@webiny/project-aws 6.0.0-rc.2 → 6.0.0-rc.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/apps/createAdminApp.d.ts +2 -0
  2. package/package.json +11 -12
  3. package/project.d.ts +13 -6
  4. package/pulumi/apps/admin/createAdminPulumiApp.d.ts +2 -0
  5. package/pulumi/apps/api/ApiCloudfront.js +1 -1
  6. package/pulumi/apps/api/ApiCloudfront.js.map +1 -1
  7. package/pulumi/apps/api/createApiPulumiApp.js +2 -3
  8. package/pulumi/apps/api/createApiPulumiApp.js.map +1 -1
  9. package/pulumi/apps/core/CoreAuditLogsDynamo.js +67 -19
  10. package/pulumi/apps/core/CoreAuditLogsDynamo.js.map +1 -1
  11. package/pulumi/apps/core/CoreDynamo.js +18 -5
  12. package/pulumi/apps/core/CoreDynamo.js.map +1 -1
  13. package/pulumi/apps/core/CoreFileManager.d.ts +3 -0
  14. package/pulumi/apps/core/CoreFileManager.js +35 -7
  15. package/pulumi/apps/core/CoreFileManager.js.map +1 -1
  16. package/pulumi/apps/core/LogDynamo.js +39 -11
  17. package/pulumi/apps/core/LogDynamo.js.map +1 -1
  18. package/pulumi/apps/core/createCorePulumiApp.js +2 -3
  19. package/pulumi/apps/core/createCorePulumiApp.js.map +1 -1
  20. package/pulumi/apps/createAppBucket.d.ts +4 -0
  21. package/pulumi/apps/createAppBucket.js +42 -2
  22. package/pulumi/apps/createAppBucket.js.map +1 -1
  23. package/pulumi/apps/react/createReactPulumiApp.d.ts +2 -0
package/apps/createAdminApp.d.ts CHANGED
@@ -5,6 +5,8 @@ export declare function createAdminApp(): {
5
5
  getPulumi(): Promise<import("@webiny/pulumi/types").PulumiApp<{
6
6
  cloudfront: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/distribution").Distribution>;
7
7
  bucket: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
8
+ bucketOwnershipControls: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketOwnershipControls").BucketOwnershipControls>;
9
+ bucketAcl: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketAcl").BucketAcl>;
8
10
  originIdentity: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/originAccessIdentity").OriginAccessIdentity>;
9
11
  origin: import("@pulumi/aws/types/input").cloudfront.DistributionOrigin;
10
12
  bucketPublicAccessBlock: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPublicAccessBlock").BucketPublicAccessBlock>;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@webiny/project-aws",
3
- "version": "6.0.0-rc.2",
3
+ "version": "6.0.0-rc.3",
4
4
  "type": "module",
5
5
  "main": "./index.js",
6
6
  "repository": {
@@ -18,15 +18,14 @@
18
18
  "@pulumi/aws": "^7.20.0",
19
19
  "@pulumi/pulumi": "^3.223.0",
20
20
  "@pulumi/random": "4.19.1",
21
- "@webiny/api-headless-cms": "6.0.0-rc.2",
22
- "@webiny/aws-layers": "6.0.0-rc.2",
23
- "@webiny/aws-sdk": "6.0.0-rc.2",
24
- "@webiny/cli-core": "6.0.0-rc.2",
25
- "@webiny/data-migration": "6.0.0-rc.2",
26
- "@webiny/project": "6.0.0-rc.2",
27
- "@webiny/pulumi": "6.0.0-rc.2",
28
- "@webiny/utils": "6.0.0-rc.2",
29
- "@webiny/wcp": "6.0.0-rc.2",
21
+ "@webiny/api-headless-cms": "6.0.0-rc.3",
22
+ "@webiny/aws-layers": "6.0.0-rc.3",
23
+ "@webiny/aws-sdk": "6.0.0-rc.3",
24
+ "@webiny/cli-core": "6.0.0-rc.3",
25
+ "@webiny/data-migration": "6.0.0-rc.3",
26
+ "@webiny/project": "6.0.0-rc.3",
27
+ "@webiny/pulumi": "6.0.0-rc.3",
28
+ "@webiny/utils": "6.0.0-rc.3",
30
29
  "chalk": "4.1.2",
31
30
  "find-up": "5.0.0",
32
31
  "invariant": "2.2.4",
@@ -39,7 +38,7 @@
39
38
  "devDependencies": {
40
39
  "@types/lodash": "4.17.24",
41
40
  "@types/ncp": "2.0.8",
42
- "@webiny/build-tools": "6.0.0-rc.2",
41
+ "@webiny/build-tools": "6.0.0-rc.3",
43
42
  "typescript": "5.9.3"
44
43
  },
45
44
  "adio": {
@@ -57,5 +56,5 @@
57
56
  ]
58
57
  }
59
58
  },
60
- "gitHead": "5facada4cbb8617cc60e3c98be0f1839f44be38e"
59
+ "gitHead": "228fe25e1a17f248d566bce1c33d11c291955513"
61
60
  }
package/project.d.ts CHANGED
@@ -53,24 +53,27 @@ export declare const Project: {
53
53
  teams: import("zod").ZodOptional<import("zod").ZodBoolean>;
54
54
  privateFiles: import("zod").ZodOptional<import("zod").ZodBoolean>;
55
55
  folderLevelPermissions: import("zod").ZodOptional<import("zod").ZodBoolean>;
56
+ hcmsFieldPermissions: import("zod").ZodOptional<import("zod").ZodBoolean>;
56
57
  }, "strip", import("zod").ZodTypeAny, {
57
58
  teams?: boolean | undefined;
58
59
  privateFiles?: boolean | undefined;
59
60
  folderLevelPermissions?: boolean | undefined;
61
+ hcmsFieldPermissions?: boolean | undefined;
60
62
  }, {
61
63
  teams?: boolean | undefined;
62
64
  privateFiles?: boolean | undefined;
63
65
  folderLevelPermissions?: boolean | undefined;
66
+ hcmsFieldPermissions?: boolean | undefined;
64
67
  }>]>>;
65
68
  auditLogs: import("zod").ZodOptional<import("zod").ZodBoolean>;
66
69
  recordLocking: import("zod").ZodOptional<import("zod").ZodBoolean>;
67
- fileManager: import("zod").ZodOptional<import("zod").ZodUnion<[import("zod").ZodBoolean, import("zod").ZodObject<{
70
+ fileManager: import("zod").ZodOptional<import("zod").ZodObject<{
68
71
  threatDetection: import("zod").ZodOptional<import("zod").ZodBoolean>;
69
72
  }, "strip", import("zod").ZodTypeAny, {
70
73
  threatDetection?: boolean | undefined;
71
74
  }, {
72
75
  threatDetection?: boolean | undefined;
73
- }>]>>;
76
+ }>>;
74
77
  }, "strip", import("zod").ZodTypeAny, {
75
78
  multiTenancy?: boolean | undefined;
76
79
  advancedPublishingWorkflow?: boolean | undefined;
@@ -78,10 +81,11 @@ export declare const Project: {
78
81
  teams?: boolean | undefined;
79
82
  privateFiles?: boolean | undefined;
80
83
  folderLevelPermissions?: boolean | undefined;
84
+ hcmsFieldPermissions?: boolean | undefined;
81
85
  } | undefined;
82
86
  auditLogs?: boolean | undefined;
83
87
  recordLocking?: boolean | undefined;
84
- fileManager?: boolean | {
88
+ fileManager?: {
85
89
  threatDetection?: boolean | undefined;
86
90
  } | undefined;
87
91
  }, {
@@ -91,10 +95,11 @@ export declare const Project: {
91
95
  teams?: boolean | undefined;
92
96
  privateFiles?: boolean | undefined;
93
97
  folderLevelPermissions?: boolean | undefined;
98
+ hcmsFieldPermissions?: boolean | undefined;
94
99
  } | undefined;
95
100
  auditLogs?: boolean | undefined;
96
101
  recordLocking?: boolean | undefined;
97
- fileManager?: boolean | {
102
+ fileManager?: {
98
103
  threatDetection?: boolean | undefined;
99
104
  } | undefined;
100
105
  }>;
@@ -106,10 +111,11 @@ export declare const Project: {
106
111
  teams?: boolean | undefined;
107
112
  privateFiles?: boolean | undefined;
108
113
  folderLevelPermissions?: boolean | undefined;
114
+ hcmsFieldPermissions?: boolean | undefined;
109
115
  } | undefined;
110
116
  auditLogs?: boolean | undefined;
111
117
  recordLocking?: boolean | undefined;
112
- fileManager?: boolean | {
118
+ fileManager?: {
113
119
  threatDetection?: boolean | undefined;
114
120
  } | undefined;
115
121
  };
@@ -121,10 +127,11 @@ export declare const Project: {
121
127
  teams?: boolean | undefined;
122
128
  privateFiles?: boolean | undefined;
123
129
  folderLevelPermissions?: boolean | undefined;
130
+ hcmsFieldPermissions?: boolean | undefined;
124
131
  } | undefined;
125
132
  auditLogs?: boolean | undefined;
126
133
  recordLocking?: boolean | undefined;
127
- fileManager?: boolean | {
134
+ fileManager?: {
128
135
  threatDetection?: boolean | undefined;
129
136
  } | undefined;
130
137
  };
package/pulumi/apps/admin/createAdminPulumiApp.d.ts CHANGED
@@ -3,6 +3,8 @@ export type AdminPulumiApp = ReturnType<typeof createReactPulumiApp>;
3
3
  export declare const createAdminPulumiApp: () => Promise<import("@webiny/pulumi/types").PulumiApp<{
4
4
  cloudfront: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/distribution").Distribution>;
5
5
  bucket: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
6
+ bucketOwnershipControls: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketOwnershipControls").BucketOwnershipControls>;
7
+ bucketAcl: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketAcl").BucketAcl>;
6
8
  originIdentity: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/originAccessIdentity").OriginAccessIdentity>;
7
9
  origin: import("@pulumi/aws/types/input").cloudfront.DistributionOrigin;
8
10
  bucketPublicAccessBlock: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPublicAccessBlock").BucketPublicAccessBlock>;
package/pulumi/apps/api/ApiCloudfront.js CHANGED
@@ -9,7 +9,7 @@ export const ApiCloudfront = createAppModule({
9
9
  forward: "whitelist",
10
10
  whitelistedNames: ["wby-id-token"]
11
11
  };
12
- const forwardHeaders = ["Origin", "Authorization", "Accept", "Accept-Language", "X-Tenant"];
12
+ const forwardHeaders = ["Origin", "Authorization", "Accept", "Accept-Language", "X-Tenant", "X-Webiny-Sdk"];
13
13
  return app.addResource(aws.cloudfront.Distribution, {
14
14
  name: "api-cloudfront",
15
15
  config: {
package/pulumi/apps/api/ApiCloudfront.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","createAppModule","ApiGateway","ApiCloudfront","name","config","app","gateway","getModule","cookies","forward","whitelistedNames","forwardHeaders","addResource","cloudfront","Distribution","httpVersion","waitForDeployment","isIpv6Enabled","enabled","defaultCacheBehavior","compress","allowedMethods","cachedMethods","forwardedValues","headers","queryString","minTtl","defaultTtl","maxTtl","targetOriginId","api","output","viewerProtocolPolicy","orderedCacheBehaviors","pathPattern","origins","domainName","stage","invokeUrl","apply","url","URL","hostname","originPath","pathname","originId","customOriginConfig","httpPort","httpsPort","originProtocolPolicy","originSslProtocols","restrictions","geoRestriction","restrictionType","viewerCertificate","cloudfrontDefaultCertificate","opts","ignoreChanges"],"sources":["ApiCloudfront.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\n\nimport { ApiGateway } from \"./ApiGateway.js\";\n\nexport type ApiCloudfront = PulumiAppModule<typeof ApiCloudfront>;\n\nexport const ApiCloudfront = createAppModule({\n name: \"ApiCloudfront\",\n config(app: PulumiApp) {\n const gateway = app.getModule(ApiGateway);\n\n const cookies = {\n forward: \"whitelist\",\n whitelistedNames: [\"wby-id-token\"]\n };\n\n const forwardHeaders = [\"Origin\", \"Authorization\", \"Accept\", \"Accept-Language\", \"X-Tenant\"];\n\n return app.addResource(aws.cloudfront.Distribution, {\n name: \"api-cloudfront\",\n config: {\n httpVersion: \"http2and3\",\n waitForDeployment: false,\n isIpv6Enabled: true,\n enabled: true,\n defaultCacheBehavior: {\n compress: true,\n allowedMethods: [\"GET\", \"HEAD\", \"OPTIONS\", \"PUT\", \"POST\", \"PATCH\", \"DELETE\"],\n cachedMethods: [\"GET\", \"HEAD\", \"OPTIONS\"],\n forwardedValues: {\n cookies,\n headers: forwardHeaders,\n queryString: true\n },\n // MinTTL <= DefaultTTL <= MaxTTL\n minTtl: 0,\n defaultTtl: 0,\n maxTtl: 86400,\n targetOriginId: gateway.api.output.name,\n viewerProtocolPolicy: \"allow-all\"\n },\n orderedCacheBehaviors: [\n {\n compress: true,\n allowedMethods: [\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n \"PUT\",\n \"POST\",\n \"PATCH\",\n \"DELETE\"\n ],\n cachedMethods: [\"GET\", \"HEAD\", \"OPTIONS\"],\n forwardedValues: {\n cookies: {\n forward: \"none\"\n },\n headers: forwardHeaders,\n queryString: true\n },\n pathPattern: \"/cms*\",\n viewerProtocolPolicy: \"allow-all\",\n targetOriginId: gateway.api.output.name\n },\n {\n compress: true,\n allowedMethods: [\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n \"PUT\",\n \"POST\",\n \"PATCH\",\n \"DELETE\"\n ],\n cachedMethods: [\"GET\", \"HEAD\", \"OPTIONS\"],\n forwardedValues: {\n cookies: {\n forward: \"none\"\n },\n headers: forwardHeaders,\n queryString: true\n },\n pathPattern: \"/wb/*\",\n viewerProtocolPolicy: \"allow-all\",\n targetOriginId: gateway.api.output.name\n },\n {\n allowedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n cachedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n forwardedValues: {\n cookies: {\n forward: \"none\"\n },\n headers: forwardHeaders,\n queryString: true\n },\n // MinTTL <= DefaultTTL <= MaxTTL\n minTtl: 0,\n defaultTtl: 0,\n maxTtl: 2592000,\n pathPattern: \"/files/*\",\n viewerProtocolPolicy: \"allow-all\",\n targetOriginId: gateway.api.output.name\n },\n {\n allowedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n cachedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n forwardedValues: {\n cookies: cookies,\n headers: forwardHeaders,\n queryString: true\n },\n // MinTTL <= DefaultTTL <= MaxTTL\n minTtl: 0,\n defaultTtl: 0,\n maxTtl: 2592000,\n pathPattern: \"/private/*\",\n viewerProtocolPolicy: \"allow-all\",\n targetOriginId: gateway.api.output.name\n }\n ],\n origins: [\n {\n domainName: gateway.stage.output.invokeUrl.apply(\n (url: string) => new URL(url).hostname\n ),\n originPath: gateway.stage.output.invokeUrl.apply(\n (url: string) => new URL(url).pathname\n ),\n originId: gateway.api.output.name,\n customOriginConfig: {\n httpPort: 80,\n httpsPort: 443,\n originProtocolPolicy: \"https-only\",\n originSslProtocols: [\"TLSv1.2\"]\n }\n }\n ],\n restrictions: {\n geoRestriction: {\n restrictionType: \"none\"\n }\n },\n viewerCertificate: {\n cloudfrontDefaultCertificate: true\n }\n },\n opts: {\n // We are ignoring changes to the \"staging\" property. This is because of the following.\n // With the 5.41.0 release of Webiny, we also upgraded Pulumi to v6. This introduced a change\n // with how Cloudfront distributions are deployed, where Pulumi now also controls the new\n // `staging` property.\n // If not set, Pulumi will default it to `false`. Which is fine, but, the problem is\n // that, because this property did not exist before, it will always be considered as a change\n // upon deployment.\n // We might think this is fine, but, the problem is that a change in this property causes\n // a full replacement of the Cloudfront distribution, which is not acceptable. Especially\n // if a custom domain has already been associated with the distribution. This then would\n // require the user to disassociate the domain, wait for the distribution to be replaced,\n // and then re-associate the domain. This is not a good experience.\n ignoreChanges: [\"staging\"]\n }\n });\n }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAElC,SAASC,eAAe,QAAQ,gBAAgB;AAEhD,SAASC,UAAU;AAInB,OAAO,MAAMC,aAAa,GAAGF,eAAe,CAAC;EACzCG,IAAI,EAAE,eAAe;EACrBC,MAAMA,CAACC,GAAc,EAAE;IACnB,MAAMC,OAAO,GAAGD,GAAG,CAACE,SAAS,CAACN,UAAU,CAAC;IAEzC,MAAMO,OAAO,GAAG;MACZC,OAAO,EAAE,WAAW;MACpBC,gBAAgB,EAAE,CAAC,cAAc;IACrC,CAAC;IAED,MAAMC,cAAc,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE,QAAQ,EAAE,iBAAiB,EAAE,UAAU,CAAC;IAE3F,OAAON,GAAG,CAACO,WAAW,CAACb,GAAG,CAACc,UAAU,CAACC,YAAY,EAAE;MAChDX,IAAI,EAAE,gBAAgB;MACtBC,MAAM,EAAE;QACJW,WAAW,EAAE,WAAW;QACxBC,iBAAiB,EAAE,KAAK;QACxBC,aAAa,EAAE,IAAI;QACnBC,OAAO,EAAE,IAAI;QACbC,oBAAoB,EAAE;UAClBC,QAAQ,EAAE,IAAI;UACdC,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC;UAC5EC,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbf,OAAO;YACPgB,OAAO,EAAEb,cAAc;YACvBc,WAAW,EAAE;UACjB,CAAC;UACD;UACAC,MAAM,EAAE,CAAC;UACTC,UAAU,EAAE,CAAC;UACbC,MAAM,EAAE,KAAK;UACbC,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B,IAAI;UACvC6B,oBAAoB,EAAE;QAC1B,CAAC;QACDC,qBAAqB,EAAE,CACnB;UACIb,QAAQ,EAAE,IAAI;UACdC,cAAc,EAAE,CACZ,KAAK,EACL,MAAM,EACN,SAAS,EACT,KAAK,EACL,MAAM,EACN,OAAO,EACP,QAAQ,CACX;UACDC,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbf,OAAO,EAAE;cACLC,OAAO,EAAE;YACb,CAAC;YACDe,OAAO,EAAEb,cAAc;YACvBc,WAAW,EAAE;UACjB,CAAC;UACDS,WAAW,EAAE,OAAO;UACpBF,oBAAoB,EAAE,WAAW;UACjCH,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B;QACvC,CAAC,EACD;UACIiB,QAAQ,EAAE,IAAI;UACdC,cAAc,EAAE,CACZ,KAAK,EACL,MAAM,EACN,SAAS,EACT,KAAK,EACL,MAAM,EACN,OAAO,EACP,QAAQ,CACX;UACDC,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbf,OAAO,EAAE;cACLC,OAAO,EAAE;YACb,CAAC;YACDe,OAAO,EAAEb,cAAc;YACvBc,WAAW,EAAE;UACjB,CAAC;UACDS,WAAW,EAAE,OAAO;UACpBF,oBAAoB,EAAE,WAAW;UACjCH,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B;QACvC,CAAC,EACD;UACIkB,cAAc,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UAC1CC,aAAa,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbf,OAAO,EAAE;cACLC,OAAO,EAAE;YACb,CAAC;YACDe,OAAO,EAAEb,cAAc;YACvBc,WAAW,EAAE;UACjB,CAAC;UACD;UACAC,MAAM,EAAE,CAAC;UACTC,UAAU,EAAE,CAAC;UACbC,MAAM,EAAE,OAAO;UACfM,WAAW,EAAE,UAAU;UACvBF,oBAAoB,EAAE,WAAW;UACjCH,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B;QACvC,CAAC,EACD;UACIkB,cAAc,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UAC1CC,aAAa,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbf,OAAO,EAAEA,OAAO;YAChBgB,OAAO,EAAEb,cAAc;YACvBc,WAAW,EAAE;UACjB,CAAC;UACD;UACAC,MAAM,EAAE,CAAC;UACTC,UAAU,EAAE,CAAC;UACbC,MAAM,EAAE,OAAO;UACfM,WAAW,EAAE,YAAY;UACzBF,oBAAoB,EAAE,WAAW;UACjCH,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B;QACvC,CAAC,CACJ;QACDgC,OAAO,EAAE,CACL;UACIC,UAAU,EAAE9B,OAAO,CAAC+B,KAAK,CAACN,MAAM,CAACO,SAAS,CAACC,KAAK,CAC3CC,GAAW,IAAK,IAAIC,GAAG,CAACD,GAAG,CAAC,CAACE,QAClC,CAAC;UACDC,UAAU,EAAErC,OAAO,CAAC+B,KAAK,CAACN,MAAM,CAACO,SAAS,CAACC,KAAK,CAC3CC,GAAW,IAAK,IAAIC,GAAG,CAACD,GAAG,CAAC,CAACI,QAClC,CAAC;UACDC,QAAQ,EAAEvC,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B,IAAI;UACjC2C,kBAAkB,EAAE;YAChBC,QAAQ,EAAE,EAAE;YACZC,SAAS,EAAE,GAAG;YACdC,oBAAoB,EAAE,YAAY;YAClCC,kBAAkB,EAAE,CAAC,SAAS;UAClC;QACJ,CAAC,CACJ;QACDC,YAAY,EAAE;UACVC,cAAc,EAAE;YACZC,eAAe,EAAE;UACrB;QACJ,CAAC;QACDC,iBAAiB,EAAE;UACfC,4BAA4B,EAAE;QAClC;MACJ,CAAC;MACDC,IAAI,EAAE;QACF;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACAC,aAAa,EAAE,CAAC,SAAS;MAC7B;IACJ,CAAC,CAAC;EACN;AACJ,CAAC,CAAC","ignoreList":[]}
1
