@webiny/project-aws 6.0.0-rc.5 → 6.0.0-rc.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/_templates/extensions/OpenSearch/coreDdbToEsHandler/dynamoToElastic/webiny.config.ts +2 -2
  2. package/apps/createCoreApp.d.ts +0 -1
  3. package/package.json +14 -14
  4. package/pulumi/apps/api/ApiGraphql.js +1 -1
  5. package/pulumi/apps/api/ApiGraphql.js.map +1 -1
  6. package/pulumi/apps/api/ApiMigration.js +0 -1
  7. package/pulumi/apps/api/ApiMigration.js.map +1 -1
  8. package/pulumi/apps/api/createApiPulumiApp.js +0 -2
  9. package/pulumi/apps/api/createApiPulumiApp.js.map +1 -1
  10. package/pulumi/apps/common/CoreOutput.d.ts +0 -4
  11. package/pulumi/apps/common/CoreOutput.js +0 -4
  12. package/pulumi/apps/common/CoreOutput.js.map +1 -1
  13. package/pulumi/apps/core/CoreOpenSearch.js +1 -4
  14. package/pulumi/apps/core/CoreOpenSearch.js.map +1 -1
  15. package/pulumi/apps/core/createCorePulumiApp.d.ts +0 -1
  16. package/pulumi/apps/core/createCorePulumiApp.js +0 -9
  17. package/pulumi/apps/core/createCorePulumiApp.js.map +1 -1
  18. package/pulumi/types.d.ts +0 -4
  19. package/pulumi/types.js.map +1 -1
  20. package/pulumi/apps/core/LogDynamo.d.ts +0 -5
  21. package/pulumi/apps/core/LogDynamo.js +0 -122
  22. package/pulumi/apps/core/LogDynamo.js.map +0 -1
package/_templates/extensions/OpenSearch/coreDdbToEsHandler/dynamoToElastic/webiny.config.ts CHANGED
@@ -2,7 +2,7 @@ import { createBuildFunction, createWatchFunction } from "@webiny/build-tools";
2
2
 
3
3
  export default {
4
4
  commands: {
5
- build: createBuildFunction({ cwd: import.meta.__dirname }),
6
- watch: createWatchFunction({ cwd: import.meta.__dirname })
5
+ build: createBuildFunction({ cwd: import.meta.dirname }),
6
+ watch: createWatchFunction({ cwd: import.meta.dirname })
7
7
  }
8
8
  };
package/apps/createCoreApp.d.ts CHANGED
@@ -20,7 +20,6 @@ export declare function createCoreApp(): {
20
20
  userPool: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/cognito/userPool").UserPool>;
21
21
  userPoolClient: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/cognito/userPoolClient").UserPoolClient>;
22
22
  dynamoDbTable: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/table").Table>;
23
- logDynamoDbTable: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/table").Table>;
24
23
  vpc: {
25
24
  vpc: import("@webiny/pulumi/PulumiAppResource").PulumiAppResource<typeof import("@pulumi/aws/ec2/vpc").Vpc>;
26
25
  subnets: {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@webiny/project-aws",
3
- "version": "6.0.0-rc.5",
3
+ "version": "6.0.0-rc.6",
4
4
  "type": "module",
5
5
  "main": "./index.js",
6
6
  "repository": {
@@ -15,18 +15,18 @@
15
15
  "directory": "dist"
16
16
  },
17
17
  "dependencies": {
18
- "@pulumi/aws": "^7.20.0",
19
- "@pulumi/pulumi": "^3.223.0",
18
+ "@pulumi/aws": "^7.21.0",
19
+ "@pulumi/pulumi": "^3.225.1",
20
20
  "@pulumi/random": "4.19.1",
21
- "@webiny/api-headless-cms": "6.0.0-rc.5",
22
- "@webiny/aws-layers": "6.0.0-rc.5",
23
- "@webiny/aws-sdk": "6.0.0-rc.5",
24
- "@webiny/cli-core": "6.0.0-rc.5",
25
- "@webiny/data-migration": "6.0.0-rc.5",
26
- "@webiny/mcp": "6.0.0-rc.5",
27
- "@webiny/project": "6.0.0-rc.5",
28
- "@webiny/pulumi": "6.0.0-rc.5",
29
- "@webiny/utils": "6.0.0-rc.5",
21
+ "@webiny/api-headless-cms": "6.0.0-rc.6",
22
+ "@webiny/aws-layers": "6.0.0-rc.6",
23
+ "@webiny/aws-sdk": "6.0.0-rc.6",
24
+ "@webiny/cli-core": "6.0.0-rc.6",
25
+ "@webiny/data-migration": "6.0.0-rc.6",
26
+ "@webiny/mcp": "6.0.0-rc.6",
27
+ "@webiny/project": "6.0.0-rc.6",
28
+ "@webiny/pulumi": "6.0.0-rc.6",
29
+ "@webiny/utils": "6.0.0-rc.6",
30
30
  "chalk": "4.1.2",
31
31
  "find-up": "5.0.0",
32
32
  "invariant": "2.2.4",
@@ -39,7 +39,7 @@
39
39
  "devDependencies": {
40
40
  "@types/lodash": "4.17.24",
41
41
  "@types/ncp": "2.0.8",
42
- "@webiny/build-tools": "6.0.0-rc.5",
42
+ "@webiny/build-tools": "6.0.0-rc.6",
43
43
  "typescript": "5.9.3"
44
44
  },
45
45
  "adio": {
@@ -57,5 +57,5 @@
57
57
  ]
58
58
  }
59
59
  },
60
- "gitHead": "8f9b60f1193682a21e037e6f771b19f1dfd65045"
60
+ "gitHead": "a2a076532809feabf674a6873464f09071d86c72"
61
61
  }
package/pulumi/apps/api/ApiGraphql.js CHANGED
@@ -118,7 +118,7 @@ function createGraphqlLambdaPolicy(app) {
118
118
  Sid: "PermissionForDynamodb",
119
119
  Effect: "Allow",
120
120
  Action: ["dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:ConditionCheckItem", "dynamodb:CreateBackup", "dynamodb:CreateTable", "dynamodb:CreateTableReplica", "dynamodb:DeleteBackup", "dynamodb:DeleteItem", "dynamodb:DeleteTable", "dynamodb:DeleteTableReplica", "dynamodb:DescribeBackup", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeContributorInsights", "dynamodb:DescribeExport", "dynamodb:DescribeKinesisStreamingDestination", "dynamodb:DescribeLimits", "dynamodb:DescribeReservedCapacity", "dynamodb:DescribeReservedCapacityOfferings", "dynamodb:DescribeStream", "dynamodb:DescribeTable", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "dynamodb:DisableKinesisStreamingDestination", "dynamodb:EnableKinesisStreamingDestination", "dynamodb:ExportTableToPointInTime", "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListBackups", "dynamodb:ListContributorInsights", "dynamodb:ListExports", "dynamodb:ListStreams", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLSelect", "dynamodb:PartiQLUpdate", "dynamodb:PurchaseReservedCapacityOfferings", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:RestoreTableFromBackup", "dynamodb:RestoreTableToPointInTime", "dynamodb:Scan", "dynamodb:UpdateContinuousBackups", "dynamodb:UpdateContributorInsights", "dynamodb:UpdateItem", "dynamodb:UpdateTable", "dynamodb:UpdateTableReplicaAutoScaling", "dynamodb:UpdateTimeToLive"],
121
- Resource: [`${core.primaryDynamodbTableArn}`, `${core.primaryDynamodbTableArn}/*`, `${core.logDynamodbTableArn}`, `${core.logDynamodbTableArn}/*`, `${core.auditLogsDynamodbTableArn}`, `${core.auditLogsDynamodbTableArn}/*`,
121
+ Resource: [`${core.primaryDynamodbTableArn}`, `${core.primaryDynamodbTableArn}/*`, `${core.auditLogsDynamodbTableArn}`, `${core.auditLogsDynamodbTableArn}/*`,
122
122
  // Attach permissions for elastic search dynamo as well (if ES is enabled).
123
123
  ...(core.opensearchDynamodbTableArn ? [`${core.opensearchDynamodbTableArn}`, `${core.opensearchDynamodbTableArn}/*`] : [])]
124
124
  }, {
package/pulumi/apps/api/ApiGraphql.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["path","pulumi","aws","toKebabCase","createAppModule","createLambdaRole","getCommonLambdaEnvVariables","CoreOutput","VpcConfig","getAwsAccountId","getAwsRegion","LAMBDA_RUNTIME","EMPTY_TRASH_BIN_EVENT_RULE_NAME","EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME","EMPTY_TRASH_BIN_EVENT_RULE_TARGET","ApiGraphql","name","config","app","params","policy","createGraphqlLambdaPolicy","role","output","graphql","addResource","lambda","Function","description","runtime","handler","arn","timeout","memorySize","code","asset","AssetArchive","FileArchive","join","paths","workspace","environment","variables","apply","value","env","AWS_NODEJS_CONNECTION_REUSE_ENABLED","vpcConfig","getModule","functionVpcConfig","loggingConfig","logFormat","eventRule","cloudwatch","EventRule","scheduleExpression","Permission","action","function","principal","statementId","EventTarget","rule","input","JSON","stringify","source","functions","addRoute","routeParams","apiGateway","resources","console","log","kebabName","method","coreOutput","awsAccountId","awsRegion","iam","Policy","all","core","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","logDynamodbTableArn","auditLogsDynamodbTableArn","opensearchDynamodbTableArn","interpolate","fileManagerBucketId","cognitoUserPoolArn","eventBusArn","opensearchDomainArn"],"sources":["ApiGraphql.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport toKebabCase from \"lodash/kebabCase.js\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils.js\";\nimport { CoreOutput, VpcConfig } from \"~/pulumi/apps/index.js\";\nimport { getAwsAccountId, getAwsRegion } from \"../awsUtils.js\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\n\ninterface GraphqlParams {\n env: Record<string, any>;\n}\n\nexport interface AddRouteParams {\n /**\n * Must be in kebab case (a-z and -)\n */\n name: string;\n path: `/${string}`;\n method: \"DELETE\" | \"GET\" | \"HEAD\" | \"PATCH\" | \"POST\" | \"PUT\" | \"OPTIONS\" | \"ANY\";\n}\n\nconst EMPTY_TRASH_BIN_EVENT_RULE_NAME = `empty-trash-bin-event-rule`;\nconst EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME = `empty-trash-bin-event-target-permission`;\nconst EMPTY_TRASH_BIN_EVENT_RULE_TARGET = `empty-trash-bin-event-rule-target`;\n\nexport type ApiGraphql = PulumiAppModule<typeof ApiGraphql>;\n\nexport const ApiGraphql = createAppModule({\n name: \"ApiGraphql\",\n config(app: PulumiApp, params: GraphqlParams) {\n const policy = createGraphqlLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"api-lambda-role\",\n policy: policy.output\n });\n\n const graphql = app.addResource(aws.lambda.Function, {\n name: \"graphql\",\n config: {\n description: \"Webiny's GraphQL APIs\",\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n role: role.output.arn,\n timeout: 30,\n memorySize: 1024,\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"graphql/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n AWS_NODEJS_CONNECTION_REUSE_ENABLED: \"1\"\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig,\n loggingConfig: {\n logFormat: \"JSON\"\n }\n }\n });\n\n // Create event rule.\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: EMPTY_TRASH_BIN_EVENT_RULE_NAME,\n config: {\n description: \"Enable us to empty the trash-bin ever day\",\n scheduleExpression: \"cron(0 3 * * ? *)\"\n }\n });\n\n // Add required permission to the target lambda.\n app.addResource(aws.lambda.Permission, {\n name: EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME,\n config: {\n action: \"lambda:InvokeFunction\",\n function: graphql.output.arn,\n principal: \"events.amazonaws.com\",\n statementId: \"allow-rule-invoke-\" + EMPTY_TRASH_BIN_EVENT_RULE_NAME\n }\n });\n\n // Target the main graphql lambda.\n app.addResource(aws.cloudwatch.EventTarget, {\n name: EMPTY_TRASH_BIN_EVENT_RULE_TARGET,\n config: {\n rule: eventRule.output.name,\n arn: graphql.output.arn,\n input: JSON.stringify({\n source: \"webiny.events\",\n \"detail-type\": \"WebinyEmptyTrashBin\"\n })\n }\n });\n\n return {\n role,\n policy,\n functions: {\n graphql\n },\n addRoute: (routeParams: AddRouteParams) => {\n const apiGateway: any = app.resources.apiGateway;\n if (!apiGateway) {\n console.log(\n \"Could not add route because there is no apiGateway in the resources.\"\n );\n return;\n }\n const kebabName = toKebabCase(routeParams.name);\n if (kebabName !== routeParams.name) {\n console.log(`Route name is not allowed: \"${routeParams.name}\".`);\n return;\n }\n return apiGateway.addRoute(routeParams.name, {\n path: routeParams.path,\n method: routeParams.method,\n function: graphql.output.arn\n });\n }\n };\n }\n});\n\nfunction createGraphqlLambdaPolicy(app: PulumiApp) {\n const coreOutput = app.getModule(CoreOutput);\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApiGraphqlLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb, S3, Lambda and Cognito IDP\",\n // Core is pulumi.Output, so we need to run apply() to resolve policy based on it\n policy: pulumi.all([coreOutput]).apply(([core]) => {\n const policy: aws.iam.PolicyDocument = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:ConditionCheckItem\",\n \"dynamodb:CreateBackup\",\n \"dynamodb:CreateTable\",\n \"dynamodb:CreateTableReplica\",\n \"dynamodb:DeleteBackup\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:DeleteTable\",\n \"dynamodb:DeleteTableReplica\",\n \"dynamodb:DescribeBackup\",\n \"dynamodb:DescribeContinuousBackups\",\n \"dynamodb:DescribeContributorInsights\",\n \"dynamodb:DescribeExport\",\n \"dynamodb:DescribeKinesisStreamingDestination\",\n \"dynamodb:DescribeLimits\",\n \"dynamodb:DescribeReservedCapacity\",\n \"dynamodb:DescribeReservedCapacityOfferings\",\n \"dynamodb:DescribeStream\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:DescribeTableReplicaAutoScaling\",\n \"dynamodb:DescribeTimeToLive\",\n \"dynamodb:DisableKinesisStreamingDestination\",\n \"dynamodb:EnableKinesisStreamingDestination\",\n \"dynamodb:ExportTableToPointInTime\",\n \"dynamodb:GetItem\",\n \"dynamodb:GetRecords\",\n \"dynamodb:GetShardIterator\",\n \"dynamodb:ListBackups\",\n \"dynamodb:ListContributorInsights\",\n \"dynamodb:ListExports\",\n \"dynamodb:ListStreams\",\n \"dynamodb:ListTables\",\n \"dynamodb:ListTagsOfResource\",\n \"dynamodb:PartiQLDelete\",\n \"dynamodb:PartiQLInsert\",\n \"dynamodb:PartiQLSelect\",\n \"dynamodb:PartiQLUpdate\",\n \"dynamodb:PurchaseReservedCapacityOfferings\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:RestoreTableFromBackup\",\n \"dynamodb:RestoreTableToPointInTime\",\n \"dynamodb:Scan\",\n \"dynamodb:UpdateContinuousBackups\",\n \"dynamodb:UpdateContributorInsights\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:UpdateTable\",\n \"dynamodb:UpdateTableReplicaAutoScaling\",\n \"dynamodb:UpdateTimeToLive\"\n ],\n Resource: [\n `${core.primaryDynamodbTableArn}`,\n `${core.primaryDynamodbTableArn}/*`,\n `${core.logDynamodbTableArn}`,\n `${core.logDynamodbTableArn}/*`,\n `${core.auditLogsDynamodbTableArn}`,\n `${core.auditLogsDynamodbTableArn}/*`,\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n ...(core.opensearchDynamodbTableArn\n ? [\n `${core.opensearchDynamodbTableArn}`,\n `${core.opensearchDynamodbTableArn}/*`\n ]\n : [])\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:ListBucket\",\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`,\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}/*`\n ]\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:*`\n },\n {\n Sid: \"PermissionForCognitoIdp\",\n Effect: \"Allow\",\n Action: \"cognito-idp:*\",\n Resource: `${core.cognitoUserPoolArn}`\n },\n {\n Sid: \"PermissionForEventBus\",\n Effect: \"Allow\",\n Action: \"events:PutEvents\",\n Resource: core.eventBusArn\n },\n {\n Sid: \"PermissionForCloudfront\",\n Effect: \"Allow\",\n Action: \"cloudfront:CreateInvalidation\",\n Resource: pulumi.interpolate`arn:aws:cloudfront::${awsAccountId}:distribution/*`\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(core.opensearchDomainArn\n ? [\n {\n Sid: \"PermissionForOS\",\n Effect: \"Allow\" as const,\n Action: \"es:*\",\n Resource: [\n `${core.opensearchDomainArn}`,\n `${core.opensearchDomainArn}/*`\n ]\n }\n ]\n : [])\n ]\n };\n\n return policy;\n })\n }\n });\n}\n"],"mappings":"AAAA,OAAOA,IAAI,MAAM,MAAM;AACvB,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,GAAG,MAAM,aAAa;AAClC,OAAOC,WAAW,MAAM,qBAAqB;AAE7C,SAASC,eAAe,QAAQ,gBAAgB;AAChD,SAASC,gBAAgB,EAAEC,2BAA2B;AACtD,SAASC,UAAU,EAAEC,SAAS;AAC9B,SAASC,eAAe,EAAEC,YAAY;AACtC,SAASC,cAAc;AAevB,MAAMC,+BAA+B,GAAG,4BAA4B;AACpE,MAAMC,qCAAqC,GAAG,yCAAyC;AACvF,MAAMC,iCAAiC,GAAG,mCAAmC;AAI7E,OAAO,MAAMC,UAAU,GAAGX,eAAe,CAAC;EACtCY,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAc,EAAEC,MAAqB,EAAE;IAC1C,MAAMC,MAAM,GAAGC,yBAAyB,CAACH,GAAG,CAAC;IAC7C,MAAMI,IAAI,GAAGjB,gBAAgB,CAACa,GAAG,EAAE;MAC/BF,IAAI,EAAE,iBAAiB;MACvBI,MAAM,EAAEA,MAAM,CAACG;IACnB,CAAC,CAAC;IAEF,MAAMC,OAAO,GAAGN,GAAG,CAACO,WAAW,CAACvB,GAAG,CAACwB,MAAM,CAACC,QAAQ,EAAE;MACjDX,IAAI,EAAE,SAAS;MACfC,MAAM,EAAE;QACJW,WAAW,EAAE,uBAAuB;QACpCC,OAAO,EAAElB,cAAc;QACvBmB,OAAO,EAAE,iBAAiB;QAC1BR,IAAI,EAAEA,IAAI,CAACC,MAAM,CAACQ,GAAG;QACrBC,OAAO,EAAE,EAAE;QACXC,UAAU,EAAE,IAAI;QAChBC,IAAI,EAAE,IAAIjC,MAAM,CAACkC,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAInC,MAAM,CAACkC,KAAK,CAACE,WAAW,CAC7BrC,IAAI,CAACsC,IAAI,CAACpB,GAAG,CAACqB,KAAK,CAACC,SAAS,EAAE,eAAe,CAClD;QACJ,CAAC,CAAC;QACFC,WAAW,EAAE;UACTC,SAAS,EAAEpC,2BAA2B,CAAC,CAAC,CAACqC,KAAK,CAACC,KAAK,KAAK;YACrD,GAAGA,KAAK;YACR,GAAGzB,MAAM,CAAC0B,GAAG;YACbC,mCAAmC,EAAE;UACzC,CAAC,CAAC;QACN,CAAC;QACDC,SAAS,EAAE7B,GAAG,CAAC8B,SAAS,CAACxC,SAAS,CAAC,CAACyC,iBAAiB;QACrDC,aAAa,EAAE;UACXC,SAAS,EAAE;QACf;MACJ;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMC,SAAS,GAAGlC,GAAG,CAACO,WAAW,CAACvB,GAAG,CAACmD,UAAU,CAACC,SAAS,EAAE;MACxDtC,IAAI,EAAEJ,+BAA+B;MACrCK,MAAM,EAAE;QACJW,WAAW,EAAE,2CAA2C;QACxD2B,kBAAkB,EAAE;MACxB;IACJ,CAAC,CAAC;;IAEF;IACArC,GAAG,CAACO,WAAW,CAACvB,GAAG,CAACwB,MAAM,CAAC8B,UAAU,EAAE;MACnCxC,IAAI,EAAEH,qCAAqC;MAC3CI,MAAM,EAAE;QACJwC,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAElC,OAAO,CAACD,MAAM,CAACQ,GAAG;QAC5B4B,SAAS,EAAE,sBAAsB;QACjCC,WAAW,EAAE,oBAAoB,GAAGhD;MACxC;IACJ,CAAC,CAAC;;IAEF;IACAM,GAAG,CAACO,WAAW,CAACvB,GAAG,CAACmD,UAAU,CAACQ,WAAW,EAAE;MACxC7C,IAAI,EAAEF,iCAAiC;MACvCG,MAAM,EAAE;QACJ6C,IAAI,EAAEV,SAAS,CAAC7B,MAAM,CAACP,IAAI;QAC3Be,GAAG,EAAEP,OAAO,CAACD,MAAM,CAACQ,GAAG;QACvBgC,KAAK,EAAEC,IAAI,CAACC,SAAS,CAAC;UAClBC,MAAM,EAAE,eAAe;UACvB,aAAa,EAAE;QACnB,CAAC;MACL;IACJ,CAAC,CAAC;IAEF,OAAO;MACH5C,IAAI;MACJF,MAAM;MACN+C,SAAS,EAAE;QACP3C;MACJ,CAAC;MACD4C,QAAQ,EAAGC,WAA2B,IAAK;QACvC,MAAMC,UAAe,GAAGpD,GAAG,CAACqD,SAAS,CAACD,UAAU;QAChD,IAAI,CAACA,UAAU,EAAE;UACbE,OAAO,CAACC,GAAG,CACP,sEACJ,CAAC;UACD;QACJ;QACA,MAAMC,SAAS,GAAGvE,WAAW,CAACkE,WAAW,CAACrD,IAAI,CAAC;QAC/C,IAAI0D,SAAS,KAAKL,WAAW,CAACrD,IAAI,EAAE;UAChCwD,OAAO,CAACC,GAAG,CAAC,+BAA+BJ,WAAW,CAACrD,IAAI,IAAI,CAAC;UAChE;QACJ;QACA,OAAOsD,UAAU,CAACF,QAAQ,CAACC,WAAW,CAACrD,IAAI,EAAE;UACzChB,IAAI,EAAEqE,WAAW,CAACrE,IAAI;UACtB2E,MAAM,EAAEN,WAAW,CAACM,MAAM;UAC1BjB,QAAQ,EAAElC,OAAO,CAACD,MAAM,CAACQ;QAC7B,CAAC,CAAC;MACN;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASV,yBAAyBA,CAACH,GAAc,EAAE;EAC/C,MAAM0D,UAAU,GAAG1D,GAAG,CAAC8B,SAAS,CAACzC,UAAU,CAAC;EAC5C,MAAMsE,YAAY,GAAGpE,eAAe,CAACS,GAAG,CAAC;EACzC,MAAM4D,SAAS,GAAGpE,YAAY,CAACQ,GAAG,CAAC;EAEnC,OAAOA,GAAG,CAACO,WAAW,CAACvB,GAAG,CAAC6E,GAAG,CAACC,MAAM,EAAE;IACnChE,IAAI,EAAE,wBAAwB;IAC9BC,MAAM,EAAE;MACJW,WAAW,EAAE,oEAAoE;MACjF;MACAR,MAAM,EAAEnB,MAAM,CAACgF,GAAG,CAAC,CAACL,UAAU,CAAC,CAAC,CAACjC,KAAK,CAAC,CAAC,CAACuC,IAAI,CAAC,KAAK;QAC/C,MAAM9D,MAA8B,GAAG;UACnC+D,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,GAAG,EAAE,uBAAuB;YAC5BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,EACtB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,6BAA6B,EAC7B,yBAAyB,EACzB,oCAAoC,EACpC,sCAAsC,EACtC,yBAAyB,EACzB,8CAA8C,EAC9C,yBAAyB,EACzB,mCAAmC,EACnC,4CAA4C,EAC5C,yBAAyB,EACzB,wBAAwB,EACxB,0CAA0C,EAC1C,6BAA6B,EAC7B,6CAA6C,EAC7C,4CAA4C,EAC5C,mCAAmC,EACnC,kBAAkB,EAClB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,kCAAkC,EAClC,sBAAsB,EACtB,sBAAsB,EACtB,qBAAqB,EACrB,6BAA6B,EAC7B,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,4CAA4C,EAC5C,kBAAkB,EAClB,gBAAgB,EAChB,iCAAiC,EACjC,oCAAoC,EACpC,eAAe,EACf,kCAAkC,EAClC,oCAAoC,EACpC,qBAAqB,EACrB,sBAAsB,EACtB,wCAAwC,EACxC,2BAA2B,CAC9B;YACDC,QAAQ,EAAE,CACN,GAAGN,IAAI,CAACO,uBAAuB,EAAE,EACjC,GAAGP,IAAI,CAACO,uBAAuB,IAAI,EACnC,GAAGP,IAAI,CAACQ,mBAAmB,EAAE,EAC7B,GAAGR,IAAI,CAACQ,mBAAmB,IAAI,EAC/B,GAAGR,IAAI,CAACS,yBAAyB,EAAE,EACnC,GAAGT,IAAI,CAACS,yBAAyB,IAAI;YACrC;YACA,IAAIT,IAAI,CAACU,0BAA0B,GAC7B,CACI,GAAGV,IAAI,CAACU,0BAA0B,EAAE,EACpC,GAAGV,IAAI,CAACU,0BAA0B,IAAI,CACzC,GACD,EAAE,CAAC;UAEjB,CAAC,EACD;YACIP,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,cAAc,CACjB;YACDC,QAAQ,EAAE,CACNvF,MAAM,CAAC4F,WAAW,gBAAgBX,IAAI,CAACY,mBAAmB,EAAE,EAC5D7F,MAAM,CAAC4F,WAAW,gBAAgBX,IAAI,CAACY,mBAAmB,IAAI;UAEtE,CAAC,EACD;YACIT,GAAG,EAAE,qBAAqB;YAC1BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CAAC,uBAAuB,CAAC;YACjCC,QAAQ,EAAEvF,MAAM,CAAC4F,WAAW,kBAAkBf,SAAS,IAAID,YAAY;UAC3E,CAAC,EACD;YACIQ,GAAG,EAAE,yBAAyB;YAC9BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,eAAe;YACvBC,QAAQ,EAAE,GAAGN,IAAI,CAACa,kBAAkB;UACxC,CAAC,EACD;YACIV,GAAG,EAAE,uBAAuB;YAC5BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,kBAAkB;YAC1BC,QAAQ,EAAEN,IAAI,CAACc;UACnB,CAAC,EACD;YACIX,GAAG,EAAE,yBAAyB;YAC9BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,+BAA+B;YACvCC,QAAQ,EAAEvF,MAAM,CAAC4F,WAAW,uBAAuBhB,YAAY;UACnE,CAAC;UACD;UACA,IAAIK,IAAI,CAACe,mBAAmB,GACtB,CACI;YACIZ,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAgB;YACxBC,MAAM,EAAE,MAAM;YACdC,QAAQ,EAAE,CACN,GAAGN,IAAI,CAACe,mBAAmB,EAAE,EAC7B,GAAGf,IAAI,CAACe,mBAAmB,IAAI;UAEvC,CAAC,CACJ,GACD,EAAE,CAAC;QAEjB,CAAC;QAED,OAAO7E,MAAM;MACjB,CAAC;IACL;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
