiQLInsert\",\n                            \"dynamodb:PartiQLSelect\",\n                            \"dynamodb:PartiQLUpdate\",\n                            \"dynamodb:PurchaseReservedCapacityOfferings\",\n                            \"dynamodb:PutItem\",\n                            \"dynamodb:Query\",\n                            \"dynamodb:RestoreTableFromBackup\",\n                            \"dynamodb:RestoreTableToPointInTime\",\n                            \"dynamodb:Scan\",\n                            \"dynamodb:UpdateContinuousBackups\",\n                            \"dynamodb:UpdateContributorInsights\",\n                            \"dynamodb:UpdateItem\",\n                            \"dynamodb:UpdateTable\",\n                            \"dynamodb:UpdateTableReplicaAutoScaling\",\n                            \"dynamodb:UpdateTimeToLive\"\n                        ],\n                        Resource: [\n                            core.primaryDynamodbTableArn.apply(arn => arn),\n                            core.primaryDynamodbTableArn.apply(arn => `${arn}/*`)\n                        ]\n                    }\n                ]\n            }\n        }\n    });\n\n    const lambdaRolePolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${lambdaToDynamoDbResourceName}-role-policy-attachment`,\n        config: {\n            role: resolverLambdaRoleName,\n            policyArn: dynamoDbPolicy.output.arn\n        }\n    });\n\n    return {\n        dynamoDbPolicy,\n        lambdaRolePolicyAttachment\n    };\n};\n"],"mappings":"AAAA;AACA;AACA;AACA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAGlC,SAASC,sBAAsB;AAU/B,OAAO,MAAMC,yBAAyB,GAAIC,MAAwC,IAAK;EACnF,MAAM;IAAEC,GAAG;IAAEC,UAAU;IAAEC;EAAK,CAAC,GAAGH,MAAM;EAExC,MAAM;IAAEI;EAAuB,CAAC,GAAGF,UAAU;EAE7C,MAAMG,4BAA4B,GAAGP,sBAAsB,CAAC,6BAA6B,CAAC;EAE1F,MAAMQ,cAAc,GAAGL,GAAG,CAACM,WAAW,CAACV,GAAG,CAACW,GAAG,CAACC,MAAM,EAAE;IACnDC,IAAI,EAAE,GAAGL,4BAA4B,SAAS;IAC9CM,MAAM,EAAE;MACJC,WAAW,EAAE,wEAAwE;MACrFC,MAAM,EAAE;QACJC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,mCAAmC;UACxCC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,EACtB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,6BAA6B,EAC7B,yBAAyB,EACzB,oCAAoC,EACpC,sCAAsC,EACtC,yBAAyB,EACzB,8CAA8C,EAC9C,yBAAyB,EACzB,mCAAmC,EACnC,4CAA4C,EAC5C,yBAAyB,EACzB,wBAAwB,EACxB,0CAA0C,EAC1C,6BAA6B,EAC7B,6CAA6C,EAC7C,4CAA4C,EAC5C,mCAAmC,EACnC,kBAAkB,EAClB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,kCAAkC,EAClC,sBAAsB,EACtB,sBAAsB,EACtB,qBAAqB,EACrB,6BAA6B,EAC7B,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,4CAA4C,EAC5C,kBAAkB,EAClB,gBAAgB,EAChB,iCAAiC,EACjC,oCAAoC,EACpC,eAAe,EACf,kCAAkC,EAClC,oCAAoC,EACpC,qBAAqB,EACrB,sBAAsB,EACtB,wCAAwC,EACxC,2BAA2B,CAC9B;UACDC,QAAQ,EAAE,CACNhB,IAAI,CAACiB,uBAAuB,CAACC,KAAK,CAACC,GAAG,IAAIA,GAAG,CAAC,EAC9CnB,IAAI,CAACiB,uBAAuB,CAACC,KAAK,CAACC,GAAG,IAAI,GAAGA,GAAG,IAAI,CAAC;QAE7D,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMC,0BAA0B,GAAGtB,GAAG,CAACM,WAAW,CAACV,GAAG,CAACW,GAAG,CAACgB,oBAAoB,EAAE;IAC7Ed,IAAI,EAAE,GAAGL,4BAA4B,yBAAyB;IAC9DM,MAAM,EAAE;MACJc,IAAI,EAAErB,sBAAsB;MAC5BsB,SAAS,EAAEpB,cAAc,CAACqB,MAAM,CAACL;IACrC;EACJ,CAAC,CAAC;EAEF,OAAO;IACHhB,cAAc;IACdiB;EACJ,CAAC;AACL,CAAC","ignoreList":[]}