+ {"version":3,"names":["aws","createAppModule","ApiGateway","ApiCloudfront","name","config","app","gateway","getModule","cookies","forward","whitelistedNames","forwardHeaders","addResource","cloudfront","Distribution","httpVersion","waitForDeployment","isIpv6Enabled","enabled","defaultCacheBehavior","compress","allowedMethods","cachedMethods","forwardedValues","headers","queryString","minTtl","defaultTtl","maxTtl","targetOriginId","api","output","viewerProtocolPolicy","orderedCacheBehaviors","pathPattern","origins","domainName","stage","invokeUrl","apply","url","URL","hostname","originPath","pathname","originId","customOriginConfig","httpPort","httpsPort","originProtocolPolicy","originSslProtocols","restrictions","geoRestriction","restrictionType","viewerCertificate","cloudfrontDefaultCertificate","opts","ignoreChanges"],"sources":["ApiCloudfront.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\n\nimport { ApiGateway } from \"./ApiGateway.js\";\n\nexport type ApiCloudfront = PulumiAppModule<typeof ApiCloudfront>;\n\nexport const ApiCloudfront = createAppModule({\n name: \"ApiCloudfront\",\n config(app: PulumiApp) {\n const gateway = app.getModule(ApiGateway);\n\n const cookies = {\n forward: \"whitelist\",\n whitelistedNames: [\"wby-id-token\"]\n };\n\n const forwardHeaders = [\n \"Origin\",\n \"Authorization\",\n \"Accept\",\n \"Accept-Language\",\n \"X-Tenant\",\n \"X-Webiny-Sdk\"\n ];\n\n return app.addResource(aws.cloudfront.Distribution, {\n name: \"api-cloudfront\",\n config: {\n httpVersion: \"http2and3\",\n waitForDeployment: false,\n isIpv6Enabled: true,\n enabled: true,\n defaultCacheBehavior: {\n compress: true,\n allowedMethods: [\"GET\", \"HEAD\", \"OPTIONS\", \"PUT\", \"POST\", \"PATCH\", \"DELETE\"],\n cachedMethods: [\"GET\", \"HEAD\", \"OPTIONS\"],\n forwardedValues: {\n cookies,\n headers: forwardHeaders,\n queryString: true\n },\n // MinTTL <= DefaultTTL <= MaxTTL\n minTtl: 0,\n defaultTtl: 0,\n maxTtl: 86400,\n targetOriginId: gateway.api.output.name,\n viewerProtocolPolicy: \"allow-all\"\n },\n orderedCacheBehaviors: [\n {\n compress: true,\n allowedMethods: [\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n \"PUT\",\n \"POST\",\n \"PATCH\",\n \"DELETE\"\n ],\n cachedMethods: [\"GET\", \"HEAD\", \"OPTIONS\"],\n forwardedValues: {\n cookies: {\n forward: \"none\"\n },\n headers: forwardHeaders,\n queryString: true\n },\n pathPattern: \"/cms*\",\n viewerProtocolPolicy: \"allow-all\",\n targetOriginId: gateway.api.output.name\n },\n {\n compress: true,\n allowedMethods: [\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n \"PUT\",\n \"POST\",\n \"PATCH\",\n \"DELETE\"\n ],\n cachedMethods: [\"GET\", \"HEAD\", \"OPTIONS\"],\n forwardedValues: {\n cookies: {\n forward: \"none\"\n },\n headers: forwardHeaders,\n queryString: true\n },\n pathPattern: \"/wb/*\",\n viewerProtocolPolicy: \"allow-all\",\n targetOriginId: gateway.api.output.name\n },\n {\n allowedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n cachedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n forwardedValues: {\n cookies: {\n forward: \"none\"\n },\n headers: forwardHeaders,\n queryString: true\n },\n // MinTTL <= DefaultTTL <= MaxTTL\n minTtl: 0,\n defaultTtl: 0,\n maxTtl: 2592000,\n pathPattern: \"/files/*\",\n viewerProtocolPolicy: \"allow-all\",\n targetOriginId: gateway.api.output.name\n },\n {\n allowedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n cachedMethods: [\"HEAD\", \"GET\", \"OPTIONS\"],\n forwardedValues: {\n cookies: cookies,\n headers: forwardHeaders,\n queryString: true\n },\n // MinTTL <= DefaultTTL <= MaxTTL\n minTtl: 0,\n defaultTtl: 0,\n maxTtl: 2592000,\n pathPattern: \"/private/*\",\n viewerProtocolPolicy: \"allow-all\",\n targetOriginId: gateway.api.output.name\n }\n ],\n origins: [\n {\n domainName: gateway.stage.output.invokeUrl.apply(\n (url: string) => new URL(url).hostname\n ),\n originPath: gateway.stage.output.invokeUrl.apply(\n (url: string) => new URL(url).pathname\n ),\n originId: gateway.api.output.name,\n customOriginConfig: {\n httpPort: 80,\n httpsPort: 443,\n originProtocolPolicy: \"https-only\",\n originSslProtocols: [\"TLSv1.2\"]\n }\n }\n ],\n restrictions: {\n geoRestriction: {\n restrictionType: \"none\"\n }\n },\n viewerCertificate: {\n cloudfrontDefaultCertificate: true\n }\n },\n opts: {\n // We are ignoring changes to the \"staging\" property. This is because of the following.\n // With the 5.41.0 release of Webiny, we also upgraded Pulumi to v6. This introduced a change\n // with how Cloudfront distributions are deployed, where Pulumi now also controls the new\n // `staging` property.\n // If not set, Pulumi will default it to `false`. Which is fine, but, the problem is\n // that, because this property did not exist before, it will always be considered as a change\n // upon deployment.\n // We might think this is fine, but, the problem is that a change in this property causes\n // a full replacement of the Cloudfront distribution, which is not acceptable. Especially\n // if a custom domain has already been associated with the distribution. This then would\n // require the user to disassociate the domain, wait for the distribution to be replaced,\n // and then re-associate the domain. This is not a good experience.\n ignoreChanges: [\"staging\"]\n }\n });\n }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAElC,SAASC,eAAe,QAAQ,gBAAgB;AAEhD,SAASC,UAAU;AAInB,OAAO,MAAMC,aAAa,GAAGF,eAAe,CAAC;EACzCG,IAAI,EAAE,eAAe;EACrBC,MAAMA,CAACC,GAAc,EAAE;IACnB,MAAMC,OAAO,GAAGD,GAAG,CAACE,SAAS,CAACN,UAAU,CAAC;IAEzC,MAAMO,OAAO,GAAG;MACZC,OAAO,EAAE,WAAW;MACpBC,gBAAgB,EAAE,CAAC,cAAc;IACrC,CAAC;IAED,MAAMC,cAAc,GAAG,CACnB,QAAQ,EACR,eAAe,EACf,QAAQ,EACR,iBAAiB,EACjB,UAAU,EACV,cAAc,CACjB;IAED,OAAON,GAAG,CAACO,WAAW,CAACb,GAAG,CAACc,UAAU,CAACC,YAAY,EAAE;MAChDX,IAAI,EAAE,gBAAgB;MACtBC,MAAM,EAAE;QACJW,WAAW,EAAE,WAAW;QACxBC,iBAAiB,EAAE,KAAK;QACxBC,aAAa,EAAE,IAAI;QACnBC,OAAO,EAAE,IAAI;QACbC,oBAAoB,EAAE;UAClBC,QAAQ,EAAE,IAAI;UACdC,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC;UAC5EC,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbf,OAAO;YACPgB,OAAO,EAAEb,cAAc;YACvBc,WAAW,EAAE;UACjB,CAAC;UACD;UACAC,MAAM,EAAE,CAAC;UACTC,UAAU,EAAE,CAAC;UACbC,MAAM,EAAE,KAAK;UACbC,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B,IAAI;UACvC6B,oBAAoB,EAAE;QAC1B,CAAC;QACDC,qBAAqB,EAAE,CACnB;UACIb,QAAQ,EAAE,IAAI;UACdC,cAAc,EAAE,CACZ,KAAK,EACL,MAAM,EACN,SAAS,EACT,KAAK,EACL,MAAM,EACN,OAAO,EACP,QAAQ,CACX;UACDC,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbf,OAAO,EAAE;cACLC,OAAO,EAAE;YACb,CAAC;YACDe,OAAO,EAAEb,cAAc;YACvBc,WAAW,EAAE;UACjB,CAAC;UACDS,WAAW,EAAE,OAAO;UACpBF,oBAAoB,EAAE,WAAW;UACjCH,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B;QACvC,CAAC,EACD;UACIiB,QAAQ,EAAE,IAAI;UACdC,cAAc,EAAE,CACZ,KAAK,EACL,MAAM,EACN,SAAS,EACT,KAAK,EACL,MAAM,EACN,OAAO,EACP,QAAQ,CACX;UACDC,aAAa,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbf,OAAO,EAAE;cACLC,OAAO,EAAE;YACb,CAAC;YACDe,OAAO,EAAEb,cAAc;YACvBc,WAAW,EAAE;UACjB,CAAC;UACDS,WAAW,EAAE,OAAO;UACpBF,oBAAoB,EAAE,WAAW;UACjCH,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B;QACvC,CAAC,EACD;UACIkB,cAAc,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UAC1CC,aAAa,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbf,OAAO,EAAE;cACLC,OAAO,EAAE;YACb,CAAC;YACDe,OAAO,EAAEb,cAAc;YACvBc,WAAW,EAAE;UACjB,CAAC;UACD;UACAC,MAAM,EAAE,CAAC;UACTC,UAAU,EAAE,CAAC;UACbC,MAAM,EAAE,OAAO;UACfM,WAAW,EAAE,UAAU;UACvBF,oBAAoB,EAAE,WAAW;UACjCH,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B;QACvC,CAAC,EACD;UACIkB,cAAc,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UAC1CC,aAAa,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,CAAC;UACzCC,eAAe,EAAE;YACbf,OAAO,EAAEA,OAAO;YAChBgB,OAAO,EAAEb,cAAc;YACvBc,WAAW,EAAE;UACjB,CAAC;UACD;UACAC,MAAM,EAAE,CAAC;UACTC,UAAU,EAAE,CAAC;UACbC,MAAM,EAAE,OAAO;UACfM,WAAW,EAAE,YAAY;UACzBF,oBAAoB,EAAE,WAAW;UACjCH,cAAc,EAAEvB,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B;QACvC,CAAC,CACJ;QACDgC,OAAO,EAAE,CACL;UACIC,UAAU,EAAE9B,OAAO,CAAC+B,KAAK,CAACN,MAAM,CAACO,SAAS,CAACC,KAAK,CAC3CC,GAAW,IAAK,IAAIC,GAAG,CAACD,GAAG,CAAC,CAACE,QAClC,CAAC;UACDC,UAAU,EAAErC,OAAO,CAAC+B,KAAK,CAACN,MAAM,CAACO,SAAS,CAACC,KAAK,CAC3CC,GAAW,IAAK,IAAIC,GAAG,CAACD,GAAG,CAAC,CAACI,QAClC,CAAC;UACDC,QAAQ,EAAEvC,OAAO,CAACwB,GAAG,CAACC,MAAM,CAAC5B,IAAI;UACjC2C,kBAAkB,EAAE;YAChBC,QAAQ,EAAE,EAAE;YACZC,SAAS,EAAE,GAAG;YACdC,oBAAoB,EAAE,YAAY;YAClCC,kBAAkB,EAAE,CAAC,SAAS;UAClC;QACJ,CAAC,CACJ;QACDC,YAAY,EAAE;UACVC,cAAc,EAAE;YACZC,eAAe,EAAE;UACrB;QACJ,CAAC;QACDC,iBAAiB,EAAE;UACfC,4BAA4B,EAAE;QAClC;MACJ,CAAC;MACDC,IAAI,EAAE;QACF;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACAC,aAAa,EAAE,CAAC,SAAS;MAC7B;IACJ,CAAC,CAAC;EACN;AACJ,CAAC,CAAC","ignoreList":[]}
package/pulumi/apps/api/createApiPulumiApp.js CHANGED
@@ -9,7 +9,6 @@ import { ApiScheduler } from "./ApiScheduler.js";
9
9
  import { getProjectSdk } from "@webiny/project";
10
10
  import { getVpcConfigFromExtension } from "../extensions/getVpcConfigFromExtension.js";
11
11
  import { getOsConfigFromExtension } from "../extensions/getOsConfigFromExtension.js";
12
- import { License } from "@webiny/wcp";
13
12
  import { handleGuardDutyEvents } from "./handleGuardDutyEvents.js";
14
13
  import { ApiPulumi } from "@webiny/project/abstractions/index.js";
15
14
  export const createApiPulumiApp = () => {
@@ -50,9 +49,9 @@ export const createApiPulumiApp = () => {
50
49
 
51
50
  // <-------------------- Enterprise start -------------------->
52
51
  app.addHandler(async () => {
53
- const license = await License.fromEnvironment();
52
+ const featureFlags = await sdk.getFeatureFlags();
54
53
  const usingAdvancedVpcParams = vpcExtensionsConfig && typeof vpcExtensionsConfig !== "boolean";
55
- if (license.canUseFileManagerThreatDetection()) {
54
+ if (featureFlags.isFileManagerThreatDetectionEnabled()) {
56
55
  handleGuardDutyEvents(app);
57
56
  }
58
57
 
package/pulumi/apps/api/createApiPulumiApp.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","createPulumiApp","isResourceOfType","ApiBackgroundTask","ApiCloudfront","ApiFileManager","ApiGateway","ApiGraphql","ApiMigration","ApiWebsocket","CoreOutput","VpcConfig","addDomainsUrlsOutputs","withCommonLambdaEnvVariables","withServiceManifest","getEnvVariableAwsRegion","applyAwsResourceTags","getAwsAccountId","ApiScheduler","getProjectSdk","getVpcConfigFromExtension","getOsConfigFromExtension","License","handleGuardDutyEvents","ApiPulumi","createApiPulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","openSearchExtensionConfig","searchEngineParams","params","domainName","process","env","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","onResource","resource","startsWith","addHandler","license","fromEnvironment","usingAdvancedVpcParams","canUseFileManagerThreatDetection","addResource","useExistingVpc","lambdaFunctionsVpcConfig","Error","lambda","Function","canUseVpc","meta","config","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","pulumiHandlers","getContainer","resolve","execute","isProduction","core","addModule","vpcEnabled","enabled","graphql","COGNITO_REGION","COGNITO_USER_POOL_ID","cognitoUserPoolId","DB_TABLE","primaryDynamodbTableName","DB_TABLE_LOG","logDynamodbTableName","DB_TABLE_AUDIT_LOGS","auditLogsDynamodbTableName","DB_TABLE_OPENSEARCH","opensearchDynamodbTableName","OPENSEARCH_ENDPOINT","opensearchDomainEndpoint","S3_BUCKET","fileManagerBucketId","EVENT_BUS","eventBusArn","OKTA_ISSUER","websocket","fileManager","apiGateway","method","function","functions","arn","download","cloudfront","backgroundTask","migration","scheduler","addOutputs","awsAccountId","region","cognitoAppClientId","cognitoUserPoolPasswordPolicy","dynamoDbTable","auditLogsDynamoDbTable","migrationLambdaArn","graphqlLambdaName","graphqlLambdaRole","graphqlLambdaRoleName","backgroundTaskLambdaArn","backgroundTaskStepFunctionArn","stepFunction","fileManagerDownloadLambdaArn","websocketApiId","websocketApi","id","websocketApiUrl","schedulerLambdaInvokeRole","invokeRole","dynamoDbOpensearchTable","cloudfrontDistribution","map","distributionDomain","distributionUrl","usedDomain","usedUrl","addServiceManifest","manifest","bgTaskSfn","resources","distributionId","domain","apply","v","lambdaArn","roleArn"],"sources":["createApiPulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType, type PulumiApp } from \"@webiny/pulumi\";\nimport {\n ApiBackgroundTask,\n ApiCloudfront,\n ApiFileManager,\n ApiGateway,\n ApiGraphql,\n ApiMigration,\n ApiWebsocket,\n CoreOutput,\n VpcConfig\n} from \"~/pulumi/apps/index.js\";\nimport {\n addDomainsUrlsOutputs,\n withCommonLambdaEnvVariables,\n withServiceManifest\n} from \"~/pulumi/utils/index.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n// import { attachSyncSystem } from \"../syncSystem/api/index.js\";\nimport { applyAwsResourceTags, getAwsAccountId } from \"~/pulumi/apps/awsUtils.js\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport { ApiScheduler } from \"~/pulumi/apps/api/ApiScheduler.js\";\nimport { getProjectSdk } from \"@webiny/project\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { License } from \"@webiny/wcp\";\nimport { handleGuardDutyEvents } from \"./handleGuardDutyEvents.js\";\nimport { ApiPulumi } from \"@webiny/project/abstractions/index.js\";\n\nexport type ApiPulumiApp = ReturnType<typeof createApiPulumiApp>;\n\nexport const createApiPulumiApp = () => {\n const baseApp = createPulumiApp({\n name: \"api\",\n path: \"apps/api\",\n program: async (app: PulumiApp & WithServiceManifest) => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const openSearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n let searchEngineParams: typeof openSearchExtensionConfig | null = null;\n\n if (openSearchExtensionConfig) {\n searchEngineParams = openSearchExtensionConfig;\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const license = await License.fromEnvironment();\n\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n if (license.canUseFileManagerThreatDetection()) {\n handleGuardDutyEvents(app as ApiPulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (usingAdvancedVpcParams) {\n const { onResource, addResource } = app;\n const { useExistingVpc } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(\n useExistingVpc!.lambdaFunctionsVpcConfig\n );\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy\n .AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n }\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n const pulumiHandlers = sdk.getContainer().resolve(ApiPulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as unknown as ApiPulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n\n // Register core output as a module available to all the other modules\n const core = app.addModule(CoreOutput);\n\n // Register VPC config module to be available to other modules.\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n app.addModule(VpcConfig, { enabled: vpcEnabled });\n\n const graphql = app.addModule(ApiGraphql, {\n env: {\n COGNITO_REGION: getEnvVariableAwsRegion(),\n COGNITO_USER_POOL_ID: core.cognitoUserPoolId,\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_LOG: core.logDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,\n DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,\n OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,\n\n // Not required. Useful for testing purposes / ephemeral environments.\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,\n OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,\n\n S3_BUCKET: core.fileManagerBucketId,\n EVENT_BUS: core.eventBusArn,\n // TODO: move to okta plugin\n OKTA_ISSUER: process.env[\"OKTA_ISSUER\"]\n }\n });\n\n const websocket = app.addModule(ApiWebsocket);\n\n const fileManager = app.addModule(ApiFileManager, {\n env: {\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_LOG: core.logDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName\n }\n });\n\n const apiGateway = app.addModule(ApiGateway, {\n \"graphql-post\": {\n path: \"/graphql\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"graphql-options\": {\n path: \"/graphql\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-any\": {\n path: \"/files/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"private-any\": {\n path: \"/private/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"cms-post\": {\n path: \"/cms/{key+}\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"cms-options\": {\n path: \"/cms/{key+}\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-get\": {\n path: \"/wb/redirects\",\n method: \"GET\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-options\": {\n path: \"/wb/redirects\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-catch-all\": {\n path: \"/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n }\n });\n\n const cloudfront = app.addModule(ApiCloudfront);\n const backgroundTask = app.addModule(ApiBackgroundTask);\n const migration = app.addModule(ApiMigration);\n const scheduler = app.addModule(ApiScheduler);\n\n // const domains = app.getParam(projectAppParams.domains);\n // if (domains) {\n // applyCustomDomain(cloudfront, domains);\n // }\n\n app.addOutputs({\n awsAccountId: getAwsAccountId(app),\n region: aws.config.region,\n cognitoUserPoolId: core.cognitoUserPoolId,\n cognitoAppClientId: core.cognitoAppClientId,\n cognitoUserPoolPasswordPolicy: core.cognitoUserPoolPasswordPolicy,\n dynamoDbTable: core.primaryDynamodbTableName,\n auditLogsDynamoDbTable: core.auditLogsDynamodbTableName,\n migrationLambdaArn: migration.function.output.arn,\n graphqlLambdaName: graphql.functions.graphql.output.name,\n graphqlLambdaRole: graphql.role.output.arn,\n graphqlLambdaRoleName: graphql.role.output.name,\n backgroundTaskLambdaArn: backgroundTask.backgroundTask.output.arn,\n backgroundTaskStepFunctionArn: backgroundTask.stepFunction.output.arn,\n fileManagerDownloadLambdaArn: fileManager.functions.download.output.arn,\n websocketApiId: websocket.websocketApi.output.id,\n websocketApiUrl: websocket.websocketApiUrl,\n schedulerLambdaInvokeRole: scheduler.invokeRole.output.arn\n });\n\n // Only add `dynamoDbOpensearchTable` output if using search engine (ES/OS).\n if (searchEngineParams) {\n app.addOutputs({\n dynamoDbOpensearchTable: core.opensearchDynamodbTableName\n });\n }\n\n app.addHandler(() => {\n addDomainsUrlsOutputs({\n app,\n cloudfrontDistribution: cloudfront,\n map: {\n distributionDomain: \"cloudfrontApiDomain\",\n distributionUrl: \"cloudfrontApiUrl\",\n usedDomain: \"apiDomain\",\n usedUrl: \"apiUrl\"\n }\n });\n });\n // /**\n // * We need to attach the Sync System if it exists.\n // */\n // await attachSyncSystem({\n // app,\n // core,\n // env: app.params.run.env\n // });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"api\");\n\n return {\n fileManager,\n graphql,\n apiGateway,\n websocket,\n cloudfront,\n migration,\n backgroundTask,\n scheduler\n };\n }\n });\n\n const app = withServiceManifest(withCommonLambdaEnvVariables(baseApp));\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"api\",\n manifest: {\n bgTaskSfn: baseApp.resources.backgroundTask.stepFunction.output.arn,\n cloudfront: {\n distributionId: baseApp.resources.cloudfront.output.id,\n domain: baseApp.resources.cloudfront.output.domainName.apply(\n v => `https://${v}`\n )\n }\n }\n });\n\n app.addServiceManifest({\n name: \"scheduler\",\n manifest: {\n lambdaArn: baseApp.resources.graphql.functions.graphql.output.arn,\n roleArn: baseApp.resources.scheduler.invokeRole.output.arn\n }\n });\n });\n\n return