1
+ {"version":3,"names":["path","pulumi","aws","toKebabCase","createAppModule","createLambdaRole","getCommonLambdaEnvVariables","CoreOutput","VpcConfig","getAwsAccountId","getAwsRegion","LAMBDA_RUNTIME","EMPTY_TRASH_BIN_EVENT_RULE_NAME","EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME","EMPTY_TRASH_BIN_EVENT_RULE_TARGET","ApiGraphql","name","config","app","params","policy","createGraphqlLambdaPolicy","role","output","graphql","addResource","lambda","Function","description","runtime","handler","arn","timeout","memorySize","code","asset","AssetArchive","FileArchive","join","paths","workspace","environment","variables","apply","value","env","AWS_NODEJS_CONNECTION_REUSE_ENABLED","vpcConfig","getModule","functionVpcConfig","loggingConfig","logFormat","eventRule","cloudwatch","EventRule","scheduleExpression","Permission","action","function","principal","statementId","EventTarget","rule","input","JSON","stringify","source","functions","addRoute","routeParams","apiGateway","resources","console","log","kebabName","method","coreOutput","awsAccountId","awsRegion","iam","Policy","all","core","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","auditLogsDynamodbTableArn","opensearchDynamodbTableArn","interpolate","fileManagerBucketId","cognitoUserPoolArn","eventBusArn","opensearchDomainArn"],"sources":["ApiGraphql.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport toKebabCase from \"lodash/kebabCase.js\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils.js\";\nimport { CoreOutput, VpcConfig } from \"~/pulumi/apps/index.js\";\nimport { getAwsAccountId, getAwsRegion } from \"../awsUtils.js\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\n\ninterface GraphqlParams {\n env: Record<string, any>;\n}\n\nexport interface AddRouteParams {\n /**\n * Must be in kebab case (a-z and -)\n */\n name: string;\n path: `/${string}`;\n method: \"DELETE\" | \"GET\" | \"HEAD\" | \"PATCH\" | \"POST\" | \"PUT\" | \"OPTIONS\" | \"ANY\";\n}\n\nconst EMPTY_TRASH_BIN_EVENT_RULE_NAME = `empty-trash-bin-event-rule`;\nconst EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME = `empty-trash-bin-event-target-permission`;\nconst EMPTY_TRASH_BIN_EVENT_RULE_TARGET = `empty-trash-bin-event-rule-target`;\n\nexport type ApiGraphql = PulumiAppModule<typeof ApiGraphql>;\n\nexport const ApiGraphql = createAppModule({\n name: \"ApiGraphql\",\n config(app: PulumiApp, params: GraphqlParams) {\n const policy = createGraphqlLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"api-lambda-role\",\n policy: policy.output\n });\n\n const graphql = app.addResource(aws.lambda.Function, {\n name: \"graphql\",\n config: {\n description: \"Webiny's GraphQL APIs\",\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n role: role.output.arn,\n timeout: 30,\n memorySize: 1024,\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"graphql/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n AWS_NODEJS_CONNECTION_REUSE_ENABLED: \"1\"\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig,\n loggingConfig: {\n logFormat: \"JSON\"\n }\n }\n });\n\n // Create event rule.\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: EMPTY_TRASH_BIN_EVENT_RULE_NAME,\n config: {\n description: \"Enable us to empty the trash-bin ever day\",\n scheduleExpression: \"cron(0 3 * * ? *)\"\n }\n });\n\n // Add required permission to the target lambda.\n app.addResource(aws.lambda.Permission, {\n name: EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME,\n config: {\n action: \"lambda:InvokeFunction\",\n function: graphql.output.arn,\n principal: \"events.amazonaws.com\",\n statementId: \"allow-rule-invoke-\" + EMPTY_TRASH_BIN_EVENT_RULE_NAME\n }\n });\n\n // Target the main graphql lambda.\n app.addResource(aws.cloudwatch.EventTarget, {\n name: EMPTY_TRASH_BIN_EVENT_RULE_TARGET,\n config: {\n rule: eventRule.output.name,\n arn: graphql.output.arn,\n input: JSON.stringify({\n source: \"webiny.events\",\n \"detail-type\": \"WebinyEmptyTrashBin\"\n })\n }\n });\n\n return {\n role,\n policy,\n functions: {\n graphql\n },\n addRoute: (routeParams: AddRouteParams) => {\n const apiGateway: any = app.resources.apiGateway;\n if (!apiGateway) {\n console.log(\n \"Could not add route because there is no apiGateway in the resources.\"\n );\n return;\n }\n const kebabName = toKebabCase(routeParams.name);\n if (kebabName !== routeParams.name) {\n console.log(`Route name is not allowed: \"${routeParams.name}\".`);\n return;\n }\n return apiGateway.addRoute(routeParams.name, {\n path: routeParams.path,\n method: routeParams.method,\n function: graphql.output.arn\n });\n }\n };\n }\n});\n\nfunction createGraphqlLambdaPolicy(app: PulumiApp) {\n const coreOutput = app.getModule(CoreOutput);\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApiGraphqlLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb, S3, Lambda and Cognito IDP\",\n // Core is pulumi.Output, so we need to run apply() to resolve policy based on it\n policy: pulumi.all([coreOutput]).apply(([core]) => {\n const policy: aws.iam.PolicyDocument = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:ConditionCheckItem\",\n \"dynamodb:CreateBackup\",\n \"dynamodb:CreateTable\",\n \"dynamodb:CreateTableReplica\",\n \"dynamodb:DeleteBackup\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:DeleteTable\",\n \"dynamodb:DeleteTableReplica\",\n \"dynamodb:DescribeBackup\",\n \"dynamodb:DescribeContinuousBackups\",\n \"dynamodb:DescribeContributorInsights\",\n \"dynamodb:DescribeExport\",\n \"dynamodb:DescribeKinesisStreamingDestination\",\n \"dynamodb:DescribeLimits\",\n \"dynamodb:DescribeReservedCapacity\",\n \"dynamodb:DescribeReservedCapacityOfferings\",\n \"dynamodb:DescribeStream\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:DescribeTableReplicaAutoScaling\",\n \"dynamodb:DescribeTimeToLive\",\n \"dynamodb:DisableKinesisStreamingDestination\",\n \"dynamodb:EnableKinesisStreamingDestination\",\n \"dynamodb:ExportTableToPointInTime\",\n \"dynamodb:GetItem\",\n \"dynamodb:GetRecords\",\n \"dynamodb:GetShardIterator\",\n \"dynamodb:ListBackups\",\n \"dynamodb:ListContributorInsights\",\n \"dynamodb:ListExports\",\n \"dynamodb:ListStreams\",\n \"dynamodb:ListTables\",\n \"dynamodb:ListTagsOfResource\",\n \"dynamodb:PartiQLDelete\",\n \"dynamodb:PartiQLInsert\",\n \"dynamodb:PartiQLSelect\",\n \"dynamodb:PartiQLUpdate\",\n \"dynamodb:PurchaseReservedCapacityOfferings\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:RestoreTableFromBackup\",\n \"dynamodb:RestoreTableToPointInTime\",\n \"dynamodb:Scan\",\n \"dynamodb:UpdateContinuousBackups\",\n \"dynamodb:UpdateContributorInsights\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:UpdateTable\",\n \"dynamodb:UpdateTableReplicaAutoScaling\",\n \"dynamodb:UpdateTimeToLive\"\n ],\n Resource: [\n `${core.primaryDynamodbTableArn}`,\n `${core.primaryDynamodbTableArn}/*`,\n `${core.auditLogsDynamodbTableArn}`,\n `${core.auditLogsDynamodbTableArn}/*`,\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n ...(core.opensearchDynamodbTableArn\n ? [\n `${core.opensearchDynamodbTableArn}`,\n `${core.opensearchDynamodbTableArn}/*`\n ]\n : [])\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:ListBucket\",\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`,\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}/*`\n ]\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:*`\n },\n {\n Sid: \"PermissionForCognitoIdp\",\n Effect: \"Allow\",\n Action: \"cognito-idp:*\",\n Resource: `${core.cognitoUserPoolArn}`\n },\n {\n Sid: \"PermissionForEventBus\",\n Effect: \"Allow\",\n Action: \"events:PutEvents\",\n Resource: core.eventBusArn\n },\n {\n Sid: \"PermissionForCloudfront\",\n Effect: \"Allow\",\n Action: \"cloudfront:CreateInvalidation\",\n Resource: pulumi.interpolate`arn:aws:cloudfront::${awsAccountId}:distribution/*`\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(core.opensearchDomainArn\n ? [\n {\n Sid: \"PermissionForOS\",\n Effect: \"Allow\" as const,\n Action: \"es:*\",\n Resource: [\n `${core.opensearchDomainArn}`,\n `${core.opensearchDomainArn}/*`\n ]\n }\n ]\n : [])\n ]\n };\n\n return policy;\n })\n }\n });\n}\n"],"mappings":"AAAA,OAAOA,IAAI,MAAM,MAAM;AACvB,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,GAAG,MAAM,aAAa;AAClC,OAAOC,WAAW,MAAM,qBAAqB;AAE7C,SAASC,eAAe,QAAQ,gBAAgB;AAChD,SAASC,gBAAgB,EAAEC,2BAA2B;AACtD,SAASC,UAAU,EAAEC,SAAS;AAC9B,SAASC,eAAe,EAAEC,YAAY;AACtC,SAASC,cAAc;AAevB,MAAMC,+BAA+B,GAAG,4BAA4B;AACpE,MAAMC,qCAAqC,GAAG,yCAAyC;AACvF,MAAMC,iCAAiC,GAAG,mCAAmC;AAI7E,OAAO,MAAMC,UAAU,GAAGX,eAAe,CAAC;EACtCY,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAc,EAAEC,MAAqB,EAAE;IAC1C,MAAMC,MAAM,GAAGC,yBAAyB,CAACH,GAAG,CAAC;IAC7C,MAAMI,IAAI,GAAGjB,gBAAgB,CAACa,GAAG,EAAE;MAC/BF,IAAI,EAAE,iBAAiB;MACvBI,MAAM,EAAEA,MAAM,CAACG;IACnB,CAAC,CAAC;IAEF,MAAMC,OAAO,GAAGN,GAAG,CAACO,WAAW,CAACvB,GAAG,CAACwB,MAAM,CAACC,QAAQ,EAAE;MACjDX,IAAI,EAAE,SAAS;MACfC,MAAM,EAAE;QACJW,WAAW,EAAE,uBAAuB;QACpCC,OAAO,EAAElB,cAAc;QACvBmB,OAAO,EAAE,iBAAiB;QAC1BR,IAAI,EAAEA,IAAI,CAACC,MAAM,CAACQ,GAAG;QACrBC,OAAO,EAAE,EAAE;QACXC,UAAU,EAAE,IAAI;QAChBC,IAAI,EAAE,IAAIjC,MAAM,CAACkC,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAInC,MAAM,CAACkC,KAAK,CAACE,WAAW,CAC7BrC,IAAI,CAACsC,IAAI,CAACpB,GAAG,CAACqB,KAAK,CAACC,SAAS,EAAE,eAAe,CAClD;QACJ,CAAC,CAAC;QACFC,WAAW,EAAE;UACTC,SAAS,EAAEpC,2BAA2B,CAAC,CAAC,CAACqC,KAAK,CAACC,KAAK,KAAK;YACrD,GAAGA,KAAK;YACR,GAAGzB,MAAM,CAAC0B,GAAG;YACbC,mCAAmC,EAAE;UACzC,CAAC,CAAC;QACN,CAAC;QACDC,SAAS,EAAE7B,GAAG,CAAC8B,SAAS,CAACxC,SAAS,CAAC,CAACyC,iBAAiB;QACrDC,aAAa,EAAE;UACXC,SAAS,EAAE;QACf;MACJ;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMC,SAAS,GAAGlC,GAAG,CAACO,WAAW,CAACvB,GAAG,CAACmD,UAAU,CAACC,SAAS,EAAE;MACxDtC,IAAI,EAAEJ,+BAA+B;MACrCK,MAAM,EAAE;QACJW,WAAW,EAAE,2CAA2C;QACxD2B,kBAAkB,EAAE;MACxB;IACJ,CAAC,CAAC;;IAEF;IACArC,GAAG,CAACO,WAAW,CAACvB,GAAG,CAACwB,MAAM,CAAC8B,UAAU,EAAE;MACnCxC,IAAI,EAAEH,qCAAqC;MAC3CI,MAAM,EAAE;QACJwC,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAElC,OAAO,CAACD,MAAM,CAACQ,GAAG;QAC5B4B,SAAS,EAAE,sBAAsB;QACjCC,WAAW,EAAE,oBAAoB,GAAGhD;MACxC;IACJ,CAAC,CAAC;;IAEF;IACAM,GAAG,CAACO,WAAW,CAACvB,GAAG,CAACmD,UAAU,CAACQ,WAAW,EAAE;MACxC7C,IAAI,EAAEF,iCAAiC;MACvCG,MAAM,EAAE;QACJ6C,IAAI,EAAEV,SAAS,CAAC7B,MAAM,CAACP,IAAI;QAC3Be,GAAG,EAAEP,OAAO,CAACD,MAAM,CAACQ,GAAG;QACvBgC,KAAK,EAAEC,IAAI,CAACC,SAAS,CAAC;UAClBC,MAAM,EAAE,eAAe;UACvB,aAAa,EAAE;QACnB,CAAC;MACL;IACJ,CAAC,CAAC;IAEF,OAAO;MACH5C,IAAI;MACJF,MAAM;MACN+C,SAAS,EAAE;QACP3C;MACJ,CAAC;MACD4C,QAAQ,EAAGC,WAA2B,IAAK;QACvC,MAAMC,UAAe,GAAGpD,GAAG,CAACqD,SAAS,CAACD,UAAU;QAChD,IAAI,CAACA,UAAU,EAAE;UACbE,OAAO,CAACC,GAAG,CACP,sEACJ,CAAC;UACD;QACJ;QACA,MAAMC,SAAS,GAAGvE,WAAW,CAACkE,WAAW,CAACrD,IAAI,CAAC;QAC/C,IAAI0D,SAAS,KAAKL,WAAW,CAACrD,IAAI,EAAE;UAChCwD,OAAO,CAACC,GAAG,CAAC,+BAA+BJ,WAAW,CAACrD,IAAI,IAAI,CAAC;UAChE;QACJ;QACA,OAAOsD,UAAU,CAACF,QAAQ,CAACC,WAAW,CAACrD,IAAI,EAAE;UACzChB,IAAI,EAAEqE,WAAW,CAACrE,IAAI;UACtB2E,MAAM,EAAEN,WAAW,CAACM,MAAM;UAC1BjB,QAAQ,EAAElC,OAAO,CAACD,MAAM,CAACQ;QAC7B,CAAC,CAAC;MACN;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASV,yBAAyBA,CAACH,GAAc,EAAE;EAC/C,MAAM0D,UAAU,GAAG1D,GAAG,CAAC8B,SAAS,CAACzC,UAAU,CAAC;EAC5C,MAAMsE,YAAY,GAAGpE,eAAe,CAACS,GAAG,CAAC;EACzC,MAAM4D,SAAS,GAAGpE,YAAY,CAACQ,GAAG,CAAC;EAEnC,OAAOA,GAAG,CAACO,WAAW,CAACvB,GAAG,CAAC6E,GAAG,CAACC,MAAM,EAAE;IACnChE,IAAI,EAAE,wBAAwB;IAC9BC,MAAM,EAAE;MACJW,WAAW,EAAE,oEAAoE;MACjF;MACAR,MAAM,EAAEnB,MAAM,CAACgF,GAAG,CAAC,CAACL,UAAU,CAAC,CAAC,CAACjC,KAAK,CAAC,CAAC,CAACuC,IAAI,CAAC,KAAK;QAC/C,MAAM9D,MAA8B,GAAG;UACnC+D,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,GAAG,EAAE,uBAAuB;YAC5BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,EACtB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,6BAA6B,EAC7B,yBAAyB,EACzB,oCAAoC,EACpC,sCAAsC,EACtC,yBAAyB,EACzB,8CAA8C,EAC9C,yBAAyB,EACzB,mCAAmC,EACnC,4CAA4C,EAC5C,yBAAyB,EACzB,wBAAwB,EACxB,0CAA0C,EAC1C,6BAA6B,EAC7B,6CAA6C,EAC7C,4CAA4C,EAC5C,mCAAmC,EACnC,kBAAkB,EAClB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,kCAAkC,EAClC,sBAAsB,EACtB,sBAAsB,EACtB,qBAAqB,EACrB,6BAA6B,EAC7B,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,4CAA4C,EAC5C,kBAAkB,EAClB,gBAAgB,EAChB,iCAAiC,EACjC,oCAAoC,EACpC,eAAe,EACf,kCAAkC,EAClC,oCAAoC,EACpC,qBAAqB,EACrB,sBAAsB,EACtB,wCAAwC,EACxC,2BAA2B,CAC9B;YACDC,QAAQ,EAAE,CACN,GAAGN,IAAI,CAACO,uBAAuB,EAAE,EACjC,GAAGP,IAAI,CAACO,uBAAuB,IAAI,EACnC,GAAGP,IAAI,CAACQ,yBAAyB,EAAE,EACnC,GAAGR,IAAI,CAACQ,yBAAyB,IAAI;YACrC;YACA,IAAIR,IAAI,CAACS,0BAA0B,GAC7B,CACI,GAAGT,IAAI,CAACS,0BAA0B,EAAE,EACpC,GAAGT,IAAI,CAACS,0BAA0B,IAAI,CACzC,GACD,EAAE,CAAC;UAEjB,CAAC,EACD;YACIN,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,cAAc,CACjB;YACDC,QAAQ,EAAE,CACNvF,MAAM,CAAC2F,WAAW,gBAAgBV,IAAI,CAACW,mBAAmB,EAAE,EAC5D5F,MAAM,CAAC2F,WAAW,gBAAgBV,IAAI,CAACW,mBAAmB,IAAI;UAEtE,CAAC,EACD;YACIR,GAAG,EAAE,qBAAqB;YAC1BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CAAC,uBAAuB,CAAC;YACjCC,QAAQ,EAAEvF,MAAM,CAAC2F,WAAW,kBAAkBd,SAAS,IAAID,YAAY;UAC3E,CAAC,EACD;YACIQ,GAAG,EAAE,yBAAyB;YAC9BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,eAAe;YACvBC,QAAQ,EAAE,GAAGN,IAAI,CAACY,kBAAkB;UACxC,CAAC,EACD;YACIT,GAAG,EAAE,uBAAuB;YAC5BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,kBAAkB;YAC1BC,QAAQ,EAAEN,IAAI,CAACa;UACnB,CAAC,EACD;YACIV,GAAG,EAAE,yBAAyB;YAC9BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,+BAA+B;YACvCC,QAAQ,EAAEvF,MAAM,CAAC2F,WAAW,uBAAuBf,YAAY;UACnE,CAAC;UACD;UACA,IAAIK,IAAI,CAACc,mBAAmB,GACtB,CACI;YACIX,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAgB;YACxBC,MAAM,EAAE,MAAM;YACdC,QAAQ,EAAE,CACN,GAAGN,IAAI,CAACc,mBAAmB,EAAE,EAC7B,GAAGd,IAAI,CAACc,mBAAmB,IAAI;UAEvC,CAAC,CACJ,GACD,EAAE,CAAC;QAEjB,CAAC;QAED,OAAO5E,MAAM;MACjB,CAAC;IACL;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
package/pulumi/apps/api/ApiMigration.js CHANGED
@@ -35,7 +35,6 @@ export const ApiMigration = createAppModule({
35
35
  COGNITO_REGION: getEnvVariableAwsRegion(),
36
36
  COGNITO_USER_POOL_ID: core.cognitoUserPoolId,
37
37
  DB_TABLE: core.primaryDynamodbTableName,
38
- DB_TABLE_LOG: core.logDynamodbTableName,
39
38
  DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,
40
39
  DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,
41
40
  OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,
package/pulumi/apps/api/ApiMigration.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["path","pulumi","aws","createAppModule","createLambdaRole","getCommonLambdaEnvVariables","CoreOutput","VpcConfig","ApiBackgroundTask","ApiGraphql","LAMBDA_RUNTIME","getEnvVariableAwsRegion","ApiMigration","name","config","app","core","getModule","graphql","backgroundTask","role","policy","output","migration","addResource","lambda","Function","handler","timeout","runtime","memorySize","arn","description","code","asset","AssetArchive","FileArchive","join","paths","workspace","environment","variables","apply","value","COGNITO_REGION","COGNITO_USER_POOL_ID","cognitoUserPoolId","DB_TABLE","primaryDynamodbTableName","DB_TABLE_LOG","logDynamodbTableName","DB_TABLE_AUDIT_LOGS","auditLogsDynamodbTableName","DB_TABLE_OPENSEARCH","opensearchDynamodbTableName","OPENSEARCH_ENDPOINT","opensearchDomainEndpoint","OPENSEARCH_INDEX_PREFIX","process","env","OPENSEARCH_SHARED_INDEXES","S3_BUCKET","fileManagerBucketId","vpcConfig","functionVpcConfig","loggingConfig","logFormat","stepFunctionPolicy","iam","Policy","Version","Statement","Effect","Action","Resource","interpolate","stepFunction","RolePolicyAttachment","policyArn","function"],"sources":["ApiMigration.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils.js\";\nimport { CoreOutput, VpcConfig } from \"../common/index.js\";\nimport { ApiBackgroundTask, ApiGraphql } from \"~/pulumi/apps/index.js\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n\nexport type ApiMigration = PulumiAppModule<typeof ApiMigration>;\n\nexport const ApiMigration = createAppModule({\n name: \"ApiMigration\",\n config(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n const graphql = app.getModule(ApiGraphql);\n const backgroundTask = app.getModule(ApiBackgroundTask);\n\n const role = createLambdaRole(app, {\n name: \"migration-lambda-role\",\n policy: graphql.policy.output\n });\n\n const migration = app.addResource(aws.lambda.Function, {\n name: \"data-migration\",\n config: {\n handler: \"handler.handler\",\n timeout: 900,\n runtime: LAMBDA_RUNTIME,\n memorySize: 3008,\n role: role.output.arn,\n description: \"Performs data migrations.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"migration/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n COGNITO_REGION: getEnvVariableAwsRegion(),\n COGNITO_USER_POOL_ID: core.cognitoUserPoolId,\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_LOG: core.logDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,\n DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,\n OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,\n OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,\n OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,\n S3_BUCKET: core.fileManagerBucketId\n })) as Record<string, any>\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig,\n loggingConfig: {\n logFormat: \"JSON\"\n }\n }\n });\n\n // Add IAM policy to allow states:StartExecution for the background task Step Function\n const stepFunctionPolicy = app.addResource(aws.iam.Policy, {\n name: \"migration-lambda-step-function-policy\",\n config: {\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\"states:StartExecution\"],\n Resource: [\n pulumi.interpolate`${backgroundTask.stepFunction.output.arn}`,\n pulumi.interpolate`${backgroundTask.stepFunction.output.arn}/*`\n ]\n }\n ]\n }\n }\n });\n\n // Attach policy to the Lambda role\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: \"migration-lambda-attach-step-function-policy\",\n config: {\n role: role.output.name,\n policyArn: stepFunctionPolicy.output.arn\n }\n });\n\n return {\n function: migration\n };\n }\n});\n"],"mappings":"AAAA,OAAOA,IAAI,MAAM,MAAM;AACvB,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,GAAG,MAAM,aAAa;AAElC,SAASC,eAAe,QAAQ,gBAAgB;AAChD,SAASC,gBAAgB,EAAEC,2BAA2B;AACtD,SAASC,UAAU,EAAEC,SAAS;AAC9B,SAASC,iBAAiB,EAAEC,UAAU;AACtC,SAASC,cAAc;AACvB,SAASC,uBAAuB;AAIhC,OAAO,MAAMC,YAAY,GAAGT,eAAe,CAAC;EACxCU,IAAI,EAAE,cAAc;EACpBC,MAAMA,CAACC,GAAc,EAAE;IACnB,MAAMC,IAAI,GAAGD,GAAG,CAACE,SAAS,CAACX,UAAU,CAAC;IACtC,MAAMY,OAAO,GAAGH,GAAG,CAACE,SAAS,CAACR,UAAU,CAAC;IACzC,MAAMU,cAAc,GAAGJ,GAAG,CAACE,SAAS,CAACT,iBAAiB,CAAC;IAEvD,MAAMY,IAAI,GAAGhB,gBAAgB,CAACW,GAAG,EAAE;MAC/BF,IAAI,EAAE,uBAAuB;MAC7BQ,MAAM,EAAEH,OAAO,CAACG,MAAM,CAACC;IAC3B,CAAC,CAAC;IAEF,MAAMC,SAAS,GAAGR,GAAG,CAACS,WAAW,CAACtB,GAAG,CAACuB,MAAM,CAACC,QAAQ,EAAE;MACnDb,IAAI,EAAE,gBAAgB;MACtBC,MAAM,EAAE;QACJa,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,OAAO,EAAEnB,cAAc;QACvBoB,UAAU,EAAE,IAAI;QAChBV,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACS,GAAG;QACrBC,WAAW,EAAE,2BAA2B;QACxCC,IAAI,EAAE,IAAIhC,MAAM,CAACiC,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIlC,MAAM,CAACiC,KAAK,CAACE,WAAW,CAC7BpC,IAAI,CAACqC,IAAI,CAACtB,GAAG,CAACuB,KAAK,CAACC,SAAS,EAAE,iBAAiB,CACpD;QACJ,CAAC,CAAC;QACFC,WAAW,EAAE;UACTC,SAAS,EAAEpC,2BAA2B,CAAC,CAAC,CAACqC,KAAK,CAACC,KAAK,KAAK;YACrD,GAAGA,KAAK;YACRC,cAAc,EAAEjC,uBAAuB,CAAC,CAAC;YACzCkC,oBAAoB,EAAE7B,IAAI,CAAC8B,iBAAiB;YAC5CC,QAAQ,EAAE/B,IAAI,CAACgC,wBAAwB;YACvCC,YAAY,EAAEjC,IAAI,CAACkC,oBAAoB;YACvCC,mBAAmB,EAAEnC,IAAI,CAACoC,0BAA0B;YACpDC,mBAAmB,EAAErC,IAAI,CAACsC,2BAA2B;YACrDC,mBAAmB,EAAEvC,IAAI,CAACwC,wBAAwB;YAClDC,uBAAuB,EAAEC,OAAO,CAACC,GAAG,CAACF,uBAAuB;YAC5DG,yBAAyB,EAAEF,OAAO,CAACC,GAAG,CAACC,yBAAyB;YAChEC,SAAS,EAAE7C,IAAI,CAAC8C;UACpB,CAAC,CAAC;QACN,CAAC;QACDC,SAAS,EAAEhD,GAAG,CAACE,SAAS,CAACV,SAAS,CAAC,CAACyD,iBAAiB;QACrDC,aAAa,EAAE;UACXC,SAAS,EAAE;QACf;MACJ;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMC,kBAAkB,GAAGpD,GAAG,CAACS,WAAW,CAACtB,GAAG,CAACkE,GAAG,CAACC,MAAM,EAAE;MACvDxD,IAAI,EAAE,uCAAuC;MAC7CC,MAAM,EAAE;QACJO,MAAM,EAAE;UACJiD,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CAAC,uBAAuB,CAAC;YACjCC,QAAQ,EAAE,CACNzE,MAAM,CAAC0E,WAAW,GAAGxD,cAAc,CAACyD,YAAY,CAACtD,MAAM,CAACS,GAAG,EAAE,EAC7D9B,MAAM,CAAC0E,WAAW,GAAGxD,cAAc,CAACyD,YAAY,CAACtD,MAAM,CAACS,GAAG,IAAI;UAEvE,CAAC;QAET;MACJ;IACJ,CAAC,CAAC;;IAEF;IACAhB,GAAG,CAACS,WAAW,CAACtB,GAAG,CAACkE,GAAG,CAACS,oBAAoB,EAAE;MAC1ChE,IAAI,EAAE,8CAA8C;MACpDC,MAAM,EAAE;QACJM,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACT,IAAI;QACtBiE,SAAS,EAAEX,kBAAkB,CAAC7C,MAAM,CAACS;MACzC;IACJ,CAAC,CAAC;IAEF,OAAO;MACHgD,QAAQ,EAAExD;IACd,CAAC;EACL;AACJ,CAAC,CAAC","ignoreList":[]}