package/pulumi/apps/syncSystem/api/attachEventBusPermissions.d.ts

@@ -0,0 +1,17 @@
+import type { PulumiApp } from "@webiny/pulumi/types.js";
+import type { IGetSyncSystemOutputResult } from "../types.js";
+import type { WithServiceManifest } from "../../../../pulumi/utils/withServiceManifest.js";
+export interface IAttachEventBusPermissionsParam {
+    app: PulumiApp & WithServiceManifest;
+    syncSystem: IGetSyncSystemOutputResult;
+}
+/**
+ * We need to attach the policy to:
+ * * GraphQL Lambda Role
+ * * File Manager Manage Lambda Role
+ * TODO determine if any other are required
+ */
+export declare const attachEventBusPermissions: (params: IAttachEventBusPermissionsParam) => {
+    eventBridgePolicy: import("@webiny/pulumi/PulumiAppResource.js").PulumiAppResource<typeof import("@pulumi/aws/iam/policy.js").Policy>;
+    graphQlPolicyAttachment: import("@webiny/pulumi/PulumiAppResource.js").PulumiAppResource<typeof import("@pulumi/aws/iam/rolePolicyAttachment.js").RolePolicyAttachment>;
+};

package/pulumi/apps/syncSystem/api/attachEventBusPermissions.js

@@ -0,0 +1,48 @@
+import * as aws from "@pulumi/aws";
+import { createSyncResourceName } from "../createSyncResourceName.js";
+import { ApiGraphql } from "../../api/ApiGraphql.js";
+/**
+ * We need to attach the policy to:
+ * * GraphQL Lambda Role
+ * * File Manager Manage Lambda Role
+ * TODO determine if any other are required
+ */
+export const attachEventBusPermissions = params => {
+  const {
+    app,
+    syncSystem
+  } = params;
+  const {
+    eventBusArn
+  } = syncSystem;
+  const graphql = app.getModule(ApiGraphql);
+  const lambdaToEventBridgeResourceName = createSyncResourceName(`lambda-to-event-bridge`);
+  const eventBridgePolicy = app.addResource(aws.iam.Policy, {
+    name: `${lambdaToEventBridgeResourceName}-policy`,
+    config: {
+      description: "This policy enables access from Webiny Lambdas to Sync System EventBridge.",
+      policy: {
+        Version: "2012-10-17",
+        Statement: [{
+          Sid: "PermissionForSyncLambdaToEventBridge",
+          Effect: "Allow",
+          Action: "events:PutEvents",
+          Resource: [eventBusArn]
+        }]
+      }
+    }
+  });
+  const graphQlPolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {
+    name: `${lambdaToEventBridgeResourceName}-graphql-role-policy-attachment`,
+    config: {
+      role: graphql.role.output.name,
+      policyArn: eventBridgePolicy.output.arn
+    }
+  });
+  return {
+    eventBridgePolicy,
+    graphQlPolicyAttachment
+  };
+};
+
+//# sourceMappingURL=attachEventBusPermissions.js.map