app;\n};\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAwB,gBAAgB;AAClF,SACIC,iBAAiB,EACjBC,aAAa,EACbC,cAAc,EACdC,UAAU,EACVC,UAAU,EACVC,YAAY,EACZC,YAAY,EACZC,UAAU,EACVC,SAAS;AAEb,SACIC,qBAAqB,EACrBC,4BAA4B,EAC5BC,mBAAmB;AAEvB,SAASC,uBAAuB;AAChC;AACA,SAASC,oBAAoB,EAAEC,eAAe;AAE9C,SAASC,YAAY;AACrB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,yBAAyB;AAClC,SAASC,wBAAwB;AACjC,SAASC,OAAO,QAAQ,aAAa;AACrC,SAASC,qBAAqB;AAC9B,SAASC,SAAS,QAAQ,uCAAuC;AAIjE,OAAO,MAAMC,kBAAkB,GAAGA,CAAA,KAAM;EACpC,MAAMC,OAAO,GAAGzB,eAAe,CAAC;IAC5B0B,IAAI,EAAE,KAAK;IACXC,IAAI,EAAE,UAAU;IAChBC,OAAO,EAAE,MAAOC,GAAoC,IAAK;MACrD,MAAMC,GAAG,GAAG,MAAMZ,aAAa,CAAC,CAAC;MACjC,MAAMa,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGhB,yBAAyB,CAACY,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGhB,wBAAwB,CAACW,aAAa,CAAC;MAEzE,IAAIM,kBAA2D,GAAG,IAAI;MAEtE,IAAID,yBAAyB,EAAE;QAC3BC,kBAAkB,GAAGD,yBAAyB;MAClD;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,UAAU,EAAE;YACnBC,OAAO,CAACC,GAAG,CAACC,kBAAkB,GAAGJ,MAAM,CAACC,UAAU;UACtD;UAEA,IAAID,MAAM,CAACK,WAAW,EAAE;YACpBH,OAAO,CAACC,GAAG,CAACG,uBAAuB,GAAGN,MAAM,CAACK,WAAW;UAC5D;UAEA,IAAIL,MAAM,CAACO,aAAa,EAAE;YACtBL,OAAO,CAACC,GAAG,CAACK,yBAAyB,GAAG,MAAM;UAClD;QACJ;MACJ;MAEA,IAAIb,wBAAwB,EAAE;QAC1BJ,GAAG,CAACkB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAACtB,IAAI,CAACuB,UAAU,CAAChB,wBAAwB,CAAC,EAAE;YACrDe,QAAQ,CAACtB,IAAI,GAAG,GAAGO,wBAAwB,GAAGe,QAAQ,CAACtB,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAACqB,UAAU,CAAC,YAAY;QACvB,MAAMC,OAAO,GAAG,MAAM9B,OAAO,CAAC+B,eAAe,CAAC,CAAC;QAE/C,MAAMC,sBAAsB,GACxBlB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,IAAIgB,OAAO,CAACG,gCAAgC,CAAC,CAAC,EAAE;UAC5ChC,qBAAqB,CAACO,GAAmB,CAAC;QAC9C;;QAEA;QACA,IAAIwB,sBAAsB,EAAE;UACxB,MAAM;YAAEN,UAAU;YAAEQ;UAAY,CAAC,GAAG1B,GAAG;UACvC,MAAM;YAAE2B;UAAe,CAAC,GAAGrB,mBAAmB;;UAE9C;UACA,IAAIqB,cAAc,EAAE;YAChB,IAAI,CAACA,cAAc,CAACC,wBAAwB,EAAE;cAC1C,MAAM,IAAIC,KAAK,CACX,6GACJ,CAAC;YACL;YAEAX,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAI/C,gBAAgB,CAAC+C,QAAQ,EAAEjD,GAAG,CAAC4D,MAAM,CAACC,QAAQ,CAAC,EAAE;gBACjD,MAAMC,SAAS,GAAGb,QAAQ,CAACc,IAAI,CAACD,SAAS,KAAK,KAAK;gBACnD,IAAIA,SAAS,EAAE;kBACXb,QAAQ,CAACe,MAAM,CAACC,SAAS,CACrBR,cAAc,CAAEC,wBACpB,CAAC;gBACL;cACJ;cAEA,IAAIxD,gBAAgB,CAAC+C,QAAQ,EAAEjD,GAAG,CAACkE,GAAG,CAACC,IAAI,CAAC,EAAE;gBAC1C,IAAIlB,QAAQ,CAACc,IAAI,CAACK,oBAAoB,EAAE;kBACpCZ,WAAW,CAACxD,GAAG,CAACkE,GAAG,CAACG,oBAAoB,EAAE;oBACtC1C,IAAI,EAAE,GAAGsB,QAAQ,CAACtB,IAAI,4BAA4B;oBAClDqC,MAAM,EAAE;sBACJM,IAAI,EAAErB,QAAQ,CAACsB,MAAM,CAAC5C,IAAI;sBAC1B6C,SAAS,EACLxE,GAAG,CAACkE,GAAG,CAACO,aAAa,CAChBC;oBACb;kBACJ,CAAC,CAAC;gBACN;cACJ;YACJ,CAAC,CAAC;UACN;QACJ;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMC,cAAc,GAAG5C,GAAG,CAAC6C,YAAY,CAAC,CAAC,CAACC,OAAO,CAACrD,SAAS,CAAC;MAE5DM,GAAG,CAACqB,UAAU,CAAC,MAAM;QACjB,OAAOwB,cAAc,CAACG,OAAO,CAAChD,GAA8B,CAAC;MACjE,CAAC,CAAC;MAEF,MAAMiD,YAAY,GAAGjD,GAAG,CAACY,GAAG,CAACqC,YAAY;;MAEzC;MACA,MAAMC,IAAI,GAAGlD,GAAG,CAACmD,SAAS,CAACvE,UAAU,CAAC;;MAEtC;MACA,MAAMwE,UAAU,GACZ9C,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvC2C,YAAY;MAEhBjD,GAAG,CAACmD,SAAS,CAACtE,SAAS,EAAE;QAAEwE,OAAO,EAAED;MAAW,CAAC,CAAC;MAEjD,MAAME,OAAO,GAAGtD,GAAG,CAACmD,SAAS,CAAC1E,UAAU,EAAE;QACtCmC,GAAG,EAAE;UACD2C,cAAc,EAAEtE,uBAAuB,CAAC,CAAC;UACzCuE,oBAAoB,EAAEN,IAAI,CAACO,iBAAiB;UAC5CC,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,YAAY,EAAEV,IAAI,CAACW,oBAAoB;UACvCC,mBAAmB,EAAEZ,IAAI,CAACa,0BAA0B;UACpDC,mBAAmB,EAAEd,IAAI,CAACe,2BAA2B;UACrDC,mBAAmB,EAAEhB,IAAI,CAACiB,wBAAwB;UAElD;UACA;UACApD,uBAAuB,EAAEJ,OAAO,CAACC,GAAG,CAACG,uBAAuB;UAC5DE,yBAAyB,EAAEN,OAAO,CAACC,GAAG,CAACK,yBAAyB;UAEhEmD,SAAS,EAAElB,IAAI,CAACmB,mBAAmB;UACnCC,SAAS,EAAEpB,IAAI,CAACqB,WAAW;UAC3B;UACAC,WAAW,EAAE7D,OAAO,CAACC,GAAG,CAAC,aAAa;QAC1C;MACJ,CAAC,CAAC;MAEF,MAAM6D,SAAS,GAAGzE,GAAG,CAACmD,SAAS,CAACxE,YAAY,CAAC;MAE7C,MAAM+F,WAAW,GAAG1E,GAAG,CAACmD,SAAS,CAAC5E,cAAc,EAAE;QAC9CqC,GAAG,EAAE;UACD8C,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,YAAY,EAAEV,IAAI,CAACW,oBAAoB;UACvCC,mBAAmB,EAAEZ,IAAI,CAACa;QAC9B;MACJ,CAAC,CAAC;MAEF,MAAMY,UAAU,GAAG3E,GAAG,CAACmD,SAAS,CAAC3E,UAAU,EAAE;QACzC,cAAc,EAAE;UACZsB,IAAI,EAAE,UAAU;UAChB8E,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACfjF,IAAI,EAAE,UAAU;UAChB8E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,WAAW,EAAE;UACTjF,IAAI,EAAE,gBAAgB;UACtB8E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACvC,MAAM,CAACsC;QACpD,CAAC;QACD,aAAa,EAAE;UACXjF,IAAI,EAAE,kBAAkB;UACxB8E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACvC,MAAM,CAACsC;QACpD,CAAC;QACD,UAAU,EAAE;UACRjF,IAAI,EAAE,aAAa;UACnB8E,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,aAAa,EAAE;UACXjF,IAAI,EAAE,aAAa;UACnB8E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,eAAe,EAAE;UACbjF,IAAI,EAAE,eAAe;UACrB8E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,mBAAmB,EAAE;UACjBjF,IAAI,EAAE,eAAe;UACrB8E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACfjF,IAAI,EAAE,UAAU;UAChB8E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACvC,MAAM,CAACsC;QACpD;MACJ,CAAC,CAAC;MAEF,MAAME,UAAU,GAAGjF,GAAG,CAACmD,SAAS,CAAC7E,aAAa,CAAC;MAC/C,MAAM4G,cAAc,GAAGlF,GAAG,CAACmD,SAAS,CAAC9E,iBAAiB,CAAC;MACvD,MAAM8G,SAAS,GAAGnF,GAAG,CAACmD,SAAS,CAACzE,YAAY,CAAC;MAC7C,MAAM0G,SAAS,GAAGpF,GAAG,CAACmD,SAAS,CAAC/D,YAAY,CAAC;;MAE7C;MACA;MACA;MACA;;MAEAY,GAAG,CAACqF,UAAU,CAAC;QACXC,YAAY,EAAEnG,eAAe,CAACa,GAAG,CAAC;QAClCuF,MAAM,EAAErH,GAAG,CAACgE,MAAM,CAACqD,MAAM;QACzB9B,iBAAiB,EAAEP,IAAI,CAACO,iBAAiB;QACzC+B,kBAAkB,EAAEtC,IAAI,CAACsC,kBAAkB;QAC3CC,6BAA6B,EAAEvC,IAAI,CAACuC,6BAA6B;QACjEC,aAAa,EAAExC,IAAI,CAACS,wBAAwB;QAC5CgC,sBAAsB,EAAEzC,IAAI,CAACa,0BAA0B;QACvD6B,kBAAkB,EAAET,SAAS,CAACN,QAAQ,CAACpC,MAAM,CAACsC,GAAG;QACjDc,iBAAiB,EAAEvC,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAAC5C,IAAI;QACxDiG,iBAAiB,EAAExC,OAAO,CAACd,IAAI,CAACC,MAAM,CAACsC,GAAG;QAC1CgB,qBAAqB,EAAEzC,OAAO,CAACd,IAAI,CAACC,MAAM,CAAC5C,IAAI;QAC/CmG,uBAAuB,EAAEd,cAAc,CAACA,cAAc,CAACzC,MAAM,CAACsC,GAAG;QACjEkB,6BAA6B,EAAEf,cAAc,CAACgB,YAAY,CAACzD,MAAM,CAACsC,GAAG;QACrEoB,4BAA4B,EAAEzB,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACvC,MAAM,CAACsC,GAAG;QACvEqB,cAAc,EAAE3B,SAAS,CAAC4B,YAAY,CAAC5D,MAAM,CAAC6D,EAAE;QAChDC,eAAe,EAAE9B,SAAS,CAAC8B,eAAe;QAC1CC,yBAAyB,EAAEpB,SAAS,CAACqB,UAAU,CAAChE,MAAM,CAACsC;MAC3D,CAAC,CAAC;;MAEF;MACA,IAAIvE,kBAAkB,EAAE;QACpBR,GAAG,CAACqF,UAAU,CAAC;UACXqB,uBAAuB,EAAExD,IAAI,CAACe;QAClC,CAAC,CAAC;MACN;MAEAjE,GAAG,CAACqB,UAAU,CAAC,MAAM;QACjBvC,qBAAqB,CAAC;UAClBkB,GAAG;UACH2G,sBAAsB,EAAE1B,UAAU;UAClC2B,GAAG,EAAE;YACDC,kBAAkB,EAAE,qBAAqB;YACzCC,eAAe,EAAE,kBAAkB;YACnCC,UAAU,EAAE,WAAW;YACvBC,OAAO,EAAE;UACb;QACJ,CAAC,CAAC;MACN,CAAC,CAAC;MACF;MACA;MACA;MACA;MACA;MACA;MACA;MACA;;MAEA;MACA,MAAM9H,oBAAoB,CAAC,KAAK,CAAC;MAEjC,OAAO;QACHwF,WAAW;QACXpB,OAAO;QACPqB,UAAU;QACVF,SAAS;QACTQ,UAAU;QACVE,SAAS;QACTD,cAAc;QACdE;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMpF,GAAG,GAAGhB,mBAAmB,CAACD,4BAA4B,CAACa,OAAO,CAAC,CAAC;EAEtEI,GAAG,CAACqB,UAAU,CAAC,MAAM;IACjBrB,GAAG,CAACiH,kBAAkB,CAAC;MACnBpH,IAAI,EAAE,KAAK;MACXqH,QAAQ,EAAE;QACNC,SAAS,EAAEvH,OAAO,CAACwH,SAAS,CAAClC,cAAc,CAACgB,YAAY,CAACzD,MAAM,CAACsC,GAAG;QACnEE,UAAU,EAAE;UACRoC,cAAc,EAAEzH,OAAO,CAACwH,SAAS,CAACnC,UAAU,CAACxC,MAAM,CAAC6D,EAAE;UACtDgB,MAAM,EAAE1H,OAAO,CAACwH,SAAS,CAACnC,UAAU,CAACxC,MAAM,CAAC/B,UAAU,CAAC6G,KAAK,CACxDC,CAAC,IAAI,WAAWA,CAAC,EACrB;QACJ;MACJ;IACJ,CAAC,CAAC;IAEFxH,GAAG,CAACiH,kBAAkB,CAAC;MACnBpH,IAAI,EAAE,WAAW;MACjBqH,QAAQ,EAAE;QACNO,SAAS,EAAE7H,OAAO,CAACwH,SAAS,CAAC9D,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC,GAAG;QACjE2C,OAAO,EAAE9H,OAAO,CAACwH,SAAS,CAAChC,SAAS,CAACqB,UAAU,CAAChE,MAAM,CAACsC;MAC3D;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAO/E,GAAG;AACd,CAAC","ignoreList":[]}
1
+ {"version":3,"names":["aws","createPulumiApp","isResourceOfType","ApiBackgroundTask","ApiCloudfront","ApiFileManager","ApiGateway","ApiGraphql","ApiMigration","ApiWebsocket","CoreOutput","VpcConfig","addDomainsUrlsOutputs","withCommonLambdaEnvVariables","withServiceManifest","getEnvVariableAwsRegion","applyAwsResourceTags","getAwsAccountId","ApiScheduler","getProjectSdk","getVpcConfigFromExtension","getOsConfigFromExtension","handleGuardDutyEvents","ApiPulumi","createApiPulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","openSearchExtensionConfig","searchEngineParams","params","domainName","process","env","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","onResource","resource","startsWith","addHandler","featureFlags","getFeatureFlags","usingAdvancedVpcParams","isFileManagerThreatDetectionEnabled","addResource","useExistingVpc","lambdaFunctionsVpcConfig","Error","lambda","Function","canUseVpc","meta","config","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","pulumiHandlers","getContainer","resolve","execute","isProduction","core","addModule","vpcEnabled","enabled","graphql","COGNITO_REGION","COGNITO_USER_POOL_ID","cognitoUserPoolId","DB_TABLE","primaryDynamodbTableName","DB_TABLE_LOG","logDynamodbTableName","DB_TABLE_AUDIT_LOGS","auditLogsDynamodbTableName","DB_TABLE_OPENSEARCH","opensearchDynamodbTableName","OPENSEARCH_ENDPOINT","opensearchDomainEndpoint","S3_BUCKET","fileManagerBucketId","EVENT_BUS","eventBusArn","OKTA_ISSUER","websocket","fileManager","apiGateway","method","function","functions","arn","download","cloudfront","backgroundTask","migration","scheduler","addOutputs","awsAccountId","region","cognitoAppClientId","cognitoUserPoolPasswordPolicy","dynamoDbTable","auditLogsDynamoDbTable","migrationLambdaArn","graphqlLambdaName","graphqlLambdaRole","graphqlLambdaRoleName","backgroundTaskLambdaArn","backgroundTaskStepFunctionArn","stepFunction","fileManagerDownloadLambdaArn","websocketApiId","websocketApi","id","websocketApiUrl","schedulerLambdaInvokeRole","invokeRole","dynamoDbOpensearchTable","cloudfrontDistribution","map","distributionDomain","distributionUrl","usedDomain","usedUrl","addServiceManifest","manifest","bgTaskSfn","resources","distributionId","domain","apply","v","lambdaArn","roleArn"],"sources":["createApiPulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType, type PulumiApp } from \"@webiny/pulumi\";\nimport {\n ApiBackgroundTask,\n ApiCloudfront,\n ApiFileManager,\n ApiGateway,\n ApiGraphql,\n ApiMigration,\n ApiWebsocket,\n CoreOutput,\n VpcConfig\n} from \"~/pulumi/apps/index.js\";\nimport {\n addDomainsUrlsOutputs,\n withCommonLambdaEnvVariables,\n withServiceManifest\n} from \"~/pulumi/utils/index.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n// import { attachSyncSystem } from \"../syncSystem/api/index.js\";\nimport { applyAwsResourceTags, getAwsAccountId } from \"~/pulumi/apps/awsUtils.js\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport { ApiScheduler } from \"~/pulumi/apps/api/ApiScheduler.js\";\nimport { getProjectSdk } from \"@webiny/project\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { handleGuardDutyEvents } from \"./handleGuardDutyEvents.js\";\nimport { ApiPulumi } from \"@webiny/project/abstractions/index.js\";\n\nexport type ApiPulumiApp = ReturnType<typeof createApiPulumiApp>;\n\nexport const createApiPulumiApp = () => {\n const baseApp = createPulumiApp({\n name: \"api\",\n path: \"apps/api\",\n program: async (app: PulumiApp & WithServiceManifest) => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const openSearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n let searchEngineParams: typeof openSearchExtensionConfig | null = null;\n\n if (openSearchExtensionConfig) {\n searchEngineParams = openSearchExtensionConfig;\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const featureFlags = await sdk.getFeatureFlags();\n\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n handleGuardDutyEvents(app as ApiPulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (usingAdvancedVpcParams) {\n const { onResource, addResource } = app;\n const { useExistingVpc } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(\n useExistingVpc!.lambdaFunctionsVpcConfig\n );\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy\n .AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n }\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n const pulumiHandlers = sdk.getContainer().resolve(ApiPulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as unknown as ApiPulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n\n // Register core output as a module available to all the other modules\n const core = app.addModule(CoreOutput);\n\n // Register VPC config module to be available to other modules.\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n app.addModule(VpcConfig, { enabled: vpcEnabled });\n\n const graphql = app.addModule(ApiGraphql, {\n env: {\n COGNITO_REGION: getEnvVariableAwsRegion(),\n COGNITO_USER_POOL_ID: core.cognitoUserPoolId,\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_LOG: core.logDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,\n DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,\n OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,\n\n // Not required. Useful for testing purposes / ephemeral environments.\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,\n OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,\n\n S3_BUCKET: core.fileManagerBucketId,\n EVENT_BUS: core.eventBusArn,\n // TODO: move to okta plugin\n OKTA_ISSUER: process.env[\"OKTA_ISSUER\"]\n }\n });\n\n const websocket = app.addModule(ApiWebsocket);\n\n const fileManager = app.addModule(ApiFileManager, {\n env: {\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_LOG: core.logDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName\n }\n });\n\n const apiGateway = app.addModule(ApiGateway, {\n \"graphql-post\": {\n path: \"/graphql\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"graphql-options\": {\n path: \"/graphql\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-any\": {\n path: \"/files/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"private-any\": {\n path: \"/private/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"cms-post\": {\n path: \"/cms/{key+}\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"cms-options\": {\n path: \"/cms/{key+}\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-get\": {\n path: \"/wb/redirects\",\n method: \"GET\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-options\": {\n path: \"/wb/redirects\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-catch-all\": {\n path: \"/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n }\n });\n\n const cloudfront = app.addModule(ApiCloudfront);\n const backgroundTask = app.addModule(ApiBackgroundTask);\n const migration = app.addModule(ApiMigration);\n const scheduler = app.addModule(ApiScheduler);\n\n // const domains = app.getParam(projectAppParams.domains);\n // if (domains) {\n // applyCustomDomain(cloudfront, domains);\n // }\n\n app.addOutputs({\n awsAccountId: getAwsAccountId(app),\n region: aws.config.region,\n cognitoUserPoolId: core.cognitoUserPoolId,\n cognitoAppClientId: core.cognitoAppClientId,\n cognitoUserPoolPasswordPolicy: core.cognitoUserPoolPasswordPolicy,\n dynamoDbTable: core.primaryDynamodbTableName,\n auditLogsDynamoDbTable: core.auditLogsDynamodbTableName,\n migrationLambdaArn: migration.function.output.arn,\n graphqlLambdaName: graphql.functions.graphql.output.name,\n graphqlLambdaRole: graphql.role.output.arn,\n graphqlLambdaRoleName: graphql.role.output.name,\n backgroundTaskLambdaArn: backgroundTask.backgroundTask.output.arn,\n backgroundTaskStepFunctionArn: backgroundTask.stepFunction.output.arn,\n fileManagerDownloadLambdaArn: fileManager.functions.download.output.arn,\n websocketApiId: websocket.websocketApi.output.id,\n websocketApiUrl: websocket.websocketApiUrl,\n schedulerLambdaInvokeRole: scheduler.invokeRole.output.arn\n });\n\n // Only add `dynamoDbOpensearchTable` output if using search engine (ES/OS).\n if (searchEngineParams) {\n app.addOutputs({\n dynamoDbOpensearchTable: core.opensearchDynamodbTableName\n });\n }\n\n app.addHandler(() => {\n addDomainsUrlsOutputs({\n app,\n cloudfrontDistribution: cloudfront,\n map: {\n distributionDomain: \"cloudfrontApiDomain\",\n distributionUrl: \"cloudfrontApiUrl\",\n usedDomain: \"apiDomain\",\n usedUrl: \"apiUrl\"\n }\n });\n });\n // /**\n // * We need to attach the Sync System if it exists.\n // */\n // await attachSyncSystem({\n // app,\n // core,\n // env: app.params.run.env\n // });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"api\");\n\n return {\n fileManager,\n graphql,\n apiGateway,\n websocket,\n cloudfront,\n migration,\n backgroundTask,\n scheduler\n };\n }\n });\n\n const app = withServiceManifest(withCommonLambdaEnvVariables(baseApp));\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"api\",\n manifest: {\n bgTaskSfn: baseApp.resources.backgroundTask.stepFunction.output.arn,\n cloudfront: {\n distributionId: baseApp.resources.cloudfront.output.id,\n domain: baseApp.resources.cloudfront.output.domainName.apply(\n v => `https://${v}`\n )\n }\n }\n });\n\n app.addServiceManifest({\n name: \"scheduler\",\n manifest: {\n lambdaArn: baseApp.resources.graphql.functions.graphql.output.arn,\n roleArn: baseApp.resources.scheduler.invokeRole.output.arn\n }\n });\n });\n\n return app;\n};\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAwB,gBAAgB;AAClF,SACIC,iBAAiB,EACjBC,aAAa,EACbC,cAAc,EACdC,UAAU,EACVC,UAAU,EACVC,YAAY,EACZC,YAAY,EACZC,UAAU,EACVC,SAAS;AAEb,SACIC,qBAAqB,EACrBC,4BAA4B,EAC5BC,mBAAmB;AAEvB,SAASC,uBAAuB;AAChC;AACA,SAASC,oBAAoB,EAAEC,eAAe;AAE9C,SAASC,YAAY;AACrB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,yBAAyB;AAClC,SAASC,wBAAwB;AACjC,SAASC,qBAAqB;AAC9B,SAASC,SAAS,QAAQ,uCAAuC;AAIjE,OAAO,MAAMC,kBAAkB,GAAGA,CAAA,KAAM;EACpC,MAAMC,OAAO,GAAGxB,eAAe,CAAC;IAC5ByB,IAAI,EAAE,KAAK;IACXC,IAAI,EAAE,UAAU;IAChBC,OAAO,EAAE,MAAOC,GAAoC,IAAK;MACrD,MAAMC,GAAG,GAAG,MAAMX,aAAa,CAAC,CAAC;MACjC,MAAMY,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGf,yBAAyB,CAACW,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGf,wBAAwB,CAACU,aAAa,CAAC;MAEzE,IAAIM,kBAA2D,GAAG,IAAI;MAEtE,IAAID,yBAAyB,EAAE;QAC3BC,kBAAkB,GAAGD,yBAAyB;MAClD;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,UAAU,EAAE;YACnBC,OAAO,CAACC,GAAG,CAACC,kBAAkB,GAAGJ,MAAM,CAACC,UAAU;UACtD;UAEA,IAAID,MAAM,CAACK,WAAW,EAAE;YACpBH,OAAO,CAACC,GAAG,CAACG,uBAAuB,GAAGN,MAAM,CAACK,WAAW;UAC5D;UAEA,IAAIL,MAAM,CAACO,aAAa,EAAE;YACtBL,OAAO,CAACC,GAAG,CAACK,yBAAyB,GAAG,MAAM;UAClD;QACJ;MACJ;MAEA,IAAIb,wBAAwB,EAAE;QAC1BJ,GAAG,CAACkB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAACtB,IAAI,CAACuB,UAAU,CAAChB,wBAAwB,CAAC,EAAE;YACrDe,QAAQ,CAACtB,IAAI,GAAG,GAAGO,wBAAwB,GAAGe,QAAQ,CAACtB,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAACqB,UAAU,CAAC,YAAY;QACvB,MAAMC,YAAY,GAAG,MAAMrB,GAAG,CAACsB,eAAe,CAAC,CAAC;QAEhD,MAAMC,sBAAsB,GACxBlB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,IAAIgB,YAAY,CAACG,mCAAmC,CAAC,CAAC,EAAE;UACpDhC,qBAAqB,CAACO,GAAmB,CAAC;QAC9C;;QAEA;QACA,IAAIwB,sBAAsB,EAAE;UACxB,MAAM;YAAEN,UAAU;YAAEQ;UAAY,CAAC,GAAG1B,GAAG;UACvC,MAAM;YAAE2B;UAAe,CAAC,GAAGrB,mBAAmB;;UAE9C;UACA,IAAIqB,cAAc,EAAE;YAChB,IAAI,CAACA,cAAc,CAACC,wBAAwB,EAAE;cAC1C,MAAM,IAAIC,KAAK,CACX,6GACJ,CAAC;YACL;YAEAX,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAI9C,gBAAgB,CAAC8C,QAAQ,EAAEhD,GAAG,CAAC2D,MAAM,CAACC,QAAQ,CAAC,EAAE;gBACjD,MAAMC,SAAS,GAAGb,QAAQ,CAACc,IAAI,CAACD,SAAS,KAAK,KAAK;gBACnD,IAAIA,SAAS,EAAE;kBACXb,QAAQ,CAACe,MAAM,CAACC,SAAS,CACrBR,cAAc,CAAEC,wBACpB,CAAC;gBACL;cACJ;cAEA,IAAIvD,gBAAgB,CAAC8C,QAAQ,EAAEhD,GAAG,CAACiE,GAAG,CAACC,IAAI,CAAC,EAAE;gBAC1C,IAAIlB,QAAQ,CAACc,IAAI,CAACK,oBAAoB,EAAE;kBACpCZ,WAAW,CAACvD,GAAG,CAACiE,GAAG,CAACG,oBAAoB,EAAE;oBACtC1C,IAAI,EAAE,GAAGsB,QAAQ,CAACtB,IAAI,4BAA4B;oBAClDqC,MAAM,EAAE;sBACJM,IAAI,EAAErB,QAAQ,CAACsB,MAAM,CAAC5C,IAAI;sBAC1B6C,SAAS,EACLvE,GAAG,CAACiE,GAAG,CAACO,aAAa,CAChBC;oBACb;kBACJ,CAAC,CAAC;gBACN;cACJ;YACJ,CAAC,CAAC;UACN;QACJ;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMC,cAAc,GAAG5C,GAAG,CAAC6C,YAAY,CAAC,CAAC,CAACC,OAAO,CAACrD,SAAS,CAAC;MAE5DM,GAAG,CAACqB,UAAU,CAAC,MAAM;QACjB,OAAOwB,cAAc,CAACG,OAAO,CAAChD,GAA8B,CAAC;MACjE,CAAC,CAAC;MAEF,MAAMiD,YAAY,GAAGjD,GAAG,CAACY,GAAG,CAACqC,YAAY;;MAEzC;MACA,MAAMC,IAAI,GAAGlD,GAAG,CAACmD,SAAS,CAACtE,UAAU,CAAC;;MAEtC;MACA,MAAMuE,UAAU,GACZ9C,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvC2C,YAAY;MAEhBjD,GAAG,CAACmD,SAAS,CAACrE,SAAS,EAAE;QAAEuE,OAAO,EAAED;MAAW,CAAC,CAAC;MAEjD,MAAME,OAAO,GAAGtD,GAAG,CAACmD,SAAS,CAACzE,UAAU,EAAE;QACtCkC,GAAG,EAAE;UACD2C,cAAc,EAAErE,uBAAuB,CAAC,CAAC;UACzCsE,oBAAoB,EAAEN,IAAI,CAACO,iBAAiB;UAC5CC,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,YAAY,EAAEV,IAAI,CAACW,oBAAoB;UACvCC,mBAAmB,EAAEZ,IAAI,CAACa,0BAA0B;UACpDC,mBAAmB,EAAEd,IAAI,CAACe,2BAA2B;UACrDC,mBAAmB,EAAEhB,IAAI,CAACiB,wBAAwB;UAElD;UACA;UACApD,uBAAuB,EAAEJ,OAAO,CAACC,GAAG,CAACG,uBAAuB;UAC5DE,yBAAyB,EAAEN,OAAO,CAACC,GAAG,CAACK,yBAAyB;UAEhEmD,SAAS,EAAElB,IAAI,CAACmB,mBAAmB;UACnCC,SAAS,EAAEpB,IAAI,CAACqB,WAAW;UAC3B;UACAC,WAAW,EAAE7D,OAAO,CAACC,GAAG,CAAC,aAAa;QAC1C;MACJ,CAAC,CAAC;MAEF,MAAM6D,SAAS,GAAGzE,GAAG,CAACmD,SAAS,CAACvE,YAAY,CAAC;MAE7C,MAAM8F,WAAW,GAAG1E,GAAG,CAACmD,SAAS,CAAC3E,cAAc,EAAE;QAC9CoC,GAAG,EAAE;UACD8C,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,YAAY,EAAEV,IAAI,CAACW,oBAAoB;UACvCC,mBAAmB,EAAEZ,IAAI,CAACa;QAC9B;MACJ,CAAC,CAAC;MAEF,MAAMY,UAAU,GAAG3E,GAAG,CAACmD,SAAS,CAAC1E,UAAU,EAAE;QACzC,cAAc,EAAE;UACZqB,IAAI,EAAE,UAAU;UAChB8E,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACfjF,IAAI,EAAE,UAAU;UAChB8E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,WAAW,EAAE;UACTjF,IAAI,EAAE,gBAAgB;UACtB8E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACvC,MAAM,CAACsC;QACpD,CAAC;QACD,aAAa,EAAE;UACXjF,IAAI,EAAE,kBAAkB;UACxB8E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACvC,MAAM,CAACsC;QACpD,CAAC;QACD,UAAU,EAAE;UACRjF,IAAI,EAAE,aAAa;UACnB8E,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,aAAa,EAAE;UACXjF,IAAI,EAAE,aAAa;UACnB8E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,eAAe,EAAE;UACbjF,IAAI,EAAE,eAAe;UACrB8E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,mBAAmB,EAAE;UACjBjF,IAAI,EAAE,eAAe;UACrB8E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACfjF,IAAI,EAAE,UAAU;UAChB8E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACvC,MAAM,CAACsC;QACpD;MACJ,CAAC,CAAC;MAEF,MAAME,UAAU,GAAGjF,GAAG,CAACmD,SAAS,CAAC5E,aAAa,CAAC;MAC/C,MAAM2G,cAAc,GAAGlF,GAAG,CAACmD,SAAS,CAAC7E,iBAAiB,CAAC;MACvD,MAAM6G,SAAS,GAAGnF,GAAG,CAACmD,SAAS,CAACxE,YAAY,CAAC;MAC7C,MAAMyG,SAAS,GAAGpF,GAAG,CAACmD,SAAS,CAAC9D,YAAY,CAAC;;MAE7C;MACA;MACA;MACA;;MAEAW,GAAG,CAACqF,UAAU,CAAC;QACXC,YAAY,EAAElG,eAAe,CAACY,GAAG,CAAC;QAClCuF,MAAM,EAAEpH,GAAG,CAAC+D,MAAM,CAACqD,MAAM;QACzB9B,iBAAiB,EAAEP,IAAI,CAACO,iBAAiB;QACzC+B,kBAAkB,EAAEtC,IAAI,CAACsC,kBAAkB;QAC3CC,6BAA6B,EAAEvC,IAAI,CAACuC,6BAA6B;QACjEC,aAAa,EAAExC,IAAI,CAACS,wBAAwB;QAC5CgC,sBAAsB,EAAEzC,IAAI,CAACa,0BAA0B;QACvD6B,kBAAkB,EAAET,SAAS,CAACN,QAAQ,CAACpC,MAAM,CAACsC,GAAG;QACjDc,iBAAiB,EAAEvC,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAAC5C,IAAI;QACxDiG,iBAAiB,EAAExC,OAAO,CAACd,IAAI,CAACC,MAAM,CAACsC,GAAG;QAC1CgB,qBAAqB,EAAEzC,OAAO,CAACd,IAAI,CAACC,MAAM,CAAC5C,IAAI;QAC/CmG,uBAAuB,EAAEd,cAAc,CAACA,cAAc,CAACzC,MAAM,CAACsC,GAAG;QACjEkB,6BAA6B,EAAEf,cAAc,CAACgB,YAAY,CAACzD,MAAM,CAACsC,GAAG;QACrEoB,4BAA4B,EAAEzB,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACvC,MAAM,CAACsC,GAAG;QACvEqB,cAAc,EAAE3B,SAAS,CAAC4B,YAAY,CAAC5D,MAAM,CAAC6D,EAAE;QAChDC,eAAe,EAAE9B,SAAS,CAAC8B,eAAe;QAC1CC,yBAAyB,EAAEpB,SAAS,CAACqB,UAAU,CAAChE,MAAM,CAACsC;MAC3D,CAAC,CAAC;;MAEF;MACA,IAAIvE,kBAAkB,EAAE;QACpBR,GAAG,CAACqF,UAAU,CAAC;UACXqB,uBAAuB,EAAExD,IAAI,CAACe;QAClC,CAAC,CAAC;MACN;MAEAjE,GAAG,CAACqB,UAAU,CAAC,MAAM;QACjBtC,qBAAqB,CAAC;UAClBiB,GAAG;UACH2G,sBAAsB,EAAE1B,UAAU;UAClC2B,GAAG,EAAE;YACDC,kBAAkB,EAAE,qBAAqB;YACzCC,eAAe,EAAE,kBAAkB;YACnCC,UAAU,EAAE,WAAW;YACvBC,OAAO,EAAE;UACb;QACJ,CAAC,CAAC;MACN,CAAC,CAAC;MACF;MACA;MACA;MACA;MACA;MACA;MACA;MACA;;MAEA;MACA,MAAM7H,oBAAoB,CAAC,KAAK,CAAC;MAEjC,OAAO;QACHuF,WAAW;QACXpB,OAAO;QACPqB,UAAU;QACVF,SAAS;QACTQ,UAAU;QACVE,SAAS;QACTD,cAAc;QACdE;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMpF,GAAG,GAAGf,mBAAmB,CAACD,4BAA4B,CAACY,OAAO,CAAC,CAAC;EAEtEI,GAAG,CAACqB,UAAU,CAAC,MAAM;IACjBrB,GAAG,CAACiH,kBAAkB,CAAC;MACnBpH,IAAI,EAAE,KAAK;MACXqH,QAAQ,EAAE;QACNC,SAAS,EAAEvH,OAAO,CAACwH,SAAS,CAAClC,cAAc,CAACgB,YAAY,CAACzD,MAAM,CAACsC,GAAG;QACnEE,UAAU,EAAE;UACRoC,cAAc,EAAEzH,OAAO,CAACwH,SAAS,CAACnC,UAAU,CAACxC,MAAM,CAAC6D,EAAE;UACtDgB,MAAM,EAAE1H,OAAO,CAACwH,SAAS,CAACnC,UAAU,CAACxC,MAAM,CAAC/B,UAAU,CAAC6G,KAAK,CACxDC,CAAC,IAAI,WAAWA,CAAC,EACrB;QACJ;MACJ;IACJ,CAAC,CAAC;IAEFxH,GAAG,CAACiH,kBAAkB,CAAC;MACnBpH,IAAI,EAAE,WAAW;MACjBqH,QAAQ,EAAE;QACNO,SAAS,EAAE7H,OAAO,CAACwH,SAAS,CAAC9D,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC,GAAG;QACjE2C,OAAO,EAAE9H,OAAO,CAACwH,SAAS,CAAChC,SAAS,CAACqB,UAAU,CAAChE,MAAM,CAACsC;MAC3D;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAO/E,GAAG;AACd,CAAC","ignoreList":[]}