1
+ {"version":3,"names":["path","pulumi","aws","createAppModule","createLambdaRole","getCommonLambdaEnvVariables","CoreOutput","VpcConfig","ApiBackgroundTask","ApiGraphql","LAMBDA_RUNTIME","getEnvVariableAwsRegion","ApiMigration","name","config","app","core","getModule","graphql","backgroundTask","role","policy","output","migration","addResource","lambda","Function","handler","timeout","runtime","memorySize","arn","description","code","asset","AssetArchive","FileArchive","join","paths","workspace","environment","variables","apply","value","COGNITO_REGION","COGNITO_USER_POOL_ID","cognitoUserPoolId","DB_TABLE","primaryDynamodbTableName","DB_TABLE_AUDIT_LOGS","auditLogsDynamodbTableName","DB_TABLE_OPENSEARCH","opensearchDynamodbTableName","OPENSEARCH_ENDPOINT","opensearchDomainEndpoint","OPENSEARCH_INDEX_PREFIX","process","env","OPENSEARCH_SHARED_INDEXES","S3_BUCKET","fileManagerBucketId","vpcConfig","functionVpcConfig","loggingConfig","logFormat","stepFunctionPolicy","iam","Policy","Version","Statement","Effect","Action","Resource","interpolate","stepFunction","RolePolicyAttachment","policyArn","function"],"sources":["ApiMigration.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport type { PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createAppModule } from \"@webiny/pulumi\";\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils.js\";\nimport { CoreOutput, VpcConfig } from \"../common/index.js\";\nimport { ApiBackgroundTask, ApiGraphql } from \"~/pulumi/apps/index.js\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n\nexport type ApiMigration = PulumiAppModule<typeof ApiMigration>;\n\nexport const ApiMigration = createAppModule({\n name: \"ApiMigration\",\n config(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n const graphql = app.getModule(ApiGraphql);\n const backgroundTask = app.getModule(ApiBackgroundTask);\n\n const role = createLambdaRole(app, {\n name: \"migration-lambda-role\",\n policy: graphql.policy.output\n });\n\n const migration = app.addResource(aws.lambda.Function, {\n name: \"data-migration\",\n config: {\n handler: \"handler.handler\",\n timeout: 900,\n runtime: LAMBDA_RUNTIME,\n memorySize: 3008,\n role: role.output.arn,\n description: \"Performs data migrations.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"migration/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n COGNITO_REGION: getEnvVariableAwsRegion(),\n COGNITO_USER_POOL_ID: core.cognitoUserPoolId,\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,\n DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,\n OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,\n OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,\n OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,\n S3_BUCKET: core.fileManagerBucketId\n })) as Record<string, any>\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig,\n loggingConfig: {\n logFormat: \"JSON\"\n }\n }\n });\n\n // Add IAM policy to allow states:StartExecution for the background task Step Function\n const stepFunctionPolicy = app.addResource(aws.iam.Policy, {\n name: \"migration-lambda-step-function-policy\",\n config: {\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Effect: \"Allow\",\n Action: [\"states:StartExecution\"],\n Resource: [\n pulumi.interpolate`${backgroundTask.stepFunction.output.arn}`,\n pulumi.interpolate`${backgroundTask.stepFunction.output.arn}/*`\n ]\n }\n ]\n }\n }\n });\n\n // Attach policy to the Lambda role\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: \"migration-lambda-attach-step-function-policy\",\n config: {\n role: role.output.name,\n policyArn: stepFunctionPolicy.output.arn\n }\n });\n\n return {\n function: migration\n };\n }\n});\n"],"mappings":"AAAA,OAAOA,IAAI,MAAM,MAAM;AACvB,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,GAAG,MAAM,aAAa;AAElC,SAASC,eAAe,QAAQ,gBAAgB;AAChD,SAASC,gBAAgB,EAAEC,2BAA2B;AACtD,SAASC,UAAU,EAAEC,SAAS;AAC9B,SAASC,iBAAiB,EAAEC,UAAU;AACtC,SAASC,cAAc;AACvB,SAASC,uBAAuB;AAIhC,OAAO,MAAMC,YAAY,GAAGT,eAAe,CAAC;EACxCU,IAAI,EAAE,cAAc;EACpBC,MAAMA,CAACC,GAAc,EAAE;IACnB,MAAMC,IAAI,GAAGD,GAAG,CAACE,SAAS,CAACX,UAAU,CAAC;IACtC,MAAMY,OAAO,GAAGH,GAAG,CAACE,SAAS,CAACR,UAAU,CAAC;IACzC,MAAMU,cAAc,GAAGJ,GAAG,CAACE,SAAS,CAACT,iBAAiB,CAAC;IAEvD,MAAMY,IAAI,GAAGhB,gBAAgB,CAACW,GAAG,EAAE;MAC/BF,IAAI,EAAE,uBAAuB;MAC7BQ,MAAM,EAAEH,OAAO,CAACG,MAAM,CAACC;IAC3B,CAAC,CAAC;IAEF,MAAMC,SAAS,GAAGR,GAAG,CAACS,WAAW,CAACtB,GAAG,CAACuB,MAAM,CAACC,QAAQ,EAAE;MACnDb,IAAI,EAAE,gBAAgB;MACtBC,MAAM,EAAE;QACJa,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,OAAO,EAAEnB,cAAc;QACvBoB,UAAU,EAAE,IAAI;QAChBV,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACS,GAAG;QACrBC,WAAW,EAAE,2BAA2B;QACxCC,IAAI,EAAE,IAAIhC,MAAM,CAACiC,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIlC,MAAM,CAACiC,KAAK,CAACE,WAAW,CAC7BpC,IAAI,CAACqC,IAAI,CAACtB,GAAG,CAACuB,KAAK,CAACC,SAAS,EAAE,iBAAiB,CACpD;QACJ,CAAC,CAAC;QACFC,WAAW,EAAE;UACTC,SAAS,EAAEpC,2BAA2B,CAAC,CAAC,CAACqC,KAAK,CAACC,KAAK,KAAK;YACrD,GAAGA,KAAK;YACRC,cAAc,EAAEjC,uBAAuB,CAAC,CAAC;YACzCkC,oBAAoB,EAAE7B,IAAI,CAAC8B,iBAAiB;YAC5CC,QAAQ,EAAE/B,IAAI,CAACgC,wBAAwB;YACvCC,mBAAmB,EAAEjC,IAAI,CAACkC,0BAA0B;YACpDC,mBAAmB,EAAEnC,IAAI,CAACoC,2BAA2B;YACrDC,mBAAmB,EAAErC,IAAI,CAACsC,wBAAwB;YAClDC,uBAAuB,EAAEC,OAAO,CAACC,GAAG,CAACF,uBAAuB;YAC5DG,yBAAyB,EAAEF,OAAO,CAACC,GAAG,CAACC,yBAAyB;YAChEC,SAAS,EAAE3C,IAAI,CAAC4C;UACpB,CAAC,CAAC;QACN,CAAC;QACDC,SAAS,EAAE9C,GAAG,CAACE,SAAS,CAACV,SAAS,CAAC,CAACuD,iBAAiB;QACrDC,aAAa,EAAE;UACXC,SAAS,EAAE;QACf;MACJ;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMC,kBAAkB,GAAGlD,GAAG,CAACS,WAAW,CAACtB,GAAG,CAACgE,GAAG,CAACC,MAAM,EAAE;MACvDtD,IAAI,EAAE,uCAAuC;MAC7CC,MAAM,EAAE;QACJO,MAAM,EAAE;UACJ+C,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CAAC,uBAAuB,CAAC;YACjCC,QAAQ,EAAE,CACNvE,MAAM,CAACwE,WAAW,GAAGtD,cAAc,CAACuD,YAAY,CAACpD,MAAM,CAACS,GAAG,EAAE,EAC7D9B,MAAM,CAACwE,WAAW,GAAGtD,cAAc,CAACuD,YAAY,CAACpD,MAAM,CAACS,GAAG,IAAI;UAEvE,CAAC;QAET;MACJ;IACJ,CAAC,CAAC;;IAEF;IACAhB,GAAG,CAACS,WAAW,CAACtB,GAAG,CAACgE,GAAG,CAACS,oBAAoB,EAAE;MAC1C9D,IAAI,EAAE,8CAA8C;MACpDC,MAAM,EAAE;QACJM,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACT,IAAI;QACtB+D,SAAS,EAAEX,kBAAkB,CAAC3C,MAAM,CAACS;MACzC;IACJ,CAAC,CAAC;IAEF,OAAO;MACH8C,QAAQ,EAAEtD;IACd,CAAC;EACL;AACJ,CAAC,CAAC","ignoreList":[]}
package/pulumi/apps/api/createApiPulumiApp.js CHANGED
@@ -115,7 +115,6 @@ export const createApiPulumiApp = () => {
115
115
  COGNITO_REGION: getEnvVariableAwsRegion(),
116
116
  COGNITO_USER_POOL_ID: core.cognitoUserPoolId,
117
117
  DB_TABLE: core.primaryDynamodbTableName,
118
- DB_TABLE_LOG: core.logDynamodbTableName,
119
118
  DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,
120
119
  DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,
121
120
  OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,
@@ -133,7 +132,6 @@ export const createApiPulumiApp = () => {
133
132
  const fileManager = app.addModule(ApiFileManager, {
134
133
  env: {
135
134
  DB_TABLE: core.primaryDynamodbTableName,
136
- DB_TABLE_LOG: core.logDynamodbTableName,
137
135
  DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName
138
136
  }
139
137
  });
package/pulumi/apps/api/createApiPulumiApp.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","createPulumiApp","isResourceOfType","ApiBackgroundTask","ApiCloudfront","ApiFileManager","ApiGateway","ApiGraphql","ApiMigration","ApiWebsocket","CoreOutput","VpcConfig","addDomainsUrlsOutputs","withCommonLambdaEnvVariables","withServiceManifest","getEnvVariableAwsRegion","applyAwsResourceTags","getAwsAccountId","ApiScheduler","getProjectSdk","getVpcConfigFromExtension","getOsConfigFromExtension","handleGuardDutyEvents","ApiPulumi","createApiPulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","openSearchExtensionConfig","searchEngineParams","params","domainName","process","env","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","onResource","resource","startsWith","addHandler","featureFlags","getFeatureFlags","usingAdvancedVpcParams","isFileManagerThreatDetectionEnabled","addResource","useExistingVpc","lambdaFunctionsVpcConfig","Error","lambda","Function","canUseVpc","meta","config","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","pulumiHandlers","getContainer","resolve","execute","isProduction","core","addModule","vpcEnabled","enabled","graphql","COGNITO_REGION","COGNITO_USER_POOL_ID","cognitoUserPoolId","DB_TABLE","primaryDynamodbTableName","DB_TABLE_LOG","logDynamodbTableName","DB_TABLE_AUDIT_LOGS","auditLogsDynamodbTableName","DB_TABLE_OPENSEARCH","opensearchDynamodbTableName","OPENSEARCH_ENDPOINT","opensearchDomainEndpoint","S3_BUCKET","fileManagerBucketId","EVENT_BUS","eventBusArn","OKTA_ISSUER","websocket","fileManager","apiGateway","method","function","functions","arn","download","cloudfront","backgroundTask","migration","scheduler","addOutputs","awsAccountId","region","cognitoAppClientId","cognitoUserPoolPasswordPolicy","dynamoDbTable","auditLogsDynamoDbTable","migrationLambdaArn","graphqlLambdaName","graphqlLambdaRole","graphqlLambdaRoleName","backgroundTaskLambdaArn","backgroundTaskStepFunctionArn","stepFunction","fileManagerDownloadLambdaArn","websocketApiId","websocketApi","id","websocketApiUrl","schedulerLambdaInvokeRole","invokeRole","dynamoDbOpensearchTable","cloudfrontDistribution","map","distributionDomain","distributionUrl","usedDomain","usedUrl","addServiceManifest","manifest","bgTaskSfn","resources","distributionId","domain","apply","v","lambdaArn","roleArn"],"sources":["createApiPulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType, type PulumiApp } from \"@webiny/pulumi\";\nimport {\n ApiBackgroundTask,\n ApiCloudfront,\n ApiFileManager,\n ApiGateway,\n ApiGraphql,\n ApiMigration,\n ApiWebsocket,\n CoreOutput,\n VpcConfig\n} from \"~/pulumi/apps/index.js\";\nimport {\n addDomainsUrlsOutputs,\n withCommonLambdaEnvVariables,\n withServiceManifest\n} from \"~/pulumi/utils/index.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n// import { attachSyncSystem } from \"../syncSystem/api/index.js\";\nimport { applyAwsResourceTags, getAwsAccountId } from \"~/pulumi/apps/awsUtils.js\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport { ApiScheduler } from \"~/pulumi/apps/api/ApiScheduler.js\";\nimport { getProjectSdk } from \"@webiny/project\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { handleGuardDutyEvents } from \"./handleGuardDutyEvents.js\";\nimport { ApiPulumi } from \"@webiny/project/abstractions/index.js\";\n\nexport type ApiPulumiApp = ReturnType<typeof createApiPulumiApp>;\n\nexport const createApiPulumiApp = () => {\n const baseApp = createPulumiApp({\n name: \"api\",\n path: \"apps/api\",\n program: async (app: PulumiApp & WithServiceManifest) => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const openSearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n let searchEngineParams: typeof openSearchExtensionConfig | null = null;\n\n if (openSearchExtensionConfig) {\n searchEngineParams = openSearchExtensionConfig;\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const featureFlags = await sdk.getFeatureFlags();\n\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n handleGuardDutyEvents(app as ApiPulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (usingAdvancedVpcParams) {\n const { onResource, addResource } = app;\n const { useExistingVpc } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(\n useExistingVpc!.lambdaFunctionsVpcConfig\n );\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy\n .AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n }\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n const pulumiHandlers = sdk.getContainer().resolve(ApiPulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as unknown as ApiPulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n\n // Register core output as a module available to all the other modules\n const core = app.addModule(CoreOutput);\n\n // Register VPC config module to be available to other modules.\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n app.addModule(VpcConfig, { enabled: vpcEnabled });\n\n const graphql = app.addModule(ApiGraphql, {\n env: {\n COGNITO_REGION: getEnvVariableAwsRegion(),\n COGNITO_USER_POOL_ID: core.cognitoUserPoolId,\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_LOG: core.logDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,\n DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,\n OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,\n\n // Not required. Useful for testing purposes / ephemeral environments.\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,\n OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,\n\n S3_BUCKET: core.fileManagerBucketId,\n EVENT_BUS: core.eventBusArn,\n // TODO: move to okta plugin\n OKTA_ISSUER: process.env[\"OKTA_ISSUER\"]\n }\n });\n\n const websocket = app.addModule(ApiWebsocket);\n\n const fileManager = app.addModule(ApiFileManager, {\n env: {\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_LOG: core.logDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName\n }\n });\n\n const apiGateway = app.addModule(ApiGateway, {\n \"graphql-post\": {\n path: \"/graphql\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"graphql-options\": {\n path: \"/graphql\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-any\": {\n path: \"/files/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"private-any\": {\n path: \"/private/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"cms-post\": {\n path: \"/cms/{key+}\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"cms-options\": {\n path: \"/cms/{key+}\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-get\": {\n path: \"/wb/redirects\",\n method: \"GET\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-options\": {\n path: \"/wb/redirects\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-catch-all\": {\n path: \"/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n }\n });\n\n const cloudfront = app.addModule(ApiCloudfront);\n const backgroundTask = app.addModule(ApiBackgroundTask);\n const migration = app.addModule(ApiMigration);\n const scheduler = app.addModule(ApiScheduler);\n\n // const domains = app.getParam(projectAppParams.domains);\n // if (domains) {\n // applyCustomDomain(cloudfront, domains);\n // }\n\n app.addOutputs({\n awsAccountId: getAwsAccountId(app),\n region: aws.config.region,\n cognitoUserPoolId: core.cognitoUserPoolId,\n cognitoAppClientId: core.cognitoAppClientId,\n cognitoUserPoolPasswordPolicy: core.cognitoUserPoolPasswordPolicy,\n dynamoDbTable: core.primaryDynamodbTableName,\n auditLogsDynamoDbTable: core.auditLogsDynamodbTableName,\n migrationLambdaArn: migration.function.output.arn,\n graphqlLambdaName: graphql.functions.graphql.output.name,\n graphqlLambdaRole: graphql.role.output.arn,\n graphqlLambdaRoleName: graphql.role.output.name,\n backgroundTaskLambdaArn: backgroundTask.backgroundTask.output.arn,\n backgroundTaskStepFunctionArn: backgroundTask.stepFunction.output.arn,\n fileManagerDownloadLambdaArn: fileManager.functions.download.output.arn,\n websocketApiId: websocket.websocketApi.output.id,\n websocketApiUrl: websocket.websocketApiUrl,\n schedulerLambdaInvokeRole: scheduler.invokeRole.output.arn\n });\n\n // Only add `dynamoDbOpensearchTable` output if using search engine (ES/OS).\n if (searchEngineParams) {\n app.addOutputs({\n dynamoDbOpensearchTable: core.opensearchDynamodbTableName\n });\n }\n\n app.addHandler(() => {\n addDomainsUrlsOutputs({\n app,\n cloudfrontDistribution: cloudfront,\n map: {\n distributionDomain: \"cloudfrontApiDomain\",\n distributionUrl: \"cloudfrontApiUrl\",\n usedDomain: \"apiDomain\",\n usedUrl: \"apiUrl\"\n }\n });\n });\n // /**\n // * We need to attach the Sync System if it exists.