package/pulumi/apps/syncSystem/api/attachEventBusPermissions.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["aws","createSyncResourceName","ApiGraphql","attachEventBusPermissions","params","app","syncSystem","eventBusArn","graphql","getModule","lambdaToEventBridgeResourceName","eventBridgePolicy","addResource","iam","Policy","name","config","description","policy","Version","Statement","Sid","Effect","Action","Resource","graphQlPolicyAttachment","RolePolicyAttachment","role","output","policyArn","arn"],"sources":["attachEventBusPermissions.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport type { PulumiApp } from \"@webiny/pulumi/types.js\";\nimport type { IGetSyncSystemOutputResult } from \"../types.js\";\nimport { createSyncResourceName } from \"../createSyncResourceName.js\";\nimport { ApiGraphql } from \"~/pulumi/apps/api/ApiGraphql.js\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\n\nexport interface IAttachEventBusPermissionsParam {\n    app: PulumiApp & WithServiceManifest;\n    syncSystem: IGetSyncSystemOutputResult;\n}\n\n/**\n * We need to attach the policy to:\n * * GraphQL Lambda Role\n * * File Manager Manage Lambda Role\n * TODO determine if any other are required\n */\nexport const attachEventBusPermissions = (params: IAttachEventBusPermissionsParam) => {\n    const { app, syncSystem } = params;\n\n    const { eventBusArn } = syncSystem;\n\n    const graphql = app.getModule(ApiGraphql);\n\n    const lambdaToEventBridgeResourceName = createSyncResourceName(`lambda-to-event-bridge`);\n    const eventBridgePolicy = app.addResource(aws.iam.Policy, {\n        name: `${lambdaToEventBridgeResourceName}-policy`,\n        config: {\n            description:\n                \"This policy enables access from Webiny Lambdas to Sync System EventBridge.\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForSyncLambdaToEventBridge\",\n                        Effect: \"Allow\",\n                        Action: \"events:PutEvents\",\n                        Resource: [eventBusArn]\n                    }\n                ]\n            }\n        }\n    });\n\n    const graphQlPolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${lambdaToEventBridgeResourceName}-graphql-role-policy-attachment`,\n        config: {\n            role: graphql.role.output.name,\n            policyArn: eventBridgePolicy.output.arn\n        }\n    });\n\n    return {\n        eventBridgePolicy,\n        graphQlPolicyAttachment\n    };\n};\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAGlC,SAASC,sBAAsB;AAC/B,SAASC,UAAU;AAQnB;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,yBAAyB,GAAIC,MAAuC,IAAK;EAClF,MAAM;IAAEC,GAAG;IAAEC;EAAW,CAAC,GAAGF,MAAM;EAElC,MAAM;IAAEG;EAAY,CAAC,GAAGD,UAAU;EAElC,MAAME,OAAO,GAAGH,GAAG,CAACI,SAAS,CAACP,UAAU,CAAC;EAEzC,MAAMQ,+BAA+B,GAAGT,sBAAsB,CAAC,wBAAwB,CAAC;EACxF,MAAMU,iBAAiB,GAAGN,GAAG,CAACO,WAAW,CAACZ,GAAG,CAACa,GAAG,CAACC,MAAM,EAAE;IACtDC,IAAI,EAAE,GAAGL,+BAA+B,SAAS;IACjDM,MAAM,EAAE;MACJC,WAAW,EACP,4EAA4E;MAChFC,MAAM,EAAE;QACJC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,sCAAsC;UAC3CC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,kBAAkB;UAC1BC,QAAQ,EAAE,CAACjB,WAAW;QAC1B,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMkB,uBAAuB,GAAGpB,GAAG,CAACO,WAAW,CAACZ,GAAG,CAACa,GAAG,CAACa,oBAAoB,EAAE;IAC1EX,IAAI,EAAE,GAAGL,+BAA+B,iCAAiC;IACzEM,MAAM,EAAE;MACJW,IAAI,EAAEnB,OAAO,CAACmB,IAAI,CAACC,MAAM,CAACb,IAAI;MAC9Bc,SAAS,EAAElB,iBAAiB,CAACiB,MAAM,CAACE;IACxC;EACJ,CAAC,CAAC;EAEF,OAAO;IACHnB,iBAAiB;IACjBc;EACJ,CAAC;AACL,CAAC","ignoreList":[]}

package/pulumi/apps/syncSystem/api/attachS3Permissions.d.ts

@@ -0,0 +1,14 @@
+import type { PulumiApp } from "@webiny/pulumi";
+import type { IGetSyncSystemOutputResult } from "../../../../pulumi/apps/syncSystem/types.js";
+import type { CoreOutput } from "../../../../pulumi/apps/common/CoreOutput.js";
+import type { WithServiceManifest } from "../../../../pulumi/utils/withServiceManifest.js";
+export interface IAttachS3PermissionsParams {
+    app: PulumiApp & WithServiceManifest;
+    syncSystem: IGetSyncSystemOutputResult;
+    core: CoreOutput;
+}
+export declare const attachS3Permissions: (params: IAttachS3PermissionsParams) => {
+    s3Policy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/policy").Policy>;
+    workerLambdaS3PolicyAttachment: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/rolePolicyAttachment").RolePolicyAttachment>;
+    resolverLambdaS3PolicyAttachment: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/rolePolicyAttachment").RolePolicyAttachment>;
+};

package/pulumi/apps/syncSystem/api/attachS3Permissions.js

@@ -0,0 +1,51 @@
+import * as aws from "@pulumi/aws";
+import { createSyncResourceName } from "../createSyncResourceName.js";
+export const attachS3Permissions = params => {
+  const {
+    app,
+    syncSystem,
+    core
+  } = params;
+  const {
+    resolverLambdaRoleName,
+    workerLambdaRoleName
+  } = syncSystem;
+  const resolverLambdaToS3ResourceName = createSyncResourceName(`resolver-lambda-to-s3-fm`);
+  const workerLambdaToS3ResourceName = createSyncResourceName(`worker-lambda-to-s3-fm`);
+  const s3Policy = app.addResource(aws.iam.Policy, {
+    name: `${resolverLambdaToS3ResourceName}-policy`,
+    config: {
+      description: "This policy enables access from Sync System Resolver and Worker Lambda to Webiny S3.",
+      policy: {
+        Version: "2012-10-17",
+        Statement: [{
+          Sid: "PermissionForSyncLambdaToS3",
+          Effect: "Allow",
+          Action: ["s3:DeleteObject", "s3:PutObject", "s3:GetObject", "s3:ListBucket"],
+          Resource: [core.fileManagerBucketArn.apply(arn => arn), core.fileManagerBucketArn.apply(arn => `${arn}/*`)]
+        }]
+      }
+    }
+  });
+  const resolverLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {
+    name: `${resolverLambdaToS3ResourceName}-policy-attachment`,
+    config: {
+      role: resolverLambdaRoleName,
+      policyArn: s3Policy.output.arn
+    }
+  });
+  const workerLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {
+    name: `${workerLambdaToS3ResourceName}-policy-attachment`,
+    config: {
+      role: workerLambdaRoleName,
+      policyArn: s3Policy.output.arn
+    }
+  });
+  return {
+    s3Policy,
+    workerLambdaS3PolicyAttachment,
+    resolverLambdaS3PolicyAttachment
+  };
+};
+
+//# sourceMappingURL=attachS3Permissions.js.map