package/pulumi/apps/core/CoreAuditLogsDynamo.js CHANGED
@@ -75,52 +75,100 @@ export const CoreAuditLogsDynamo = createAppModule({
75
75
  rangeKey: "SK",
76
76
  globalSecondaryIndexes: [{
77
77
  name: "GSI_TENANT",
78
- hashKey: "GSI_TENANT",
78
+ keySchemas: [{
79
+ attributeName: "GSI_TENANT",
80
+ keyType: "HASH"
81
+ }],
79
82
  projectionType: "KEYS_ONLY"
80
83
  }, {
81
84
  name: "GSI1",
82
- hashKey: "GSI1_PK",
83
- rangeKey: "GSI1_SK",
85
+ keySchemas: [{
86
+ attributeName: "GSI1_PK",
87
+ keyType: "HASH"
88
+ }, {
89
+ attributeName: "GSI1_SK",
90
+ keyType: "RANGE"
91
+ }],
84
92
  projectionType: "KEYS_ONLY"
85
93
  }, {
86
94
  name: "GSI2",
87
- hashKey: "GSI2_PK",
88
- rangeKey: "GSI2_SK",
95
+ keySchemas: [{
96
+ attributeName: "GSI2_PK",
97
+ keyType: "HASH"
98
+ }, {
99
+ attributeName: "GSI2_SK",
100
+ keyType: "RANGE"
101
+ }],
89
102
  projectionType: "KEYS_ONLY"
90
103
  }, {
91
104
  name: "GSI3",
92
- hashKey: "GSI3_PK",
93
- rangeKey: "GSI3_SK",
105
+ keySchemas: [{
106
+ attributeName: "GSI3_PK",
107
+ keyType: "HASH"
108
+ }, {
109
+ attributeName: "GSI3_SK",
110
+ keyType: "RANGE"
111
+ }],
94
112
  projectionType: "KEYS_ONLY"
95
113
  }, {
96
114
  name: "GSI4",
97
- hashKey: "GSI4_PK",
98
- rangeKey: "GSI4_SK",
115
+ keySchemas: [{
116
+ attributeName: "GSI4_PK",
117
+ keyType: "HASH"
118
+ }, {
119
+ attributeName: "GSI4_SK",
120
+ keyType: "RANGE"
121
+ }],
99
122
  projectionType: "KEYS_ONLY"
100
123
  }, {
101
124
  name: "GSI5",
102
- hashKey: "GSI5_PK",
103
- rangeKey: "GSI5_SK",
125
+ keySchemas: [{
126
+ attributeName: "GSI5_PK",
127
+ keyType: "HASH"
128
+ }, {
129
+ attributeName: "GSI5_SK",
130
+ keyType: "RANGE"
131
+ }],
104
132
  projectionType: "KEYS_ONLY"
105
133
  }, {
106
134
  name: "GSI6",
107
- hashKey: "GSI6_PK",
108
- rangeKey: "GSI6_SK",
135
+ keySchemas: [{
136
+ attributeName: "GSI6_PK",
137
+ keyType: "HASH"
138
+ }, {
139
+ attributeName: "GSI6_SK",
140
+ keyType: "RANGE"
141
+ }],
109
142
  projectionType: "KEYS_ONLY"
110
143
  }, {
111
144
  name: "GSI7",
112
- hashKey: "GSI7_PK",
113
- rangeKey: "GSI7_SK",
145
+ keySchemas: [{
146
+ attributeName: "GSI7_PK",
147
+ keyType: "HASH"
148
+ }, {
149
+ attributeName: "GSI7_SK",
150
+ keyType: "RANGE"
151
+ }],
114
152
  projectionType: "KEYS_ONLY"
115
153
  }, {
116
154
  name: "GSI8",
117
- hashKey: "GSI8_PK",
118
- rangeKey: "GSI8_SK",
155
+ keySchemas: [{
156
+ attributeName: "GSI8_PK",
157
+ keyType: "HASH"
158
+ }, {
159
+ attributeName: "GSI8_SK",
160
+ keyType: "RANGE"
161
+ }],
119
162
  projectionType: "KEYS_ONLY"
120
163
  }, {
121
164
  name: "GSI9",
122
- hashKey: "GSI9_PK",
123
- rangeKey: "GSI9_SK",
165
+ keySchemas: [{
166
+ attributeName: "GSI9_PK",
167
+ keyType: "HASH"
168
+ }, {
169
+ attributeName: "GSI9_SK",
170
+ keyType: "RANGE"
171
+ }],
124
172
  projectionType: "KEYS_ONLY"
125
173
  }],
126
174
  ttl: {
package/pulumi/apps/core/CoreAuditLogsDynamo.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","createAppModule","CoreAuditLogsDynamo","name","config","app","params","addResource","dynamodb","Table","attributes","type","billingMode","hashKey","rangeKey","globalSecondaryIndexes","projectionType","ttl","attributeName","enabled","opts","protect"],"sources":["CoreAuditLogsDynamo.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\n\nexport type CoreAuditLogsDynamo = PulumiAppModule<typeof CoreAuditLogsDynamo>;\n\nexport const CoreAuditLogsDynamo = createAppModule({\n name: \"AuditLogsDynamoDb\",\n config(app: PulumiApp, params: { protect: boolean }) {\n return app.addResource(aws.dynamodb.Table, {\n name: \"webiny-audit-logs\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" },\n { name: \"GSI_TENANT\", type: \"S\" },\n { name: \"GSI1_PK\", type: \"S\" },\n { name: \"GSI1_SK\", type: \"N\" },\n { name: \"GSI2_PK\", type: \"S\" },\n { name: \"GSI2_SK\", type: \"N\" },\n { name: \"GSI3_PK\", type: \"S\" },\n { name: \"GSI3_SK\", type: \"N\" },\n { name: \"GSI4_PK\", type: \"S\" },\n { name: \"GSI4_SK\", type: \"N\" },\n { name: \"GSI5_PK\", type: \"S\" },\n { name: \"GSI5_SK\", type: \"N\" },\n { name: \"GSI6_PK\", type: \"S\" },\n { name: \"GSI6_SK\", type: \"N\" },\n { name: \"GSI7_PK\", type: \"S\" },\n { name: \"GSI7_SK\", type: \"N\" },\n { name: \"GSI8_PK\", type: \"S\" },\n { name: \"GSI8_SK\", type: \"N\" },\n { name: \"GSI9_PK\", type: \"S\" },\n { name: \"GSI9_SK\", type: \"N\" }\n ],\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\",\n globalSecondaryIndexes: [\n {\n name: \"GSI_TENANT\",\n hashKey: \"GSI_TENANT\",\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI1\",\n hashKey: \"GSI1_PK\",\n rangeKey: \"GSI1_SK\",\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI2\",\n hashKey: \"GSI2_PK\",\n rangeKey: \"GSI2_SK\",\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI3\",\n hashKey: \"GSI3_PK\",\n rangeKey: \"GSI3_SK\",\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI4\",\n hashKey: \"GSI4_PK\",\n rangeKey: \"GSI4_SK\",\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI5\",\n hashKey: \"GSI5_PK\",\n rangeKey: \"GSI5_SK\",\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI6\",\n hashKey: \"GSI6_PK\",\n rangeKey: \"GSI6_SK\",\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI7\",\n hashKey: \"GSI7_PK\",\n rangeKey: \"GSI7_SK\",\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI8\",\n hashKey: \"GSI8_PK\",\n rangeKey: \"GSI8_SK\",\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI9\",\n hashKey: \"GSI9_PK\",\n rangeKey: \"GSI9_SK\",\n projectionType: \"KEYS_ONLY\"\n }\n ],\n ttl: {\n attributeName: \"expiresAt\",\n enabled: true\n }\n },\n opts: {\n protect: params.protect\n }\n });\n }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAElC,SAASC,eAAe,QAAQ,gBAAgB;AAIhD,OAAO,MAAMC,mBAAmB,GAAGD,eAAe,CAAC;EAC/CE,IAAI,EAAE,mBAAmB;EACzBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,OAAOD,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,QAAQ,CAACC,KAAK,EAAE;MACvCN,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJM,UAAU,EAAE,CACR;UAAEP,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,YAAY;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACjC;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,CACjC;QACDC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACIZ,IAAI,EAAE,YAAY;UAClBU,OAAO,EAAE,YAAY;UACrBG,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDC,aAAa,EAAE,WAAW;UAC1BC,OAAO,EAAE;QACb;MACJ,CAAC;MACDC,IAAI,EAAE;QACFC,OAAO,EAAEf,MAAM,CAACe;MACpB;IACJ,CAAC,CAAC;EACN;AACJ,CAAC,CAAC","ignoreList":[]}
1
+ {"version":3,"names":["aws","createAppModule","CoreAuditLogsDynamo","name","config","app","params","addResource","dynamodb","Table","attributes","type","billingMode","hashKey","rangeKey","globalSecondaryIndexes","keySchemas","attributeName","keyType","projectionType","ttl","enabled","opts","protect"],"sources":["CoreAuditLogsDynamo.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\n\nexport type CoreAuditLogsDynamo = PulumiAppModule<typeof CoreAuditLogsDynamo>;\n\nexport const CoreAuditLogsDynamo = createAppModule({\n name: \"AuditLogsDynamoDb\",\n config(app: PulumiApp, params: { protect: boolean }) {\n return app.addResource(aws.dynamodb.Table, {\n name: \"webiny-audit-logs\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" },\n { name: \"GSI_TENANT\", type: \"S\" },\n { name: \"GSI1_PK\", type: \"S\" },\n { name: \"GSI1_SK\", type: \"N\" },\n { name: \"GSI2_PK\", type: \"S\" },\n { name: \"GSI2_SK\", type: \"N\" },\n { name: \"GSI3_PK\", type: \"S\" },\n { name: \"GSI3_SK\", type: \"N\" },\n { name: \"GSI4_PK\", type: \"S\" },\n { name: \"GSI4_SK\", type: \"N\" },\n { name: \"GSI5_PK\", type: \"S\" },\n { name: \"GSI5_SK\", type: \"N\" },\n { name: \"GSI6_PK\", type: \"S\" },\n { name: \"GSI6_SK\", type: \"N\" },\n { name: \"GSI7_PK\", type: \"S\" },\n { name: \"GSI7_SK\", type: \"N\" },\n { name: \"GSI8_PK\", type: \"S\" },\n { name: \"GSI8_SK\", type: \"N\" },\n { name: \"GSI9_PK\", type: \"S\" },\n { name: \"GSI9_SK\", type: \"N\" }\n ],\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\",\n globalSecondaryIndexes: [\n {\n name: \"GSI_TENANT\",\n keySchemas: [\n {\n attributeName: \"GSI_TENANT\",\n keyType: \"HASH\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI1\",\n keySchemas: [\n {\n attributeName: \"GSI1_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI1_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI2\",\n keySchemas: [\n {\n attributeName: \"GSI2_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI2_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI3\",\n keySchemas: [\n {\n attributeName: \"GSI3_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI3_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI4\",\n keySchemas: [\n {\n attributeName: \"GSI4_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI4_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI5\",\n keySchemas: [\n {\n attributeName: \"GSI5_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI5_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI6\",\n keySchemas: [\n {\n attributeName: \"GSI6_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI6_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI7\",\n keySchemas: [\n {\n attributeName: \"GSI7_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI7_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI8\",\n keySchemas: [\n {\n attributeName: \"GSI8_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI8_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI9\",\n keySchemas: [\n {\n attributeName: \"GSI9_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI9_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n }\n ],\n ttl: {\n attributeName: \"expiresAt\",\n enabled: true\n }\n },\n opts: {\n protect: params.protect\n }\n });\n }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAElC,SAASC,eAAe,QAAQ,gBAAgB;AAIhD,OAAO,MAAMC,mBAAmB,GAAGD,eAAe,CAAC;EAC/CE,IAAI,EAAE,mBAAmB;EACzBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,OAAOD,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,QAAQ,CAACC,KAAK,EAAE;MACvCN,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJM,UAAU,EAAE,CACR;UAAEP,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,YAAY;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACjC;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,CACjC;QACDC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACIZ,IAAI,EAAE,YAAY;UAClBa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,YAAY;YAC3BC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDH,aAAa,EAAE,WAAW;UAC1BI,OAAO,EAAE;QACb;MACJ,CAAC;MACDC,IAAI,EAAE;QACFC,OAAO,EAAEjB,MAAM,CAACiB;MACpB;IACJ,CAAC,CAAC;EACN;AACJ,CAAC,CAAC","ignoreList":[]}
package/pulumi/apps/core/CoreDynamo.js CHANGED
@@ -33,17 +33,30 @@ export const CoreDynamo = createAppModule({
33
33
  rangeKey: "SK",
34
34
  globalSecondaryIndexes: [{
35
35
  name: "GSI_TENANT",
36
- hashKey: "GSI_TENANT",
36
+ keySchemas: [{
37
+ attributeName: "GSI_TENANT",
38
+ keyType: "HASH"
39
+ }],
37
40
  projectionType: "KEYS_ONLY"
38
41
  }, {
39
42
  name: "GSI1",
40
- hashKey: "GSI1_PK",
41
- rangeKey: "GSI1_SK",
43
+ keySchemas: [{
44
+ attributeName: "GSI1_PK",
45
+ keyType: "HASH"
46
+ }, {
47
+ attributeName: "GSI1_SK",
48
+ keyType: "RANGE"
49
+ }],
42
50
  projectionType: "ALL"
43
51
  }, {
44
52
  name: "GSI2",
45
- hashKey: "GSI2_PK",
46
- rangeKey: "GSI2_SK",
53
+ keySchemas: [{
54
+ attributeName: "GSI2_PK",
55
+ keyType: "HASH"
56
+ }, {
57
+ attributeName: "GSI2_SK",
58
+ keyType: "RANGE"
59
+ }],
47
60
  projectionType: "ALL"
48
61
  }],
49
62
  ttl: {
package/pulumi/apps/core/CoreDynamo.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","createAppModule","CoreDynamo","name","config","app","params","addResource","dynamodb","Table","attributes","type","billingMode","hashKey","rangeKey","globalSecondaryIndexes","projectionType","ttl","attributeName","enabled","opts","protect"],"sources":["CoreDynamo.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, type PulumiApp, type PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type CoreDynamo = PulumiAppModule<typeof CoreDynamo>;\n\nexport const CoreDynamo = createAppModule({\n name: \"DynamoDb\",\n config(app: PulumiApp, params: { protect: boolean }) {\n return app.addResource(aws.dynamodb.Table, {\n name: \"webiny\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" },\n { name: \"GSI_TENANT\", type: \"S\" },\n { name: \"GSI1_PK\", type: \"S\" },\n { name: \"GSI1_SK\", type: \"S\" },\n { name: \"GSI2_PK\", type: \"S\" },\n { name: \"GSI2_SK\", type: \"S\" }\n ],\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\",\n globalSecondaryIndexes: [\n {\n name: \"GSI_TENANT\",\n hashKey: \"GSI_TENANT\",\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI1\",\n hashKey: \"GSI1_PK\",\n rangeKey: \"GSI1_SK\",\n projectionType: \"ALL\"\n },\n {\n name: \"GSI2\",\n hashKey: \"GSI2_PK\",\n rangeKey: \"GSI2_SK\",\n projectionType: \"ALL\"\n }\n ],\n ttl: {\n attributeName: \"expiresAt\",\n enabled: true\n }\n },\n opts: {\n protect: params.protect\n }\n });\n }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,QAA8C,gBAAgB;AAItF,OAAO,MAAMC,UAAU,GAAGD,eAAe,CAAC;EACtCE,IAAI,EAAE,UAAU;EAChBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,OAAOD,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,QAAQ,CAACC,KAAK,EAAE;MACvCN,IAAI,EAAE,QAAQ;MACdC,MAAM,EAAE;QACJM,UAAU,EAAE,CACR;UAAEP,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,YAAY;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACjC;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,CACjC;QACDC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACIZ,IAAI,EAAE,YAAY;UAClBU,OAAO,EAAE,YAAY;UACrBG,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDC,aAAa,EAAE,WAAW;UAC1BC,OAAO,EAAE;QACb;MACJ,CAAC;MACDC,IAAI,EAAE;QACFC,OAAO,EAAEf,MAAM,CAACe;MACpB;IACJ,CAAC,CAAC;EACN;AACJ,CAAC,CAAC","ignoreList":[]}
1
+ {"version":3,"names":["aws","createAppModule","CoreDynamo","name","config","app","params","addResource","dynamodb","Table","attributes","type","billingMode","hashKey","rangeKey","globalSecondaryIndexes","keySchemas","attributeName","keyType","projectionType","ttl","enabled","opts","protect"],"sources":["CoreDynamo.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, type PulumiApp, type PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type CoreDynamo = PulumiAppModule<typeof CoreDynamo>;\n\nexport const CoreDynamo = createAppModule({\n name: \"DynamoDb\",\n config(app: PulumiApp, params: { protect: boolean }) {\n return app.addResource(aws.dynamodb.Table, {\n name: \"webiny\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" },\n { name: \"GSI_TENANT\", type: \"S\" },\n { name: \"GSI1_PK\", type: \"S\" },\n { name: \"GSI1_SK\", type: \"S\" },\n { name: \"GSI2_PK\", type: \"S\" },\n { name: \"GSI2_SK\", type: \"S\" }\n ],\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\",\n globalSecondaryIndexes: [\n {\n name: \"GSI_TENANT\",\n keySchemas: [\n {\n attributeName: \"GSI_TENANT\",\n keyType: \"HASH\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI1\",\n keySchemas: [\n {\n attributeName: \"GSI1_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI1_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"ALL\"\n },\n {\n name: \"GSI2\",\n keySchemas: [\n {\n attributeName: \"GSI2_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI2_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"ALL\"\n }\n ],\n ttl: {\n attributeName: \"expiresAt\",\n enabled: true\n }\n },\n opts: {\n protect: params.protect\n }\n });\n }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,QAA8C,gBAAgB;AAItF,OAAO,MAAMC,UAAU,GAAGD,eAAe,CAAC;EACtCE,IAAI,EAAE,UAAU;EAChBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,OAAOD,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,QAAQ,CAACC,KAAK,EAAE;MACvCN,IAAI,EAAE,QAAQ;MACdC,MAAM,EAAE;QACJM,UAAU,EAAE,CACR;UAAEP,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,YAAY;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACjC;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,CACjC;QACDC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACIZ,IAAI,EAAE,YAAY;UAClBa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,YAAY;YAC3BC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDH,aAAa,EAAE,WAAW;UAC1BI,OAAO,EAAE;QACb;MACJ,CAAC;MACDC,IAAI,EAAE;QACFC,OAAO,EAAEjB,MAAM,CAACiB;MACpB;IACJ,CAAC,CAAC;EACN;AACJ,CAAC,CAAC","ignoreList":[]}
package/pulumi/apps/core/CoreFileManager.d.ts CHANGED
@@ -2,7 +2,10 @@ import { type PulumiAppModule } from "@webiny/pulumi";
2
2
  export type CoreFileManger = PulumiAppModule<typeof CoreFileManger>;
3
3
  export declare const CoreFileManger: import("@webiny/pulumi").PulumiAppModuleDefinition<{
4
4
  bucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
5
+ bucketOwnershipControls: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketOwnershipControls").BucketOwnershipControls>;
6
+ bucketAcl: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketAcl").BucketAcl>;
5
7
  blockPublicAccessBlock: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPublicAccessBlock").BucketPublicAccessBlock>;
8
+ bucketCorsConfiguration: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketCorsConfiguration").BucketCorsConfiguration>;
6
9
  }, {
7
10
  protect: boolean;
8
11
  }>;
package/pulumi/apps/core/CoreFileManager.js CHANGED
@@ -7,19 +7,44 @@ export const CoreFileManger = createAppModule({
7
7
  const bucket = app.addResource(aws.s3.Bucket, {
8
8
  name,
9
9
  config: {
10
- acl: aws.s3.CannedAcl.Private,
11
10
  // We definitely don't want to force-destroy if "protected" flag is true.