\n // */\n // await attachSyncSystem({\n // app,\n // core,\n // env: app.params.run.env\n // });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"api\");\n\n return {\n fileManager,\n graphql,\n apiGateway,\n websocket,\n cloudfront,\n migration,\n backgroundTask,\n scheduler\n };\n }\n });\n\n const app = withServiceManifest(withCommonLambdaEnvVariables(baseApp));\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"api\",\n manifest: {\n bgTaskSfn: baseApp.resources.backgroundTask.stepFunction.output.arn,\n cloudfront: {\n distributionId: baseApp.resources.cloudfront.output.id,\n domain: baseApp.resources.cloudfront.output.domainName.apply(\n v => `https://${v}`\n )\n }\n }\n });\n\n app.addServiceManifest({\n name: \"scheduler\",\n manifest: {\n lambdaArn: baseApp.resources.graphql.functions.graphql.output.arn,\n roleArn: baseApp.resources.scheduler.invokeRole.output.arn\n }\n });\n });\n\n return app;\n};\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAwB,gBAAgB;AAClF,SACIC,iBAAiB,EACjBC,aAAa,EACbC,cAAc,EACdC,UAAU,EACVC,UAAU,EACVC,YAAY,EACZC,YAAY,EACZC,UAAU,EACVC,SAAS;AAEb,SACIC,qBAAqB,EACrBC,4BAA4B,EAC5BC,mBAAmB;AAEvB,SAASC,uBAAuB;AAChC;AACA,SAASC,oBAAoB,EAAEC,eAAe;AAE9C,SAASC,YAAY;AACrB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,yBAAyB;AAClC,SAASC,wBAAwB;AACjC,SAASC,qBAAqB;AAC9B,SAASC,SAAS,QAAQ,uCAAuC;AAIjE,OAAO,MAAMC,kBAAkB,GAAGA,CAAA,KAAM;EACpC,MAAMC,OAAO,GAAGxB,eAAe,CAAC;IAC5ByB,IAAI,EAAE,KAAK;IACXC,IAAI,EAAE,UAAU;IAChBC,OAAO,EAAE,MAAOC,GAAoC,IAAK;MACrD,MAAMC,GAAG,GAAG,MAAMX,aAAa,CAAC,CAAC;MACjC,MAAMY,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGf,yBAAyB,CAACW,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGf,wBAAwB,CAACU,aAAa,CAAC;MAEzE,IAAIM,kBAA2D,GAAG,IAAI;MAEtE,IAAID,yBAAyB,EAAE;QAC3BC,kBAAkB,GAAGD,yBAAyB;MAClD;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,UAAU,EAAE;YACnBC,OAAO,CAACC,GAAG,CAACC,kBAAkB,GAAGJ,MAAM,CAACC,UAAU;UACtD;UAEA,IAAID,MAAM,CAACK,WAAW,EAAE;YACpBH,OAAO,CAACC,GAAG,CAACG,uBAAuB,GAAGN,MAAM,CAACK,WAAW;UAC5D;UAEA,IAAIL,MAAM,CAACO,aAAa,EAAE;YACtBL,OAAO,CAACC,GAAG,CAACK,yBAAyB,GAAG,MAAM;UAClD;QACJ;MACJ;MAEA,IAAIb,wBAAwB,EAAE;QAC1BJ,GAAG,CAACkB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAACtB,IAAI,CAACuB,UAAU,CAAChB,wBAAwB,CAAC,EAAE;YACrDe,QAAQ,CAACtB,IAAI,GAAG,GAAGO,wBAAwB,GAAGe,QAAQ,CAACtB,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAACqB,UAAU,CAAC,YAAY;QACvB,MAAMC,YAAY,GAAG,MAAMrB,GAAG,CAACsB,eAAe,CAAC,CAAC;QAEhD,MAAMC,sBAAsB,GACxBlB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,IAAIgB,YAAY,CAACG,mCAAmC,CAAC,CAAC,EAAE;UACpDhC,qBAAqB,CAACO,GAAmB,CAAC;QAC9C;;QAEA;QACA,IAAIwB,sBAAsB,EAAE;UACxB,MAAM;YAAEN,UAAU;YAAEQ;UAAY,CAAC,GAAG1B,GAAG;UACvC,MAAM;YAAE2B;UAAe,CAAC,GAAGrB,mBAAmB;;UAE9C;UACA,IAAIqB,cAAc,EAAE;YAChB,IAAI,CAACA,cAAc,CAACC,wBAAwB,EAAE;cAC1C,MAAM,IAAIC,KAAK,CACX,6GACJ,CAAC;YACL;YAEAX,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAI9C,gBAAgB,CAAC8C,QAAQ,EAAEhD,GAAG,CAAC2D,MAAM,CAACC,QAAQ,CAAC,EAAE;gBACjD,MAAMC,SAAS,GAAGb,QAAQ,CAACc,IAAI,CAACD,SAAS,KAAK,KAAK;gBACnD,IAAIA,SAAS,EAAE;kBACXb,QAAQ,CAACe,MAAM,CAACC,SAAS,CACrBR,cAAc,CAAEC,wBACpB,CAAC;gBACL;cACJ;cAEA,IAAIvD,gBAAgB,CAAC8C,QAAQ,EAAEhD,GAAG,CAACiE,GAAG,CAACC,IAAI,CAAC,EAAE;gBAC1C,IAAIlB,QAAQ,CAACc,IAAI,CAACK,oBAAoB,EAAE;kBACpCZ,WAAW,CAACvD,GAAG,CAACiE,GAAG,CAACG,oBAAoB,EAAE;oBACtC1C,IAAI,EAAE,GAAGsB,QAAQ,CAACtB,IAAI,4BAA4B;oBAClDqC,MAAM,EAAE;sBACJM,IAAI,EAAErB,QAAQ,CAACsB,MAAM,CAAC5C,IAAI;sBAC1B6C,SAAS,EACLvE,GAAG,CAACiE,GAAG,CAACO,aAAa,CAChBC;oBACb;kBACJ,CAAC,CAAC;gBACN;cACJ;YACJ,CAAC,CAAC;UACN;QACJ;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMC,cAAc,GAAG5C,GAAG,CAAC6C,YAAY,CAAC,CAAC,CAACC,OAAO,CAACrD,SAAS,CAAC;MAE5DM,GAAG,CAACqB,UAAU,CAAC,MAAM;QACjB,OAAOwB,cAAc,CAACG,OAAO,CAAChD,GAA8B,CAAC;MACjE,CAAC,CAAC;MAEF,MAAMiD,YAAY,GAAGjD,GAAG,CAACY,GAAG,CAACqC,YAAY;;MAEzC;MACA,MAAMC,IAAI,GAAGlD,GAAG,CAACmD,SAAS,CAACtE,UAAU,CAAC;;MAEtC;MACA,MAAMuE,UAAU,GACZ9C,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvC2C,YAAY;MAEhBjD,GAAG,CAACmD,SAAS,CAACrE,SAAS,EAAE;QAAEuE,OAAO,EAAED;MAAW,CAAC,CAAC;MAEjD,MAAME,OAAO,GAAGtD,GAAG,CAACmD,SAAS,CAACzE,UAAU,EAAE;QACtCkC,GAAG,EAAE;UACD2C,cAAc,EAAErE,uBAAuB,CAAC,CAAC;UACzCsE,oBAAoB,EAAEN,IAAI,CAACO,iBAAiB;UAC5CC,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,YAAY,EAAEV,IAAI,CAACW,oBAAoB;UACvCC,mBAAmB,EAAEZ,IAAI,CAACa,0BAA0B;UACpDC,mBAAmB,EAAEd,IAAI,CAACe,2BAA2B;UACrDC,mBAAmB,EAAEhB,IAAI,CAACiB,wBAAwB;UAElD;UACA;UACApD,uBAAuB,EAAEJ,OAAO,CAACC,GAAG,CAACG,uBAAuB;UAC5DE,yBAAyB,EAAEN,OAAO,CAACC,GAAG,CAACK,yBAAyB;UAEhEmD,SAAS,EAAElB,IAAI,CAACmB,mBAAmB;UACnCC,SAAS,EAAEpB,IAAI,CAACqB,WAAW;UAC3B;UACAC,WAAW,EAAE7D,OAAO,CAACC,GAAG,CAAC,aAAa;QAC1C;MACJ,CAAC,CAAC;MAEF,MAAM6D,SAAS,GAAGzE,GAAG,CAACmD,SAAS,CAACvE,YAAY,CAAC;MAE7C,MAAM8F,WAAW,GAAG1E,GAAG,CAACmD,SAAS,CAAC3E,cAAc,EAAE;QAC9CoC,GAAG,EAAE;UACD8C,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,YAAY,EAAEV,IAAI,CAACW,oBAAoB;UACvCC,mBAAmB,EAAEZ,IAAI,CAACa;QAC9B;MACJ,CAAC,CAAC;MAEF,MAAMY,UAAU,GAAG3E,GAAG,CAACmD,SAAS,CAAC1E,UAAU,EAAE;QACzC,cAAc,EAAE;UACZqB,IAAI,EAAE,UAAU;UAChB8E,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACfjF,IAAI,EAAE,UAAU;UAChB8E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,WAAW,EAAE;UACTjF,IAAI,EAAE,gBAAgB;UACtB8E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACvC,MAAM,CAACsC;QACpD,CAAC;QACD,aAAa,EAAE;UACXjF,IAAI,EAAE,kBAAkB;UACxB8E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACvC,MAAM,CAACsC;QACpD,CAAC;QACD,UAAU,EAAE;UACRjF,IAAI,EAAE,aAAa;UACnB8E,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,aAAa,EAAE;UACXjF,IAAI,EAAE,aAAa;UACnB8E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,eAAe,EAAE;UACbjF,IAAI,EAAE,eAAe;UACrB8E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,mBAAmB,EAAE;UACjBjF,IAAI,EAAE,eAAe;UACrB8E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAEvB,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACfjF,IAAI,EAAE,UAAU;UAChB8E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACvC,MAAM,CAACsC;QACpD;MACJ,CAAC,CAAC;MAEF,MAAME,UAAU,GAAGjF,GAAG,CAACmD,SAAS,CAAC5E,aAAa,CAAC;MAC/C,MAAM2G,cAAc,GAAGlF,GAAG,CAACmD,SAAS,CAAC7E,iBAAiB,CAAC;MACvD,MAAM6G,SAAS,GAAGnF,GAAG,CAACmD,SAAS,CAACxE,YAAY,CAAC;MAC7C,MAAMyG,SAAS,GAAGpF,GAAG,CAACmD,SAAS,CAAC9D,YAAY,CAAC;;MAE7C;MACA;MACA;MACA;;MAEAW,GAAG,CAACqF,UAAU,CAAC;QACXC,YAAY,EAAElG,eAAe,CAACY,GAAG,CAAC;QAClCuF,MAAM,EAAEpH,GAAG,CAAC+D,MAAM,CAACqD,MAAM;QACzB9B,iBAAiB,EAAEP,IAAI,CAACO,iBAAiB;QACzC+B,kBAAkB,EAAEtC,IAAI,CAACsC,kBAAkB;QAC3CC,6BAA6B,EAAEvC,IAAI,CAACuC,6BAA6B;QACjEC,aAAa,EAAExC,IAAI,CAACS,wBAAwB;QAC5CgC,sBAAsB,EAAEzC,IAAI,CAACa,0BAA0B;QACvD6B,kBAAkB,EAAET,SAAS,CAACN,QAAQ,CAACpC,MAAM,CAACsC,GAAG;QACjDc,iBAAiB,EAAEvC,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAAC5C,IAAI;QACxDiG,iBAAiB,EAAExC,OAAO,CAACd,IAAI,CAACC,MAAM,CAACsC,GAAG;QAC1CgB,qBAAqB,EAAEzC,OAAO,CAACd,IAAI,CAACC,MAAM,CAAC5C,IAAI;QAC/CmG,uBAAuB,EAAEd,cAAc,CAACA,cAAc,CAACzC,MAAM,CAACsC,GAAG;QACjEkB,6BAA6B,EAAEf,cAAc,CAACgB,YAAY,CAACzD,MAAM,CAACsC,GAAG;QACrEoB,4BAA4B,EAAEzB,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACvC,MAAM,CAACsC,GAAG;QACvEqB,cAAc,EAAE3B,SAAS,CAAC4B,YAAY,CAAC5D,MAAM,CAAC6D,EAAE;QAChDC,eAAe,EAAE9B,SAAS,CAAC8B,eAAe;QAC1CC,yBAAyB,EAAEpB,SAAS,CAACqB,UAAU,CAAChE,MAAM,CAACsC;MAC3D,CAAC,CAAC;;MAEF;MACA,IAAIvE,kBAAkB,EAAE;QACpBR,GAAG,CAACqF,UAAU,CAAC;UACXqB,uBAAuB,EAAExD,IAAI,CAACe;QAClC,CAAC,CAAC;MACN;MAEAjE,GAAG,CAACqB,UAAU,CAAC,MAAM;QACjBtC,qBAAqB,CAAC;UAClBiB,GAAG;UACH2G,sBAAsB,EAAE1B,UAAU;UAClC2B,GAAG,EAAE;YACDC,kBAAkB,EAAE,qBAAqB;YACzCC,eAAe,EAAE,kBAAkB;YACnCC,UAAU,EAAE,WAAW;YACvBC,OAAO,EAAE;UACb;QACJ,CAAC,CAAC;MACN,CAAC,CAAC;MACF;MACA;MACA;MACA;MACA;MACA;MACA;MACA;;MAEA;MACA,MAAM7H,oBAAoB,CAAC,KAAK,CAAC;MAEjC,OAAO;QACHuF,WAAW;QACXpB,OAAO;QACPqB,UAAU;QACVF,SAAS;QACTQ,UAAU;QACVE,SAAS;QACTD,cAAc;QACdE;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMpF,GAAG,GAAGf,mBAAmB,CAACD,4BAA4B,CAACY,OAAO,CAAC,CAAC;EAEtEI,GAAG,CAACqB,UAAU,CAAC,MAAM;IACjBrB,GAAG,CAACiH,kBAAkB,CAAC;MACnBpH,IAAI,EAAE,KAAK;MACXqH,QAAQ,EAAE;QACNC,SAAS,EAAEvH,OAAO,CAACwH,SAAS,CAAClC,cAAc,CAACgB,YAAY,CAACzD,MAAM,CAACsC,GAAG;QACnEE,UAAU,EAAE;UACRoC,cAAc,EAAEzH,OAAO,CAACwH,SAAS,CAACnC,UAAU,CAACxC,MAAM,CAAC6D,EAAE;UACtDgB,MAAM,EAAE1H,OAAO,CAACwH,SAAS,CAACnC,UAAU,CAACxC,MAAM,CAAC/B,UAAU,CAAC6G,KAAK,CACxDC,CAAC,IAAI,WAAWA,CAAC,EACrB;QACJ;MACJ;IACJ,CAAC,CAAC;IAEFxH,GAAG,CAACiH,kBAAkB,CAAC;MACnBpH,IAAI,EAAE,WAAW;MACjBqH,QAAQ,EAAE;QACNO,SAAS,EAAE7H,OAAO,CAACwH,SAAS,CAAC9D,OAAO,CAACwB,SAAS,CAACxB,OAAO,CAACb,MAAM,CAACsC,GAAG;QACjE2C,OAAO,EAAE9H,OAAO,CAACwH,SAAS,CAAChC,SAAS,CAACqB,UAAU,CAAChE,MAAM,CAACsC;MAC3D;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAO/E,GAAG;AACd,CAAC","ignoreList":[]}
1
+ {"version":3,"names":["aws","createPulumiApp","isResourceOfType","ApiBackgroundTask","ApiCloudfront","ApiFileManager","ApiGateway","ApiGraphql","ApiMigration","ApiWebsocket","CoreOutput","VpcConfig","addDomainsUrlsOutputs","withCommonLambdaEnvVariables","withServiceManifest","getEnvVariableAwsRegion","applyAwsResourceTags","getAwsAccountId","ApiScheduler","getProjectSdk","getVpcConfigFromExtension","getOsConfigFromExtension","handleGuardDutyEvents","ApiPulumi","createApiPulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","openSearchExtensionConfig","searchEngineParams","params","domainName","process","env","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","onResource","resource","startsWith","addHandler","featureFlags","getFeatureFlags","usingAdvancedVpcParams","isFileManagerThreatDetectionEnabled","addResource","useExistingVpc","lambdaFunctionsVpcConfig","Error","lambda","Function","canUseVpc","meta","config","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","pulumiHandlers","getContainer","resolve","execute","isProduction","core","addModule","vpcEnabled","enabled","graphql","COGNITO_REGION","COGNITO_USER_POOL_ID","cognitoUserPoolId","DB_TABLE","primaryDynamodbTableName","DB_TABLE_AUDIT_LOGS","auditLogsDynamodbTableName","DB_TABLE_OPENSEARCH","opensearchDynamodbTableName","OPENSEARCH_ENDPOINT","opensearchDomainEndpoint","S3_BUCKET","fileManagerBucketId","EVENT_BUS","eventBusArn","OKTA_ISSUER","websocket","fileManager","apiGateway","method","function","functions","arn","download","cloudfront","backgroundTask","migration","scheduler","addOutputs","awsAccountId","region","cognitoAppClientId","cognitoUserPoolPasswordPolicy","dynamoDbTable","auditLogsDynamoDbTable","migrationLambdaArn","graphqlLambdaName","graphqlLambdaRole","graphqlLambdaRoleName","backgroundTaskLambdaArn","backgroundTaskStepFunctionArn","stepFunction","fileManagerDownloadLambdaArn","websocketApiId","websocketApi","id","websocketApiUrl","schedulerLambdaInvokeRole","invokeRole","dynamoDbOpensearchTable","cloudfrontDistribution","map","distributionDomain","distributionUrl","usedDomain","usedUrl","addServiceManifest","manifest","bgTaskSfn","resources","distributionId","domain","apply","v","lambdaArn","roleArn"],"sources":["createApiPulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType, type PulumiApp } from \"@webiny/pulumi\";\nimport {\n ApiBackgroundTask,\n ApiCloudfront,\n ApiFileManager,\n ApiGateway,\n ApiGraphql,\n ApiMigration,\n ApiWebsocket,\n CoreOutput,\n VpcConfig\n} from \"~/pulumi/apps/index.js\";\nimport {\n addDomainsUrlsOutputs,\n withCommonLambdaEnvVariables,\n withServiceManifest\n} from \"~/pulumi/utils/index.js\";\nimport { getEnvVariableAwsRegion } from \"~/pulumi/env/awsRegion.js\";\n// import { attachSyncSystem } from \"../syncSystem/api/index.js\";\nimport { applyAwsResourceTags, getAwsAccountId } from \"~/pulumi/apps/awsUtils.js\";\nimport type { WithServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport { ApiScheduler } from \"~/pulumi/apps/api/ApiScheduler.js\";\nimport { getProjectSdk } from \"@webiny/project\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { handleGuardDutyEvents } from \"./handleGuardDutyEvents.js\";\nimport { ApiPulumi } from \"@webiny/project/abstractions/index.js\";\n\nexport type ApiPulumiApp = ReturnType<typeof createApiPulumiApp>;\n\nexport const createApiPulumiApp = () => {\n const baseApp = createPulumiApp({\n name: \"api\",\n path: \"apps/api\",\n program: async (app: PulumiApp & WithServiceManifest) => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const openSearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n let searchEngineParams: typeof openSearchExtensionConfig | null = null;\n\n if (openSearchExtensionConfig) {\n searchEngineParams = openSearchExtensionConfig;\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const featureFlags = await sdk.getFeatureFlags();\n\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n handleGuardDutyEvents(app as ApiPulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (usingAdvancedVpcParams) {\n const { onResource, addResource } = app;\n const { useExistingVpc } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(\n useExistingVpc!.lambdaFunctionsVpcConfig\n );\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy\n .AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n }\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n const pulumiHandlers = sdk.getContainer().resolve(ApiPulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as unknown as ApiPulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n\n // Register core output as a module available to all the other modules\n const core = app.addModule(CoreOutput);\n\n // Register VPC config module to be available to other modules.\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n app.addModule(VpcConfig, { enabled: vpcEnabled });\n\n const graphql = app.addModule(ApiGraphql, {\n env: {\n COGNITO_REGION: getEnvVariableAwsRegion(),\n COGNITO_USER_POOL_ID: core.cognitoUserPoolId,\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName,\n DB_TABLE_OPENSEARCH: core.opensearchDynamodbTableName,\n OPENSEARCH_ENDPOINT: core.opensearchDomainEndpoint,\n\n // Not required. Useful for testing purposes / ephemeral environments.\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n OPENSEARCH_INDEX_PREFIX: process.env.OPENSEARCH_INDEX_PREFIX,\n OPENSEARCH_SHARED_INDEXES: process.env.OPENSEARCH_SHARED_INDEXES,\n\n S3_BUCKET: core.fileManagerBucketId,\n EVENT_BUS: core.eventBusArn,\n // TODO: move to okta plugin\n OKTA_ISSUER: process.env[\"OKTA_ISSUER\"]\n }\n });\n\n const websocket = app.addModule(ApiWebsocket);\n\n const fileManager = app.addModule(ApiFileManager, {\n env: {\n DB_TABLE: core.primaryDynamodbTableName,\n DB_TABLE_AUDIT_LOGS: core.auditLogsDynamodbTableName\n }\n });\n\n const apiGateway = app.addModule(ApiGateway, {\n \"graphql-post\": {\n path: \"/graphql\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"graphql-options\": {\n path: \"/graphql\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-any\": {\n path: \"/files/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"private-any\": {\n path: \"/private/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n },\n \"cms-post\": {\n path: \"/cms/{key+}\",\n method: \"POST\",\n function: graphql.functions.graphql.output.arn\n },\n \"cms-options\": {\n path: \"/cms/{key+}\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-get\": {\n path: \"/wb/redirects\",\n method: \"GET\",\n function: graphql.functions.graphql.output.arn\n },\n \"redirects-options\": {\n path: \"/wb/redirects\",\n method: \"OPTIONS\",\n function: graphql.functions.graphql.output.arn\n },\n \"files-catch-all\": {\n path: \"/{path+}\",\n method: \"ANY\",\n function: fileManager.functions.download.output.arn\n }\n });\n\n const cloudfront = app.addModule(ApiCloudfront);\n const backgroundTask = app.addModule(ApiBackgroundTask);\n const migration = app.addModule(ApiMigration);\n const scheduler = app.addModule(ApiScheduler);\n\n // const domains = app.getParam(projectAppParams.domains);\n // if (domains) {\n // applyCustomDomain(cloudfront, domains);\n // }\n\n app.addOutputs({\n awsAccountId: getAwsAccountId(app),\n region: aws.config.region,\n cognitoUserPoolId: core.cognitoUserPoolId,\n cognitoAppClientId: core.cognitoAppClientId,\n cognitoUserPoolPasswordPolicy: core.cognitoUserPoolPasswordPolicy,\n dynamoDbTable: core.primaryDynamodbTableName,\n auditLogsDynamoDbTable: core.auditLogsDynamodbTableName,\n migrationLambdaArn: migration.function.output.arn,\n graphqlLambdaName: graphql.functions.graphql.output.name,\n graphqlLambdaRole: graphql.role.output.arn,\n graphqlLambdaRoleName: graphql.role.output.name,\n backgroundTaskLambdaArn: backgroundTask.backgroundTask.output.arn,\n backgroundTaskStepFunctionArn: backgroundTask.stepFunction.output.arn,\n fileManagerDownloadLambdaArn: fileManager.functions.download.output.arn,\n websocketApiId: websocket.websocketApi.output.id,\n websocketApiUrl: websocket.websocketApiUrl,\n schedulerLambdaInvokeRole: scheduler.invokeRole.output.arn\n });\n\n // Only add `dynamoDbOpensearchTable` output if using search engine (ES/OS).\n if (searchEngineParams) {\n app.addOutputs({\n dynamoDbOpensearchTable: core.opensearchDynamodbTableName\n });\n }\n\n app.addHandler(() => {\n addDomainsUrlsOutputs({\n app,\n cloudfrontDistribution: cloudfront,\n map: {\n distributionDomain: \"cloudfrontApiDomain\",\n distributionUrl: \"cloudfrontApiUrl\",\n usedDomain: \"apiDomain\",\n usedUrl: \"apiUrl\"\n }\n });\n });\n // /**\n // * We need to attach the Sync System if it exists.\n // */\n // await attachSyncSystem({\n // app,\n // core,\n // env: app.params.run.env\n // });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"api\");\n\n return {\n fileManager,\n graphql,\n apiGateway,\n websocket,\n cloudfront,\n migration,\n backgroundTask,\n scheduler\n };\n }\n });\n\n const app = withServiceManifest(withCommonLambdaEnvVariables(baseApp));\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"api\",\n manifest: {\n bgTaskSfn: baseApp.resources.backgroundTask.stepFunction.output.arn,\n cloudfront: {\n distributionId: baseApp.resources.cloudfront.output.id,\n domain: baseApp.resources.cloudfront.output.domainName.apply(\n v => `https://${v}`\n )\n }\n }\n });\n\n app.addServiceManifest({\n name: \"scheduler\",\n manifest: {\n lambdaArn: baseApp.resources.graphql.functions.graphql.output.arn,\n roleArn: baseApp.resources.scheduler.invokeRole.output.arn\n }\n });\n });\n\n return