package/pulumi/apps/syncSystem/api/attachS3Permissions.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["aws","createSyncResourceName","attachS3Permissions","params","app","syncSystem","core","resolverLambdaRoleName","workerLambdaRoleName","resolverLambdaToS3ResourceName","workerLambdaToS3ResourceName","s3Policy","addResource","iam","Policy","name","config","description","policy","Version","Statement","Sid","Effect","Action","Resource","fileManagerBucketArn","apply","arn","resolverLambdaS3PolicyAttachment","RolePolicyAttachment","role","policyArn","output","workerLambdaS3PolicyAttachment"],"sources":["attachS3Permissions.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport type { PulumiApp } from \"@webiny/pulumi\";\nimport type { IGetSyncSystemOutputResult } from \"~/pulumi/apps/syncSystem/types.js\";\nimport type { CoreOutput } from \"~/pulumi/apps/common/CoreOutput.js\";\nimport { createSyncResourceName } from \"~/pulumi/apps/syncSystem/createSyncResourceName.js\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\n\nexport interface IAttachS3PermissionsParams {\n    app: PulumiApp & WithServiceManifest;\n    syncSystem: IGetSyncSystemOutputResult;\n    core: CoreOutput;\n}\n\nexport const attachS3Permissions = (params: IAttachS3PermissionsParams) => {\n    const { app, syncSystem, core } = params;\n\n    const { resolverLambdaRoleName, workerLambdaRoleName } = syncSystem;\n\n    const resolverLambdaToS3ResourceName = createSyncResourceName(`resolver-lambda-to-s3-fm`);\n    const workerLambdaToS3ResourceName = createSyncResourceName(`worker-lambda-to-s3-fm`);\n\n    const s3Policy = app.addResource(aws.iam.Policy, {\n        name: `${resolverLambdaToS3ResourceName}-policy`,\n        config: {\n            description:\n                \"This policy enables access from Sync System Resolver and Worker Lambda to Webiny S3.\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForSyncLambdaToS3\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"s3:DeleteObject\",\n                            \"s3:PutObject\",\n                            \"s3:GetObject\",\n                            \"s3:ListBucket\"\n                        ],\n                        Resource: [\n                            core.fileManagerBucketArn.apply(arn => arn),\n                            core.fileManagerBucketArn.apply(arn => `${arn}/*`)\n                        ]\n                    }\n                ]\n            }\n        }\n    });\n\n    const resolverLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${resolverLambdaToS3ResourceName}-policy-attachment`,\n        config: {\n            role: resolverLambdaRoleName,\n            policyArn: s3Policy.output.arn\n        }\n    });\n\n    const workerLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${workerLambdaToS3ResourceName}-policy-attachment`,\n        config: {\n            role: workerLambdaRoleName,\n            policyArn: s3Policy.output.arn\n        }\n    });\n\n    return {\n        s3Policy,\n        workerLambdaS3PolicyAttachment,\n        resolverLambdaS3PolicyAttachment\n    };\n};\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAIlC,SAASC,sBAAsB;AAS/B,OAAO,MAAMC,mBAAmB,GAAIC,MAAkC,IAAK;EACvE,MAAM;IAAEC,GAAG;IAAEC,UAAU;IAAEC;EAAK,CAAC,GAAGH,MAAM;EAExC,MAAM;IAAEI,sBAAsB;IAAEC;EAAqB,CAAC,GAAGH,UAAU;EAEnE,MAAMI,8BAA8B,GAAGR,sBAAsB,CAAC,0BAA0B,CAAC;EACzF,MAAMS,4BAA4B,GAAGT,sBAAsB,CAAC,wBAAwB,CAAC;EAErF,MAAMU,QAAQ,GAAGP,GAAG,CAACQ,WAAW,CAACZ,GAAG,CAACa,GAAG,CAACC,MAAM,EAAE;IAC7CC,IAAI,EAAE,GAAGN,8BAA8B,SAAS;IAChDO,MAAM,EAAE;MACJC,WAAW,EACP,sFAAsF;MAC1FC,MAAM,EAAE;QACJC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,6BAA6B;UAClCC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,eAAe,CAClB;UACDC,QAAQ,EAAE,CACNlB,IAAI,CAACmB,oBAAoB,CAACC,KAAK,CAACC,GAAG,IAAIA,GAAG,CAAC,EAC3CrB,IAAI,CAACmB,oBAAoB,CAACC,KAAK,CAACC,GAAG,IAAI,GAAGA,GAAG,IAAI,CAAC;QAE1D,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMC,gCAAgC,GAAGxB,GAAG,CAACQ,WAAW,CAACZ,GAAG,CAACa,GAAG,CAACgB,oBAAoB,EAAE;IACnFd,IAAI,EAAE,GAAGN,8BAA8B,oBAAoB;IAC3DO,MAAM,EAAE;MACJc,IAAI,EAAEvB,sBAAsB;MAC5BwB,SAAS,EAAEpB,QAAQ,CAACqB,MAAM,CAACL;IAC/B;EACJ,CAAC,CAAC;EAEF,MAAMM,8BAA8B,GAAG7B,GAAG,CAACQ,WAAW,CAACZ,GAAG,CAACa,GAAG,CAACgB,oBAAoB,EAAE;IACjFd,IAAI,EAAE,GAAGL,4BAA4B,oBAAoB;IACzDM,MAAM,EAAE;MACJc,IAAI,EAAEtB,oBAAoB;MAC1BuB,SAAS,EAAEpB,QAAQ,CAACqB,MAAM,CAACL;IAC/B;EACJ,CAAC,CAAC;EAEF,OAAO;IACHhB,QAAQ;IACRsB,8BAA8B;IAC9BL;EACJ,CAAC;AACL,CAAC","ignoreList":[]}