12
- forceDestroy: !params.protect,
13
- // We need these rules to be able to upload to this bucket from the browser.
11
+ forceDestroy: !params.protect
12
+ },
13
+ opts: {
14
+ protect: params.protect
15
+ }
16
+ });
17
+ const bucketOwnershipControls = app.addResource(aws.s3.BucketOwnershipControls, {
18
+ name: `${name}-ownership-controls`,
19
+ config: {
20
+ bucket: bucket.output.id,
21
+ rule: {
22
+ objectOwnership: "BucketOwnerPreferred"
23
+ }
24
+ }
25
+ });
26
+ const bucketAcl = app.addResource(aws.s3.BucketAcl, {
27
+ name: `${name}-acl`,
28
+ config: {
29
+ bucket: bucket.output.id,
30
+ acl: aws.s3.CannedAcl.Private
31
+ },
32
+ opts: {
33
+ dependsOn: [bucketOwnershipControls.output]
34
+ }
35
+ });
36
+
37
+ // We need these rules to be able to upload to this bucket from the browser.
38
+ const bucketCorsConfiguration = app.addResource(aws.s3.BucketCorsConfiguration, {
39
+ name: `${name}-cors`,
40
+ config: {
41
+ bucket: bucket.output.id,
14
42
  corsRules: [{
15
43
  allowedHeaders: ["*"],
16
44
  allowedMethods: ["POST", "GET", "PUT"],
17
45
  allowedOrigins: ["*"],
18
46
  maxAgeSeconds: 3000
19
47
  }]
20
- },
21
- opts: {
22
- protect: params.protect
23
48
  }
24
49
  });
25
50
 
@@ -36,7 +61,10 @@ export const CoreFileManger = createAppModule({
36
61
  });
37
62
  return {
38
63
  bucket,
39
- blockPublicAccessBlock
64
+ bucketOwnershipControls,
65
+ bucketAcl,
66
+ blockPublicAccessBlock,
67
+ bucketCorsConfiguration
40
68
  };
41
69
  }
42
70
  });
package/pulumi/apps/core/CoreFileManager.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","createAppModule","CoreFileManger","name","config","app","params","bucket","addResource","s3","Bucket","acl","CannedAcl","Private","forceDestroy","protect","corsRules","allowedHeaders","allowedMethods","allowedOrigins","maxAgeSeconds","opts","blockPublicAccessBlock","BucketPublicAccessBlock","output","id","blockPublicAcls","blockPublicPolicy","ignorePublicAcls","restrictPublicBuckets"],"sources":["CoreFileManager.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, type PulumiApp, type PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type CoreFileManger = PulumiAppModule<typeof CoreFileManger>;\n\nexport const CoreFileManger = createAppModule({\n name: \"FileManagerBucket\",\n config(app: PulumiApp, params: { protect: boolean }) {\n const name = \"fm-bucket\";\n\n const bucket = app.addResource(aws.s3.Bucket, {\n name,\n config: {\n acl: aws.s3.CannedAcl.Private,\n // We definitely don't want to force-destroy if \"protected\" flag is true.\n forceDestroy: !params.protect,\n // We need these rules to be able to upload to this bucket from the browser.\n corsRules: [\n {\n allowedHeaders: [\"*\"],\n allowedMethods: [\"POST\", \"GET\", \"PUT\"],\n allowedOrigins: [\"*\"],\n maxAgeSeconds: 3000\n }\n ]\n },\n opts: {\n protect: params.protect\n }\n });\n\n // Block any public access\n const blockPublicAccessBlock = app.addResource(aws.s3.BucketPublicAccessBlock, {\n name: `${name}-block-public-access`,\n config: {\n bucket: bucket.output.id,\n blockPublicAcls: true,\n blockPublicPolicy: true,\n ignorePublicAcls: true,\n restrictPublicBuckets: true\n }\n });\n\n return {\n bucket,\n blockPublicAccessBlock\n };\n }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,QAA8C,gBAAgB;AAItF,OAAO,MAAMC,cAAc,GAAGD,eAAe,CAAC;EAC1CE,IAAI,EAAE,mBAAmB;EACzBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,MAAMH,IAAI,GAAG,WAAW;IAExB,MAAMI,MAAM,GAAGF,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,EAAE,CAACC,MAAM,EAAE;MAC1CP,IAAI;MACJC,MAAM,EAAE;QACJO,GAAG,EAAEX,GAAG,CAACS,EAAE,CAACG,SAAS,CAACC,OAAO;QAC7B;QACAC,YAAY,EAAE,CAACR,MAAM,CAACS,OAAO;QAC7B;QACAC,SAAS,EAAE,CACP;UACIC,cAAc,EAAE,CAAC,GAAG,CAAC;UACrBC,cAAc,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC;UACtCC,cAAc,EAAE,CAAC,GAAG,CAAC;UACrBC,aAAa,EAAE;QACnB,CAAC;MAET,CAAC;MACDC,IAAI,EAAE;QACFN,OAAO,EAAET,MAAM,CAACS;MACpB;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMO,sBAAsB,GAAGjB,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,EAAE,CAACc,uBAAuB,EAAE;MAC3EpB,IAAI,EAAE,GAAGA,IAAI,sBAAsB;MACnCC,MAAM,EAAE;QACJG,MAAM,EAAEA,MAAM,CAACiB,MAAM,CAACC,EAAE;QACxBC,eAAe,EAAE,IAAI;QACrBC,iBAAiB,EAAE,IAAI;QACvBC,gBAAgB,EAAE,IAAI;QACtBC,qBAAqB,EAAE;MAC3B;IACJ,CAAC,CAAC;IAEF,OAAO;MACHtB,MAAM;MACNe;IACJ,CAAC;EACL;AACJ,CAAC,CAAC","ignoreList":[]}
1
+ {"version":3,"names":["aws","createAppModule","CoreFileManger","name","config","app","params","bucket","addResource","s3","Bucket","forceDestroy","protect","opts","bucketOwnershipControls","BucketOwnershipControls","output","id","rule","objectOwnership","bucketAcl","BucketAcl","acl","CannedAcl","Private","dependsOn","bucketCorsConfiguration","BucketCorsConfiguration","corsRules","allowedHeaders","allowedMethods","allowedOrigins","maxAgeSeconds","blockPublicAccessBlock","BucketPublicAccessBlock","blockPublicAcls","blockPublicPolicy","ignorePublicAcls","restrictPublicBuckets"],"sources":["CoreFileManager.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, type PulumiApp, type PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type CoreFileManger = PulumiAppModule<typeof CoreFileManger>;\n\nexport const CoreFileManger = createAppModule({\n name: \"FileManagerBucket\",\n config(app: PulumiApp, params: { protect: boolean }) {\n const name = \"fm-bucket\";\n\n const bucket = app.addResource(aws.s3.Bucket, {\n name,\n config: {\n // We definitely don't want to force-destroy if \"protected\" flag is true.\n forceDestroy: !params.protect\n },\n opts: {\n protect: params.protect\n }\n });\n\n const bucketOwnershipControls = app.addResource(aws.s3.BucketOwnershipControls, {\n name: `${name}-ownership-controls`,\n config: {\n bucket: bucket.output.id,\n rule: {\n objectOwnership: \"BucketOwnerPreferred\"\n }\n }\n });\n\n const bucketAcl = app.addResource(aws.s3.BucketAcl, {\n name: `${name}-acl`,\n config: {\n bucket: bucket.output.id,\n acl: aws.s3.CannedAcl.Private\n },\n opts: {\n dependsOn: [bucketOwnershipControls.output]\n }\n });\n\n // We need these rules to be able to upload to this bucket from the browser.\n const bucketCorsConfiguration = app.addResource(aws.s3.BucketCorsConfiguration, {\n name: `${name}-cors`,\n config: {\n bucket: bucket.output.id,\n corsRules: [\n {\n allowedHeaders: [\"*\"],\n allowedMethods: [\"POST\", \"GET\", \"PUT\"],\n allowedOrigins: [\"*\"],\n maxAgeSeconds: 3000\n }\n ]\n }\n });\n\n // Block any public access\n const blockPublicAccessBlock = app.addResource(aws.s3.BucketPublicAccessBlock, {\n name: `${name}-block-public-access`,\n config: {\n bucket: bucket.output.id,\n blockPublicAcls: true,\n blockPublicPolicy: true,\n ignorePublicAcls: true,\n restrictPublicBuckets: true\n }\n });\n\n return {\n bucket,\n bucketOwnershipControls,\n bucketAcl,\n blockPublicAccessBlock,\n bucketCorsConfiguration\n };\n }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,QAA8C,gBAAgB;AAItF,OAAO,MAAMC,cAAc,GAAGD,eAAe,CAAC;EAC1CE,IAAI,EAAE,mBAAmB;EACzBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,MAAMH,IAAI,GAAG,WAAW;IAExB,MAAMI,MAAM,GAAGF,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,EAAE,CAACC,MAAM,EAAE;MAC1CP,IAAI;MACJC,MAAM,EAAE;QACJ;QACAO,YAAY,EAAE,CAACL,MAAM,CAACM;MAC1B,CAAC;MACDC,IAAI,EAAE;QACFD,OAAO,EAAEN,MAAM,CAACM;MACpB;IACJ,CAAC,CAAC;IAEF,MAAME,uBAAuB,GAAGT,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,EAAE,CAACM,uBAAuB,EAAE;MAC5EZ,IAAI,EAAE,GAAGA,IAAI,qBAAqB;MAClCC,MAAM,EAAE;QACJG,MAAM,EAAEA,MAAM,CAACS,MAAM,CAACC,EAAE;QACxBC,IAAI,EAAE;UACFC,eAAe,EAAE;QACrB;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,SAAS,GAAGf,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,EAAE,CAACY,SAAS,EAAE;MAChDlB,IAAI,EAAE,GAAGA,IAAI,MAAM;MACnBC,MAAM,EAAE;QACJG,MAAM,EAAEA,MAAM,CAACS,MAAM,CAACC,EAAE;QACxBK,GAAG,EAAEtB,GAAG,CAACS,EAAE,CAACc,SAAS,CAACC;MAC1B,CAAC;MACDX,IAAI,EAAE;QACFY,SAAS,EAAE,CAACX,uBAAuB,CAACE,MAAM;MAC9C;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMU,uBAAuB,GAAGrB,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,EAAE,CAACkB,uBAAuB,EAAE;MAC5ExB,IAAI,EAAE,GAAGA,IAAI,OAAO;MACpBC,MAAM,EAAE;QACJG,MAAM,EAAEA,MAAM,CAACS,MAAM,CAACC,EAAE;QACxBW,SAAS,EAAE,CACP;UACIC,cAAc,EAAE,CAAC,GAAG,CAAC;UACrBC,cAAc,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC;UACtCC,cAAc,EAAE,CAAC,GAAG,CAAC;UACrBC,aAAa,EAAE;QACnB,CAAC;MAET;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMC,sBAAsB,GAAG5B,GAAG,CAACG,WAAW,CAACR,GAAG,CAACS,EAAE,CAACyB,uBAAuB,EAAE;MAC3E/B,IAAI,EAAE,GAAGA,IAAI,sBAAsB;MACnCC,MAAM,EAAE;QACJG,MAAM,EAAEA,MAAM,CAACS,MAAM,CAACC,EAAE;QACxBkB,eAAe,EAAE,IAAI;QACrBC,iBAAiB,EAAE,IAAI;QACvBC,gBAAgB,EAAE,IAAI;QACtBC,qBAAqB,EAAE;MAC3B;IACJ,CAAC,CAAC;IAEF,OAAO;MACH/B,MAAM;MACNO,uBAAuB;MACvBM,SAAS;MACTa,sBAAsB;MACtBP;IACJ,CAAC;EACL;AACJ,CAAC,CAAC","ignoreList":[]}
package/pulumi/apps/core/LogDynamo.js CHANGED
@@ -51,32 +51,60 @@ export const LogDynamo = createAppModule({
51
51
  rangeKey: "SK",
52
52
  globalSecondaryIndexes: [{
53
53
  name: "GSI_TENANT",
54
- hashKey: "GSI_TENANT",
54
+ keySchemas: [{
55
+ attributeName: "GSI_TENANT",
56
+ keyType: "HASH"
57
+ }],
55
58
  projectionType: "KEYS_ONLY"
56
59
  }, {
57
60
  name: "GSI1",
58
- hashKey: "GSI1_PK",
59
- rangeKey: "GSI1_SK",
61
+ keySchemas: [{
62
+ attributeName: "GSI1_PK",
63
+ keyType: "HASH"
64
+ }, {
65
+ attributeName: "GSI1_SK",
66
+ keyType: "RANGE"
67
+ }],
60
68
  projectionType: "ALL"
61
69
  }, {
62
70
  name: "GSI2",
63
- hashKey: "GSI2_PK",
64
- rangeKey: "GSI2_SK",
71
+ keySchemas: [{
72
+ attributeName: "GSI2_PK",
73
+ keyType: "HASH"
74
+ }, {
75
+ attributeName: "GSI2_SK",
76
+ keyType: "RANGE"
77
+ }],
65
78
  projectionType: "ALL"
66
79
  }, {
67
80
  name: "GSI3",
68
- hashKey: "GSI3_PK",
69
- rangeKey: "GSI3_SK",
81
+ keySchemas: [{
82
+ attributeName: "GSI3_PK",
83
+ keyType: "HASH"
84
+ }, {
85
+ attributeName: "GSI3_SK",
86
+ keyType: "RANGE"
87
+ }],
70
88
  projectionType: "ALL"
71
89
  }, {
72
90
  name: "GSI4",
73
- hashKey: "GSI4_PK",
74
- rangeKey: "GSI4_SK",
91
+ keySchemas: [{
92
+ attributeName: "GSI4_PK",
93
+ keyType: "HASH"
94
+ }, {
95
+ attributeName: "GSI4_SK",
96
+ keyType: "RANGE"
97
+ }],
75
98
  projectionType: "ALL"
76
99
  }, {
77
100
  name: "GSI5",
78
- hashKey: "GSI5_PK",
79
- rangeKey: "GSI5_SK",
101
+ keySchemas: [{
102
+ attributeName: "GSI5_PK",
103
+ keyType: "HASH"
104
+ }, {
105
+ attributeName: "GSI5_SK",
106
+ keyType: "RANGE"
107
+ }],
80
108
  projectionType: "ALL"
81
109
  }],
82
110
  ttl: {
package/pulumi/apps/core/LogDynamo.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","createAppModule","LogDynamo","name","config","app","params","addResource","dynamodb","Table","attributes","type","billingMode","hashKey","rangeKey","globalSecondaryIndexes","projectionType","ttl","attributeName","enabled","opts","protect"],"sources":["LogDynamo.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, type PulumiApp, type PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type LogDynamo = PulumiAppModule<typeof LogDynamo>;\n\nexport const LogDynamo = createAppModule({\n name: \"DynamoDbLog\",\n config(app: PulumiApp, params: { protect: boolean }) {\n return app.addResource(aws.dynamodb.Table, {\n name: \"webiny-log\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" },\n { name: \"GSI_TENANT\", type: \"S\" },\n { name: \"GSI1_PK\", type: \"S\" },\n { name: \"GSI1_SK\", type: \"S\" },\n { name: \"GSI2_PK\", type: \"S\" },\n { name: \"GSI2_SK\", type: \"S\" },\n { name: \"GSI3_PK\", type: \"S\" },\n { name: \"GSI3_SK\", type: \"S\" },\n { name: \"GSI4_PK\", type: \"S\" },\n { name: \"GSI4_SK\", type: \"S\" },\n { name: \"GSI5_PK\", type: \"S\" },\n { name: \"GSI5_SK\", type: \"S\" }\n ],\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\",\n globalSecondaryIndexes: [\n {\n name: \"GSI_TENANT\",\n hashKey: \"GSI_TENANT\",\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI1\",\n hashKey: \"GSI1_PK\",\n rangeKey: \"GSI1_SK\",\n projectionType: \"ALL\"\n },\n {\n name: \"GSI2\",\n hashKey: \"GSI2_PK\",\n rangeKey: \"GSI2_SK\",\n projectionType: \"ALL\"\n },\n {\n name: \"GSI3\",\n hashKey: \"GSI3_PK\",\n rangeKey: \"GSI3_SK\",\n projectionType: \"ALL\"\n },\n {\n name: \"GSI4\",\n hashKey: \"GSI4_PK\",\n rangeKey: \"GSI4_SK\",\n projectionType: \"ALL\"\n },\n {\n name: \"GSI5\",\n hashKey: \"GSI5_PK\",\n rangeKey: \"GSI5_SK\",\n projectionType: \"ALL\"\n }\n ],\n ttl: {\n attributeName: \"expiresAt\",\n enabled: true\n }\n },\n opts: {\n protect: params.protect\n }\n });\n }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,QAA8C,gBAAgB;AAItF,OAAO,MAAMC,SAAS,GAAGD,eAAe,CAAC;EACrCE,IAAI,EAAE,aAAa;EACnBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,OAAOD,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,QAAQ,CAACC,KAAK,EAAE;MACvCN,IAAI,EAAE,YAAY;MAClBC,MAAM,EAAE;QACJM,UAAU,EAAE,CACR;UAAEP,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,YAAY;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACjC;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,CACjC;QACDC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACIZ,IAAI,EAAE,YAAY;UAClBU,OAAO,EAAE,YAAY;UACrBG,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,EACD;UACIb,IAAI,EAAE,MAAM;UACZU,OAAO,EAAE,SAAS;UAClBC,QAAQ,EAAE,SAAS;UACnBE,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDC,aAAa,EAAE,WAAW;UAC1BC,OAAO,EAAE;QACb;MACJ,CAAC;MACDC,IAAI,EAAE;QACFC,OAAO,EAAEf,MAAM,CAACe;MACpB;IACJ,CAAC,CAAC;EACN;AACJ,CAAC,CAAC","ignoreList":[]}
1
+ {"version":3,"names":["aws","createAppModule","LogDynamo","name","config","app","params","addResource","dynamodb","Table","attributes","type","billingMode","hashKey","rangeKey","globalSecondaryIndexes","keySchemas","attributeName","keyType","projectionType","ttl","enabled","opts","protect"],"sources":["LogDynamo.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, type PulumiApp, type PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type LogDynamo = PulumiAppModule<typeof LogDynamo>;\n\nexport const LogDynamo = createAppModule({\n name: \"DynamoDbLog\",\n config(app: PulumiApp, params: { protect: boolean }) {\n return app.addResource(aws.dynamodb.Table, {\n name: \"webiny-log\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" },\n { name: \"GSI_TENANT\", type: \"S\" },\n { name: \"GSI1_PK\", type: \"S\" },\n { name: \"GSI1_SK\", type: \"S\" },\n { name: \"GSI2_PK\", type: \"S\" },\n { name: \"GSI2_SK\", type: \"S\" },\n { name: \"GSI3_PK\", type: \"S\" },\n { name: \"GSI3_SK\", type: \"S\" },\n { name: \"GSI4_PK\", type: \"S\" },\n { name: \"GSI4_SK\", type: \"S\" },\n { name: \"GSI5_PK\", type: \"S\" },\n { name: \"GSI5_SK\", type: \"S\" }\n ],\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\",\n globalSecondaryIndexes: [\n {\n name: \"GSI_TENANT\",\n keySchemas: [\n {\n attributeName: \"GSI_TENANT\",\n keyType: \"HASH\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI1\",\n keySchemas: [\n {\n attributeName: \"GSI1_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI1_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"ALL\"\n },\n {\n name: \"GSI2\",\n keySchemas: [\n {\n attributeName: \"GSI2_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI2_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"ALL\"\n },\n {\n name: \"GSI3\",\n keySchemas: [\n {\n attributeName: \"GSI3_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI3_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"ALL\"\n },\n {\n name: \"GSI4\",\n keySchemas: [\n {\n attributeName: \"GSI4_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI4_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"ALL\"\n },\n {\n name: \"GSI5\",\n keySchemas: [\n {\n attributeName: \"GSI5_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI5_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"ALL\"\n }\n ],\n ttl: {\n attributeName: \"expiresAt\",\n enabled: true\n }\n },\n opts: {\n protect: params.protect\n }\n });\n }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,QAA8C,gBAAgB;AAItF,OAAO,MAAMC,SAAS,GAAGD,eAAe,CAAC;EACrCE,IAAI,EAAE,aAAa;EACnBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,OAAOD,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,QAAQ,CAACC,KAAK,EAAE;MACvCN,IAAI,EAAE,YAAY;MAClBC,MAAM,EAAE;QACJM,UAAU,EAAE,CACR;UAAEP,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,YAAY;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACjC;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,CACjC;QACDC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACIZ,IAAI,EAAE,YAAY;UAClBa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,YAAY;YAC3BC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDH,aAAa,EAAE,WAAW;UAC1BI,OAAO,EAAE;QACb;MACJ,CAAC;MACDC,IAAI,EAAE;QACFC,OAAO,EAAEjB,MAAM,CAACiB;MACpB;IACJ,CAAC,CAAC;EACN;AACJ,CAAC,CAAC","ignoreList":[]}
package/pulumi/apps/core/createCorePulumiApp.js CHANGED
@@ -16,7 +16,6 @@ import { CorePulumi } from "@webiny/project/abstractions/index.js";
16
16
  import { getOsConfigFromExtension } from "../extensions/getOsConfigFromExtension.js";
17
17
  import { getVpcConfigFromExtension } from "../extensions/getVpcConfigFromExtension.js";
18
18
  import { applyAwsResourceTags, getAwsRegion } from "../awsUtils.js";
19
- import { License } from "@webiny/wcp";
20
19
  import { configureS3BucketMalwareProtection } from "./configureS3BucketMalwareProtection.js";
21
20
  import * as pulumi from "@pulumi/pulumi";
22
21
  import { CoreAuditLogsDynamo } from "../../index.js";
@@ -64,8 +63,8 @@ export function createCorePulumiApp() {
64
63
  // <-------------------- Enterprise start -------------------->
65
64
  app.addHandler(async () => {
66
65
  const usingAdvancedVpcParams = vpcExtensionsConfig && typeof vpcExtensionsConfig !== "boolean";
67
- const license = await License.fromEnvironment();
68
- if (license.canUseFileManagerThreatDetection()) {
66
+ const featureFlags = await sdk.getFeatureFlags();
67
+ if (featureFlags.isFileManagerThreatDetectionEnabled()) {
69
68
  configureS3BucketMalwareProtection(app);
70
69
  }
71
70
 