app;\n};\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAwB,gBAAgB;AAClF,SACIC,iBAAiB,EACjBC,aAAa,EACbC,cAAc,EACdC,UAAU,EACVC,UAAU,EACVC,YAAY,EACZC,YAAY,EACZC,UAAU,EACVC,SAAS;AAEb,SACIC,qBAAqB,EACrBC,4BAA4B,EAC5BC,mBAAmB;AAEvB,SAASC,uBAAuB;AAChC;AACA,SAASC,oBAAoB,EAAEC,eAAe;AAE9C,SAASC,YAAY;AACrB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,yBAAyB;AAClC,SAASC,wBAAwB;AACjC,SAASC,qBAAqB;AAC9B,SAASC,SAAS,QAAQ,uCAAuC;AAIjE,OAAO,MAAMC,kBAAkB,GAAGA,CAAA,KAAM;EACpC,MAAMC,OAAO,GAAGxB,eAAe,CAAC;IAC5ByB,IAAI,EAAE,KAAK;IACXC,IAAI,EAAE,UAAU;IAChBC,OAAO,EAAE,MAAOC,GAAoC,IAAK;MACrD,MAAMC,GAAG,GAAG,MAAMX,aAAa,CAAC,CAAC;MACjC,MAAMY,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGf,yBAAyB,CAACW,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGf,wBAAwB,CAACU,aAAa,CAAC;MAEzE,IAAIM,kBAA2D,GAAG,IAAI;MAEtE,IAAID,yBAAyB,EAAE;QAC3BC,kBAAkB,GAAGD,yBAAyB;MAClD;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,UAAU,EAAE;YACnBC,OAAO,CAACC,GAAG,CAACC,kBAAkB,GAAGJ,MAAM,CAACC,UAAU;UACtD;UAEA,IAAID,MAAM,CAACK,WAAW,EAAE;YACpBH,OAAO,CAACC,GAAG,CAACG,uBAAuB,GAAGN,MAAM,CAACK,WAAW;UAC5D;UAEA,IAAIL,MAAM,CAACO,aAAa,EAAE;YACtBL,OAAO,CAACC,GAAG,CAACK,yBAAyB,GAAG,MAAM;UAClD;QACJ;MACJ;MAEA,IAAIb,wBAAwB,EAAE;QAC1BJ,GAAG,CAACkB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAACtB,IAAI,CAACuB,UAAU,CAAChB,wBAAwB,CAAC,EAAE;YACrDe,QAAQ,CAACtB,IAAI,GAAG,GAAGO,wBAAwB,GAAGe,QAAQ,CAACtB,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAACqB,UAAU,CAAC,YAAY;QACvB,MAAMC,YAAY,GAAG,MAAMrB,GAAG,CAACsB,eAAe,CAAC,CAAC;QAEhD,MAAMC,sBAAsB,GACxBlB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,IAAIgB,YAAY,CAACG,mCAAmC,CAAC,CAAC,EAAE;UACpDhC,qBAAqB,CAACO,GAAmB,CAAC;QAC9C;;QAEA;QACA,IAAIwB,sBAAsB,EAAE;UACxB,MAAM;YAAEN,UAAU;YAAEQ;UAAY,CAAC,GAAG1B,GAAG;UACvC,MAAM;YAAE2B;UAAe,CAAC,GAAGrB,mBAAmB;;UAE9C;UACA,IAAIqB,cAAc,EAAE;YAChB,IAAI,CAACA,cAAc,CAACC,wBAAwB,EAAE;cAC1C,MAAM,IAAIC,KAAK,CACX,6GACJ,CAAC;YACL;YAEAX,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAI9C,gBAAgB,CAAC8C,QAAQ,EAAEhD,GAAG,CAAC2D,MAAM,CAACC,QAAQ,CAAC,EAAE;gBACjD,MAAMC,SAAS,GAAGb,QAAQ,CAACc,IAAI,CAACD,SAAS,KAAK,KAAK;gBACnD,IAAIA,SAAS,EAAE;kBACXb,QAAQ,CAACe,MAAM,CAACC,SAAS,CACrBR,cAAc,CAAEC,wBACpB,CAAC;gBACL;cACJ;cAEA,IAAIvD,gBAAgB,CAAC8C,QAAQ,EAAEhD,GAAG,CAACiE,GAAG,CAACC,IAAI,CAAC,EAAE;gBAC1C,IAAIlB,QAAQ,CAACc,IAAI,CAACK,oBAAoB,EAAE;kBACpCZ,WAAW,CAACvD,GAAG,CAACiE,GAAG,CAACG,oBAAoB,EAAE;oBACtC1C,IAAI,EAAE,GAAGsB,QAAQ,CAACtB,IAAI,4BAA4B;oBAClDqC,MAAM,EAAE;sBACJM,IAAI,EAAErB,QAAQ,CAACsB,MAAM,CAAC5C,IAAI;sBAC1B6C,SAAS,EACLvE,GAAG,CAACiE,GAAG,CAACO,aAAa,CAChBC;oBACb;kBACJ,CAAC,CAAC;gBACN;cACJ;YACJ,CAAC,CAAC;UACN;QACJ;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMC,cAAc,GAAG5C,GAAG,CAAC6C,YAAY,CAAC,CAAC,CAACC,OAAO,CAACrD,SAAS,CAAC;MAE5DM,GAAG,CAACqB,UAAU,CAAC,MAAM;QACjB,OAAOwB,cAAc,CAACG,OAAO,CAAChD,GAA8B,CAAC;MACjE,CAAC,CAAC;MAEF,MAAMiD,YAAY,GAAGjD,GAAG,CAACY,GAAG,CAACqC,YAAY;;MAEzC;MACA,MAAMC,IAAI,GAAGlD,GAAG,CAACmD,SAAS,CAACtE,UAAU,CAAC;;MAEtC;MACA,MAAMuE,UAAU,GACZ9C,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvC2C,YAAY;MAEhBjD,GAAG,CAACmD,SAAS,CAACrE,SAAS,EAAE;QAAEuE,OAAO,EAAED;MAAW,CAAC,CAAC;MAEjD,MAAME,OAAO,GAAGtD,GAAG,CAACmD,SAAS,CAACzE,UAAU,EAAE;QACtCkC,GAAG,EAAE;UACD2C,cAAc,EAAErE,uBAAuB,CAAC,CAAC;UACzCsE,oBAAoB,EAAEN,IAAI,CAACO,iBAAiB;UAC5CC,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,mBAAmB,EAAEV,IAAI,CAACW,0BAA0B;UACpDC,mBAAmB,EAAEZ,IAAI,CAACa,2BAA2B;UACrDC,mBAAmB,EAAEd,IAAI,CAACe,wBAAwB;UAElD;UACA;UACAlD,uBAAuB,EAAEJ,OAAO,CAACC,GAAG,CAACG,uBAAuB;UAC5DE,yBAAyB,EAAEN,OAAO,CAACC,GAAG,CAACK,yBAAyB;UAEhEiD,SAAS,EAAEhB,IAAI,CAACiB,mBAAmB;UACnCC,SAAS,EAAElB,IAAI,CAACmB,WAAW;UAC3B;UACAC,WAAW,EAAE3D,OAAO,CAACC,GAAG,CAAC,aAAa;QAC1C;MACJ,CAAC,CAAC;MAEF,MAAM2D,SAAS,GAAGvE,GAAG,CAACmD,SAAS,CAACvE,YAAY,CAAC;MAE7C,MAAM4F,WAAW,GAAGxE,GAAG,CAACmD,SAAS,CAAC3E,cAAc,EAAE;QAC9CoC,GAAG,EAAE;UACD8C,QAAQ,EAAER,IAAI,CAACS,wBAAwB;UACvCC,mBAAmB,EAAEV,IAAI,CAACW;QAC9B;MACJ,CAAC,CAAC;MAEF,MAAMY,UAAU,GAAGzE,GAAG,CAACmD,SAAS,CAAC1E,UAAU,EAAE;QACzC,cAAc,EAAE;UACZqB,IAAI,EAAE,UAAU;UAChB4E,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAErB,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAACoC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACf/E,IAAI,EAAE,UAAU;UAChB4E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAErB,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAACoC;QAC/C,CAAC;QACD,WAAW,EAAE;UACT/E,IAAI,EAAE,gBAAgB;UACtB4E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC;QACpD,CAAC;QACD,aAAa,EAAE;UACX/E,IAAI,EAAE,kBAAkB;UACxB4E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC;QACpD,CAAC;QACD,UAAU,EAAE;UACR/E,IAAI,EAAE,aAAa;UACnB4E,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAErB,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAACoC;QAC/C,CAAC;QACD,aAAa,EAAE;UACX/E,IAAI,EAAE,aAAa;UACnB4E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAErB,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAACoC;QAC/C,CAAC;QACD,eAAe,EAAE;UACb/E,IAAI,EAAE,eAAe;UACrB4E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAErB,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAACoC;QAC/C,CAAC;QACD,mBAAmB,EAAE;UACjB/E,IAAI,EAAE,eAAe;UACrB4E,MAAM,EAAE,SAAS;UACjBC,QAAQ,EAAErB,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAACoC;QAC/C,CAAC;QACD,iBAAiB,EAAE;UACf/E,IAAI,EAAE,UAAU;UAChB4E,MAAM,EAAE,KAAK;UACbC,QAAQ,EAAEH,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC;QACpD;MACJ,CAAC,CAAC;MAEF,MAAME,UAAU,GAAG/E,GAAG,CAACmD,SAAS,CAAC5E,aAAa,CAAC;MAC/C,MAAMyG,cAAc,GAAGhF,GAAG,CAACmD,SAAS,CAAC7E,iBAAiB,CAAC;MACvD,MAAM2G,SAAS,GAAGjF,GAAG,CAACmD,SAAS,CAACxE,YAAY,CAAC;MAC7C,MAAMuG,SAAS,GAAGlF,GAAG,CAACmD,SAAS,CAAC9D,YAAY,CAAC;;MAE7C;MACA;MACA;MACA;;MAEAW,GAAG,CAACmF,UAAU,CAAC;QACXC,YAAY,EAAEhG,eAAe,CAACY,GAAG,CAAC;QAClCqF,MAAM,EAAElH,GAAG,CAAC+D,MAAM,CAACmD,MAAM;QACzB5B,iBAAiB,EAAEP,IAAI,CAACO,iBAAiB;QACzC6B,kBAAkB,EAAEpC,IAAI,CAACoC,kBAAkB;QAC3CC,6BAA6B,EAAErC,IAAI,CAACqC,6BAA6B;QACjEC,aAAa,EAAEtC,IAAI,CAACS,wBAAwB;QAC5C8B,sBAAsB,EAAEvC,IAAI,CAACW,0BAA0B;QACvD6B,kBAAkB,EAAET,SAAS,CAACN,QAAQ,CAAClC,MAAM,CAACoC,GAAG;QACjDc,iBAAiB,EAAErC,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAAC5C,IAAI;QACxD+F,iBAAiB,EAAEtC,OAAO,CAACd,IAAI,CAACC,MAAM,CAACoC,GAAG;QAC1CgB,qBAAqB,EAAEvC,OAAO,CAACd,IAAI,CAACC,MAAM,CAAC5C,IAAI;QAC/CiG,uBAAuB,EAAEd,cAAc,CAACA,cAAc,CAACvC,MAAM,CAACoC,GAAG;QACjEkB,6BAA6B,EAAEf,cAAc,CAACgB,YAAY,CAACvD,MAAM,CAACoC,GAAG;QACrEoB,4BAA4B,EAAEzB,WAAW,CAACI,SAAS,CAACE,QAAQ,CAACrC,MAAM,CAACoC,GAAG;QACvEqB,cAAc,EAAE3B,SAAS,CAAC4B,YAAY,CAAC1D,MAAM,CAAC2D,EAAE;QAChDC,eAAe,EAAE9B,SAAS,CAAC8B,eAAe;QAC1CC,yBAAyB,EAAEpB,SAAS,CAACqB,UAAU,CAAC9D,MAAM,CAACoC;MAC3D,CAAC,CAAC;;MAEF;MACA,IAAIrE,kBAAkB,EAAE;QACpBR,GAAG,CAACmF,UAAU,CAAC;UACXqB,uBAAuB,EAAEtD,IAAI,CAACa;QAClC,CAAC,CAAC;MACN;MAEA/D,GAAG,CAACqB,UAAU,CAAC,MAAM;QACjBtC,qBAAqB,CAAC;UAClBiB,GAAG;UACHyG,sBAAsB,EAAE1B,UAAU;UAClC2B,GAAG,EAAE;YACDC,kBAAkB,EAAE,qBAAqB;YACzCC,eAAe,EAAE,kBAAkB;YACnCC,UAAU,EAAE,WAAW;YACvBC,OAAO,EAAE;UACb;QACJ,CAAC,CAAC;MACN,CAAC,CAAC;MACF;MACA;MACA;MACA;MACA;MACA;MACA;MACA;;MAEA;MACA,MAAM3H,oBAAoB,CAAC,KAAK,CAAC;MAEjC,OAAO;QACHqF,WAAW;QACXlB,OAAO;QACPmB,UAAU;QACVF,SAAS;QACTQ,UAAU;QACVE,SAAS;QACTD,cAAc;QACdE;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMlF,GAAG,GAAGf,mBAAmB,CAACD,4BAA4B,CAACY,OAAO,CAAC,CAAC;EAEtEI,GAAG,CAACqB,UAAU,CAAC,MAAM;IACjBrB,GAAG,CAAC+G,kBAAkB,CAAC;MACnBlH,IAAI,EAAE,KAAK;MACXmH,QAAQ,EAAE;QACNC,SAAS,EAAErH,OAAO,CAACsH,SAAS,CAAClC,cAAc,CAACgB,YAAY,CAACvD,MAAM,CAACoC,GAAG;QACnEE,UAAU,EAAE;UACRoC,cAAc,EAAEvH,OAAO,CAACsH,SAAS,CAACnC,UAAU,CAACtC,MAAM,CAAC2D,EAAE;UACtDgB,MAAM,EAAExH,OAAO,CAACsH,SAAS,CAACnC,UAAU,CAACtC,MAAM,CAAC/B,UAAU,CAAC2G,KAAK,CACxDC,CAAC,IAAI,WAAWA,CAAC,EACrB;QACJ;MACJ;IACJ,CAAC,CAAC;IAEFtH,GAAG,CAAC+G,kBAAkB,CAAC;MACnBlH,IAAI,EAAE,WAAW;MACjBmH,QAAQ,EAAE;QACNO,SAAS,EAAE3H,OAAO,CAACsH,SAAS,CAAC5D,OAAO,CAACsB,SAAS,CAACtB,OAAO,CAACb,MAAM,CAACoC,GAAG;QACjE2C,OAAO,EAAE5H,OAAO,CAACsH,SAAS,CAAChC,SAAS,CAACqB,UAAU,CAAC9D,MAAM,CAACoC;MAC3D;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAO7E,GAAG;AACd,CAAC","ignoreList":[]}
package/pulumi/apps/common/CoreOutput.d.ts CHANGED
@@ -15,10 +15,6 @@ export interface ICoreOutput {
15
15
  primaryDynamodbTableName: string;
16
16
  primaryDynamodbTableHashKey: string;
17
17
  primaryDynamodbTableRangeKey: string;
18
- logDynamodbTableArn: string;
19
- logDynamodbTableName: string;
20
- logDynamodbTableHashKey: string;
21
- logDynamodbTableRangeKey: string;
22
18
  auditLogsDynamodbTableArn: string;
23
19
  auditLogsDynamodbTableName: string;
24
20
  auditLogsDynamodbTableHashKey: string;
package/pulumi/apps/common/CoreOutput.js CHANGED
@@ -15,10 +15,6 @@ export const CoreOutput = createAppModule({
15
15
  primaryDynamodbTableName: output["primaryDynamodbTableName"],
16
16
  primaryDynamodbTableHashKey: output["primaryDynamodbTableHashKey"],
17
17
  primaryDynamodbTableRangeKey: output["primaryDynamodbTableRangeKey"],
18
- logDynamodbTableArn: output["logDynamodbTableArn"],
19
- logDynamodbTableName: output["logDynamodbTableName"],
20
- logDynamodbTableHashKey: output["logDynamodbTableHashKey"],
21
- logDynamodbTableRangeKey: output["logDynamodbTableRangeKey"],
22
18
  auditLogsDynamodbTableArn: output["auditLogsDynamodbTableArn"],
23
19
  auditLogsDynamodbTableName: output["auditLogsDynamodbTableName"],
24
20
  auditLogsDynamodbTableHashKey: output["auditLogsDynamodbTableHashKey"],
package/pulumi/apps/common/CoreOutput.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["createAppModule","ProjectSdk","CoreOutput","name","config","app","addHandler","sdk","init","output","getAppStackOutput","Error","fileManagerBucketId","primaryDynamodbTableArn","primaryDynamodbTableName","primaryDynamodbTableHashKey","primaryDynamodbTableRangeKey","logDynamodbTableArn","logDynamodbTableName","logDynamodbTableHashKey","logDynamodbTableRangeKey","auditLogsDynamodbTableArn","auditLogsDynamodbTableName","auditLogsDynamodbTableHashKey","auditLogsDynamodbTableRangeKey","cognitoUserPoolId","cognitoUserPoolArn","cognitoUserPoolPasswordPolicy","cognitoAppClientId","eventBusName","eventBusArn","vpcPublicSubnetIds","vpcPrivateSubnetIds","vpcSecurityGroupIds","opensearchDomainArn","opensearchDomainEndpoint","opensearchDynamodbTableArn","opensearchDynamodbTableName"],"sources":["CoreOutput.ts"],"sourcesContent":["import { createAppModule, type PulumiAppModule } from \"@webiny/pulumi\";\nimport { ProjectSdk } from \"@webiny/project\";\n\nexport type CoreOutput = PulumiAppModule<typeof CoreOutput>;\n\nexport interface ICoreOutput {\n deploymentId: string;\n region: string;\n dynamoDbTable: string;\n iotAuthorizerName: string;\n cognitoUserPoolArn: string;\n cognitoAppClientId: string;\n cognitoUserPoolId: string;\n cognitoUserPoolPasswordPolicy: string;\n fileManagerBucketId: string;\n fileManagerBucketArn: string;\n primaryDynamodbTableArn: string;\n primaryDynamodbTableName: string;\n primaryDynamodbTableHashKey: string;\n primaryDynamodbTableRangeKey: string;\n logDynamodbTableArn: string;\n logDynamodbTableName: string;\n logDynamodbTableHashKey: string;\n logDynamodbTableRangeKey: string;\n auditLogsDynamodbTableArn: string;\n auditLogsDynamodbTableName: string;\n auditLogsDynamodbTableHashKey: string;\n auditLogsDynamodbTableRangeKey: string;\n eventBusName: string;\n eventBusArn: string;\n vpcPublicSubnetIds: string[] | undefined;\n vpcPrivateSubnetIds: string[] | undefined;\n vpcSecurityGroupIds: string[] | undefined;\n opensearchDomainArn: string | undefined;\n opensearchDomainEndpoint: string | undefined;\n opensearchDynamodbTableHashKey: string;\n opensearchDynamodbTableRangeKey: string;\n opensearchDynamodbTableArn: string | undefined;\n opensearchDynamodbTableName: string | undefined;\n}\n\nexport const CoreOutput = createAppModule({\n name: \"CoreOutput\",\n config(app) {\n return app.addHandler(async () => {\n const sdk = await ProjectSdk.init();\n\n const output = await sdk.getAppStackOutput(\"core\");\n if (!output) {\n throw new Error(\"Core application is not deployed.\");\n }\n\n return {\n fileManagerBucketId: output[\"fileManagerBucketId\"],\n primaryDynamodbTableArn: output[\"primaryDynamodbTableArn\"],\n primaryDynamodbTableName: output[\"primaryDynamodbTableName\"],\n primaryDynamodbTableHashKey: output[\"primaryDynamodbTableHashKey\"],\n primaryDynamodbTableRangeKey: output[\"primaryDynamodbTableRangeKey\"],\n logDynamodbTableArn: output[\"logDynamodbTableArn\"],\n logDynamodbTableName: output[\"logDynamodbTableName\"],\n logDynamodbTableHashKey: output[\"logDynamodbTableHashKey\"],\n logDynamodbTableRangeKey: output[\"logDynamodbTableRangeKey\"],\n auditLogsDynamodbTableArn: output[\"auditLogsDynamodbTableArn\"],\n auditLogsDynamodbTableName: output[\"auditLogsDynamodbTableName\"],\n auditLogsDynamodbTableHashKey: output[\"auditLogsDynamodbTableHashKey\"],\n auditLogsDynamodbTableRangeKey: output[\"auditLogsDynamodbTableRangeKey\"],\n cognitoUserPoolId: output[\"cognitoUserPoolId\"],\n cognitoUserPoolArn: output[\"cognitoUserPoolArn\"],\n cognitoUserPoolPasswordPolicy: output[\"cognitoUserPoolPasswordPolicy\"],\n cognitoAppClientId: output[\"cognitoAppClientId\"],\n eventBusName: output[\"eventBusName\"],\n eventBusArn: output[\"eventBusArn\"],\n // These outputs are optional, since VPC is not always enabled.\n vpcPublicSubnetIds: output[\"vpcPublicSubnetIds\"],\n vpcPrivateSubnetIds: output[\"vpcPrivateSubnetIds\"],\n vpcSecurityGroupIds: output[\"vpcSecurityGroupIds\"],\n // These outputs are optional, since Opensearch is not always enabled.\n opensearchDomainArn: output[\"opensearchDomainArn\"],\n opensearchDomainEndpoint: output[\"opensearchDomainEndpoint\"],\n opensearchDynamodbTableArn: output[\"opensearchDynamodbTableArn\"],\n opensearchDynamodbTableName: output[\"opensearchDynamodbTableName\"]\n } as ICoreOutput;\n });\n }\n});\n"],"mappings":"AAAA,SAASA,eAAe,QAA8B,gBAAgB;AACtE,SAASC,UAAU,QAAQ,iBAAiB;AAwC5C,OAAO,MAAMC,UAAU,GAAGF,eAAe,CAAC;EACtCG,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAG,EAAE;IACR,OAAOA,GAAG,CAACC,UAAU,CAAC,YAAY;MAC9B,MAAMC,GAAG,GAAG,MAAMN,UAAU,CAACO,IAAI,CAAC,CAAC;MAEnC,MAAMC,MAAM,GAAG,MAAMF,GAAG,CAACG,iBAAiB,CAAC,MAAM,CAAC;MAClD,IAAI,CAACD,MAAM,EAAE;QACT,MAAM,IAAIE,KAAK,CAAC,mCAAmC,CAAC;MACxD;MAEA,OAAO;QACHC,mBAAmB,EAAEH,MAAM,CAAC,qBAAqB,CAAC;QAClDI,uBAAuB,EAAEJ,MAAM,CAAC,yBAAyB,CAAC;QAC1DK,wBAAwB,EAAEL,MAAM,CAAC,0BAA0B,CAAC;QAC5DM,2BAA2B,EAAEN,MAAM,CAAC,6BAA6B,CAAC;QAClEO,4BAA4B,EAAEP,MAAM,CAAC,8BAA8B,CAAC;QACpEQ,mBAAmB,EAAER,MAAM,CAAC,qBAAqB,CAAC;QAClDS,oBAAoB,EAAET,MAAM,CAAC,sBAAsB,CAAC;QACpDU,uBAAuB,EAAEV,MAAM,CAAC,yBAAyB,CAAC;QAC1DW,wBAAwB,EAAEX,MAAM,CAAC,0BAA0B,CAAC;QAC5DY,yBAAyB,EAAEZ,MAAM,CAAC,2BAA2B,CAAC;QAC9Da,0BAA0B,EAAEb,MAAM,CAAC,4BAA4B,CAAC;QAChEc,6BAA6B,EAAEd,MAAM,CAAC,+BAA+B,CAAC;QACtEe,8BAA8B,EAAEf,MAAM,CAAC,gCAAgC,CAAC;QACxEgB,iBAAiB,EAAEhB,MAAM,CAAC,mBAAmB,CAAC;QAC9CiB,kBAAkB,EAAEjB,MAAM,CAAC,oBAAoB,CAAC;QAChDkB,6BAA6B,EAAElB,MAAM,CAAC,+BAA+B,CAAC;QACtEmB,kBAAkB,EAAEnB,MAAM,CAAC,oBAAoB,CAAC;QAChDoB,YAAY,EAAEpB,MAAM,CAAC,cAAc,CAAC;QACpCqB,WAAW,EAAErB,MAAM,CAAC,aAAa,CAAC;QAClC;QACAsB,kBAAkB,EAAEtB,MAAM,CAAC,oBAAoB,CAAC;QAChDuB,mBAAmB,EAAEvB,MAAM,CAAC,qBAAqB,CAAC;QAClDwB,mBAAmB,EAAExB,MAAM,CAAC,qBAAqB,CAAC;QAClD;QACAyB,mBAAmB,EAAEzB,MAAM,CAAC,qBAAqB,CAAC;QAClD0B,wBAAwB,EAAE1B,MAAM,CAAC,0BAA0B,CAAC;QAC5D2B,0BAA0B,EAAE3B,MAAM,CAAC,4BAA4B,CAAC;QAChE4B,2BAA2B,EAAE5B,MAAM,CAAC,6BAA6B;MACrE,CAAC;IACL,CAAC,CAAC;EACN;AACJ,CAAC,CAAC","ignoreList":[]}
1
+ {"version":3,"names":["createAppModule","ProjectSdk","CoreOutput","name","config","app","addHandler","sdk","init","output","getAppStackOutput","Error","fileManagerBucketId","primaryDynamodbTableArn","primaryDynamodbTableName","primaryDynamodbTableHashKey","primaryDynamodbTableRangeKey","auditLogsDynamodbTableArn","auditLogsDynamodbTableName","auditLogsDynamodbTableHashKey","auditLogsDynamodbTableRangeKey","cognitoUserPoolId","cognitoUserPoolArn","cognitoUserPoolPasswordPolicy","cognitoAppClientId","eventBusName","eventBusArn","vpcPublicSubnetIds","vpcPrivateSubnetIds","vpcSecurityGroupIds","opensearchDomainArn","opensearchDomainEndpoint","opensearchDynamodbTableArn","opensearchDynamodbTableName"],"sources":["CoreOutput.ts"],"sourcesContent":["import { createAppModule, type PulumiAppModule } from \"@webiny/pulumi\";\nimport { ProjectSdk } from \"@webiny/project\";\n\nexport type CoreOutput = PulumiAppModule<typeof CoreOutput>;\n\nexport interface ICoreOutput {\n deploymentId: string;\n region: string;\n dynamoDbTable: string;\n iotAuthorizerName: string;\n cognitoUserPoolArn: string;\n cognitoAppClientId: string;\n cognitoUserPoolId: string;\n cognitoUserPoolPasswordPolicy: string;\n fileManagerBucketId: string;\n fileManagerBucketArn: string;\n primaryDynamodbTableArn: string;\n primaryDynamodbTableName: string;\n primaryDynamodbTableHashKey: string;\n primaryDynamodbTableRangeKey: string;\n auditLogsDynamodbTableArn: string;\n auditLogsDynamodbTableName: string;\n auditLogsDynamodbTableHashKey: string;\n auditLogsDynamodbTableRangeKey: string;\n eventBusName: string;\n eventBusArn: string;\n vpcPublicSubnetIds: string[] | undefined;\n vpcPrivateSubnetIds: string[] | undefined;\n vpcSecurityGroupIds: string[] | undefined;\n opensearchDomainArn: string | undefined;\n opensearchDomainEndpoint: string | undefined;\n opensearchDynamodbTableHashKey: string;\n opensearchDynamodbTableRangeKey: string;\n opensearchDynamodbTableArn: string | undefined;\n opensearchDynamodbTableName: string | undefined;\n}\n\nexport const CoreOutput = createAppModule({\n name: \"CoreOutput\",\n config(app) {\n return app.addHandler(async () => {\n const sdk = await ProjectSdk.init();\n\n const output = await sdk.getAppStackOutput(\"core\");\n if (!output) {\n throw new Error(\"Core application is not deployed.\");\n }\n\n return {\n fileManagerBucketId: output[\"fileManagerBucketId\"],\n primaryDynamodbTableArn: output[\"primaryDynamodbTableArn\"],\n primaryDynamodbTableName: output[\"primaryDynamodbTableName\"],\n primaryDynamodbTableHashKey: output[\"primaryDynamodbTableHashKey\"],\n primaryDynamodbTableRangeKey: output[\"primaryDynamodbTableRangeKey\"],\n auditLogsDynamodbTableArn: output[\"auditLogsDynamodbTableArn\"],\n auditLogsDynamodbTableName: output[\"auditLogsDynamodbTableName\"],\n auditLogsDynamodbTableHashKey: output[\"auditLogsDynamodbTableHashKey\"],\n auditLogsDynamodbTableRangeKey: output[\"auditLogsDynamodbTableRangeKey\"],\n cognitoUserPoolId: output[\"cognitoUserPoolId\"],\n cognitoUserPoolArn: output[\"cognitoUserPoolArn\"],\n cognitoUserPoolPasswordPolicy: output[\"cognitoUserPoolPasswordPolicy\"],\n cognitoAppClientId: output[\"cognitoAppClientId\"],\n eventBusName: output[\"eventBusName\"],\n eventBusArn: output[\"eventBusArn\"],\n // These outputs are optional, since VPC is not always enabled.\n vpcPublicSubnetIds: output[\"vpcPublicSubnetIds\"],\n vpcPrivateSubnetIds: output[\"vpcPrivateSubnetIds\"],\n vpcSecurityGroupIds: output[\"vpcSecurityGroupIds\"],\n // These outputs are optional, since Opensearch is not always enabled.\n opensearchDomainArn: output[\"opensearchDomainArn\"],\n opensearchDomainEndpoint: output[\"opensearchDomainEndpoint\"],\n opensearchDynamodbTableArn: output[\"opensearchDynamodbTableArn\"],\n opensearchDynamodbTableName: output[\"opensearchDynamodbTableName\"]\n } as ICoreOutput;\n });\n }\n});\n"],"mappings":"AAAA,SAASA,eAAe,QAA8B,gBAAgB;AACtE,SAASC,UAAU,QAAQ,iBAAiB;AAoC5C,OAAO,MAAMC,UAAU,GAAGF,eAAe,CAAC;EACtCG,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAG,EAAE;IACR,OAAOA,GAAG,CAACC,UAAU,CAAC,YAAY;MAC9B,MAAMC,GAAG,GAAG,MAAMN,UAAU,CAACO,IAAI,CAAC,CAAC;MAEnC,MAAMC,MAAM,GAAG,MAAMF,GAAG,CAACG,iBAAiB,CAAC,MAAM,CAAC;MAClD,IAAI,CAACD,MAAM,EAAE;QACT,MAAM,IAAIE,KAAK,CAAC,mCAAmC,CAAC;MACxD;MAEA,OAAO;QACHC,mBAAmB,EAAEH,MAAM,CAAC,qBAAqB,CAAC;QAClDI,uBAAuB,EAAEJ,MAAM,CAAC,yBAAyB,CAAC;QAC1DK,wBAAwB,EAAEL,MAAM,CAAC,0BAA0B,CAAC;QAC5DM,2BAA2B,EAAEN,MAAM,CAAC,6BAA6B,CAAC;QAClEO,4BAA4B,EAAEP,MAAM,CAAC,8BAA8B,CAAC;QACpEQ,yBAAyB,EAAER,MAAM,CAAC,2BAA2B,CAAC;QAC9DS,0BAA0B,EAAET,MAAM,CAAC,4BAA4B,CAAC;QAChEU,6BAA6B,EAAEV,MAAM,CAAC,+BAA+B,CAAC;QACtEW,8BAA8B,EAAEX,MAAM,CAAC,gCAAgC,CAAC;QACxEY,iBAAiB,EAAEZ,MAAM,CAAC,mBAAmB,CAAC;QAC9Ca,kBAAkB,EAAEb,MAAM,CAAC,oBAAoB,CAAC;QAChDc,6BAA6B,EAAEd,MAAM,CAAC,+BAA+B,CAAC;QACtEe,kBAAkB,EAAEf,MAAM,CAAC,oBAAoB,CAAC;QAChDgB,YAAY,EAAEhB,MAAM,CAAC,cAAc,CAAC;QACpCiB,WAAW,EAAEjB,MAAM,CAAC,aAAa,CAAC;QAClC;QACAkB,kBAAkB,EAAElB,MAAM,CAAC,oBAAoB,CAAC;QAChDmB,mBAAmB,EAAEnB,MAAM,CAAC,qBAAqB,CAAC;QAClDoB,mBAAmB,EAAEpB,MAAM,CAAC,qBAAqB,CAAC;QAClD;QACAqB,mBAAmB,EAAErB,MAAM,CAAC,qBAAqB,CAAC;QAClDsB,wBAAwB,EAAEtB,MAAM,CAAC,0BAA0B,CAAC;QAC5DuB,0BAA0B,EAAEvB,MAAM,CAAC,4BAA4B,CAAC;QAChEwB,2BAA2B,EAAExB,MAAM,CAAC,6BAA6B;MACrE,CAAC;IACL,CAAC,CAAC;EACN;AACJ,CAAC,CAAC","ignoreList":[]}
package/pulumi/apps/core/CoreOpenSearch.js CHANGED
@@ -11,7 +11,6 @@ import { createAppModule } from "@webiny/pulumi";
11
11
  import { getAwsAccountId } from "../awsUtils.js";
12
12
  import { CoreVpc } from "./CoreVpc.js";
13
13
  import { LAMBDA_RUNTIME } from "../../constants.js";
14
- import { LogDynamo } from "./LogDynamo.js";
15
14
  function getDevClusterConfig() {
16
15
  return {
17
16
  instanceType: "t3.small.search"
@@ -36,7 +35,6 @@ export const OpenSearch = createAppModule({
36
35
  const vpc = app.getModule(CoreVpc, {
37
36
  optional: true
38
37
  });
39
- const logDynamoDbTable = app.getModule(LogDynamo);
40
38
 
41
39
  // This needs to be implemented in order to be able to use a shared OpenSearch cluster.