package/pulumi/apps/syncSystem/api/index.d.ts

@@ -0,0 +1,8 @@
+import type { PulumiApp } from "@webiny/pulumi/types.js";
+import type { CoreOutput } from "../../../../pulumi/apps/common/CoreOutput.js";
+import type { WithServiceManifest } from "../../../../pulumi/utils/withServiceManifest.js";
+export interface IAttachSyncSystemParams {
+    app: PulumiApp & WithServiceManifest;
+    core: CoreOutput;
+}
+export declare const attachSyncSystem: (params: IAttachSyncSystemParams) => Promise<void>;

package/pulumi/apps/syncSystem/api/index.js

@@ -0,0 +1,55 @@
+import { getSyncSystemOutput } from "../getSyncSystemOutput.js";
+import { attachEventBusPermissions } from "./attachEventBusPermissions.js";
+import { attachDynamoDbPermissions } from "./attachDynamoDbPermissions.js";
+import { attachS3Permissions } from "./attachS3Permissions.js";
+import { addServiceManifest } from "./addServiceManifest.js";
+import { attachCognitoPermissions } from "./attachCognitoPermissions.js";
+export const attachSyncSystem = async params => {
+  const {
+    app,
+    core
+  } = params;
+  const syncSystem = await getSyncSystemOutput();
+  /**
+   * Possibly no sync system deployed - no need to do anything at that point.
+   * At this point, if sync system was deployed, and it is not anymore, all resources after this check will disappear.
+   */
+  if (!syncSystem) {
+    console.log(`No Sync System deployed. Skipping...`);
+    return;
+  }
+  /**
+   * Permissions for Webiny system to access Sync System resources.
+   */
+  attachEventBusPermissions({
+    app,
+    syncSystem
+  });
+  /**
+   * Permissions for Sync System to access Webiny system resources.
+   */
+  attachCognitoPermissions({
+    app,
+    syncSystem,
+    core
+  });
+  attachDynamoDbPermissions({
+    app,
+    syncSystem,
+    core
+  });
+  attachS3Permissions({
+    app,
+    syncSystem,
+    core
+  });
+  /**
+   * Add the Service Manifest item to the Webiny system.
+   */
+  addServiceManifest({
+    app,
+    syncSystem
+  });
+};
+
+//# sourceMappingURL=index.js.map