package/pulumi/apps/core/createCorePulumiApp.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","createPulumiApp","isResourceOfType","CoreCognito","CoreDynamo","OpenSearch","CoreEventBus","CoreFileManger","CoreVpc","WatchCommand","withServiceManifest","addServiceManifestTableItem","random","LogDynamo","getProjectSdk","CorePulumi","getOsConfigFromExtension","getVpcConfigFromExtension","applyAwsResourceTags","getAwsRegion","License","configureS3BucketMalwareProtection","pulumi","CoreAuditLogsDynamo","createCorePulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","opensearchExtensionConfig","deploymentId","RandomId","byteLength","searchEngineType","searchEngineParams","params","domainName","process","env","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","onResource","resource","startsWith","addHandler","usingAdvancedVpcParams","license","fromEnvironment","canUseFileManagerThreatDetection","resources","addResource","useExistingVpc","useVpcEndpoints","Error","openSearchDomainVpcConfig","opensearch","Domain","config","vpcOptions","lambdaFunctionsVpcConfig","lambda","Function","canUseVpc","meta","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","region","ec2","Vpc","enableDnsSupport","enableDnsHostnames","vpc","subnets","routeTables","VpcEndpoint","vpcId","id","serviceName","interpolate","routeTableIds","privateSubnets","vpcEndpointType","privateDnsEnabled","securityGroupIds","defaultSecurityGroupId","subnetIds","private","map","subNet","pulumiHandlers","getContainer","resolve","execute","isProduction","protect","dynamoDbTable","addModule","logDynamoDbTable","auditLogsDynamoDbTable","vpcEnabled","cognito","useEmailAsUsername","eventBus","bucket","fileManagerBucket","hex","addOutputs","fileManagerBucketId","primaryDynamodbTableArn","arn","primaryDynamodbTableName","primaryDynamodbTableHashKey","hashKey","primaryDynamodbTableRangeKey","rangeKey","logDynamodbTableArn","logDynamodbTableName","logDynamodbTableHashKey","logDynamodbTableRangeKey","auditLogsDynamodbTableArn","auditLogsDynamodbTableName","auditLogsDynamodbTableHashKey","auditLogsDynamodbTableRangeKey","cognitoUserPoolId","userPool","cognitoUserPoolArn","cognitoUserPoolPasswordPolicy","passwordPolicy","cognitoAppClientId","userPoolClient","eventBusName","eventBusArn","manifests","dynamoTable","table","tableName","forEach","manifest","addServiceManifest","dynamodbTable"],"sources":["createCorePulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType } from \"@webiny/pulumi\";\nimport { CoreCognito } from \"./CoreCognito.js\";\nimport { CoreDynamo } from \"./CoreDynamo.js\";\nimport { OpenSearch } from \"./CoreOpenSearch.js\";\nimport { CoreEventBus } from \"./CoreEventBus.js\";\nimport { CoreFileManger } from \"./CoreFileManager.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { WatchCommand } from \"./WatchCommand.js\";\nimport { withServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport {\n addServiceManifestTableItem,\n type TableDefinition\n} from \"~/pulumi/utils/addServiceManifestTableItem.js\";\nimport * as random from \"@pulumi/random\";\nimport { LogDynamo } from \"./LogDynamo.js\";\nimport { getProjectSdk } from \"@webiny/project\";\nimport { CorePulumi } from \"@webiny/project/abstractions/index.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { applyAwsResourceTags, getAwsRegion } from \"~/pulumi/apps/awsUtils.js\";\nimport { License } from \"@webiny/wcp\";\nimport { configureS3BucketMalwareProtection } from \"./configureS3BucketMalwareProtection.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport { CoreAuditLogsDynamo } from \"~/pulumi/index.js\";\n\nexport type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;\n\nexport function createCorePulumiApp() {\n const baseApp = createPulumiApp({\n name: \"core\",\n path: \"apps/core\",\n program: async app => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const opensearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n const deploymentId = new random.RandomId(\"deploymentId\", { byteLength: 8 });\n\n let searchEngineType: \"opensearch\" | null = null;\n let searchEngineParams: typeof opensearchExtensionConfig | null = null;\n\n if (opensearchExtensionConfig) {\n searchEngineParams = opensearchExtensionConfig;\n searchEngineType = \"opensearch\";\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n const license = await License.fromEnvironment();\n if (license.canUseFileManagerThreatDetection()) {\n configureS3BucketMalwareProtection(app as CorePulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return;\n }\n\n const { resources, addResource, onResource } = app as CorePulumiApp;\n const { useExistingVpc, useVpcEndpoints } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (\"useVpcEndpoints\" in vpcExtensionsConfig) {\n throw new Error(\n \"Cannot specify `useVpcEndpoints` parameter when using an existing VPC. The VPC endpoints configurations should be already defined within the existing VPC.\"\n );\n }\n\n if (opensearchExtensionConfig) {\n if (!useExistingVpc.openSearchDomainVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `openSearchDomainVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.opensearch.Domain)) {\n resource.config.vpcOptions(\n useExistingVpc!.openSearchDomainVpcConfig\n );\n }\n });\n }\n\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n\n return;\n }\n\n // 2. Now we deal with \"non-existing VPC\" setup.\n if (useVpcEndpoints) {\n const region = getAwsRegion(app);\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.ec2.Vpc)) {\n resource.config.enableDnsSupport(true);\n resource.config.enableDnsHostnames(true);\n }\n });\n\n const { vpc, subnets, routeTables } = resources.vpc!;\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-s3-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.s3`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-dynamodb-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.dynamodb`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-sqs-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.sqs`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-events-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.events`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n const pulumiHandlers = sdk.getContainer().resolve(CorePulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as unknown as CorePulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n const protect = isProduction;\n\n // Setup DynamoDB table\n const dynamoDbTable = app.addModule(CoreDynamo, { protect });\n const logDynamoDbTable = app.addModule(LogDynamo, { protect });\n const auditLogsDynamoDbTable = app.addModule(CoreAuditLogsDynamo, { protect });\n\n // Setup VPC\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n const vpc = vpcEnabled ? app.addModule(CoreVpc) : null;\n\n // Setup Cognito\n const cognito = app.addModule(CoreCognito, {\n protect,\n useEmailAsUsername: false\n });\n\n // Setup event bus\n const eventBus = app.addModule(CoreEventBus);\n\n // Setup file core bucket\n const { bucket: fileManagerBucket } = app.addModule(CoreFileManger, { protect });\n\n let opensearch;\n if (searchEngineType === \"opensearch\") {\n opensearch = app.addModule(OpenSearch, { protect });\n }\n\n app.addModule(WatchCommand, { deploymentId: deploymentId.hex });\n\n app.addOutputs({\n deploymentId: deploymentId.hex,\n region: aws.config.region,\n fileManagerBucketId: fileManagerBucket.output.id,\n primaryDynamodbTableArn: dynamoDbTable.output.arn,\n primaryDynamodbTableName: dynamoDbTable.output.name,\n primaryDynamodbTableHashKey: dynamoDbTable.output.hashKey,\n primaryDynamodbTableRangeKey: dynamoDbTable.output.rangeKey,\n logDynamodbTableArn: logDynamoDbTable.output.arn,\n logDynamodbTableName: logDynamoDbTable.output.name,\n logDynamodbTableHashKey: logDynamoDbTable.output.hashKey,\n logDynamodbTableRangeKey: logDynamoDbTable.output.rangeKey,\n auditLogsDynamodbTableArn: auditLogsDynamoDbTable.output.arn,\n auditLogsDynamodbTableName: auditLogsDynamoDbTable.output.name,\n auditLogsDynamodbTableHashKey: auditLogsDynamoDbTable.output.hashKey,\n auditLogsDynamodbTableRangeKey: auditLogsDynamoDbTable.output.rangeKey,\n cognitoUserPoolId: cognito.userPool.output.id,\n cognitoUserPoolArn: cognito.userPool.output.arn,\n cognitoUserPoolPasswordPolicy: cognito.userPool.output.passwordPolicy,\n cognitoAppClientId: cognito.userPoolClient.output.id,\n eventBusName: eventBus.output.name,\n eventBusArn: eventBus.output.arn\n });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"core\");\n\n return {\n dynamoDbTable,\n logDynamoDbTable,\n vpc,\n ...cognito,\n fileManagerBucket,\n eventBus,\n opensearch\n };\n }\n });\n\n const app = withServiceManifest(baseApp, manifests => {\n const dynamoTable = baseApp.resources.dynamoDbTable;\n\n const table: TableDefinition = {\n tableName: dynamoTable.output.name,\n hashKey: dynamoTable.output.hashKey,\n rangeKey: dynamoTable.output.rangeKey\n };\n\n manifests.forEach(manifest => addServiceManifestTableItem(baseApp, table, manifest));\n });\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"core\",\n manifest: {\n eventBus: {\n arn: baseApp.resources.eventBus.output.arn,\n name: baseApp.resources.eventBus.output.name\n },\n dynamodbTable: {\n arn: baseApp.resources.dynamoDbTable.output.arn,\n name: baseApp.resources.dynamoDbTable.output.name,\n hashKey: baseApp.resources.dynamoDbTable.output.hashKey,\n rangeKey: baseApp.resources.dynamoDbTable.output.rangeKey\n }\n }\n });\n });\n\n return app;\n}\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAQ,gBAAgB;AAClE,SAASC,WAAW;AACpB,SAASC,UAAU;AACnB,SAASC,UAAU;AACnB,SAASC,YAAY;AACrB,SAASC,cAAc;AACvB,SAASC,OAAO;AAChB,SAASC,YAAY;AACrB,SAASC,mBAAmB;AAC5B,SACIC,2BAA2B;AAG/B,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SAASC,SAAS;AAClB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,UAAU,QAAQ,uCAAuC;AAClE,SAASC,wBAAwB;AACjC,SAASC,yBAAyB;AAClC,SAASC,oBAAoB,EAAEC,YAAY;AAC3C,SAASC,OAAO,QAAQ,aAAa;AACrC,SAASC,kCAAkC;AAC3C,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SAASC,mBAAmB;AAI5B,OAAO,SAASC,mBAAmBA,CAAA,EAAG;EAClC,MAAMC,OAAO,GAAGxB,eAAe,CAAC;IAC5ByB,IAAI,EAAE,MAAM;IACZC,IAAI,EAAE,WAAW;IACjBC,OAAO,EAAE,MAAMC,GAAG,IAAI;MAClB,MAAMC,GAAG,GAAG,MAAMhB,aAAa,CAAC,CAAC;MACjC,MAAMiB,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGlB,yBAAyB,CAACc,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGpB,wBAAwB,CAACe,aAAa,CAAC;MAEzE,MAAMM,YAAY,GAAG,IAAIzB,MAAM,CAAC0B,QAAQ,CAAC,cAAc,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAE3E,IAAIC,gBAAqC,GAAG,IAAI;MAChD,IAAIC,kBAA2D,GAAG,IAAI;MAEtE,IAAIL,yBAAyB,EAAE;QAC3BK,kBAAkB,GAAGL,yBAAyB;QAC9CI,gBAAgB,GAAG,YAAY;MACnC;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,UAAU,EAAE;YACnBC,OAAO,CAACC,GAAG,CAACC,kBAAkB,GAAGJ,MAAM,CAACC,UAAU;UACtD;UAEA,IAAID,MAAM,CAACK,WAAW,EAAE;YACpBH,OAAO,CAACC,GAAG,CAACG,uBAAuB,GAAGN,MAAM,CAACK,WAAW;UAC5D;UAEA,IAAIL,MAAM,CAACO,aAAa,EAAE;YACtBL,OAAO,CAACC,GAAG,CAACK,yBAAyB,GAAG,MAAM;UAClD;QACJ;MACJ;MAEA,IAAIjB,wBAAwB,EAAE;QAC1BJ,GAAG,CAACsB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAAC1B,IAAI,CAAC2B,UAAU,CAACpB,wBAAwB,CAAC,EAAE;YACrDmB,QAAQ,CAAC1B,IAAI,GAAG,GAAGO,wBAAwB,GAAGmB,QAAQ,CAAC1B,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAACyB,UAAU,CAAC,YAAY;QACvB,MAAMC,sBAAsB,GACxBpB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,MAAMqB,OAAO,GAAG,MAAMpC,OAAO,CAACqC,eAAe,CAAC,CAAC;QAC/C,IAAID,OAAO,CAACE,gCAAgC,CAAC,CAAC,EAAE;UAC5CrC,kCAAkC,CAACQ,GAAoB,CAAC;QAC5D;;QAEA;QACA,IAAI,CAAC0B,sBAAsB,EAAE;UACzB;QACJ;QAEA,MAAM;UAAEI,SAAS;UAAEC,WAAW;UAAET;QAAW,CAAC,GAAGtB,GAAoB;QACnE,MAAM;UAAEgC,cAAc;UAAEC;QAAgB,CAAC,GAAG3B,mBAAmB;;QAE/D;QACA,IAAI0B,cAAc,EAAE;UAChB,IAAI,iBAAiB,IAAI1B,mBAAmB,EAAE;YAC1C,MAAM,IAAI4B,KAAK,CACX,4JACJ,CAAC;UACL;UAEA,IAAI3B,yBAAyB,EAAE;YAC3B,IAAI,CAACyB,cAAc,CAACG,yBAAyB,EAAE;cAC3C,MAAM,IAAID,KAAK,CACX,8GACJ,CAAC;YACL;YAEAZ,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAIlD,gBAAgB,CAACkD,QAAQ,EAAEpD,GAAG,CAACiE,UAAU,CAACC,MAAM,CAAC,EAAE;gBACnDd,QAAQ,CAACe,MAAM,CAACC,UAAU,CACtBP,cAAc,CAAEG,yBACpB,CAAC;cACL;YACJ,CAAC,CAAC;UACN;UAEA,IAAI,CAACH,cAAc,CAACQ,wBAAwB,EAAE;YAC1C,MAAM,IAAIN,KAAK,CACX,6GACJ,CAAC;UACL;UAEAZ,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAIlD,gBAAgB,CAACkD,QAAQ,EAAEpD,GAAG,CAACsE,MAAM,CAACC,QAAQ,CAAC,EAAE;cACjD,MAAMC,SAAS,GAAGpB,QAAQ,CAACqB,IAAI,CAACD,SAAS,KAAK,KAAK;cACnD,IAAIA,SAAS,EAAE;gBACXpB,QAAQ,CAACe,MAAM,CAACO,SAAS,CAACb,cAAc,CAAEQ,wBAAwB,CAAC;cACvE;YACJ;YAEA,IAAInE,gBAAgB,CAACkD,QAAQ,EAAEpD,GAAG,CAAC2E,GAAG,CAACC,IAAI,CAAC,EAAE;cAC1C,IAAIxB,QAAQ,CAACqB,IAAI,CAACI,oBAAoB,EAAE;gBACpCjB,WAAW,CAAC5D,GAAG,CAAC2E,GAAG,CAACG,oBAAoB,EAAE;kBACtCpD,IAAI,EAAE,GAAG0B,QAAQ,CAAC1B,IAAI,4BAA4B;kBAClDyC,MAAM,EAAE;oBACJY,IAAI,EAAE3B,QAAQ,CAAC4B,MAAM,CAACtD,IAAI;oBAC1BuD,SAAS,EACLjF,GAAG,CAAC2E,GAAG,CAACO,aAAa,CAACC;kBAC9B;gBACJ,CAAC,CAAC;cACN;YACJ;UACJ,CAAC,CAAC;UAEF;QACJ;;QAEA;QACA,IAAIrB,eAAe,EAAE;UACjB,MAAMsB,MAAM,GAAGjE,YAAY,CAACU,GAAG,CAAC;UAEhCsB,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAIlD,gBAAgB,CAACkD,QAAQ,EAAEpD,GAAG,CAACqF,GAAG,CAACC,GAAG,CAAC,EAAE;cACzClC,QAAQ,CAACe,MAAM,CAACoB,gBAAgB,CAAC,IAAI,CAAC;cACtCnC,QAAQ,CAACe,MAAM,CAACqB,kBAAkB,CAAC,IAAI,CAAC;YAC5C;UACJ,CAAC,CAAC;UAEF,MAAM;YAAEC,GAAG;YAAEC,OAAO;YAAEC;UAAY,CAAC,GAAGhC,SAAS,CAAC8B,GAAI;UACpD7B,WAAW,CAAC5D,GAAG,CAACqF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,qBAAqB;YAC3ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,KAAK;cAC3Da,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC5D,GAAG,CAACqF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,2BAA2B;YACjCyC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,WAAW;cACjEa,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC5D,GAAG,CAACqF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,sBAAsB;YAC5ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,MAAM;cAC5De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC5D,GAAG,CAACqF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,yBAAyB;YAC/ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,SAAS;cAC/De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;QACN;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMa,cAAc,GAAG7E,GAAG,CAAC8E,YAAY,CAAC,CAAC,CAACC,OAAO,CAAC9F,UAAU,CAAC;MAE7Dc,GAAG,CAACyB,UAAU,CAAC,MAAM;QACjB,OAAOqD,cAAc,CAACG,OAAO,CAACjF,GAA+B,CAAC;MAClE,CAAC,CAAC;MAEF,MAAMkF,YAAY,GAAGlF,GAAG,CAACgB,GAAG,CAACkE,YAAY;MACzC,MAAMC,OAAO,GAAGD,YAAY;;MAE5B;MACA,MAAME,aAAa,GAAGpF,GAAG,CAACqF,SAAS,CAAC9G,UAAU,EAAE;QAAE4G;MAAQ,CAAC,CAAC;MAC5D,MAAMG,gBAAgB,GAAGtF,GAAG,CAACqF,SAAS,CAACrG,SAAS,EAAE;QAAEmG;MAAQ,CAAC,CAAC;MAC9D,MAAMI,sBAAsB,GAAGvF,GAAG,CAACqF,SAAS,CAAC3F,mBAAmB,EAAE;QAAEyF;MAAQ,CAAC,CAAC;;MAE9E;MACA,MAAMK,UAAU,GACZlF,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvC4E,YAAY;MAEhB,MAAMtB,GAAG,GAAG4B,UAAU,GAAGxF,GAAG,CAACqF,SAAS,CAAC1G,OAAO,CAAC,GAAG,IAAI;;MAEtD;MACA,MAAM8G,OAAO,GAAGzF,GAAG,CAACqF,SAAS,CAAC/G,WAAW,EAAE;QACvC6G,OAAO;QACPO,kBAAkB,EAAE;MACxB,CAAC,CAAC;;MAEF;MACA,MAAMC,QAAQ,GAAG3F,GAAG,CAACqF,SAAS,CAAC5G,YAAY,CAAC;;MAE5C;MACA,MAAM;QAAEmH,MAAM,EAAEC;MAAkB,CAAC,GAAG7F,GAAG,CAACqF,SAAS,CAAC3G,cAAc,EAAE;QAAEyG;MAAQ,CAAC,CAAC;MAEhF,IAAI/C,UAAU;MACd,IAAIzB,gBAAgB,KAAK,YAAY,EAAE;QACnCyB,UAAU,GAAGpC,GAAG,CAACqF,SAAS,CAAC7G,UAAU,EAAE;UAAE2G;QAAQ,CAAC,CAAC;MACvD;MAEAnF,GAAG,CAACqF,SAAS,CAACzG,YAAY,EAAE;QAAE4B,YAAY,EAAEA,YAAY,CAACsF;MAAI,CAAC,CAAC;MAE/D9F,GAAG,CAAC+F,UAAU,CAAC;QACXvF,YAAY,EAAEA,YAAY,CAACsF,GAAG;QAC9BvC,MAAM,EAAEpF,GAAG,CAACmE,MAAM,CAACiB,MAAM;QACzByC,mBAAmB,EAAEH,iBAAiB,CAAC1C,MAAM,CAACc,EAAE;QAChDgC,uBAAuB,EAAEb,aAAa,CAACjC,MAAM,CAAC+C,GAAG;QACjDC,wBAAwB,EAAEf,aAAa,CAACjC,MAAM,CAACtD,IAAI;QACnDuG,2BAA2B,EAAEhB,aAAa,CAACjC,MAAM,CAACkD,OAAO;QACzDC,4BAA4B,EAAElB,aAAa,CAACjC,MAAM,CAACoD,QAAQ;QAC3DC,mBAAmB,EAAElB,gBAAgB,CAACnC,MAAM,CAAC+C,GAAG;QAChDO,oBAAoB,EAAEnB,gBAAgB,CAACnC,MAAM,CAACtD,IAAI;QAClD6G,uBAAuB,EAAEpB,gBAAgB,CAACnC,MAAM,CAACkD,OAAO;QACxDM,wBAAwB,EAAErB,gBAAgB,CAACnC,MAAM,CAACoD,QAAQ;QAC1DK,yBAAyB,EAAErB,sBAAsB,CAACpC,MAAM,CAAC+C,GAAG;QAC5DW,0BAA0B,EAAEtB,sBAAsB,CAACpC,MAAM,CAACtD,IAAI;QAC9DiH,6BAA6B,EAAEvB,sBAAsB,CAACpC,MAAM,CAACkD,OAAO;QACpEU,8BAA8B,EAAExB,sBAAsB,CAACpC,MAAM,CAACoD,QAAQ;QACtES,iBAAiB,EAAEvB,OAAO,CAACwB,QAAQ,CAAC9D,MAAM,CAACc,EAAE;QAC7CiD,kBAAkB,EAAEzB,OAAO,CAACwB,QAAQ,CAAC9D,MAAM,CAAC+C,GAAG;QAC/CiB,6BAA6B,EAAE1B,OAAO,CAACwB,QAAQ,CAAC9D,MAAM,CAACiE,cAAc;QACrEC,kBAAkB,EAAE5B,OAAO,CAAC6B,cAAc,CAACnE,MAAM,CAACc,EAAE;QACpDsD,YAAY,EAAE5B,QAAQ,CAACxC,MAAM,CAACtD,IAAI;QAClC2H,WAAW,EAAE7B,QAAQ,CAACxC,MAAM,CAAC+C;MACjC,CAAC,CAAC;;MAEF;MACA,MAAM7G,oBAAoB,CAAC,MAAM,CAAC;MAElC,OAAO;QACH+F,aAAa;QACbE,gBAAgB;QAChB1B,GAAG;QACH,GAAG6B,OAAO;QACVI,iBAAiB;QACjBF,QAAQ;QACRvD;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMpC,GAAG,GAAGnB,mBAAmB,CAACe,OAAO,EAAE6H,SAAS,IAAI;IAClD,MAAMC,WAAW,GAAG9H,OAAO,CAACkC,SAAS,CAACsD,aAAa;IAEnD,MAAMuC,KAAsB,GAAG;MAC3BC,SAAS,EAAEF,WAAW,CAACvE,MAAM,CAACtD,IAAI;MAClCwG,OAAO,EAAEqB,WAAW,CAACvE,MAAM,CAACkD,OAAO;MACnCE,QAAQ,EAAEmB,WAAW,CAACvE,MAAM,CAACoD;IACjC,CAAC;IAEDkB,SAAS,CAACI,OAAO,CAACC,QAAQ,IAAIhJ,2BAA2B,CAACc,OAAO,EAAE+H,KAAK,EAAEG,QAAQ,CAAC,CAAC;EACxF,CAAC,CAAC;EAEF9H,GAAG,CAACyB,UAAU,CAAC,MAAM;IACjBzB,GAAG,CAAC+H,kBAAkB,CAAC;MACnBlI,IAAI,EAAE,MAAM;MACZiI,QAAQ,EAAE;QACNnC,QAAQ,EAAE;UACNO,GAAG,EAAEtG,OAAO,CAACkC,SAAS,CAAC6D,QAAQ,CAACxC,MAAM,CAAC+C,GAAG;UAC1CrG,IAAI,EAAED,OAAO,CAACkC,SAAS,CAAC6D,QAAQ,CAACxC,MAAM,CAACtD;QAC5C,CAAC;QACDmI,aAAa,EAAE;UACX9B,GAAG,EAAEtG,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAAC+C,GAAG;UAC/CrG,IAAI,EAAED,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACtD,IAAI;UACjDwG,OAAO,EAAEzG,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACkD,OAAO;UACvDE,QAAQ,EAAE3G,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACoD;QACrD;MACJ;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAOvG,GAAG;AACd","ignoreList":[]}
1