42
40
  let domain;
@@ -231,8 +229,7 @@ export const OpenSearch = createAppModule({
231
229
  environment: {
232
230
  variables: {
233
231
  DEBUG: String(process.env.DEBUG),
234
- OPENSEARCH_ENDPOINT: domain.output.endpoint,
235
- DB_TABLE_LOG: logDynamoDbTable.output.name
232
+ OPENSEARCH_ENDPOINT: domain.output.endpoint
236
233
  }
237
234
  },
238
235
  description: "Process DynamoDB Stream.",
package/pulumi/apps/core/CoreOpenSearch.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["path","pulumi","aws","random","createAppModule","getAwsAccountId","CoreVpc","LAMBDA_RUNTIME","LogDynamo","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","OS_ENGINE_VERSION","OpenSearch","name","config","app","params","isProduction","env","vpc","getModule","optional","logDynamoDbTable","domain","domainPolicy","process","AWS_OS_DOMAIN_NAME","domainName","String","addRemoteResource","opensearch","getDomain","async","randomId","RandomId","byteLength","namePrefix","getParam","create","pulumiResourceNamePrefix","domainLogicalName","domainPhysicalName","hex","apply","slice","addResource","Domain","engineVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","accountId","DomainPolicy","accessPolicies","all","arn","domainArn","JSON","stringify","Version","Statement","Effect","Principal","AWS","Action","Resource","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","globalSecondaryIndexes","projectionType","ttl","attributeName","enabled","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","handler","timeout","memorySize","environment","variables","DEBUG","OPENSEARCH_ENDPOINT","endpoint","DB_TABLE_LOG","description","code","asset","AssetArchive","FileArchive","join","paths","workspace","vpcConfig","loggingConfig","logFormat","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","opensearchDomainArn","opensearchDomainEndpoint","opensearchDynamodbTableArn","opensearchDynamodbTableName","dynamoToElastic","Policy","Sid","interpolate"],"sources":["CoreOpenSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as random from \"@pulumi/random\";\nimport {\n createAppModule,\n type PulumiApp,\n type PulumiAppRemoteResource,\n type PulumiAppResource,\n type PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\nimport { LogDynamo } from \"~/pulumi/apps/core/LogDynamo.js\";\n\nexport interface OpenSearchParams {\n protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n instanceType: \"t3.small.search\"\n };\n}\n\nfunction getProdClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n // For production deployments, we create 3 instances and configure multi-AZ across 3 zones.\n instanceType: \"t3.medium.search\",\n instanceCount: 3,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 3\n }\n };\n}\n\nconst OS_ENGINE_VERSION = \"OpenSearch_3.3\";\n\nexport const OpenSearch = createAppModule({\n name: \"OpenSearch\",\n config(app, params: OpenSearchParams) {\n const isProduction = app.env.isProduction;\n\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n const logDynamoDbTable = app.getModule(LogDynamo);\n\n // This needs to be implemented in order to be able to use a shared OpenSearch cluster.\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain>>\n | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>;\n\n let domainPolicy;\n\n if (process.env.AWS_OS_DOMAIN_NAME) {\n const domainName = String(process.env.AWS_OS_DOMAIN_NAME);\n // This can be useful for testing purposes in ephemeral environments. More information here:\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(domainName, () => {\n return aws.opensearch.getDomain({ domainName }, { async: true });\n });\n } else {\n const randomId = new random.RandomId(\"osDomainRandomId\", { byteLength: 8 });\n const namePrefix = app.getParam(app.params.create.pulumiResourceNamePrefix) || \"\";\n\n const domainLogicalName = \"webiny-js\";\n const domainPhysicalName = randomId.hex.apply((hex: string) => {\n return `${namePrefix}${domainLogicalName}-${hex.slice(-7)}`;\n });\n\n domain = app.addResource(aws.opensearch.Domain, {\n name: domainLogicalName,\n config: {\n domainName: domainPhysicalName,\n engineVersion: OS_ENGINE_VERSION,\n clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n /**\n * Domain policy defines who can access your OpenSearch Domain.\n * For details on OpenSearch security, read the official documentation:\n * https://docs.aws.amazon.com/openSearch-service/latest/developerguide/security.html\n */\n const accountId = getAwsAccountId(app);\n\n domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {\n name: `${domainLogicalName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: pulumi\n .all([accountId, domain.output.arn])\n .apply(([accountId, domainArn]) => {\n return JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [\n /**\n * Allow requests signed with current account\n */\n {\n Effect: \"Allow\",\n Principal: {\n AWS: accountId\n },\n Action: \"es:*\",\n Resource: `${domainArn}/*`\n }\n ]\n });\n })\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for OpenSearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your OpenSearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with OpenSearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" },\n { name: \"GSI_TENANT\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\",\n globalSecondaryIndexes: [\n {\n name: \"GSI_TENANT\",\n hashKey: \"GSI_TENANT\",\n projectionType: \"KEYS_ONLY\"\n }\n ],\n ttl: {\n attributeName: \"expiresAt\",\n enabled: true\n }\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n if (vpc) {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n } else {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n }\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains OpenSearch items.\n * OpenSearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for OpenSearch in a DynamoDB table, and asynchronously insert it into OpenSearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 900,\n memorySize: 1024,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n OPENSEARCH_ENDPOINT: domain.output.endpoint,\n DB_TABLE_LOG: logDynamoDbTable.output.name\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n loggingConfig: {\n logFormat: \"JSON\"\n }\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 50,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n opensearchDomainArn: domain.output.arn,\n opensearchDomainEndpoint: domain.output.endpoint,\n opensearchDynamodbTableArn: table.output.arn,\n opensearchDynamodbTableName: table.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n app: PulumiApp,\n domain: pulumi.Output<aws.opensearch.Domain | aws.opensearch.GetDomainResult>\n) {\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpGet\",\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\",\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${domain.arn}`,\n pulumi.interpolate`${domain.arn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA,OAAOA,IAAI,MAAM,MAAM;AACvB,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,GAAG,MAAM,aAAa;AAClC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SACIC,eAAe,QAKZ,gBAAgB;AAEvB,SAASC,eAAe;AACxB,SAASC,OAAO;AAChB,SAASC,cAAc;AACvB,SAASC,SAAS;AAMlB,SAASC,mBAAmBA,CAAA,EAAmD;EAC3E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAmD;EAC5E,OAAO;IACH;IACAD,YAAY,EAAE,kBAAkB;IAChCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEA,MAAMC,iBAAiB,GAAG,gBAAgB;AAE1C,OAAO,MAAMC,UAAU,GAAGb,eAAe,CAAC;EACtCc,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAG,EAAEC,MAAwB,EAAE;IAClC,MAAMC,YAAY,GAAGF,GAAG,CAACG,GAAG,CAACD,YAAY;IAEzC,MAAME,GAAG,GAAGJ,GAAG,CAACK,SAAS,CAACnB,OAAO,EAAE;MAAEoB,QAAQ,EAAE;IAAK,CAAC,CAAC;IAEtD,MAAMC,gBAAgB,GAAGP,GAAG,CAACK,SAAS,CAACjB,SAAS,CAAC;;IAEjD;IACA,IAAIoB,MAEyD;IAE7D,IAAIC,YAAY;IAEhB,IAAIC,OAAO,CAACP,GAAG,CAACQ,kBAAkB,EAAE;MAChC,MAAMC,UAAU,GAAGC,MAAM,CAACH,OAAO,CAACP,GAAG,CAACQ,kBAAkB,CAAC;MACzD;MACA;MACAH,MAAM,GAAGR,GAAG,CAACc,iBAAiB,CAACF,UAAU,EAAE,MAAM;QAC7C,OAAO9B,GAAG,CAACiC,UAAU,CAACC,SAAS,CAAC;UAAEJ;QAAW,CAAC,EAAE;UAAEK,KAAK,EAAE;QAAK,CAAC,CAAC;MACpE,CAAC,CAAC;IACN,CAAC,MAAM;MACH,MAAMC,QAAQ,GAAG,IAAInC,MAAM,CAACoC,QAAQ,CAAC,kBAAkB,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAC3E,MAAMC,UAAU,GAAGrB,GAAG,CAACsB,QAAQ,CAACtB,GAAG,CAACC,MAAM,CAACsB,MAAM,CAACC,wBAAwB,CAAC,IAAI,EAAE;MAEjF,MAAMC,iBAAiB,GAAG,WAAW;MACrC,MAAMC,kBAAkB,GAAGR,QAAQ,CAACS,GAAG,CAACC,KAAK,CAAED,GAAW,IAAK;QAC3D,OAAO,GAAGN,UAAU,GAAGI,iBAAiB,IAAIE,GAAG,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;MAC/D,CAAC,CAAC;MAEFrB,MAAM,GAAGR,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACiC,UAAU,CAACgB,MAAM,EAAE;QAC5CjC,IAAI,EAAE2B,iBAAiB;QACvB1B,MAAM,EAAE;UACJa,UAAU,EAAEc,kBAAkB;UAC9BM,aAAa,EAAEpC,iBAAiB;UAChCqC,aAAa,EAAE/B,YAAY,GAAGX,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5E6C,UAAU,EAAE9B,GAAG,GACT;YACI+B,SAAS,EAAE/B,GAAG,CAACgC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAACtC,GAAG,CAACA,GAAG,CAACoC,MAAM,CAACG,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAEpD,MAAM,CAACoD;QAAQ;MACpC,CAAC,CAAC;;MAEF;AACZ;AACA;AACA;AACA;MACY,MAAMC,SAAS,GAAGrE,eAAe,CAACe,GAAG,CAAC;MAEtCS,YAAY,GAAGT,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACiC,UAAU,CAACwC,YAAY,EAAE;QACxDzD,IAAI,EAAE,GAAG2B,iBAAiB,SAAS;QACnC1B,MAAM,EAAE;UACJa,UAAU,EAAEJ,MAAM,CAACgC,MAAM,CAAC5B,UAAU;UACpC4C,cAAc,EAAE3E,MAAM,CACjB4E,GAAG,CAAC,CAACH,SAAS,EAAE9C,MAAM,CAACgC,MAAM,CAACkB,GAAG,CAAC,CAAC,CACnC9B,KAAK,CAAC,CAAC,CAAC0B,SAAS,EAAEK,SAAS,CAAC,KAAK;YAC/B,OAAOC,IAAI,CAACC,SAAS,CAAC;cAClBC,OAAO,EAAE,YAAY;cACrBC,SAAS,EAAE;cACP;AACpC;AACA;cACoC;gBACIC,MAAM,EAAE,OAAO;gBACfC,SAAS,EAAE;kBACPC,GAAG,EAAEZ;gBACT,CAAC;gBACDa,MAAM,EAAE,MAAM;gBACdC,QAAQ,EAAE,GAAGT,SAAS;cAC1B,CAAC;YAET,CAAC,CAAC;UACN,CAAC;QACT,CAAC;QACDP,IAAI,EAAE;UAAEC,OAAO,EAAEpD,MAAM,CAACoD;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMgB,KAAK,GAAGrE,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACwF,QAAQ,CAACC,KAAK,EAAE;MAC9CzE,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJyE,UAAU,EAAE,CACR;UAAE1E,IAAI,EAAE,IAAI;UAAE2E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE3E,IAAI,EAAE,IAAI;UAAE2E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE3E,IAAI,EAAE,YAAY;UAAE2E,IAAI,EAAE;QAAI,CAAC,CACpC;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACIjF,IAAI,EAAE,YAAY;UAClB+E,OAAO,EAAE,YAAY;UACrBG,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDC,aAAa,EAAE,WAAW;UAC1BC,OAAO,EAAE;QACb;MACJ,CAAC;MACD/B,IAAI,EAAE;QAAEC,OAAO,EAAEpD,MAAM,CAACoD;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAM+B,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAGrF,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACwG,GAAG,CAACC,IAAI,EAAE;MACvCzF,IAAI,EAAEsF,QAAQ;MACdrF,MAAM,EAAE;QACJyF,gBAAgB,EAAE;UACd1B,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACPwB,OAAO,EAAE;YACb,CAAC;YACDzB,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACD0B,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAAC7F,GAAG,EAAEQ,MAAM,CAACgC,MAAM,CAAC;IAEnExC,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACwG,GAAG,CAACQ,oBAAoB,EAAE;MAC1ChG,IAAI,EAAE,GAAGsF,QAAQ,gCAAgC;MACjDrF,MAAM,EAAE;QACJsF,IAAI,EAAEA,IAAI,CAAC7C,MAAM;QACjBuD,SAAS,EAAEH,MAAM,CAACpD,MAAM,CAACkB;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAItD,GAAG,EAAE;MACLJ,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACwG,GAAG,CAACQ,oBAAoB,EAAE;QAC1ChG,IAAI,EAAE,GAAGsF,QAAQ,kCAAkC;QACnDrF,MAAM,EAAE;UACJsF,IAAI,EAAEA,IAAI,CAAC7C,MAAM;UACjBuD,SAAS,EAAEjH,GAAG,CAACwG,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHjG,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACwG,GAAG,CAACQ,oBAAoB,EAAE;QAC1ChG,IAAI,EAAE,GAAGsF,QAAQ,8BAA8B;QAC/CrF,MAAM,EAAE;UACJsF,IAAI,EAAEA,IAAI,CAAC7C,MAAM;UACjBuD,SAAS,EAAEjH,GAAG,CAACwG,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEAlG,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACwG,GAAG,CAACQ,oBAAoB,EAAE;MAC1ChG,IAAI,EAAE,GAAGsF,QAAQ,iCAAiC;MAClDrF,MAAM,EAAE;QACJsF,IAAI,EAAEA,IAAI,CAAC7C,MAAM;QACjBuD,SAAS,EAAEjH,GAAG,CAACwG,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAGpG,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACsH,MAAM,CAACC,QAAQ,EAAE;MAChDvG,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJsF,IAAI,EAAEA,IAAI,CAAC7C,MAAM,CAACkB,GAAG;QACrB4C,OAAO,EAAEnH,cAAc;QACvBoH,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE/F,MAAM,CAACH,OAAO,CAACP,GAAG,CAACyG,KAAK,CAAC;YAChCC,mBAAmB,EAAErG,MAAM,CAACgC,MAAM,CAACsE,QAAQ;YAC3CC,YAAY,EAAExG,gBAAgB,CAACiC,MAAM,CAAC1C;UAC1C;QACJ,CAAC;QACDkH,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAIpI,MAAM,CAACqI,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAItI,MAAM,CAACqI,KAAK,CAACE,WAAW,CAC7BxI,IAAI,CAACyI,IAAI,CAACrH,GAAG,CAACsH,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAEpH,GAAG,GACR;UACI+B,SAAS,EAAE/B,GAAG,CAACgC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAACtC,GAAG,CAACA,GAAG,CAACoC,MAAM,CAACG,sBAAsB;QAC5D,CAAC,GACDC,SAAS;QACf6E,aAAa,EAAE;UACXC,SAAS,EAAE;QACf;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,kBAAkB,GAAG3H,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACsH,MAAM,CAACwB,kBAAkB,EAAE;MACtE9H,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJ8H,cAAc,EAAExD,KAAK,CAAC7B,MAAM,CAACsF,SAAS;QACtCC,YAAY,EAAE3B,MAAM,CAAC5D,MAAM,CAACkB,GAAG;QAC/BsE,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,EAAE;QACbC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFnI,GAAG,CAACoI,UAAU,CAAC;MACXC,mBAAmB,EAAE7H,MAAM,CAACgC,MAAM,CAACkB,GAAG;MACtC4E,wBAAwB,EAAE9H,MAAM,CAACgC,MAAM,CAACsE,QAAQ;MAChDyB,0BAA0B,EAAElE,KAAK,CAAC7B,MAAM,CAACkB,GAAG;MAC5C8E,2BAA2B,EAAEnE,KAAK,CAAC7B,MAAM,CAAC1C;IAC9C,CAAC,CAAC;IAEF,OAAO;MACHU,MAAM;MACNC,YAAY;MACZ4D,KAAK;MACLoE,eAAe,EAAE;QACbpD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNuB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS9B,gCAAgCA,CACrC7F,GAAc,EACdQ,MAA6E,EAC/E;EACE,OAAOR,GAAG,CAAC8B,WAAW,CAAChD,GAAG,CAACwG,GAAG,CAACoD,MAAM,EAAE;IACnC5I,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJiH,WAAW,EAAE,uDAAuD;MACpEpB,MAAM,EAAE;QACJ9B,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACI4E,GAAG,EAAE,iBAAiB;UACtB3E,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,EAChB,qBAAqB,CACxB;UACDC,QAAQ,EAAE,CACNvF,MAAM,CAAC+J,WAAW,GAAGpI,MAAM,CAACkD,GAAG,EAAE,EACjC7E,MAAM,CAAC+J,WAAW,GAAGpI,MAAM,CAACkD,GAAG,IAAI;QAE3C,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
1
+ {"version":3,"names":["path","pulumi","aws","random","createAppModule","getAwsAccountId","CoreVpc","LAMBDA_RUNTIME","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","OS_ENGINE_VERSION","OpenSearch","name","config","app","params","isProduction","env","vpc","getModule","optional","domain","domainPolicy","process","AWS_OS_DOMAIN_NAME","domainName","String","addRemoteResource","opensearch","getDomain","async","randomId","RandomId","byteLength","namePrefix","getParam","create","pulumiResourceNamePrefix","domainLogicalName","domainPhysicalName","hex","apply","slice","addResource","Domain","engineVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","accountId","DomainPolicy","accessPolicies","all","arn","domainArn","JSON","stringify","Version","Statement","Effect","Principal","AWS","Action","Resource","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","globalSecondaryIndexes","projectionType","ttl","attributeName","enabled","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","handler","timeout","memorySize","environment","variables","DEBUG","OPENSEARCH_ENDPOINT","endpoint","description","code","asset","AssetArchive","FileArchive","join","paths","workspace","vpcConfig","loggingConfig","logFormat","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","opensearchDomainArn","opensearchDomainEndpoint","opensearchDynamodbTableArn","opensearchDynamodbTableName","dynamoToElastic","Policy","Sid","interpolate"],"sources":["CoreOpenSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as random from \"@pulumi/random\";\nimport {\n createAppModule,\n type PulumiApp,\n type PulumiAppRemoteResource,\n type PulumiAppResource,\n type PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\n\nexport interface OpenSearchParams {\n protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n instanceType: \"t3.small.search\"\n };\n}\n\nfunction getProdClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n // For production deployments, we create 3 instances and configure multi-AZ across 3 zones.\n instanceType: \"t3.medium.search\",\n instanceCount: 3,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 3\n }\n };\n}\n\nconst OS_ENGINE_VERSION = \"OpenSearch_3.3\";\n\nexport const OpenSearch = createAppModule({\n name: \"OpenSearch\",\n config(app, params: OpenSearchParams) {\n const isProduction = app.env.isProduction;\n\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n // This needs to be implemented in order to be able to use a shared OpenSearch cluster.\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain>>\n | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>;\n\n let domainPolicy;\n\n if (process.env.AWS_OS_DOMAIN_NAME) {\n const domainName = String(process.env.AWS_OS_DOMAIN_NAME);\n // This can be useful for testing purposes in ephemeral environments. More information here:\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(domainName, () => {\n return aws.opensearch.getDomain({ domainName }, { async: true });\n });\n } else {\n const randomId = new random.RandomId(\"osDomainRandomId\", { byteLength: 8 });\n const namePrefix = app.getParam(app.params.create.pulumiResourceNamePrefix) || \"\";\n\n const domainLogicalName = \"webiny-js\";\n const domainPhysicalName = randomId.hex.apply((hex: string) => {\n return `${namePrefix}${domainLogicalName}-${hex.slice(-7)}`;\n });\n\n domain = app.addResource(aws.opensearch.Domain, {\n name: domainLogicalName,\n config: {\n domainName: domainPhysicalName,\n engineVersion: OS_ENGINE_VERSION,\n clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n /**\n * Domain policy defines who can access your OpenSearch Domain.\n * For details on OpenSearch security, read the official documentation:\n * https://docs.aws.amazon.com/openSearch-service/latest/developerguide/security.html\n */\n const accountId = getAwsAccountId(app);\n\n domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {\n name: `${domainLogicalName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: pulumi\n .all([accountId, domain.output.arn])\n .apply(([accountId, domainArn]) => {\n return JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [\n /**\n * Allow requests signed with current account\n */\n {\n Effect: \"Allow\",\n Principal: {\n AWS: accountId\n },\n Action: \"es:*\",\n Resource: `${domainArn}/*`\n }\n ]\n });\n })\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for OpenSearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your OpenSearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with OpenSearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" },\n { name: \"GSI_TENANT\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\",\n globalSecondaryIndexes: [\n {\n name: \"GSI_TENANT\",\n hashKey: \"GSI_TENANT\",\n projectionType: \"KEYS_ONLY\"\n }\n ],\n ttl: {\n attributeName: \"expiresAt\",\n enabled: true\n }\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n if (vpc) {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n } else {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n }\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains OpenSearch items.\n * OpenSearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for OpenSearch in a DynamoDB table, and asynchronously insert it into OpenSearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 900,\n memorySize: 1024,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n OPENSEARCH_ENDPOINT: domain.output.endpoint\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n loggingConfig: {\n logFormat: \"JSON\"\n }\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 50,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n opensearchDomainArn: domain.output.arn,\n opensearchDomainEndpoint: domain.output.endpoint,\n opensearchDynamodbTableArn: table.output.arn,\n opensearchDynamodbTableName: table.