package/pulumi/apps/syncSystem/api/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["getSyncSystemOutput","attachEventBusPermissions","attachDynamoDbPermissions","attachS3Permissions","addServiceManifest","attachCognitoPermissions","attachSyncSystem","params","app","core","syncSystem","console","log"],"sources":["index.ts"],"sourcesContent":["import { getSyncSystemOutput } from \"~/pulumi/apps/syncSystem/getSyncSystemOutput.js\";\nimport { attachEventBusPermissions } from \"./attachEventBusPermissions.js\";\nimport { attachDynamoDbPermissions } from \"~/pulumi/apps/syncSystem/api/attachDynamoDbPermissions.js\";\nimport { attachS3Permissions } from \"~/pulumi/apps/syncSystem/api/attachS3Permissions.js\";\nimport { addServiceManifest } from \"~/pulumi/apps/syncSystem/api/addServiceManifest.js\";\nimport type { PulumiApp } from \"@webiny/pulumi/types.js\";\nimport type { CoreOutput } from \"~/pulumi/apps/common/CoreOutput.js\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport { attachCognitoPermissions } from \"~/pulumi/apps/syncSystem/api/attachCognitoPermissions.js\";\n\nexport interface IAttachSyncSystemParams {\n    app: PulumiApp & WithServiceManifest;\n    core: CoreOutput;\n}\n\nexport const attachSyncSystem = async (params: IAttachSyncSystemParams) => {\n    const { app, core } = params;\n\n    const syncSystem = await getSyncSystemOutput();\n    /**\n     * Possibly no sync system deployed - no need to do anything at that point.\n     * At this point, if sync system was deployed, and it is not anymore, all resources after this check will disappear.\n     */\n    if (!syncSystem) {\n        console.log(`No Sync System deployed. Skipping...`);\n        return;\n    }\n    /**\n     * Permissions for Webiny system to access Sync System resources.\n     */\n    attachEventBusPermissions({\n        app,\n        syncSystem\n    });\n    /**\n     * Permissions for Sync System to access Webiny system resources.\n     */\n    attachCognitoPermissions({\n        app,\n        syncSystem,\n        core\n    });\n    attachDynamoDbPermissions({\n        app,\n        syncSystem,\n        core\n    });\n    attachS3Permissions({\n        app,\n        syncSystem,\n        core\n    });\n    /**\n     * Add the Service Manifest item to the Webiny system.\n     */\n    addServiceManifest({\n        app,\n        syncSystem\n    });\n};\n"],"mappings":"AAAA,SAASA,mBAAmB;AAC5B,SAASC,yBAAyB;AAClC,SAASC,yBAAyB;AAClC,SAASC,mBAAmB;AAC5B,SAASC,kBAAkB;AAI3B,SAASC,wBAAwB;AAOjC,OAAO,MAAMC,gBAAgB,GAAG,MAAOC,MAA+B,IAAK;EACvE,MAAM;IAAEC,GAAG;IAAEC;EAAK,CAAC,GAAGF,MAAM;EAE5B,MAAMG,UAAU,GAAG,MAAMV,mBAAmB,CAAC,CAAC;EAC9C;AACJ;AACA;AACA;EACI,IAAI,CAACU,UAAU,EAAE;IACbC,OAAO,CAACC,GAAG,CAAC,sCAAsC,CAAC;IACnD;EACJ;EACA;AACJ;AACA;EACIX,yBAAyB,CAAC;IACtBO,GAAG;IACHE;EACJ,CAAC,CAAC;EACF;AACJ;AACA;EACIL,wBAAwB,CAAC;IACrBG,GAAG;IACHE,UAAU;IACVD;EACJ,CAAC,CAAC;EACFP,yBAAyB,CAAC;IACtBM,GAAG;IACHE,UAAU;IACVD;EACJ,CAAC,CAAC;EACFN,mBAAmB,CAAC;IAChBK,GAAG;IACHE,UAAU;IACVD;EACJ,CAAC,CAAC;EACF;AACJ;AACA;EACIL,kBAAkB,CAAC;IACfI,GAAG;IACHE;EACJ,CAAC,CAAC;AACN,CAAC","ignoreList":[]}

package/pulumi/apps/syncSystem/constants.d.ts

@@ -0,0 +1 @@
+export declare const APPS_SYNC_SYSTEM_PATH = "apps/sync";

package/pulumi/apps/syncSystem/constants.js

@@ -0,0 +1,3 @@
+export const APPS_SYNC_SYSTEM_PATH = "apps/sync";
+
+//# sourceMappingURL=constants.js.map

package/pulumi/apps/syncSystem/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["APPS_SYNC_SYSTEM_PATH"],"sources":["constants.ts"],"sourcesContent":["export const APPS_SYNC_SYSTEM_PATH = \"apps/sync\";\n"],"mappings":"AAAA,OAAO,MAAMA,qBAAqB,GAAG,WAAW","ignoreList":[]}

package/pulumi/apps/syncSystem/createSyncResourceName.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Need to have standardized resource names.
+ */
+export declare const createSyncResourceName: (name: string) => string;

package/pulumi/apps/syncSystem/createSyncResourceName.js

@@ -0,0 +1,10 @@
+import kebabCase from "lodash/kebabCase.js";
+
+/**
+ * Need to have standardized resource names.
+ */
+export const createSyncResourceName = name => {
+  return `sync-system-${kebabCase(name)}`;
+};
+
+//# sourceMappingURL=createSyncResourceName.js.map

package/pulumi/apps/syncSystem/createSyncResourceName.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["kebabCase","createSyncResourceName","name"],"sources":["createSyncResourceName.ts"],"sourcesContent":["import kebabCase from \"lodash/kebabCase.js\";\n\n/**\n * Need to have standardized resource names.\n */\nexport const createSyncResourceName = (name: string) => {\n    return `sync-system-${kebabCase(name)}`;\n};\n"],"mappings":"AAAA,OAAOA,SAAS,MAAM,qBAAqB;;AAE3C;AACA;AACA;AACA,OAAO,MAAMC,sBAAsB,GAAIC,IAAY,IAAK;EACpD,OAAO,eAAeF,SAAS,CAACE,IAAI,CAAC,EAAE;AAC3C,CAAC","ignoreList":[]}