+ {"version":3,"names":["aws","createPulumiApp","isResourceOfType","CoreCognito","CoreDynamo","OpenSearch","CoreEventBus","CoreFileManger","CoreVpc","WatchCommand","withServiceManifest","addServiceManifestTableItem","random","LogDynamo","getProjectSdk","CorePulumi","getOsConfigFromExtension","getVpcConfigFromExtension","applyAwsResourceTags","getAwsRegion","configureS3BucketMalwareProtection","pulumi","CoreAuditLogsDynamo","createCorePulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","opensearchExtensionConfig","deploymentId","RandomId","byteLength","searchEngineType","searchEngineParams","params","domainName","process","env","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","onResource","resource","startsWith","addHandler","usingAdvancedVpcParams","featureFlags","getFeatureFlags","isFileManagerThreatDetectionEnabled","resources","addResource","useExistingVpc","useVpcEndpoints","Error","openSearchDomainVpcConfig","opensearch","Domain","config","vpcOptions","lambdaFunctionsVpcConfig","lambda","Function","canUseVpc","meta","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","region","ec2","Vpc","enableDnsSupport","enableDnsHostnames","vpc","subnets","routeTables","VpcEndpoint","vpcId","id","serviceName","interpolate","routeTableIds","privateSubnets","vpcEndpointType","privateDnsEnabled","securityGroupIds","defaultSecurityGroupId","subnetIds","private","map","subNet","pulumiHandlers","getContainer","resolve","execute","isProduction","protect","dynamoDbTable","addModule","logDynamoDbTable","auditLogsDynamoDbTable","vpcEnabled","cognito","useEmailAsUsername","eventBus","bucket","fileManagerBucket","hex","addOutputs","fileManagerBucketId","primaryDynamodbTableArn","arn","primaryDynamodbTableName","primaryDynamodbTableHashKey","hashKey","primaryDynamodbTableRangeKey","rangeKey","logDynamodbTableArn","logDynamodbTableName","logDynamodbTableHashKey","logDynamodbTableRangeKey","auditLogsDynamodbTableArn","auditLogsDynamodbTableName","auditLogsDynamodbTableHashKey","auditLogsDynamodbTableRangeKey","cognitoUserPoolId","userPool","cognitoUserPoolArn","cognitoUserPoolPasswordPolicy","passwordPolicy","cognitoAppClientId","userPoolClient","eventBusName","eventBusArn","manifests","dynamoTable","table","tableName","forEach","manifest","addServiceManifest","dynamodbTable"],"sources":["createCorePulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType } from \"@webiny/pulumi\";\nimport { CoreCognito } from \"./CoreCognito.js\";\nimport { CoreDynamo } from \"./CoreDynamo.js\";\nimport { OpenSearch } from \"./CoreOpenSearch.js\";\nimport { CoreEventBus } from \"./CoreEventBus.js\";\nimport { CoreFileManger } from \"./CoreFileManager.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { WatchCommand } from \"./WatchCommand.js\";\nimport { withServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport {\n addServiceManifestTableItem,\n type TableDefinition\n} from \"~/pulumi/utils/addServiceManifestTableItem.js\";\nimport * as random from \"@pulumi/random\";\nimport { LogDynamo } from \"./LogDynamo.js\";\nimport { getProjectSdk } from \"@webiny/project\";\nimport { CorePulumi } from \"@webiny/project/abstractions/index.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { applyAwsResourceTags, getAwsRegion } from \"~/pulumi/apps/awsUtils.js\";\nimport { configureS3BucketMalwareProtection } from \"./configureS3BucketMalwareProtection.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport { CoreAuditLogsDynamo } from \"~/pulumi/index.js\";\n\nexport type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;\n\nexport function createCorePulumiApp() {\n const baseApp = createPulumiApp({\n name: \"core\",\n path: \"apps/core\",\n program: async app => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const opensearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n const deploymentId = new random.RandomId(\"deploymentId\", { byteLength: 8 });\n\n let searchEngineType: \"opensearch\" | null = null;\n let searchEngineParams: typeof opensearchExtensionConfig | null = null;\n\n if (opensearchExtensionConfig) {\n searchEngineParams = opensearchExtensionConfig;\n searchEngineType = \"opensearch\";\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n const featureFlags = await sdk.getFeatureFlags();\n if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n configureS3BucketMalwareProtection(app as CorePulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return;\n }\n\n const { resources, addResource, onResource } = app as CorePulumiApp;\n const { useExistingVpc, useVpcEndpoints } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (\"useVpcEndpoints\" in vpcExtensionsConfig) {\n throw new Error(\n \"Cannot specify `useVpcEndpoints` parameter when using an existing VPC. The VPC endpoints configurations should be already defined within the existing VPC.\"\n );\n }\n\n if (opensearchExtensionConfig) {\n if (!useExistingVpc.openSearchDomainVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `openSearchDomainVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.opensearch.Domain)) {\n resource.config.vpcOptions(\n useExistingVpc!.openSearchDomainVpcConfig\n );\n }\n });\n }\n\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n\n return;\n }\n\n // 2. Now we deal with \"non-existing VPC\" setup.\n if (useVpcEndpoints) {\n const region = getAwsRegion(app);\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.ec2.Vpc)) {\n resource.config.enableDnsSupport(true);\n resource.config.enableDnsHostnames(true);\n }\n });\n\n const { vpc, subnets, routeTables } = resources.vpc!;\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-s3-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.s3`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-dynamodb-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.dynamodb`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-sqs-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.sqs`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-events-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.events`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n const pulumiHandlers = sdk.getContainer().resolve(CorePulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as unknown as CorePulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n const protect = isProduction;\n\n // Setup DynamoDB table\n const dynamoDbTable = app.addModule(CoreDynamo, { protect });\n const logDynamoDbTable = app.addModule(LogDynamo, { protect });\n const auditLogsDynamoDbTable = app.addModule(CoreAuditLogsDynamo, { protect });\n\n // Setup VPC\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n const vpc = vpcEnabled ? app.addModule(CoreVpc) : null;\n\n // Setup Cognito\n const cognito = app.addModule(CoreCognito, {\n protect,\n useEmailAsUsername: false\n });\n\n // Setup event bus\n const eventBus = app.addModule(CoreEventBus);\n\n // Setup file core bucket\n const { bucket: fileManagerBucket } = app.addModule(CoreFileManger, { protect });\n\n let opensearch;\n if (searchEngineType === \"opensearch\") {\n opensearch = app.addModule(OpenSearch, { protect });\n }\n\n app.addModule(WatchCommand, { deploymentId: deploymentId.hex });\n\n app.addOutputs({\n deploymentId: deploymentId.hex,\n region: aws.config.region,\n fileManagerBucketId: fileManagerBucket.output.id,\n primaryDynamodbTableArn: dynamoDbTable.output.arn,\n primaryDynamodbTableName: dynamoDbTable.output.name,\n primaryDynamodbTableHashKey: dynamoDbTable.output.hashKey,\n primaryDynamodbTableRangeKey: dynamoDbTable.output.rangeKey,\n logDynamodbTableArn: logDynamoDbTable.output.arn,\n logDynamodbTableName: logDynamoDbTable.output.name,\n logDynamodbTableHashKey: logDynamoDbTable.output.hashKey,\n logDynamodbTableRangeKey: logDynamoDbTable.output.rangeKey,\n auditLogsDynamodbTableArn: auditLogsDynamoDbTable.output.arn,\n auditLogsDynamodbTableName: auditLogsDynamoDbTable.output.name,\n auditLogsDynamodbTableHashKey: auditLogsDynamoDbTable.output.hashKey,\n auditLogsDynamodbTableRangeKey: auditLogsDynamoDbTable.output.rangeKey,\n cognitoUserPoolId: cognito.userPool.output.id,\n cognitoUserPoolArn: cognito.userPool.output.arn,\n cognitoUserPoolPasswordPolicy: cognito.userPool.output.passwordPolicy,\n cognitoAppClientId: cognito.userPoolClient.output.id,\n eventBusName: eventBus.output.name,\n eventBusArn: eventBus.output.arn\n });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"core\");\n\n return {\n dynamoDbTable,\n logDynamoDbTable,\n vpc,\n ...cognito,\n fileManagerBucket,\n eventBus,\n opensearch\n };\n }\n });\n\n const app = withServiceManifest(baseApp, manifests => {\n const dynamoTable = baseApp.resources.dynamoDbTable;\n\n const table: TableDefinition = {\n tableName: dynamoTable.output.name,\n hashKey: dynamoTable.output.hashKey,\n rangeKey: dynamoTable.output.rangeKey\n };\n\n manifests.forEach(manifest => addServiceManifestTableItem(baseApp, table, manifest));\n });\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"core\",\n manifest: {\n eventBus: {\n arn: baseApp.resources.eventBus.output.arn,\n name: baseApp.resources.eventBus.output.name\n },\n dynamodbTable: {\n arn: baseApp.resources.dynamoDbTable.output.arn,\n name: baseApp.resources.dynamoDbTable.output.name,\n hashKey: baseApp.resources.dynamoDbTable.output.hashKey,\n rangeKey: baseApp.resources.dynamoDbTable.output.rangeKey\n }\n }\n });\n });\n\n return app;\n}\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAQ,gBAAgB;AAClE,SAASC,WAAW;AACpB,SAASC,UAAU;AACnB,SAASC,UAAU;AACnB,SAASC,YAAY;AACrB,SAASC,cAAc;AACvB,SAASC,OAAO;AAChB,SAASC,YAAY;AACrB,SAASC,mBAAmB;AAC5B,SACIC,2BAA2B;AAG/B,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SAASC,SAAS;AAClB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,UAAU,QAAQ,uCAAuC;AAClE,SAASC,wBAAwB;AACjC,SAASC,yBAAyB;AAClC,SAASC,oBAAoB,EAAEC,YAAY;AAC3C,SAASC,kCAAkC;AAC3C,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SAASC,mBAAmB;AAI5B,OAAO,SAASC,mBAAmBA,CAAA,EAAG;EAClC,MAAMC,OAAO,GAAGvB,eAAe,CAAC;IAC5BwB,IAAI,EAAE,MAAM;IACZC,IAAI,EAAE,WAAW;IACjBC,OAAO,EAAE,MAAMC,GAAG,IAAI;MAClB,MAAMC,GAAG,GAAG,MAAMf,aAAa,CAAC,CAAC;MACjC,MAAMgB,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGjB,yBAAyB,CAACa,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGnB,wBAAwB,CAACc,aAAa,CAAC;MAEzE,MAAMM,YAAY,GAAG,IAAIxB,MAAM,CAACyB,QAAQ,CAAC,cAAc,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAE3E,IAAIC,gBAAqC,GAAG,IAAI;MAChD,IAAIC,kBAA2D,GAAG,IAAI;MAEtE,IAAIL,yBAAyB,EAAE;QAC3BK,kBAAkB,GAAGL,yBAAyB;QAC9CI,gBAAgB,GAAG,YAAY;MACnC;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,UAAU,EAAE;YACnBC,OAAO,CAACC,GAAG,CAACC,kBAAkB,GAAGJ,MAAM,CAACC,UAAU;UACtD;UAEA,IAAID,MAAM,CAACK,WAAW,EAAE;YACpBH,OAAO,CAACC,GAAG,CAACG,uBAAuB,GAAGN,MAAM,CAACK,WAAW;UAC5D;UAEA,IAAIL,MAAM,CAACO,aAAa,EAAE;YACtBL,OAAO,CAACC,GAAG,CAACK,yBAAyB,GAAG,MAAM;UAClD;QACJ;MACJ;MAEA,IAAIjB,wBAAwB,EAAE;QAC1BJ,GAAG,CAACsB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAAC1B,IAAI,CAAC2B,UAAU,CAACpB,wBAAwB,CAAC,EAAE;YACrDmB,QAAQ,CAAC1B,IAAI,GAAG,GAAGO,wBAAwB,GAAGmB,QAAQ,CAAC1B,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAACyB,UAAU,CAAC,YAAY;QACvB,MAAMC,sBAAsB,GACxBpB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,MAAMqB,YAAY,GAAG,MAAM1B,GAAG,CAAC2B,eAAe,CAAC,CAAC;QAChD,IAAID,YAAY,CAACE,mCAAmC,CAAC,CAAC,EAAE;UACpDrC,kCAAkC,CAACQ,GAAoB,CAAC;QAC5D;;QAEA;QACA,IAAI,CAAC0B,sBAAsB,EAAE;UACzB;QACJ;QAEA,MAAM;UAAEI,SAAS;UAAEC,WAAW;UAAET;QAAW,CAAC,GAAGtB,GAAoB;QACnE,MAAM;UAAEgC,cAAc;UAAEC;QAAgB,CAAC,GAAG3B,mBAAmB;;QAE/D;QACA,IAAI0B,cAAc,EAAE;UAChB,IAAI,iBAAiB,IAAI1B,mBAAmB,EAAE;YAC1C,MAAM,IAAI4B,KAAK,CACX,4JACJ,CAAC;UACL;UAEA,IAAI3B,yBAAyB,EAAE;YAC3B,IAAI,CAACyB,cAAc,CAACG,yBAAyB,EAAE;cAC3C,MAAM,IAAID,KAAK,CACX,8GACJ,CAAC;YACL;YAEAZ,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAIjD,gBAAgB,CAACiD,QAAQ,EAAEnD,GAAG,CAACgE,UAAU,CAACC,MAAM,CAAC,EAAE;gBACnDd,QAAQ,CAACe,MAAM,CAACC,UAAU,CACtBP,cAAc,CAAEG,yBACpB,CAAC;cACL;YACJ,CAAC,CAAC;UACN;UAEA,IAAI,CAACH,cAAc,CAACQ,wBAAwB,EAAE;YAC1C,MAAM,IAAIN,KAAK,CACX,6GACJ,CAAC;UACL;UAEAZ,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAIjD,gBAAgB,CAACiD,QAAQ,EAAEnD,GAAG,CAACqE,MAAM,CAACC,QAAQ,CAAC,EAAE;cACjD,MAAMC,SAAS,GAAGpB,QAAQ,CAACqB,IAAI,CAACD,SAAS,KAAK,KAAK;cACnD,IAAIA,SAAS,EAAE;gBACXpB,QAAQ,CAACe,MAAM,CAACO,SAAS,CAACb,cAAc,CAAEQ,wBAAwB,CAAC;cACvE;YACJ;YAEA,IAAIlE,gBAAgB,CAACiD,QAAQ,EAAEnD,GAAG,CAAC0E,GAAG,CAACC,IAAI,CAAC,EAAE;cAC1C,IAAIxB,QAAQ,CAACqB,IAAI,CAACI,oBAAoB,EAAE;gBACpCjB,WAAW,CAAC3D,GAAG,CAAC0E,GAAG,CAACG,oBAAoB,EAAE;kBACtCpD,IAAI,EAAE,GAAG0B,QAAQ,CAAC1B,IAAI,4BAA4B;kBAClDyC,MAAM,EAAE;oBACJY,IAAI,EAAE3B,QAAQ,CAAC4B,MAAM,CAACtD,IAAI;oBAC1BuD,SAAS,EACLhF,GAAG,CAAC0E,GAAG,CAACO,aAAa,CAACC;kBAC9B;gBACJ,CAAC,CAAC;cACN;YACJ;UACJ,CAAC,CAAC;UAEF;QACJ;;QAEA;QACA,IAAIrB,eAAe,EAAE;UACjB,MAAMsB,MAAM,GAAGhE,YAAY,CAACS,GAAG,CAAC;UAEhCsB,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAIjD,gBAAgB,CAACiD,QAAQ,EAAEnD,GAAG,CAACoF,GAAG,CAACC,GAAG,CAAC,EAAE;cACzClC,QAAQ,CAACe,MAAM,CAACoB,gBAAgB,CAAC,IAAI,CAAC;cACtCnC,QAAQ,CAACe,MAAM,CAACqB,kBAAkB,CAAC,IAAI,CAAC;YAC5C;UACJ,CAAC,CAAC;UAEF,MAAM;YAAEC,GAAG;YAAEC,OAAO;YAAEC;UAAY,CAAC,GAAGhC,SAAS,CAAC8B,GAAI;UACpD7B,WAAW,CAAC3D,GAAG,CAACoF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,qBAAqB;YAC3ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,KAAK;cAC3Da,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC3D,GAAG,CAACoF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,2BAA2B;YACjCyC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,WAAW;cACjEa,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC3D,GAAG,CAACoF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,sBAAsB;YAC5ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,MAAM;cAC5De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC3D,GAAG,CAACoF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,yBAAyB;YAC/ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,SAAS;cAC/De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;QACN;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMa,cAAc,GAAG7E,GAAG,CAAC8E,YAAY,CAAC,CAAC,CAACC,OAAO,CAAC7F,UAAU,CAAC;MAE7Da,GAAG,CAACyB,UAAU,CAAC,MAAM;QACjB,OAAOqD,cAAc,CAACG,OAAO,CAACjF,GAA+B,CAAC;MAClE,CAAC,CAAC;MAEF,MAAMkF,YAAY,GAAGlF,GAAG,CAACgB,GAAG,CAACkE,YAAY;MACzC,MAAMC,OAAO,GAAGD,YAAY;;MAE5B;MACA,MAAME,aAAa,GAAGpF,GAAG,CAACqF,SAAS,CAAC7G,UAAU,EAAE;QAAE2G;MAAQ,CAAC,CAAC;MAC5D,MAAMG,gBAAgB,GAAGtF,GAAG,CAACqF,SAAS,CAACpG,SAAS,EAAE;QAAEkG;MAAQ,CAAC,CAAC;MAC9D,MAAMI,sBAAsB,GAAGvF,GAAG,CAACqF,SAAS,CAAC3F,mBAAmB,EAAE;QAAEyF;MAAQ,CAAC,CAAC;;MAE9E;MACA,MAAMK,UAAU,GACZlF,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvC4E,YAAY;MAEhB,MAAMtB,GAAG,GAAG4B,UAAU,GAAGxF,GAAG,CAACqF,SAAS,CAACzG,OAAO,CAAC,GAAG,IAAI;;MAEtD;MACA,MAAM6G,OAAO,GAAGzF,GAAG,CAACqF,SAAS,CAAC9G,WAAW,EAAE;QACvC4G,OAAO;QACPO,kBAAkB,EAAE;MACxB,CAAC,CAAC;;MAEF;MACA,MAAMC,QAAQ,GAAG3F,GAAG,CAACqF,SAAS,CAAC3G,YAAY,CAAC;;MAE5C;MACA,MAAM;QAAEkH,MAAM,EAAEC;MAAkB,CAAC,GAAG7F,GAAG,CAACqF,SAAS,CAAC1G,cAAc,EAAE;QAAEwG;MAAQ,CAAC,CAAC;MAEhF,IAAI/C,UAAU;MACd,IAAIzB,gBAAgB,KAAK,YAAY,EAAE;QACnCyB,UAAU,GAAGpC,GAAG,CAACqF,SAAS,CAAC5G,UAAU,EAAE;UAAE0G;QAAQ,CAAC,CAAC;MACvD;MAEAnF,GAAG,CAACqF,SAAS,CAACxG,YAAY,EAAE;QAAE2B,YAAY,EAAEA,YAAY,CAACsF;MAAI,CAAC,CAAC;MAE/D9F,GAAG,CAAC+F,UAAU,CAAC;QACXvF,YAAY,EAAEA,YAAY,CAACsF,GAAG;QAC9BvC,MAAM,EAAEnF,GAAG,CAACkE,MAAM,CAACiB,MAAM;QACzByC,mBAAmB,EAAEH,iBAAiB,CAAC1C,MAAM,CAACc,EAAE;QAChDgC,uBAAuB,EAAEb,aAAa,CAACjC,MAAM,CAAC+C,GAAG;QACjDC,wBAAwB,EAAEf,aAAa,CAACjC,MAAM,CAACtD,IAAI;QACnDuG,2BAA2B,EAAEhB,aAAa,CAACjC,MAAM,CAACkD,OAAO;QACzDC,4BAA4B,EAAElB,aAAa,CAACjC,MAAM,CAACoD,QAAQ;QAC3DC,mBAAmB,EAAElB,gBAAgB,CAACnC,MAAM,CAAC+C,GAAG;QAChDO,oBAAoB,EAAEnB,gBAAgB,CAACnC,MAAM,CAACtD,IAAI;QAClD6G,uBAAuB,EAAEpB,gBAAgB,CAACnC,MAAM,CAACkD,OAAO;QACxDM,wBAAwB,EAAErB,gBAAgB,CAACnC,MAAM,CAACoD,QAAQ;QAC1DK,yBAAyB,EAAErB,sBAAsB,CAACpC,MAAM,CAAC+C,GAAG;QAC5DW,0BAA0B,EAAEtB,sBAAsB,CAACpC,MAAM,CAACtD,IAAI;QAC9DiH,6BAA6B,EAAEvB,sBAAsB,CAACpC,MAAM,CAACkD,OAAO;QACpEU,8BAA8B,EAAExB,sBAAsB,CAACpC,MAAM,CAACoD,QAAQ;QACtES,iBAAiB,EAAEvB,OAAO,CAACwB,QAAQ,CAAC9D,MAAM,CAACc,EAAE;QAC7CiD,kBAAkB,EAAEzB,OAAO,CAACwB,QAAQ,CAAC9D,MAAM,CAAC+C,GAAG;QAC/CiB,6BAA6B,EAAE1B,OAAO,CAACwB,QAAQ,CAAC9D,MAAM,CAACiE,cAAc;QACrEC,kBAAkB,EAAE5B,OAAO,CAAC6B,cAAc,CAACnE,MAAM,CAACc,EAAE;QACpDsD,YAAY,EAAE5B,QAAQ,CAACxC,MAAM,CAACtD,IAAI;QAClC2H,WAAW,EAAE7B,QAAQ,CAACxC,MAAM,CAAC+C;MACjC,CAAC,CAAC;;MAEF;MACA,MAAM5G,oBAAoB,CAAC,MAAM,CAAC;MAElC,OAAO;QACH8F,aAAa;QACbE,gBAAgB;QAChB1B,GAAG;QACH,GAAG6B,OAAO;QACVI,iBAAiB;QACjBF,QAAQ;QACRvD;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMpC,GAAG,GAAGlB,mBAAmB,CAACc,OAAO,EAAE6H,SAAS,IAAI;IAClD,MAAMC,WAAW,GAAG9H,OAAO,CAACkC,SAAS,CAACsD,aAAa;IAEnD,MAAMuC,KAAsB,GAAG;MAC3BC,SAAS,EAAEF,WAAW,CAACvE,MAAM,CAACtD,IAAI;MAClCwG,OAAO,EAAEqB,WAAW,CAACvE,MAAM,CAACkD,OAAO;MACnCE,QAAQ,EAAEmB,WAAW,CAACvE,MAAM,CAACoD;IACjC,CAAC;IAEDkB,SAAS,CAACI,OAAO,CAACC,QAAQ,IAAI/I,2BAA2B,CAACa,OAAO,EAAE+H,KAAK,EAAEG,QAAQ,CAAC,CAAC;EACxF,CAAC,CAAC;EAEF9H,GAAG,CAACyB,UAAU,CAAC,MAAM;IACjBzB,GAAG,CAAC+H,kBAAkB,CAAC;MACnBlI,IAAI,EAAE,MAAM;MACZiI,QAAQ,EAAE;QACNnC,QAAQ,EAAE;UACNO,GAAG,EAAEtG,OAAO,CAACkC,SAAS,CAAC6D,QAAQ,CAACxC,MAAM,CAAC+C,GAAG;UAC1CrG,IAAI,EAAED,OAAO,CAACkC,SAAS,CAAC6D,QAAQ,CAACxC,MAAM,CAACtD;QAC5C,CAAC;QACDmI,aAAa,EAAE;UACX9B,GAAG,EAAEtG,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAAC+C,GAAG;UAC/CrG,IAAI,EAAED,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACtD,IAAI;UACjDwG,OAAO,EAAEzG,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACkD,OAAO;UACvDE,QAAQ,EAAE3G,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACoD;QACrD;MACJ;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAOvG,GAAG;AACd","ignoreList":[]}
package/pulumi/apps/createAppBucket.d.ts CHANGED
@@ -2,10 +2,14 @@ import * as aws from "@pulumi/aws";
2
2
  import { type PulumiApp } from "@webiny/pulumi";
3
3
  export declare function createPublicAppBucket(app: PulumiApp, name: string): {
4
4
  bucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
5
+ bucketAcl: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketAcl").BucketAcl>;
6
+ bucketOwnershipControls: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketOwnershipControls").BucketOwnershipControls>;
5
7
  origin: aws.types.input.cloudfront.DistributionOrigin;
6
8
  };
7
9
  export declare function createPrivateAppBucket(app: PulumiApp, name: string): {
8
10
  bucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
11
+ bucketOwnershipControls: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketOwnershipControls").BucketOwnershipControls>;
12
+ bucketAcl: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketAcl").BucketAcl>;
9
13
  originIdentity: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/originAccessIdentity").OriginAccessIdentity>;
10
14
  origin: aws.types.input.cloudfront.DistributionOrigin;
11
15
  bucketPublicAccessBlock: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPublicAccessBlock").BucketPublicAccessBlock>;
package/pulumi/apps/createAppBucket.js CHANGED
@@ -5,7 +5,6 @@ export function createPublicAppBucket(app, name) {
5
5
  const bucket = app.addResource(aws.s3.Bucket, {
6
6
  name: name,
7
7
  config: {
8
- acl: aws.s3.CannedAcl.PublicRead,
9
8
  forceDestroy: true,
10
9
  website: {
11
10
  indexDocument: "index.html",
@@ -13,6 +12,25 @@ export function createPublicAppBucket(app, name) {
13
12
  }
14
13
  }
15
14
  });
15
+ const bucketOwnershipControls = app.addResource(aws.s3.BucketOwnershipControls, {
16
+ name: `${name}-ownership-controls`,
17
+ config: {
18
+ bucket: bucket.output.id,
19
+ rule: {
20
+ objectOwnership: "BucketOwnerPreferred"
21
+ }
22
+ }
23
+ });
24
+ const bucketAcl = app.addResource(aws.s3.BucketAcl, {
25
+ name: `${name}-acl`,
26
+ config: {
27
+ bucket: bucket.output.id,
28
+ acl: aws.s3.CannedAcl.PublicRead
29
+ },
30
+ opts: {
31
+ dependsOn: [bucketOwnershipControls.output]
32
+ }
33
+ });
16
34
  const origin = {
17
35
  originId: bucket.output.arn,
18
36
  domainName: bucket.output.websiteEndpoint,
@@ -25,6 +43,8 @@ export function createPublicAppBucket(app, name) {
25
43
  };
26
44
  return {
27
45
  bucket,