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n app: PulumiApp,\n domain: pulumi.Output<aws.opensearch.Domain | aws.opensearch.GetDomainResult>\n) {\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpGet\",\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\",\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${domain.arn}`,\n pulumi.interpolate`${domain.arn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA,OAAOA,IAAI,MAAM,MAAM;AACvB,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,GAAG,MAAM,aAAa;AAClC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SACIC,eAAe,QAKZ,gBAAgB;AAEvB,SAASC,eAAe;AACxB,SAASC,OAAO;AAChB,SAASC,cAAc;AAMvB,SAASC,mBAAmBA,CAAA,EAAmD;EAC3E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAmD;EAC5E,OAAO;IACH;IACAD,YAAY,EAAE,kBAAkB;IAChCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEA,MAAMC,iBAAiB,GAAG,gBAAgB;AAE1C,OAAO,MAAMC,UAAU,GAAGZ,eAAe,CAAC;EACtCa,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAG,EAAEC,MAAwB,EAAE;IAClC,MAAMC,YAAY,GAAGF,GAAG,CAACG,GAAG,CAACD,YAAY;IAEzC,MAAME,GAAG,GAAGJ,GAAG,CAACK,SAAS,CAAClB,OAAO,EAAE;MAAEmB,QAAQ,EAAE;IAAK,CAAC,CAAC;;IAEtD;IACA,IAAIC,MAEyD;IAE7D,IAAIC,YAAY;IAEhB,IAAIC,OAAO,CAACN,GAAG,CAACO,kBAAkB,EAAE;MAChC,MAAMC,UAAU,GAAGC,MAAM,CAACH,OAAO,CAACN,GAAG,CAACO,kBAAkB,CAAC;MACzD;MACA;MACAH,MAAM,GAAGP,GAAG,CAACa,iBAAiB,CAACF,UAAU,EAAE,MAAM;QAC7C,OAAO5B,GAAG,CAAC+B,UAAU,CAACC,SAAS,CAAC;UAAEJ;QAAW,CAAC,EAAE;UAAEK,KAAK,EAAE;QAAK,CAAC,CAAC;MACpE,CAAC,CAAC;IACN,CAAC,MAAM;MACH,MAAMC,QAAQ,GAAG,IAAIjC,MAAM,CAACkC,QAAQ,CAAC,kBAAkB,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAC3E,MAAMC,UAAU,GAAGpB,GAAG,CAACqB,QAAQ,CAACrB,GAAG,CAACC,MAAM,CAACqB,MAAM,CAACC,wBAAwB,CAAC,IAAI,EAAE;MAEjF,MAAMC,iBAAiB,GAAG,WAAW;MACrC,MAAMC,kBAAkB,GAAGR,QAAQ,CAACS,GAAG,CAACC,KAAK,CAAED,GAAW,IAAK;QAC3D,OAAO,GAAGN,UAAU,GAAGI,iBAAiB,IAAIE,GAAG,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;MAC/D,CAAC,CAAC;MAEFrB,MAAM,GAAGP,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAAC+B,UAAU,CAACgB,MAAM,EAAE;QAC5ChC,IAAI,EAAE0B,iBAAiB;QACvBzB,MAAM,EAAE;UACJY,UAAU,EAAEc,kBAAkB;UAC9BM,aAAa,EAAEnC,iBAAiB;UAChCoC,aAAa,EAAE9B,YAAY,GAAGX,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5E4C,UAAU,EAAE7B,GAAG,GACT;YACI8B,SAAS,EAAE9B,GAAG,CAAC+B,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAACrC,GAAG,CAACA,GAAG,CAACmC,MAAM,CAACG,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAEnD,MAAM,CAACmD;QAAQ;MACpC,CAAC,CAAC;;MAEF;AACZ;AACA;AACA;AACA;MACY,MAAMC,SAAS,GAAGnE,eAAe,CAACc,GAAG,CAAC;MAEtCQ,YAAY,GAAGR,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAAC+B,UAAU,CAACwC,YAAY,EAAE;QACxDxD,IAAI,EAAE,GAAG0B,iBAAiB,SAAS;QACnCzB,MAAM,EAAE;UACJY,UAAU,EAAEJ,MAAM,CAACgC,MAAM,CAAC5B,UAAU;UACpC4C,cAAc,EAAEzE,MAAM,CACjB0E,GAAG,CAAC,CAACH,SAAS,EAAE9C,MAAM,CAACgC,MAAM,CAACkB,GAAG,CAAC,CAAC,CACnC9B,KAAK,CAAC,CAAC,CAAC0B,SAAS,EAAEK,SAAS,CAAC,KAAK;YAC/B,OAAOC,IAAI,CAACC,SAAS,CAAC;cAClBC,OAAO,EAAE,YAAY;cACrBC,SAAS,EAAE;cACP;AACpC;AACA;cACoC;gBACIC,MAAM,EAAE,OAAO;gBACfC,SAAS,EAAE;kBACPC,GAAG,EAAEZ;gBACT,CAAC;gBACDa,MAAM,EAAE,MAAM;gBACdC,QAAQ,EAAE,GAAGT,SAAS;cAC1B,CAAC;YAET,CAAC,CAAC;UACN,CAAC;QACT,CAAC;QACDP,IAAI,EAAE;UAAEC,OAAO,EAAEnD,MAAM,CAACmD;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMgB,KAAK,GAAGpE,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACsF,QAAQ,CAACC,KAAK,EAAE;MAC9CxE,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJwE,UAAU,EAAE,CACR;UAAEzE,IAAI,EAAE,IAAI;UAAE0E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE1E,IAAI,EAAE,IAAI;UAAE0E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE1E,IAAI,EAAE,YAAY;UAAE0E,IAAI,EAAE;QAAI,CAAC,CACpC;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACIhF,IAAI,EAAE,YAAY;UAClB8E,OAAO,EAAE,YAAY;UACrBG,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDC,aAAa,EAAE,WAAW;UAC1BC,OAAO,EAAE;QACb;MACJ,CAAC;MACD/B,IAAI,EAAE;QAAEC,OAAO,EAAEnD,MAAM,CAACmD;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAM+B,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAGpF,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACsG,GAAG,CAACC,IAAI,EAAE;MACvCxF,IAAI,EAAEqF,QAAQ;MACdpF,MAAM,EAAE;QACJwF,gBAAgB,EAAE;UACd1B,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACPwB,OAAO,EAAE;YACb,CAAC;YACDzB,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACD0B,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAAC5F,GAAG,EAAEO,MAAM,CAACgC,MAAM,CAAC;IAEnEvC,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACsG,GAAG,CAACQ,oBAAoB,EAAE;MAC1C/F,IAAI,EAAE,GAAGqF,QAAQ,gCAAgC;MACjDpF,MAAM,EAAE;QACJqF,IAAI,EAAEA,IAAI,CAAC7C,MAAM;QACjBuD,SAAS,EAAEH,MAAM,CAACpD,MAAM,CAACkB;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAIrD,GAAG,EAAE;MACLJ,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACsG,GAAG,CAACQ,oBAAoB,EAAE;QAC1C/F,IAAI,EAAE,GAAGqF,QAAQ,kCAAkC;QACnDpF,MAAM,EAAE;UACJqF,IAAI,EAAEA,IAAI,CAAC7C,MAAM;UACjBuD,SAAS,EAAE/G,GAAG,CAACsG,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHhG,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACsG,GAAG,CAACQ,oBAAoB,EAAE;QAC1C/F,IAAI,EAAE,GAAGqF,QAAQ,8BAA8B;QAC/CpF,MAAM,EAAE;UACJqF,IAAI,EAAEA,IAAI,CAAC7C,MAAM;UACjBuD,SAAS,EAAE/G,GAAG,CAACsG,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEAjG,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACsG,GAAG,CAACQ,oBAAoB,EAAE;MAC1C/F,IAAI,EAAE,GAAGqF,QAAQ,iCAAiC;MAClDpF,MAAM,EAAE;QACJqF,IAAI,EAAEA,IAAI,CAAC7C,MAAM;QACjBuD,SAAS,EAAE/G,GAAG,CAACsG,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAGnG,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACoH,MAAM,CAACC,QAAQ,EAAE;MAChDtG,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJqF,IAAI,EAAEA,IAAI,CAAC7C,MAAM,CAACkB,GAAG;QACrB4C,OAAO,EAAEjH,cAAc;QACvBkH,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE/F,MAAM,CAACH,OAAO,CAACN,GAAG,CAACwG,KAAK,CAAC;YAChCC,mBAAmB,EAAErG,MAAM,CAACgC,MAAM,CAACsE;UACvC;QACJ,CAAC;QACDC,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAIjI,MAAM,CAACkI,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAInI,MAAM,CAACkI,KAAK,CAACE,WAAW,CAC7BrI,IAAI,CAACsI,IAAI,CAACnH,GAAG,CAACoH,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAElH,GAAG,GACR;UACI8B,SAAS,EAAE9B,GAAG,CAAC+B,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAACrC,GAAG,CAACA,GAAG,CAACmC,MAAM,CAACG,sBAAsB;QAC5D,CAAC,GACDC,SAAS;QACf4E,aAAa,EAAE;UACXC,SAAS,EAAE;QACf;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,kBAAkB,GAAGzH,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACoH,MAAM,CAACuB,kBAAkB,EAAE;MACtE5H,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJ4H,cAAc,EAAEvD,KAAK,CAAC7B,MAAM,CAACqF,SAAS;QACtCC,YAAY,EAAE1B,MAAM,CAAC5D,MAAM,CAACkB,GAAG;QAC/BqE,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,EAAE;QACbC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFjI,GAAG,CAACkI,UAAU,CAAC;MACXC,mBAAmB,EAAE5H,MAAM,CAACgC,MAAM,CAACkB,GAAG;MACtC2E,wBAAwB,EAAE7H,MAAM,CAACgC,MAAM,CAACsE,QAAQ;MAChDwB,0BAA0B,EAAEjE,KAAK,CAAC7B,MAAM,CAACkB,GAAG;MAC5C6E,2BAA2B,EAAElE,KAAK,CAAC7B,MAAM,CAACzC;IAC9C,CAAC,CAAC;IAEF,OAAO;MACHS,MAAM;MACNC,YAAY;MACZ4D,KAAK;MACLmE,eAAe,EAAE;QACbnD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNsB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS7B,gCAAgCA,CACrC5F,GAAc,EACdO,MAA6E,EAC/E;EACE,OAAOP,GAAG,CAAC6B,WAAW,CAAC9C,GAAG,CAACsG,GAAG,CAACmD,MAAM,EAAE;IACnC1I,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJ+G,WAAW,EAAE,uDAAuD;MACpEnB,MAAM,EAAE;QACJ9B,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACI2E,GAAG,EAAE,iBAAiB;UACtB1E,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,EAChB,qBAAqB,CACxB;UACDC,QAAQ,EAAE,CACNrF,MAAM,CAAC4J,WAAW,GAAGnI,MAAM,CAACkD,GAAG,EAAE,EACjC3E,MAAM,CAAC4J,WAAW,GAAGnI,MAAM,CAACkD,GAAG,IAAI;QAE3C,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
package/pulumi/apps/core/createCorePulumiApp.d.ts CHANGED
@@ -17,7 +17,6 @@ export declare function createCorePulumiApp(): import("@webiny/pulumi").PulumiAp
17
17
  userPool: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cognito/userPool.js").UserPool>;
18
18
  userPoolClient: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cognito/userPoolClient.js").UserPoolClient>;
19
19
  dynamoDbTable: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/table.js").Table>;
20
- logDynamoDbTable: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/table.js").Table>;
21
20
  vpc: {
22
21
  vpc: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/vpc.js").Vpc>;
23
22
  subnets: {
package/pulumi/apps/core/createCorePulumiApp.js CHANGED
@@ -10,7 +10,6 @@ import { WatchCommand } from "./WatchCommand.js";
10
10
  import { withServiceManifest } from "../../utils/withServiceManifest.js";
11
11
  import { addServiceManifestTableItem } from "../../utils/addServiceManifestTableItem.js";
12
12
  import * as random from "@pulumi/random";
13
- import { LogDynamo } from "./LogDynamo.js";
14
13
  import { getProjectSdk } from "@webiny/project";
15
14
  import { CorePulumi } from "@webiny/project/abstractions/index.js";
16
15
  import { getOsConfigFromExtension } from "../extensions/getOsConfigFromExtension.js";
@@ -191,9 +190,6 @@ export function createCorePulumiApp() {
191
190
  const dynamoDbTable = app.addModule(CoreDynamo, {
192
191
  protect
193
192
  });
194
- const logDynamoDbTable = app.addModule(LogDynamo, {
195
- protect
196
- });
197
193
  const auditLogsDynamoDbTable = app.addModule(CoreAuditLogsDynamo, {
198
194
  protect
199
195
  });
@@ -234,10 +230,6 @@ export function createCorePulumiApp() {
234
230
  primaryDynamodbTableName: dynamoDbTable.output.name,
235
231
  primaryDynamodbTableHashKey: dynamoDbTable.output.hashKey,
236
232
  primaryDynamodbTableRangeKey: dynamoDbTable.output.rangeKey,
237
- logDynamodbTableArn: logDynamoDbTable.output.arn,
238
- logDynamodbTableName: logDynamoDbTable.output.name,
239
- logDynamodbTableHashKey: logDynamoDbTable.output.hashKey,
240
- logDynamodbTableRangeKey: logDynamoDbTable.output.rangeKey,
241
233
  auditLogsDynamodbTableArn: auditLogsDynamoDbTable.output.arn,
242
234
  auditLogsDynamodbTableName: auditLogsDynamoDbTable.output.name,
243
235
  auditLogsDynamodbTableHashKey: auditLogsDynamoDbTable.output.hashKey,
@@ -254,7 +246,6 @@ export function createCorePulumiApp() {
254
246
  await applyAwsResourceTags("core");
255
247
  return {
256
248
  dynamoDbTable,
257
- logDynamoDbTable,
258
249
  vpc,
259
250
  ...cognito,
260
251
  fileManagerBucket,
package/pulumi/apps/core/createCorePulumiApp.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["aws","createPulumiApp","isResourceOfType","CoreCognito","CoreDynamo","OpenSearch","CoreEventBus","CoreFileManger","CoreVpc","WatchCommand","withServiceManifest","addServiceManifestTableItem","random","LogDynamo","getProjectSdk","CorePulumi","getOsConfigFromExtension","getVpcConfigFromExtension","applyAwsResourceTags","getAwsRegion","configureS3BucketMalwareProtection","pulumi","CoreAuditLogsDynamo","createCorePulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","opensearchExtensionConfig","deploymentId","RandomId","byteLength","searchEngineType","searchEngineParams","params","domainName","process","env","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","onResource","resource","startsWith","addHandler","usingAdvancedVpcParams","featureFlags","getFeatureFlags","isFileManagerThreatDetectionEnabled","resources","addResource","useExistingVpc","useVpcEndpoints","Error","openSearchDomainVpcConfig","opensearch","Domain","config","vpcOptions","lambdaFunctionsVpcConfig","lambda","Function","canUseVpc","meta","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","region","ec2","Vpc","enableDnsSupport","enableDnsHostnames","vpc","subnets","routeTables","VpcEndpoint","vpcId","id","serviceName","interpolate","routeTableIds","privateSubnets","vpcEndpointType","privateDnsEnabled","securityGroupIds","defaultSecurityGroupId","subnetIds","private","map","subNet","pulumiHandlers","getContainer","resolve","execute","isProduction","protect","dynamoDbTable","addModule","logDynamoDbTable","auditLogsDynamoDbTable","vpcEnabled","cognito","useEmailAsUsername","eventBus","bucket","fileManagerBucket","hex","addOutputs","fileManagerBucketId","primaryDynamodbTableArn","arn","primaryDynamodbTableName","primaryDynamodbTableHashKey","hashKey","primaryDynamodbTableRangeKey","rangeKey","logDynamodbTableArn","logDynamodbTableName","logDynamodbTableHashKey","logDynamodbTableRangeKey","auditLogsDynamodbTableArn","auditLogsDynamodbTableName","auditLogsDynamodbTableHashKey","auditLogsDynamodbTableRangeKey","cognitoUserPoolId","userPool","cognitoUserPoolArn","cognitoUserPoolPasswordPolicy","passwordPolicy","cognitoAppClientId","userPoolClient","eventBusName","eventBusArn","manifests","dynamoTable","table","tableName","forEach","manifest","addServiceManifest","dynamodbTable"],"sources":["createCorePulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType } from \"@webiny/pulumi\";\nimport { CoreCognito } from \"./CoreCognito.js\";\nimport { CoreDynamo } from \"./CoreDynamo.js\";\nimport { OpenSearch } from \"./CoreOpenSearch.js\";\nimport { CoreEventBus } from \"./CoreEventBus.js\";\nimport { CoreFileManger } from \"./CoreFileManager.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { WatchCommand } from \"./WatchCommand.js\";\nimport { withServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport {\n addServiceManifestTableItem,\n type TableDefinition\n} from \"~/pulumi/utils/addServiceManifestTableItem.js\";\nimport * as random from \"@pulumi/random\";\nimport { LogDynamo } from \"./LogDynamo.js\";\nimport { getProjectSdk } from \"@webiny/project\";\nimport { CorePulumi } from \"@webiny/project/abstractions/index.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { applyAwsResourceTags, getAwsRegion } from \"~/pulumi/apps/awsUtils.js\";\nimport { configureS3BucketMalwareProtection } from \"./configureS3BucketMalwareProtection.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport { CoreAuditLogsDynamo } from \"~/pulumi/index.js\";\n\nexport type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;\n\nexport function createCorePulumiApp() {\n const baseApp = createPulumiApp({\n name: \"core\",\n path: \"apps/core\",\n program: async app => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const opensearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n const deploymentId = new random.RandomId(\"deploymentId\", { byteLength: 8 });\n\n let searchEngineType: \"opensearch\" | null = null;\n let searchEngineParams: typeof opensearchExtensionConfig | null = null;\n\n if (opensearchExtensionConfig) {\n searchEngineParams = opensearchExtensionConfig;\n searchEngineType = \"opensearch\";\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n const featureFlags = await sdk.getFeatureFlags();\n if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n configureS3BucketMalwareProtection(app as CorePulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return;\n }\n\n const { resources, addResource, onResource } = app as CorePulumiApp;\n const { useExistingVpc, useVpcEndpoints } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (\"useVpcEndpoints\" in vpcExtensionsConfig) {\n throw new Error(\n \"Cannot specify `useVpcEndpoints` parameter when using an existing VPC. The VPC endpoints configurations should be already defined within the existing VPC.\"\n );\n }\n\n if (opensearchExtensionConfig) {\n if (!useExistingVpc.openSearchDomainVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `openSearchDomainVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.opensearch.Domain)) {\n resource.config.vpcOptions(\n useExistingVpc!.openSearchDomainVpcConfig\n );\n }\n });\n }\n\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n\n return;\n }\n\n // 2. Now we deal with \"non-existing VPC\" setup.\n if (useVpcEndpoints) {\n const region = getAwsRegion(app);\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.ec2.Vpc)) {\n resource.config.enableDnsSupport(true);\n resource.config.enableDnsHostnames(true);\n }\n });\n\n const { vpc, subnets, routeTables } = resources.vpc!;\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-s3-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.s3`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-dynamodb-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.dynamodb`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-sqs-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.sqs`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-events-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.events`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n const pulumiHandlers = sdk.getContainer().resolve(CorePulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as unknown as CorePulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n const protect = isProduction;\n\n // Setup DynamoDB table\n const dynamoDbTable = app.addModule(CoreDynamo, { protect });\n const logDynamoDbTable = app.addModule(LogDynamo, { protect });\n const auditLogsDynamoDbTable = app.addModule(CoreAuditLogsDynamo, { protect });\n\n // Setup VPC\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n const vpc = vpcEnabled ? app.addModule(CoreVpc) : null;\n\n // Setup Cognito\n const cognito = app.addModule(CoreCognito, {\n protect,\n useEmailAsUsername: false\n });\n\n // Setup event bus\n const eventBus = app.addModule(CoreEventBus);\n\n // Setup file core bucket\n const { bucket: fileManagerBucket } = app.addModule(CoreFileManger, { protect });\n\n let opensearch;\n if (searchEngineType === \"opensearch\") {\n opensearch = app.addModule(OpenSearch, { protect });\n }\n\n app.addModule(WatchCommand, { deploymentId: deploymentId.hex });\n\n app.addOutputs({\n deploymentId: deploymentId.hex,\n region: aws.config.region,\n fileManagerBucketId: fileManagerBucket.output.id,\n primaryDynamodbTableArn: dynamoDbTable.output.arn,\n primaryDynamodbTableName: dynamoDbTable.output.name,\n primaryDynamodbTableHashKey: dynamoDbTable.output.hashKey,\n primaryDynamodbTableRangeKey: dynamoDbTable.output.rangeKey,\n logDynamodbTableArn: logDynamoDbTable.output.arn,\n logDynamodbTableName: logDynamoDbTable.output.name,\n logDynamodbTableHashKey: logDynamoDbTable.output.hashKey,\n logDynamodbTableRangeKey: logDynamoDbTable.output.rangeKey,\n auditLogsDynamodbTableArn: auditLogsDynamoDbTable.output.arn,\n auditLogsDynamodbTableName: auditLogsDynamoDbTable.output.name,\n auditLogsDynamodbTableHashKey: auditLogsDynamoDbTable.output.hashKey,\n auditLogsDynamodbTableRangeKey: auditLogsDynamoDbTable.output.rangeKey,\n cognitoUserPoolId: cognito.userPool.output.id,\n cognitoUserPoolArn: cognito.userPool.output.arn,\n cognitoUserPoolPasswordPolicy: cognito.userPool.output.passwordPolicy,\n cognitoAppClientId: cognito.userPoolClient.output.id,\n eventBusName: eventBus.output.name,\n eventBusArn: eventBus.output.arn\n });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"core\");\n\n return {\n dynamoDbTable,\n logDynamoDbTable,\n vpc,\n ...cognito,\n fileManagerBucket,\n eventBus,\n opensearch\n };\n }\n });\n\n const app = withServiceManifest(baseApp, manifests => {\n const dynamoTable = baseApp.resources.dynamoDbTable;\n\n const table: TableDefinition = {\n tableName: dynamoTable.output.name,\n hashKey: dynamoTable.output.hashKey,\n rangeKey: dynamoTable.output.rangeKey\n };\n\n manifests.forEach(manifest => addServiceManifestTableItem(baseApp, table, manifest));\n });\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"core\",\n manifest: {\n eventBus: {\n arn: baseApp.resources.eventBus.output.arn,\n name: baseApp.resources.eventBus.output.name\n },\n dynamodbTable: {\n arn: baseApp.resources.dynamoDbTable.output.arn,\n name: baseApp.resources.dynamoDbTable.output.name,\n hashKey: baseApp.resources.dynamoDbTable.output.hashKey,\n rangeKey: baseApp.resources.dynamoDbTable.output.rangeKey\n }\n }\n });\n });\n\n return