package/pulumi/apps/syncSystem/createSyncSystemPulumiApp.d.ts

@@ -0,0 +1,26 @@
+import * as pulumi from "@pulumi/pulumi";
+export declare function createSyncSystemPulumiApp(): import("@webiny/pulumi").PulumiApp<{
+    sqs: pulumi.Output<import("@pulumi/aws/sqs/queue.js").Queue>;
+    dynamoDb: pulumi.Output<import("@pulumi/aws/dynamodb/table.js").Table>;
+    eventBus: pulumi.Output<import("@pulumi/aws/cloudwatch/eventBus.js").EventBus>;
+    eventBusRule: pulumi.Output<import("@pulumi/aws/cloudwatch/eventRule.js").EventRule>;
+    eventBusTarget: pulumi.Output<import("@pulumi/aws/cloudwatch/eventTarget.js").EventTarget>;
+    eventBusPolicy: pulumi.Output<import("@pulumi/aws/sqs/queuePolicy.js").QueuePolicy>;
+    /**
+     * Worker Lambda - used to resolve actions triggered by the resolver Lambda.
+     */
+    workerLambda: pulumi.Output<import("@pulumi/aws/lambda/function.js").Function>;
+    workerLambdaRole: pulumi.Output<import("@pulumi/aws/iam/role.js").Role>;
+    /**
+     * Resolver Lambda - gets hit by SQS and resolves the data.
+     */
+    resolverLambda: pulumi.Output<import("@pulumi/aws/lambda/function.js").Function>;
+    resolverLambdaRole: pulumi.Output<import("@pulumi/aws/iam/role.js").Role>;
+    resolverLambdaPolicy: pulumi.Output<import("@pulumi/aws/iam/policy.js").Policy>;
+    resolverLambdaEventSourceMapping: pulumi.Output<import("@pulumi/aws/lambda/eventSourceMapping.js").EventSourceMapping>;
+    /**
+     * Systems we are connecting together.
+     */
+    primary: {};
+    secondary: {};
+}>;