46
+ bucketAcl,
47
+ bucketOwnershipControls,
28
48
  origin
29
49
  };
30
50
  }
@@ -36,10 +56,28 @@ export function createPrivateAppBucket(app, name) {
36
56
  const bucket = app.addResource(aws.s3.Bucket, {
37
57
  name: name,
38
58
  config: {
39
- acl: aws.s3.CannedAcl.Private,
40
59
  forceDestroy: true
41
60
  }
42
61
  });
62
+ const bucketOwnershipControls = app.addResource(aws.s3.BucketOwnershipControls, {
63
+ name: `${name}-ownership-controls`,
64
+ config: {
65
+ bucket: bucket.output.id,
66
+ rule: {
67
+ objectOwnership: "BucketOwnerPreferred"
68
+ }
69
+ }
70
+ });
71
+ const bucketAcl = app.addResource(aws.s3.BucketAcl, {
72
+ name: `${name}-acl`,
73
+ config: {
74
+ bucket: bucket.output.id,
75
+ acl: aws.s3.CannedAcl.Private
76
+ },
77
+ opts: {
78
+ dependsOn: [bucketOwnershipControls.output]
79
+ }
80
+ });
43
81
 
44
82
  // Origin Identity is a kind of AWS user that represents Cloudfront distribution
45
83
  // We can add IAM policies to it later, to allow accessing private S3 bucket
@@ -102,6 +140,8 @@ export function createPrivateAppBucket(app, name) {
102
140
  });
103
141
  return {
104
142
  bucket,
143
+ bucketOwnershipControls,
144
+ bucketAcl,
105
145
  originIdentity,
106
146
  origin,
107
147
  bucketPublicAccessBlock,
package/pulumi/apps/createAppBucket.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","ApiOutput","getEnvVariableAwsRegion","createPublicAppBucket","app","name","bucket","addResource","s3","Bucket","config","acl","CannedAcl","PublicRead","forceDestroy","website","indexDocument","errorDocument","origin","originId","output","arn","domainName","websiteEndpoint","customOriginConfig","originProtocolPolicy","httpPort","httpsPort","originSslProtocols","createPrivateAppBucket","api","getModule","Private","originIdentity","cloudfront","OriginAccessIdentity","apply","s3OriginConfig","originAccessIdentity","cloudfrontAccessIdentityPath","bucketPublicAccessBlock","BucketPublicAccessBlock","id","blockPublicAcls","blockPublicPolicy","ignorePublicAcls","restrictPublicBuckets","bucketPolicy","BucketPolicy","policy","Version","Statement","statements","Effect","Principal","AWS","iamArn","Action","Resource","graphqlLambdaRole"],"sources":["createAppBucket.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { type PulumiApp } from \"@webiny/pulumi\";\nimport { ApiOutput } from \"~/pulumi/apps/api/index.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n\nexport function createPublicAppBucket(app: PulumiApp, name: string) {\n const bucket = app.addResource(aws.s3.Bucket, {\n name: name,\n config: {\n acl: aws.s3.CannedAcl.PublicRead,\n forceDestroy: true,\n website: {\n indexDocument: \"index.html\",\n errorDocument: \"_NOT_FOUND_PAGE_/index.html\"\n }\n }\n });\n\n const origin: aws.types.input.cloudfront.DistributionOrigin = {\n originId: bucket.output.arn,\n domainName: bucket.output.websiteEndpoint,\n customOriginConfig: {\n originProtocolPolicy: \"http-only\",\n httpPort: 80,\n httpsPort: 443,\n originSslProtocols: [\"TLSv1.2\"]\n }\n };\n\n return {\n bucket,\n origin\n };\n}\n\n// Forces S3 buckets to be available only through a cloudfront distribution.\n// Requires `ApiOutput` module to be loaded.\nexport function createPrivateAppBucket(app: PulumiApp, name: string) {\n const api = app.getModule(ApiOutput);\n\n const bucket = app.addResource(aws.s3.Bucket, {\n name: name,\n config: {\n acl: aws.s3.CannedAcl.Private,\n forceDestroy: true\n }\n });\n\n // Origin Identity is a kind of AWS user that represents Cloudfront distribution\n // We can add IAM policies to it later, to allow accessing private S3 bucket\n const originIdentity = app.addResource(aws.cloudfront.OriginAccessIdentity, {\n name: `${name}-origin-identity`,\n config: {}\n });\n\n const origin: aws.types.input.cloudfront.DistributionOrigin = {\n originId: bucket.output.arn,\n domainName: bucket.output.bucket.apply(\n // We need to create a regional domain name. Otherwise, we'll run into the following issue:\n // https://aws.amazon.com/premiumsupport/knowledge-center/s3-http-307-response/\n name => `${name}.s3.${getEnvVariableAwsRegion()}.amazonaws.com`\n ),\n s3OriginConfig: {\n originAccessIdentity: originIdentity.output.cloudfrontAccessIdentityPath\n }\n };\n\n // block any public access\n const bucketPublicAccessBlock = app.addResource(aws.s3.BucketPublicAccessBlock, {\n name: `${name}-bucket-block-access`,\n config: {\n bucket: bucket.output.id,\n blockPublicAcls: true,\n blockPublicPolicy: true,\n ignorePublicAcls: true,\n restrictPublicBuckets: true\n }\n });\n\n // Create an IAM policy to allow access to S3 bucket from cloudfront\n const bucketPolicy = app.addResource(aws.s3.BucketPolicy, {\n name: `${name}-bucket-policy`,\n config: {\n bucket: bucket.output.bucket,\n policy: {\n Version: \"2012-10-17\",\n Statement: bucket.output.arn.apply(arn => {\n const statements: aws.iam.PolicyStatement[] = [\n {\n Effect: \"Allow\",\n Principal: { AWS: originIdentity.output.iamArn },\n // we need GetObject to retrieve objects from S3\n // and ListBucket allows to properly handle non-existing files (404)\n Action: [\"s3:ListBucket\", \"s3:GetObject\"],\n Resource: [`${arn}`, `${arn}/*`]\n },\n {\n Effect: \"Allow\",\n Principal: {\n AWS: api.graphqlLambdaRole\n },\n Action: [\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\"\n ],\n Resource: [`${arn}`, `${arn}/*`]\n }\n ];\n\n return statements;\n })\n }\n }\n });\n\n return {\n bucket,\n originIdentity,\n origin,\n bucketPublicAccessBlock,\n bucketPolicy\n };\n}\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAElC,SAASC,SAAS;AAClB,SAASC,uBAAuB;AAEhC,OAAO,SAASC,qBAAqBA,CAACC,GAAc,EAAEC,IAAY,EAAE;EAChE,MAAMC,MAAM,GAAGF,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACC,MAAM,EAAE;IAC1CJ,IAAI,EAAEA,IAAI;IACVK,MAAM,EAAE;MACJC,GAAG,EAAEX,GAAG,CAACQ,EAAE,CAACI,SAAS,CAACC,UAAU;MAChCC,YAAY,EAAE,IAAI;MAClBC,OAAO,EAAE;QACLC,aAAa,EAAE,YAAY;QAC3BC,aAAa,EAAE;MACnB;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMC,MAAqD,GAAG;IAC1DC,QAAQ,EAAEb,MAAM,CAACc,MAAM,CAACC,GAAG;IAC3BC,UAAU,EAAEhB,MAAM,CAACc,MAAM,CAACG,eAAe;IACzCC,kBAAkB,EAAE;MAChBC,oBAAoB,EAAE,WAAW;MACjCC,QAAQ,EAAE,EAAE;MACZC,SAAS,EAAE,GAAG;MACdC,kBAAkB,EAAE,CAAC,SAAS;IAClC;EACJ,CAAC;EAED,OAAO;IACHtB,MAAM;IACNY;EACJ,CAAC;AACL;;AAEA;AACA;AACA,OAAO,SAASW,sBAAsBA,CAACzB,GAAc,EAAEC,IAAY,EAAE;EACjE,MAAMyB,GAAG,GAAG1B,GAAG,CAAC2B,SAAS,CAAC9B,SAAS,CAAC;EAEpC,MAAMK,MAAM,GAAGF,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACC,MAAM,EAAE;IAC1CJ,IAAI,EAAEA,IAAI;IACVK,MAAM,EAAE;MACJC,GAAG,EAAEX,GAAG,CAACQ,EAAE,CAACI,SAAS,CAACoB,OAAO;MAC7BlB,YAAY,EAAE;IAClB;EACJ,CAAC,CAAC;;EAEF;EACA;EACA,MAAMmB,cAAc,GAAG7B,GAAG,CAACG,WAAW,CAACP,GAAG,CAACkC,UAAU,CAACC,oBAAoB,EAAE;IACxE9B,IAAI,EAAE,GAAGA,IAAI,kBAAkB;IAC/BK,MAAM,EAAE,CAAC;EACb,CAAC,CAAC;EAEF,MAAMQ,MAAqD,GAAG;IAC1DC,QAAQ,EAAEb,MAAM,CAACc,MAAM,CAACC,GAAG;IAC3BC,UAAU,EAAEhB,MAAM,CAACc,MAAM,CAACd,MAAM,CAAC8B,KAAK;IAClC;IACA;IACA/B,IAAI,IAAI,GAAGA,IAAI,OAAOH,uBAAuB,CAAC,CAAC,gBACnD,CAAC;IACDmC,cAAc,EAAE;MACZC,oBAAoB,EAAEL,cAAc,CAACb,MAAM,CAACmB;IAChD;EACJ,CAAC;;EAED;EACA,MAAMC,uBAAuB,GAAGpC,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACiC,uBAAuB,EAAE;IAC5EpC,IAAI,EAAE,GAAGA,IAAI,sBAAsB;IACnCK,MAAM,EAAE;MACJJ,MAAM,EAAEA,MAAM,CAACc,MAAM,CAACsB,EAAE;MACxBC,eAAe,EAAE,IAAI;MACrBC,iBAAiB,EAAE,IAAI;MACvBC,gBAAgB,EAAE,IAAI;MACtBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC,CAAC;;EAEF;EACA,MAAMC,YAAY,GAAG3C,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACwC,YAAY,EAAE;IACtD3C,IAAI,EAAE,GAAGA,IAAI,gBAAgB;IAC7BK,MAAM,EAAE;MACJJ,MAAM,EAAEA,MAAM,CAACc,MAAM,CAACd,MAAM;MAC5B2C,MAAM,EAAE;QACJC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE7C,MAAM,CAACc,MAAM,CAACC,GAAG,CAACe,KAAK,CAACf,GAAG,IAAI;UACtC,MAAM+B,UAAqC,GAAG,CAC1C;YACIC,MAAM,EAAE,OAAO;YACfC,SAAS,EAAE;cAAEC,GAAG,EAAEtB,cAAc,CAACb,MAAM,CAACoC;YAAO,CAAC;YAChD;YACA;YACAC,MAAM,EAAE,CAAC,eAAe,EAAE,cAAc,CAAC;YACzCC,QAAQ,EAAE,CAAC,GAAGrC,GAAG,EAAE,EAAE,GAAGA,GAAG,IAAI;UACnC,CAAC,EACD;YACIgC,MAAM,EAAE,OAAO;YACfC,SAAS,EAAE;cACPC,GAAG,EAAEzB,GAAG,CAAC6B;YACb,CAAC;YACDF,MAAM,EAAE,CACJ,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,eAAe,CAClB;YACDC,QAAQ,EAAE,CAAC,GAAGrC,GAAG,EAAE,EAAE,GAAGA,GAAG,IAAI;UACnC,CAAC,CACJ;UAED,OAAO+B,UAAU;QACrB,CAAC;MACL;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACH9C,MAAM;IACN2B,cAAc;IACdf,MAAM;IACNsB,uBAAuB;IACvBO;EACJ,CAAC;AACL","ignoreList":[]}
1
+ {"version":3,"names":["aws","ApiOutput","getEnvVariableAwsRegion","createPublicAppBucket","app","name","bucket","addResource","s3","Bucket","config","forceDestroy","website","indexDocument","errorDocument","bucketOwnershipControls","BucketOwnershipControls","output","id","rule","objectOwnership","bucketAcl","BucketAcl","acl","CannedAcl","PublicRead","opts","dependsOn","origin","originId","arn","domainName","websiteEndpoint","customOriginConfig","originProtocolPolicy","httpPort","httpsPort","originSslProtocols","createPrivateAppBucket","api","getModule","Private","originIdentity","cloudfront","OriginAccessIdentity","apply","s3OriginConfig","originAccessIdentity","cloudfrontAccessIdentityPath","bucketPublicAccessBlock","BucketPublicAccessBlock","blockPublicAcls","blockPublicPolicy","ignorePublicAcls","restrictPublicBuckets","bucketPolicy","BucketPolicy","policy","Version","Statement","statements","Effect","Principal","AWS","iamArn","Action","Resource","graphqlLambdaRole"],"sources":["createAppBucket.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { type PulumiApp } from \"@webiny/pulumi\";\nimport { ApiOutput } from \"~/pulumi/apps/api/index.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n\nexport function createPublicAppBucket(app: PulumiApp, name: string) {\n const bucket = app.addResource(aws.s3.Bucket, {\n name: name,\n config: {\n forceDestroy: true,\n website: {\n indexDocument: \"index.html\",\n errorDocument: \"_NOT_FOUND_PAGE_/index.html\"\n }\n }\n });\n\n const bucketOwnershipControls = app.addResource(aws.s3.BucketOwnershipControls, {\n name: `${name}-ownership-controls`,\n config: {\n bucket: bucket.output.id,\n rule: {\n objectOwnership: \"BucketOwnerPreferred\"\n }\n }\n });\n\n const bucketAcl = app.addResource(aws.s3.BucketAcl, {\n name: `${name}-acl`,\n config: {\n bucket: bucket.output.id,\n acl: aws.s3.CannedAcl.PublicRead\n },\n opts: {\n dependsOn: [bucketOwnershipControls.output]\n }\n });\n\n const origin: aws.types.input.cloudfront.DistributionOrigin = {\n originId: bucket.output.arn,\n domainName: bucket.output.websiteEndpoint,\n customOriginConfig: {\n originProtocolPolicy: \"http-only\",\n httpPort: 80,\n httpsPort: 443,\n originSslProtocols: [\"TLSv1.2\"]\n }\n };\n\n return {\n bucket,\n bucketAcl,\n bucketOwnershipControls,\n origin\n };\n}\n\n// Forces S3 buckets to be available only through a cloudfront distribution.\n// Requires `ApiOutput` module to be loaded.\nexport function createPrivateAppBucket(app: PulumiApp, name: string) {\n const api = app.getModule(ApiOutput);\n\n const bucket = app.addResource(aws.s3.Bucket, {\n name: name,\n config: {\n forceDestroy: true\n }\n });\n\n const bucketOwnershipControls = app.addResource(aws.s3.BucketOwnershipControls, {\n name: `${name}-ownership-controls`,\n config: {\n bucket: bucket.output.id,\n rule: {\n objectOwnership: \"BucketOwnerPreferred\"\n }\n }\n });\n\n const bucketAcl = app.addResource(aws.s3.BucketAcl, {\n name: `${name}-acl`,\n config: {\n bucket: bucket.output.id,\n acl: aws.s3.CannedAcl.Private\n },\n opts: {\n dependsOn: [bucketOwnershipControls.output]\n }\n });\n\n // Origin Identity is a kind of AWS user that represents Cloudfront distribution\n // We can add IAM policies to it later, to allow accessing private S3 bucket\n const originIdentity = app.addResource(aws.cloudfront.OriginAccessIdentity, {\n name: `${name}-origin-identity`,\n config: {}\n });\n\n const origin: aws.types.input.cloudfront.DistributionOrigin = {\n originId: bucket.output.arn,\n domainName: bucket.output.bucket.apply(\n // We need to create a regional domain name. Otherwise, we'll run into the following issue:\n // https://aws.amazon.com/premiumsupport/knowledge-center/s3-http-307-response/\n name => `${name}.s3.${getEnvVariableAwsRegion()}.amazonaws.com`\n ),\n s3OriginConfig: {\n originAccessIdentity: originIdentity.output.cloudfrontAccessIdentityPath\n }\n };\n\n // block any public access\n const bucketPublicAccessBlock = app.addResource(aws.s3.BucketPublicAccessBlock, {\n name: `${name}-bucket-block-access`,\n config: {\n bucket: bucket.output.id,\n blockPublicAcls: true,\n blockPublicPolicy: true,\n ignorePublicAcls: true,\n restrictPublicBuckets: true\n }\n });\n\n // Create an IAM policy to allow access to S3 bucket from cloudfront\n const bucketPolicy = app.addResource(aws.s3.BucketPolicy, {\n name: `${name}-bucket-policy`,\n config: {\n bucket: bucket.output.bucket,\n policy: {\n Version: \"2012-10-17\",\n Statement: bucket.output.arn.apply(arn => {\n const statements: aws.iam.PolicyStatement[] = [\n {\n Effect: \"Allow\",\n Principal: { AWS: originIdentity.output.iamArn },\n // we need GetObject to retrieve objects from S3\n // and ListBucket allows to properly handle non-existing files (404)\n Action: [\"s3:ListBucket\", \"s3:GetObject\"],\n Resource: [`${arn}`, `${arn}/*`]\n },\n {\n Effect: \"Allow\",\n Principal: {\n AWS: api.graphqlLambdaRole\n },\n Action: [\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\"\n ],\n Resource: [`${arn}`, `${arn}/*`]\n }\n ];\n\n return statements;\n })\n }\n }\n });\n\n return {\n bucket,\n bucketOwnershipControls,\n bucketAcl,\n originIdentity,\n origin,\n bucketPublicAccessBlock,\n bucketPolicy\n };\n}\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAElC,SAASC,SAAS;AAClB,SAASC,uBAAuB;AAEhC,OAAO,SAASC,qBAAqBA,CAACC,GAAc,EAAEC,IAAY,EAAE;EAChE,MAAMC,MAAM,GAAGF,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACC,MAAM,EAAE;IAC1CJ,IAAI,EAAEA,IAAI;IACVK,MAAM,EAAE;MACJC,YAAY,EAAE,IAAI;MAClBC,OAAO,EAAE;QACLC,aAAa,EAAE,YAAY;QAC3BC,aAAa,EAAE;MACnB;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMC,uBAAuB,GAAGX,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACQ,uBAAuB,EAAE;IAC5EX,IAAI,EAAE,GAAGA,IAAI,qBAAqB;IAClCK,MAAM,EAAE;MACJJ,MAAM,EAAEA,MAAM,CAACW,MAAM,CAACC,EAAE;MACxBC,IAAI,EAAE;QACFC,eAAe,EAAE;MACrB;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMC,SAAS,GAAGjB,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACc,SAAS,EAAE;IAChDjB,IAAI,EAAE,GAAGA,IAAI,MAAM;IACnBK,MAAM,EAAE;MACJJ,MAAM,EAAEA,MAAM,CAACW,MAAM,CAACC,EAAE;MACxBK,GAAG,EAAEvB,GAAG,CAACQ,EAAE,CAACgB,SAAS,CAACC;IAC1B,CAAC;IACDC,IAAI,EAAE;MACFC,SAAS,EAAE,CAACZ,uBAAuB,CAACE,MAAM;IAC9C;EACJ,CAAC,CAAC;EAEF,MAAMW,MAAqD,GAAG;IAC1DC,QAAQ,EAAEvB,MAAM,CAACW,MAAM,CAACa,GAAG;IAC3BC,UAAU,EAAEzB,MAAM,CAACW,MAAM,CAACe,eAAe;IACzCC,kBAAkB,EAAE;MAChBC,oBAAoB,EAAE,WAAW;MACjCC,QAAQ,EAAE,EAAE;MACZC,SAAS,EAAE,GAAG;MACdC,kBAAkB,EAAE,CAAC,SAAS;IAClC;EACJ,CAAC;EAED,OAAO;IACH/B,MAAM;IACNe,SAAS;IACTN,uBAAuB;IACvBa;EACJ,CAAC;AACL;;AAEA;AACA;AACA,OAAO,SAASU,sBAAsBA,CAAClC,GAAc,EAAEC,IAAY,EAAE;EACjE,MAAMkC,GAAG,GAAGnC,GAAG,CAACoC,SAAS,CAACvC,SAAS,CAAC;EAEpC,MAAMK,MAAM,GAAGF,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACC,MAAM,EAAE;IAC1CJ,IAAI,EAAEA,IAAI;IACVK,MAAM,EAAE;MACJC,YAAY,EAAE;IAClB;EACJ,CAAC,CAAC;EAEF,MAAMI,uBAAuB,GAAGX,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACQ,uBAAuB,EAAE;IAC5EX,IAAI,EAAE,GAAGA,IAAI,qBAAqB;IAClCK,MAAM,EAAE;MACJJ,MAAM,EAAEA,MAAM,CAACW,MAAM,CAACC,EAAE;MACxBC,IAAI,EAAE;QACFC,eAAe,EAAE;MACrB;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMC,SAAS,GAAGjB,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACc,SAAS,EAAE;IAChDjB,IAAI,EAAE,GAAGA,IAAI,MAAM;IACnBK,MAAM,EAAE;MACJJ,MAAM,EAAEA,MAAM,CAACW,MAAM,CAACC,EAAE;MACxBK,GAAG,EAAEvB,GAAG,CAACQ,EAAE,CAACgB,SAAS,CAACiB;IAC1B,CAAC;IACDf,IAAI,EAAE;MACFC,SAAS,EAAE,CAACZ,uBAAuB,CAACE,MAAM;IAC9C;EACJ,CAAC,CAAC;;EAEF;EACA;EACA,MAAMyB,cAAc,GAAGtC,GAAG,CAACG,WAAW,CAACP,GAAG,CAAC2C,UAAU,CAACC,oBAAoB,EAAE;IACxEvC,IAAI,EAAE,GAAGA,IAAI,kBAAkB;IAC/BK,MAAM,EAAE,CAAC;EACb,CAAC,CAAC;EAEF,MAAMkB,MAAqD,GAAG;IAC1DC,QAAQ,EAAEvB,MAAM,CAACW,MAAM,CAACa,GAAG;IAC3BC,UAAU,EAAEzB,MAAM,CAACW,MAAM,CAACX,MAAM,CAACuC,KAAK;IAClC;IACA;IACAxC,IAAI,IAAI,GAAGA,IAAI,OAAOH,uBAAuB,CAAC,CAAC,gBACnD,CAAC;IACD4C,cAAc,EAAE;MACZC,oBAAoB,EAAEL,cAAc,CAACzB,MAAM,CAAC+B;IAChD;EACJ,CAAC;;EAED;EACA,MAAMC,uBAAuB,GAAG7C,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAAC0C,uBAAuB,EAAE;IAC5E7C,IAAI,EAAE,GAAGA,IAAI,sBAAsB;IACnCK,MAAM,EAAE;MACJJ,MAAM,EAAEA,MAAM,CAACW,MAAM,CAACC,EAAE;MACxBiC,eAAe,EAAE,IAAI;MACrBC,iBAAiB,EAAE,IAAI;MACvBC,gBAAgB,EAAE,IAAI;MACtBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC,CAAC;;EAEF;EACA,MAAMC,YAAY,GAAGnD,GAAG,CAACG,WAAW,CAACP,GAAG,CAACQ,EAAE,CAACgD,YAAY,EAAE;IACtDnD,IAAI,EAAE,GAAGA,IAAI,gBAAgB;IAC7BK,MAAM,EAAE;MACJJ,MAAM,EAAEA,MAAM,CAACW,MAAM,CAACX,MAAM;MAC5BmD,MAAM,EAAE;QACJC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAErD,MAAM,CAACW,MAAM,CAACa,GAAG,CAACe,KAAK,CAACf,GAAG,IAAI;UACtC,MAAM8B,UAAqC,GAAG,CAC1C;YACIC,MAAM,EAAE,OAAO;YACfC,SAAS,EAAE;cAAEC,GAAG,EAAErB,cAAc,CAACzB,MAAM,CAAC+C;YAAO,CAAC;YAChD;YACA;YACAC,MAAM,EAAE,CAAC,eAAe,EAAE,cAAc,CAAC;YACzCC,QAAQ,EAAE,CAAC,GAAGpC,GAAG,EAAE,EAAE,GAAGA,GAAG,IAAI;UACnC,CAAC,EACD;YACI+B,MAAM,EAAE,OAAO;YACfC,SAAS,EAAE;cACPC,GAAG,EAAExB,GAAG,CAAC4B;YACb,CAAC;YACDF,MAAM,EAAE,CACJ,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,eAAe,CAClB;YACDC,QAAQ,EAAE,CAAC,GAAGpC,GAAG,EAAE,EAAE,GAAGA,GAAG,IAAI;UACnC,CAAC,CACJ;UAED,OAAO8B,UAAU;QACrB,CAAC;MACL;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHtD,MAAM;IACNS,uBAAuB;IACvBM,SAAS;IACTqB,cAAc;IACdd,MAAM;IACNqB,uBAAuB;IACvBM;EACJ,CAAC;AACL","ignoreList":[]}
package/pulumi/apps/react/createReactPulumiApp.d.ts CHANGED
@@ -23,6 +23,8 @@ export interface CreateReactPulumiAppParams {
23
23
  export declare const createReactPulumiApp: (projectAppParams: CreateReactPulumiAppParams) => import("@webiny/pulumi").PulumiApp<{
24
24
  cloudfront: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/distribution.js").Distribution>;
25
25
  bucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket.js").Bucket>;
26
+ bucketOwnershipControls: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketOwnershipControls.js").BucketOwnershipControls>;
27
+ bucketAcl: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketAcl.js").BucketAcl>;
26
28
  originIdentity: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/originAccessIdentity.js").OriginAccessIdentity>;
27
29
  origin: aws.types.input.cloudfront.DistributionOrigin;
28
30
  bucketPublicAccessBlock: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPublicAccessBlock.js").BucketPublicAccessBlock>;