package/pulumi/apps/syncSystem/createSyncSystemPulumiApp.js

@@ -0,0 +1,181 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as aws from "@pulumi/aws";
+import { createPulumiApp, isResourceOfType } from "@webiny/pulumi";
+import { SyncSystemSQS } from "./SyncSystemSQS.js";
+import { SyncSystemResolverLambda } from "./SyncSystemResolverLambda.js";
+import { APPS_SYNC_SYSTEM_PATH } from "./constants.js";
+import { SyncSystemEventBus } from "./SyncSystemEventBus.js";
+import { customApp } from "./customApp.js";
+import { SyncSystemDynamoDb } from "./SyncSystemDynamoDb.js";
+import { SyncSystemWorkerLambda } from "./SyncSystemWorkerLambda.js";
+import { getProjectSdk } from "@webiny/project";
+import { getVpcConfigFromExtension } from "../extensions/getVpcConfigFromExtension.js";
+import { applyAwsResourceTags } from "../awsUtils.js";
+export function createSyncSystemPulumiApp() {
+  return createPulumiApp({
+    name: "sync",
+    path: APPS_SYNC_SYSTEM_PATH,
+    program: async app => {
+      const sdk = await getProjectSdk();
+      const projectConfig = await sdk.getProjectConfig();
+      const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();
+      const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);
+      if (pulumiResourceNamePrefix) {
+        app.onResource(resource => {
+          if (!resource.name.startsWith(pulumiResourceNamePrefix)) {
+            resource.name = `${pulumiResourceNamePrefix}${resource.name}`;
+          }
+        });
+      }
+
+      // <-------------------- Enterprise start -------------------->
+      app.addHandler(async () => {
+        const usingAdvancedVpcParams = vpcExtensionsConfig && typeof vpcExtensionsConfig !== "boolean";
+
+        // Not using advanced VPC params? Then immediately exit.
+        if (!usingAdvancedVpcParams) {
+          return;
+        }
+        const {
+          onResource,
+          addResource
+        } = app;
+        const {
+          useExistingVpc
+        } = vpcExtensionsConfig;
+
+        // 1. We first deal with "existing VPC" setup.
+        if (useExistingVpc) {
+          if (!useExistingVpc.lambdaFunctionsVpcConfig) {
+            throw new Error("Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.");
+          }
+          onResource(resource => {
+            if (isResourceOfType(resource, aws.lambda.Function)) {
+              const canUseVpc = resource.meta.canUseVpc !== false;
+              if (canUseVpc) {
+                resource.config.vpcConfig(useExistingVpc.lambdaFunctionsVpcConfig);
+              }
+            }
+            if (isResourceOfType(resource, aws.iam.Role)) {
+              if (resource.meta.isLambdaFunctionRole) {
+                addResource(aws.iam.RolePolicyAttachment, {
+                  name: `${resource.name}-vpc-access-execution-role`,
+                  config: {
+                    role: resource.output.name,
+                    policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole
+                  }
+                });
+              }
+            }
+          });
+        }
+        return;
+      });
+      // <-------------------- Enterprise end -------------------->
+
+      const protect = app.env.isProduction;
+      const regionApp = customApp({
+        app,
+        protect
+      });
+      /**
+       * Sync System services.
+       */
+      const {
+        sqsQueue
+      } = regionApp.addModule(SyncSystemSQS);
+      const dynamoDb = regionApp.addModule(SyncSystemDynamoDb);
+      const workerLambda = regionApp.addModule(SyncSystemWorkerLambda);
+      const resolverLambda = regionApp.addModule(SyncSystemResolverLambda);
+      const {
+        eventBusRule,
+        eventBus,
+        eventBusTarget,
+        eventBusPolicy
+      } = regionApp.addModule(SyncSystemEventBus);
+      const output = {
+        /**
+         * Region provider.
+         */
+        region: pulumi.output(process.env.AWS_REGION),
+        /**
+         * SyncSystemSQS
+         */
+        sqsUrl: sqsQueue.output.url,
+        sqsArn: sqsQueue.output.arn,
+        sqsName: sqsQueue.output.name,
+        /**
+         * DynamoDB
+         */
+        dynamoDbArn: dynamoDb.output.arn,
+        dynamoDbName: dynamoDb.output.name,
+        dynamoDbHashKey: dynamoDb.output.hashKey,
+        dynamoDbRangeKey: dynamoDb.output.rangeKey,
+        /**
+         * SyncSystemResolverLambda
+         */
+        resolverLambdaArn: resolverLambda.lambda.output.arn,
+        resolverLambdaName: resolverLambda.lambda.output.name,
+        resolverLambdaRoleArn: resolverLambda.role.output.arn,
+        resolverLambdaRoleName: resolverLambda.role.output.name,
+        resolverLambdaRoleId: resolverLambda.role.output.id,
+        resolverLambdaPolicyArn: resolverLambda.policy.output.arn,
+        resolverLambdaPolicyName: resolverLambda.policy.output.name,
+        resolverLambdaPolicyId: resolverLambda.policy.output.id,
+        resolverLambdaEventSourceMappingArn: resolverLambda.eventSourceMapping.output.arn,
+        resolverLambdaEventSourceMappingId: resolverLambda.eventSourceMapping.output.id,
+        // # We can safely cast as we know that the property exists.
+        resolverLambdaEventSourceMappingEventSourceArn: resolverLambda.eventSourceMapping.output.eventSourceArn,
+        /**
+         * SyncSystemWorkerLambda
+         */
+        workerLambdaArn: workerLambda.lambda.output.arn,
+        workerLambdaName: workerLambda.lambda.output.name,
+        workerLambdaRoleArn: workerLambda.role.output.arn,
+        workerLambdaRoleName: workerLambda.role.output.name,
+        /**
+         * SyncSystemEventBus
+         */
+        eventBusArn: eventBus.output.arn,
+        eventBusName: eventBus.output.name,
+        eventBusRuleArn: eventBusRule.output.arn,
+        eventBusRuleName: eventBusRule.output.id,
+        eventBusTargetArn: eventBusTarget.output.arn,
+        eventBusPolicyId: eventBusPolicy.output.id,
+        eventBusPolicyUrn: eventBusPolicy.output.urn,
+        eventBusPolicyQueueUrl: eventBusPolicy.output.queueUrl
+      };
+      app.addOutputs(output);
+
+      // Applies internal and user-defined AWS tags.
+      await applyAwsResourceTags("sync");
+      return {
+        sqs: sqsQueue.output,
+        dynamoDb: dynamoDb.output,
+        eventBus: eventBus.output,
+        eventBusRule: eventBusRule.output,
+        eventBusTarget: eventBusTarget.output,
+        eventBusPolicy: eventBusPolicy.output,
+        /**
+         * Worker Lambda - used to resolve actions triggered by the resolver Lambda.
+         */
+        workerLambda: workerLambda.lambda.output,
+        workerLambdaRole: workerLambda.role.output,
+        /**
+         * Resolver Lambda - gets hit by SQS and resolves the data.
+         */
+        resolverLambda: resolverLambda.lambda.output,
+        resolverLambdaRole: resolverLambda.role.output,
+        resolverLambdaPolicy: resolverLambda.policy.output,
+        resolverLambdaEventSourceMapping: resolverLambda.eventSourceMapping.output,
+        /**
+         * Systems we are connecting together.
+         */
+        primary: {},
+        secondary: {}
+      };
+    }
+  });
+}
+
+//# sourceMappingURL=createSyncSystemPulumiApp.js.map