app;\n}\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAQ,gBAAgB;AAClE,SAASC,WAAW;AACpB,SAASC,UAAU;AACnB,SAASC,UAAU;AACnB,SAASC,YAAY;AACrB,SAASC,cAAc;AACvB,SAASC,OAAO;AAChB,SAASC,YAAY;AACrB,SAASC,mBAAmB;AAC5B,SACIC,2BAA2B;AAG/B,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SAASC,SAAS;AAClB,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,UAAU,QAAQ,uCAAuC;AAClE,SAASC,wBAAwB;AACjC,SAASC,yBAAyB;AAClC,SAASC,oBAAoB,EAAEC,YAAY;AAC3C,SAASC,kCAAkC;AAC3C,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SAASC,mBAAmB;AAI5B,OAAO,SAASC,mBAAmBA,CAAA,EAAG;EAClC,MAAMC,OAAO,GAAGvB,eAAe,CAAC;IAC5BwB,IAAI,EAAE,MAAM;IACZC,IAAI,EAAE,WAAW;IACjBC,OAAO,EAAE,MAAMC,GAAG,IAAI;MAClB,MAAMC,GAAG,GAAG,MAAMf,aAAa,CAAC,CAAC;MACjC,MAAMgB,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGjB,yBAAyB,CAACa,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGnB,wBAAwB,CAACc,aAAa,CAAC;MAEzE,MAAMM,YAAY,GAAG,IAAIxB,MAAM,CAACyB,QAAQ,CAAC,cAAc,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAE3E,IAAIC,gBAAqC,GAAG,IAAI;MAChD,IAAIC,kBAA2D,GAAG,IAAI;MAEtE,IAAIL,yBAAyB,EAAE;QAC3BK,kBAAkB,GAAGL,yBAAyB;QAC9CI,gBAAgB,GAAG,YAAY;MACnC;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,UAAU,EAAE;YACnBC,OAAO,CAACC,GAAG,CAACC,kBAAkB,GAAGJ,MAAM,CAACC,UAAU;UACtD;UAEA,IAAID,MAAM,CAACK,WAAW,EAAE;YACpBH,OAAO,CAACC,GAAG,CAACG,uBAAuB,GAAGN,MAAM,CAACK,WAAW;UAC5D;UAEA,IAAIL,MAAM,CAACO,aAAa,EAAE;YACtBL,OAAO,CAACC,GAAG,CAACK,yBAAyB,GAAG,MAAM;UAClD;QACJ;MACJ;MAEA,IAAIjB,wBAAwB,EAAE;QAC1BJ,GAAG,CAACsB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAAC1B,IAAI,CAAC2B,UAAU,CAACpB,wBAAwB,CAAC,EAAE;YACrDmB,QAAQ,CAAC1B,IAAI,GAAG,GAAGO,wBAAwB,GAAGmB,QAAQ,CAAC1B,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAACyB,UAAU,CAAC,YAAY;QACvB,MAAMC,sBAAsB,GACxBpB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,MAAMqB,YAAY,GAAG,MAAM1B,GAAG,CAAC2B,eAAe,CAAC,CAAC;QAChD,IAAID,YAAY,CAACE,mCAAmC,CAAC,CAAC,EAAE;UACpDrC,kCAAkC,CAACQ,GAAoB,CAAC;QAC5D;;QAEA;QACA,IAAI,CAAC0B,sBAAsB,EAAE;UACzB;QACJ;QAEA,MAAM;UAAEI,SAAS;UAAEC,WAAW;UAAET;QAAW,CAAC,GAAGtB,GAAoB;QACnE,MAAM;UAAEgC,cAAc;UAAEC;QAAgB,CAAC,GAAG3B,mBAAmB;;QAE/D;QACA,IAAI0B,cAAc,EAAE;UAChB,IAAI,iBAAiB,IAAI1B,mBAAmB,EAAE;YAC1C,MAAM,IAAI4B,KAAK,CACX,4JACJ,CAAC;UACL;UAEA,IAAI3B,yBAAyB,EAAE;YAC3B,IAAI,CAACyB,cAAc,CAACG,yBAAyB,EAAE;cAC3C,MAAM,IAAID,KAAK,CACX,8GACJ,CAAC;YACL;YAEAZ,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAIjD,gBAAgB,CAACiD,QAAQ,EAAEnD,GAAG,CAACgE,UAAU,CAACC,MAAM,CAAC,EAAE;gBACnDd,QAAQ,CAACe,MAAM,CAACC,UAAU,CACtBP,cAAc,CAAEG,yBACpB,CAAC;cACL;YACJ,CAAC,CAAC;UACN;UAEA,IAAI,CAACH,cAAc,CAACQ,wBAAwB,EAAE;YAC1C,MAAM,IAAIN,KAAK,CACX,6GACJ,CAAC;UACL;UAEAZ,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAIjD,gBAAgB,CAACiD,QAAQ,EAAEnD,GAAG,CAACqE,MAAM,CAACC,QAAQ,CAAC,EAAE;cACjD,MAAMC,SAAS,GAAGpB,QAAQ,CAACqB,IAAI,CAACD,SAAS,KAAK,KAAK;cACnD,IAAIA,SAAS,EAAE;gBACXpB,QAAQ,CAACe,MAAM,CAACO,SAAS,CAACb,cAAc,CAAEQ,wBAAwB,CAAC;cACvE;YACJ;YAEA,IAAIlE,gBAAgB,CAACiD,QAAQ,EAAEnD,GAAG,CAAC0E,GAAG,CAACC,IAAI,CAAC,EAAE;cAC1C,IAAIxB,QAAQ,CAACqB,IAAI,CAACI,oBAAoB,EAAE;gBACpCjB,WAAW,CAAC3D,GAAG,CAAC0E,GAAG,CAACG,oBAAoB,EAAE;kBACtCpD,IAAI,EAAE,GAAG0B,QAAQ,CAAC1B,IAAI,4BAA4B;kBAClDyC,MAAM,EAAE;oBACJY,IAAI,EAAE3B,QAAQ,CAAC4B,MAAM,CAACtD,IAAI;oBAC1BuD,SAAS,EACLhF,GAAG,CAAC0E,GAAG,CAACO,aAAa,CAACC;kBAC9B;gBACJ,CAAC,CAAC;cACN;YACJ;UACJ,CAAC,CAAC;UAEF;QACJ;;QAEA;QACA,IAAIrB,eAAe,EAAE;UACjB,MAAMsB,MAAM,GAAGhE,YAAY,CAACS,GAAG,CAAC;UAEhCsB,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAIjD,gBAAgB,CAACiD,QAAQ,EAAEnD,GAAG,CAACoF,GAAG,CAACC,GAAG,CAAC,EAAE;cACzClC,QAAQ,CAACe,MAAM,CAACoB,gBAAgB,CAAC,IAAI,CAAC;cACtCnC,QAAQ,CAACe,MAAM,CAACqB,kBAAkB,CAAC,IAAI,CAAC;YAC5C;UACJ,CAAC,CAAC;UAEF,MAAM;YAAEC,GAAG;YAAEC,OAAO;YAAEC;UAAY,CAAC,GAAGhC,SAAS,CAAC8B,GAAI;UACpD7B,WAAW,CAAC3D,GAAG,CAACoF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,qBAAqB;YAC3ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,KAAK;cAC3Da,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC3D,GAAG,CAACoF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,2BAA2B;YACjCyC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,WAAW;cACjEa,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC3D,GAAG,CAACoF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,sBAAsB;YAC5ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,MAAM;cAC5De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC3D,GAAG,CAACoF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,yBAAyB;YAC/ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,SAAS;cAC/De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;QACN;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMa,cAAc,GAAG7E,GAAG,CAAC8E,YAAY,CAAC,CAAC,CAACC,OAAO,CAAC7F,UAAU,CAAC;MAE7Da,GAAG,CAACyB,UAAU,CAAC,MAAM;QACjB,OAAOqD,cAAc,CAACG,OAAO,CAACjF,GAA+B,CAAC;MAClE,CAAC,CAAC;MAEF,MAAMkF,YAAY,GAAGlF,GAAG,CAACgB,GAAG,CAACkE,YAAY;MACzC,MAAMC,OAAO,GAAGD,YAAY;;MAE5B;MACA,MAAME,aAAa,GAAGpF,GAAG,CAACqF,SAAS,CAAC7G,UAAU,EAAE;QAAE2G;MAAQ,CAAC,CAAC;MAC5D,MAAMG,gBAAgB,GAAGtF,GAAG,CAACqF,SAAS,CAACpG,SAAS,EAAE;QAAEkG;MAAQ,CAAC,CAAC;MAC9D,MAAMI,sBAAsB,GAAGvF,GAAG,CAACqF,SAAS,CAAC3F,mBAAmB,EAAE;QAAEyF;MAAQ,CAAC,CAAC;;MAE9E;MACA,MAAMK,UAAU,GACZlF,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvC4E,YAAY;MAEhB,MAAMtB,GAAG,GAAG4B,UAAU,GAAGxF,GAAG,CAACqF,SAAS,CAACzG,OAAO,CAAC,GAAG,IAAI;;MAEtD;MACA,MAAM6G,OAAO,GAAGzF,GAAG,CAACqF,SAAS,CAAC9G,WAAW,EAAE;QACvC4G,OAAO;QACPO,kBAAkB,EAAE;MACxB,CAAC,CAAC;;MAEF;MACA,MAAMC,QAAQ,GAAG3F,GAAG,CAACqF,SAAS,CAAC3G,YAAY,CAAC;;MAE5C;MACA,MAAM;QAAEkH,MAAM,EAAEC;MAAkB,CAAC,GAAG7F,GAAG,CAACqF,SAAS,CAAC1G,cAAc,EAAE;QAAEwG;MAAQ,CAAC,CAAC;MAEhF,IAAI/C,UAAU;MACd,IAAIzB,gBAAgB,KAAK,YAAY,EAAE;QACnCyB,UAAU,GAAGpC,GAAG,CAACqF,SAAS,CAAC5G,UAAU,EAAE;UAAE0G;QAAQ,CAAC,CAAC;MACvD;MAEAnF,GAAG,CAACqF,SAAS,CAACxG,YAAY,EAAE;QAAE2B,YAAY,EAAEA,YAAY,CAACsF;MAAI,CAAC,CAAC;MAE/D9F,GAAG,CAAC+F,UAAU,CAAC;QACXvF,YAAY,EAAEA,YAAY,CAACsF,GAAG;QAC9BvC,MAAM,EAAEnF,GAAG,CAACkE,MAAM,CAACiB,MAAM;QACzByC,mBAAmB,EAAEH,iBAAiB,CAAC1C,MAAM,CAACc,EAAE;QAChDgC,uBAAuB,EAAEb,aAAa,CAACjC,MAAM,CAAC+C,GAAG;QACjDC,wBAAwB,EAAEf,aAAa,CAACjC,MAAM,CAACtD,IAAI;QACnDuG,2BAA2B,EAAEhB,aAAa,CAACjC,MAAM,CAACkD,OAAO;QACzDC,4BAA4B,EAAElB,aAAa,CAACjC,MAAM,CAACoD,QAAQ;QAC3DC,mBAAmB,EAAElB,gBAAgB,CAACnC,MAAM,CAAC+C,GAAG;QAChDO,oBAAoB,EAAEnB,gBAAgB,CAACnC,MAAM,CAACtD,IAAI;QAClD6G,uBAAuB,EAAEpB,gBAAgB,CAACnC,MAAM,CAACkD,OAAO;QACxDM,wBAAwB,EAAErB,gBAAgB,CAACnC,MAAM,CAACoD,QAAQ;QAC1DK,yBAAyB,EAAErB,sBAAsB,CAACpC,MAAM,CAAC+C,GAAG;QAC5DW,0BAA0B,EAAEtB,sBAAsB,CAACpC,MAAM,CAACtD,IAAI;QAC9DiH,6BAA6B,EAAEvB,sBAAsB,CAACpC,MAAM,CAACkD,OAAO;QACpEU,8BAA8B,EAAExB,sBAAsB,CAACpC,MAAM,CAACoD,QAAQ;QACtES,iBAAiB,EAAEvB,OAAO,CAACwB,QAAQ,CAAC9D,MAAM,CAACc,EAAE;QAC7CiD,kBAAkB,EAAEzB,OAAO,CAACwB,QAAQ,CAAC9D,MAAM,CAAC+C,GAAG;QAC/CiB,6BAA6B,EAAE1B,OAAO,CAACwB,QAAQ,CAAC9D,MAAM,CAACiE,cAAc;QACrEC,kBAAkB,EAAE5B,OAAO,CAAC6B,cAAc,CAACnE,MAAM,CAACc,EAAE;QACpDsD,YAAY,EAAE5B,QAAQ,CAACxC,MAAM,CAACtD,IAAI;QAClC2H,WAAW,EAAE7B,QAAQ,CAACxC,MAAM,CAAC+C;MACjC,CAAC,CAAC;;MAEF;MACA,MAAM5G,oBAAoB,CAAC,MAAM,CAAC;MAElC,OAAO;QACH8F,aAAa;QACbE,gBAAgB;QAChB1B,GAAG;QACH,GAAG6B,OAAO;QACVI,iBAAiB;QACjBF,QAAQ;QACRvD;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMpC,GAAG,GAAGlB,mBAAmB,CAACc,OAAO,EAAE6H,SAAS,IAAI;IAClD,MAAMC,WAAW,GAAG9H,OAAO,CAACkC,SAAS,CAACsD,aAAa;IAEnD,MAAMuC,KAAsB,GAAG;MAC3BC,SAAS,EAAEF,WAAW,CAACvE,MAAM,CAACtD,IAAI;MAClCwG,OAAO,EAAEqB,WAAW,CAACvE,MAAM,CAACkD,OAAO;MACnCE,QAAQ,EAAEmB,WAAW,CAACvE,MAAM,CAACoD;IACjC,CAAC;IAEDkB,SAAS,CAACI,OAAO,CAACC,QAAQ,IAAI/I,2BAA2B,CAACa,OAAO,EAAE+H,KAAK,EAAEG,QAAQ,CAAC,CAAC;EACxF,CAAC,CAAC;EAEF9H,GAAG,CAACyB,UAAU,CAAC,MAAM;IACjBzB,GAAG,CAAC+H,kBAAkB,CAAC;MACnBlI,IAAI,EAAE,MAAM;MACZiI,QAAQ,EAAE;QACNnC,QAAQ,EAAE;UACNO,GAAG,EAAEtG,OAAO,CAACkC,SAAS,CAAC6D,QAAQ,CAACxC,MAAM,CAAC+C,GAAG;UAC1CrG,IAAI,EAAED,OAAO,CAACkC,SAAS,CAAC6D,QAAQ,CAACxC,MAAM,CAACtD;QAC5C,CAAC;QACDmI,aAAa,EAAE;UACX9B,GAAG,EAAEtG,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAAC+C,GAAG;UAC/CrG,IAAI,EAAED,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACtD,IAAI;UACjDwG,OAAO,EAAEzG,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACkD,OAAO;UACvDE,QAAQ,EAAE3G,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACoD;QACrD;MACJ;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAOvG,GAAG;AACd","ignoreList":[]}
1
+ {"version":3,"names":["aws","createPulumiApp","isResourceOfType","CoreCognito","CoreDynamo","OpenSearch","CoreEventBus","CoreFileManger","CoreVpc","WatchCommand","withServiceManifest","addServiceManifestTableItem","random","getProjectSdk","CorePulumi","getOsConfigFromExtension","getVpcConfigFromExtension","applyAwsResourceTags","getAwsRegion","configureS3BucketMalwareProtection","pulumi","CoreAuditLogsDynamo","createCorePulumiApp","baseApp","name","path","program","app","sdk","projectConfig","getProjectConfig","pulumiResourceNamePrefix","getPulumiResourceNamePrefix","vpcExtensionsConfig","opensearchExtensionConfig","deploymentId","RandomId","byteLength","searchEngineType","searchEngineParams","params","domainName","process","env","AWS_OS_DOMAIN_NAME","indexPrefix","OPENSEARCH_INDEX_PREFIX","sharedIndexes","OPENSEARCH_SHARED_INDEXES","onResource","resource","startsWith","addHandler","usingAdvancedVpcParams","featureFlags","getFeatureFlags","isFileManagerThreatDetectionEnabled","resources","addResource","useExistingVpc","useVpcEndpoints","Error","openSearchDomainVpcConfig","opensearch","Domain","config","vpcOptions","lambdaFunctionsVpcConfig","lambda","Function","canUseVpc","meta","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","region","ec2","Vpc","enableDnsSupport","enableDnsHostnames","vpc","subnets","routeTables","VpcEndpoint","vpcId","id","serviceName","interpolate","routeTableIds","privateSubnets","vpcEndpointType","privateDnsEnabled","securityGroupIds","defaultSecurityGroupId","subnetIds","private","map","subNet","pulumiHandlers","getContainer","resolve","execute","isProduction","protect","dynamoDbTable","addModule","auditLogsDynamoDbTable","vpcEnabled","cognito","useEmailAsUsername","eventBus","bucket","fileManagerBucket","hex","addOutputs","fileManagerBucketId","primaryDynamodbTableArn","arn","primaryDynamodbTableName","primaryDynamodbTableHashKey","hashKey","primaryDynamodbTableRangeKey","rangeKey","auditLogsDynamodbTableArn","auditLogsDynamodbTableName","auditLogsDynamodbTableHashKey","auditLogsDynamodbTableRangeKey","cognitoUserPoolId","userPool","cognitoUserPoolArn","cognitoUserPoolPasswordPolicy","passwordPolicy","cognitoAppClientId","userPoolClient","eventBusName","eventBusArn","manifests","dynamoTable","table","tableName","forEach","manifest","addServiceManifest","dynamodbTable"],"sources":["createCorePulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createPulumiApp, isResourceOfType } from \"@webiny/pulumi\";\nimport { CoreCognito } from \"./CoreCognito.js\";\nimport { CoreDynamo } from \"./CoreDynamo.js\";\nimport { OpenSearch } from \"./CoreOpenSearch.js\";\nimport { CoreEventBus } from \"./CoreEventBus.js\";\nimport { CoreFileManger } from \"./CoreFileManager.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { WatchCommand } from \"./WatchCommand.js\";\nimport { withServiceManifest } from \"~/pulumi/utils/withServiceManifest.js\";\nimport {\n addServiceManifestTableItem,\n type TableDefinition\n} from \"~/pulumi/utils/addServiceManifestTableItem.js\";\nimport * as random from \"@pulumi/random\";\n\nimport { getProjectSdk } from \"@webiny/project\";\nimport { CorePulumi } from \"@webiny/project/abstractions/index.js\";\nimport { getOsConfigFromExtension } from \"~/pulumi/apps/extensions/getOsConfigFromExtension.js\";\nimport { getVpcConfigFromExtension } from \"~/pulumi/apps/extensions/getVpcConfigFromExtension.js\";\nimport { applyAwsResourceTags, getAwsRegion } from \"~/pulumi/apps/awsUtils.js\";\nimport { configureS3BucketMalwareProtection } from \"./configureS3BucketMalwareProtection.js\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport { CoreAuditLogsDynamo } from \"~/pulumi/index.js\";\n\nexport type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;\n\nexport function createCorePulumiApp() {\n const baseApp = createPulumiApp({\n name: \"core\",\n path: \"apps/core\",\n program: async app => {\n const sdk = await getProjectSdk();\n const projectConfig = await sdk.getProjectConfig();\n\n const pulumiResourceNamePrefix = await sdk.getPulumiResourceNamePrefix();\n const vpcExtensionsConfig = getVpcConfigFromExtension(projectConfig);\n const opensearchExtensionConfig = getOsConfigFromExtension(projectConfig);\n\n const deploymentId = new random.RandomId(\"deploymentId\", { byteLength: 8 });\n\n let searchEngineType: \"opensearch\" | null = null;\n let searchEngineParams: typeof opensearchExtensionConfig | null = null;\n\n if (opensearchExtensionConfig) {\n searchEngineParams = opensearchExtensionConfig;\n searchEngineType = \"opensearch\";\n }\n\n if (searchEngineParams) {\n const params = searchEngineParams;\n if (typeof params === \"object\") {\n if (params.domainName) {\n process.env.AWS_OS_DOMAIN_NAME = params.domainName;\n }\n\n if (params.indexPrefix) {\n process.env.OPENSEARCH_INDEX_PREFIX = params.indexPrefix;\n }\n\n if (params.sharedIndexes) {\n process.env.OPENSEARCH_SHARED_INDEXES = \"true\";\n }\n }\n }\n\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // <-------------------- Enterprise start -------------------->\n app.addHandler(async () => {\n const usingAdvancedVpcParams =\n vpcExtensionsConfig && typeof vpcExtensionsConfig !== \"boolean\";\n\n const featureFlags = await sdk.getFeatureFlags();\n if (featureFlags.isFileManagerThreatDetectionEnabled()) {\n configureS3BucketMalwareProtection(app as CorePulumiApp);\n }\n\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return;\n }\n\n const { resources, addResource, onResource } = app as CorePulumiApp;\n const { useExistingVpc, useVpcEndpoints } = vpcExtensionsConfig;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (\"useVpcEndpoints\" in vpcExtensionsConfig) {\n throw new Error(\n \"Cannot specify `useVpcEndpoints` parameter when using an existing VPC. The VPC endpoints configurations should be already defined within the existing VPC.\"\n );\n }\n\n if (opensearchExtensionConfig) {\n if (!useExistingVpc.openSearchDomainVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `openSearchDomainVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.opensearch.Domain)) {\n resource.config.vpcOptions(\n useExistingVpc!.openSearchDomainVpcConfig\n );\n }\n });\n }\n\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn:\n aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n\n return;\n }\n\n // 2. Now we deal with \"non-existing VPC\" setup.\n if (useVpcEndpoints) {\n const region = getAwsRegion(app);\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.ec2.Vpc)) {\n resource.config.enableDnsSupport(true);\n resource.config.enableDnsHostnames(true);\n }\n });\n\n const { vpc, subnets, routeTables } = resources.vpc!;\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-s3-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.s3`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-dynamodb-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.dynamodb`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-sqs-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.sqs`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-events-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.events`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n }\n });\n // <-------------------- Enterprise end -------------------->\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n const pulumiHandlers = sdk.getContainer().resolve(CorePulumi);\n\n app.addHandler(() => {\n return pulumiHandlers.execute(app as unknown as CorePulumiApp);\n });\n\n const isProduction = app.env.isProduction;\n const protect = isProduction;\n\n // Setup DynamoDB table\n const dynamoDbTable = app.addModule(CoreDynamo, { protect });\n const auditLogsDynamoDbTable = app.addModule(CoreAuditLogsDynamo, { protect });\n\n // Setup VPC\n const vpcEnabled =\n vpcExtensionsConfig === true ||\n typeof vpcExtensionsConfig === \"object\" ||\n isProduction;\n\n const vpc = vpcEnabled ? app.addModule(CoreVpc) : null;\n\n // Setup Cognito\n const cognito = app.addModule(CoreCognito, {\n protect,\n useEmailAsUsername: false\n });\n\n // Setup event bus\n const eventBus = app.addModule(CoreEventBus);\n\n // Setup file core bucket\n const { bucket: fileManagerBucket } = app.addModule(CoreFileManger, { protect });\n\n let opensearch;\n if (searchEngineType === \"opensearch\") {\n opensearch = app.addModule(OpenSearch, { protect });\n }\n\n app.addModule(WatchCommand, { deploymentId: deploymentId.hex });\n\n app.addOutputs({\n deploymentId: deploymentId.hex,\n region: aws.config.region,\n fileManagerBucketId: fileManagerBucket.output.id,\n primaryDynamodbTableArn: dynamoDbTable.output.arn,\n primaryDynamodbTableName: dynamoDbTable.output.name,\n primaryDynamodbTableHashKey: dynamoDbTable.output.hashKey,\n primaryDynamodbTableRangeKey: dynamoDbTable.output.rangeKey,\n auditLogsDynamodbTableArn: auditLogsDynamoDbTable.output.arn,\n auditLogsDynamodbTableName: auditLogsDynamoDbTable.output.name,\n auditLogsDynamodbTableHashKey: auditLogsDynamoDbTable.output.hashKey,\n auditLogsDynamodbTableRangeKey: auditLogsDynamoDbTable.output.rangeKey,\n cognitoUserPoolId: cognito.userPool.output.id,\n cognitoUserPoolArn: cognito.userPool.output.arn,\n cognitoUserPoolPasswordPolicy: cognito.userPool.output.passwordPolicy,\n cognitoAppClientId: cognito.userPoolClient.output.id,\n eventBusName: eventBus.output.name,\n eventBusArn: eventBus.output.arn\n });\n\n // Applies internal and user-defined AWS tags.\n await applyAwsResourceTags(\"core\");\n\n return {\n dynamoDbTable,\n vpc,\n ...cognito,\n fileManagerBucket,\n eventBus,\n opensearch\n };\n }\n });\n\n const app = withServiceManifest(baseApp, manifests => {\n const dynamoTable = baseApp.resources.dynamoDbTable;\n\n const table: TableDefinition = {\n tableName: dynamoTable.output.name,\n hashKey: dynamoTable.output.hashKey,\n rangeKey: dynamoTable.output.rangeKey\n };\n\n manifests.forEach(manifest => addServiceManifestTableItem(baseApp, table, manifest));\n });\n\n app.addHandler(() => {\n app.addServiceManifest({\n name: \"core\",\n manifest: {\n eventBus: {\n arn: baseApp.resources.eventBus.output.arn,\n name: baseApp.resources.eventBus.output.name\n },\n dynamodbTable: {\n arn: baseApp.resources.dynamoDbTable.output.arn,\n name: baseApp.resources.dynamoDbTable.output.name,\n hashKey: baseApp.resources.dynamoDbTable.output.hashKey,\n rangeKey: baseApp.resources.dynamoDbTable.output.rangeKey\n }\n }\n });\n });\n\n return app;\n}\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,EAAEC,gBAAgB,QAAQ,gBAAgB;AAClE,SAASC,WAAW;AACpB,SAASC,UAAU;AACnB,SAASC,UAAU;AACnB,SAASC,YAAY;AACrB,SAASC,cAAc;AACvB,SAASC,OAAO;AAChB,SAASC,YAAY;AACrB,SAASC,mBAAmB;AAC5B,SACIC,2BAA2B;AAG/B,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AAExC,SAASC,aAAa,QAAQ,iBAAiB;AAC/C,SAASC,UAAU,QAAQ,uCAAuC;AAClE,SAASC,wBAAwB;AACjC,SAASC,yBAAyB;AAClC,SAASC,oBAAoB,EAAEC,YAAY;AAC3C,SAASC,kCAAkC;AAC3C,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SAASC,mBAAmB;AAI5B,OAAO,SAASC,mBAAmBA,CAAA,EAAG;EAClC,MAAMC,OAAO,GAAGtB,eAAe,CAAC;IAC5BuB,IAAI,EAAE,MAAM;IACZC,IAAI,EAAE,WAAW;IACjBC,OAAO,EAAE,MAAMC,GAAG,IAAI;MAClB,MAAMC,GAAG,GAAG,MAAMf,aAAa,CAAC,CAAC;MACjC,MAAMgB,aAAa,GAAG,MAAMD,GAAG,CAACE,gBAAgB,CAAC,CAAC;MAElD,MAAMC,wBAAwB,GAAG,MAAMH,GAAG,CAACI,2BAA2B,CAAC,CAAC;MACxE,MAAMC,mBAAmB,GAAGjB,yBAAyB,CAACa,aAAa,CAAC;MACpE,MAAMK,yBAAyB,GAAGnB,wBAAwB,CAACc,aAAa,CAAC;MAEzE,MAAMM,YAAY,GAAG,IAAIvB,MAAM,CAACwB,QAAQ,CAAC,cAAc,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAE3E,IAAIC,gBAAqC,GAAG,IAAI;MAChD,IAAIC,kBAA2D,GAAG,IAAI;MAEtE,IAAIL,yBAAyB,EAAE;QAC3BK,kBAAkB,GAAGL,yBAAyB;QAC9CI,gBAAgB,GAAG,YAAY;MACnC;MAEA,IAAIC,kBAAkB,EAAE;QACpB,MAAMC,MAAM,GAAGD,kBAAkB;QACjC,IAAI,OAAOC,MAAM,KAAK,QAAQ,EAAE;UAC5B,IAAIA,MAAM,CAACC,UAAU,EAAE;YACnBC,OAAO,CAACC,GAAG,CAACC,kBAAkB,GAAGJ,MAAM,CAACC,UAAU;UACtD;UAEA,IAAID,MAAM,CAACK,WAAW,EAAE;YACpBH,OAAO,CAACC,GAAG,CAACG,uBAAuB,GAAGN,MAAM,CAACK,WAAW;UAC5D;UAEA,IAAIL,MAAM,CAACO,aAAa,EAAE;YACtBL,OAAO,CAACC,GAAG,CAACK,yBAAyB,GAAG,MAAM;UAClD;QACJ;MACJ;MAEA,IAAIjB,wBAAwB,EAAE;QAC1BJ,GAAG,CAACsB,UAAU,CAACC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAAC1B,IAAI,CAAC2B,UAAU,CAACpB,wBAAwB,CAAC,EAAE;YACrDmB,QAAQ,CAAC1B,IAAI,GAAG,GAAGO,wBAAwB,GAAGmB,QAAQ,CAAC1B,IAAI,EAAE;UACjE;QACJ,CAAC,CAAC;MACN;;MAEA;MACAG,GAAG,CAACyB,UAAU,CAAC,YAAY;QACvB,MAAMC,sBAAsB,GACxBpB,mBAAmB,IAAI,OAAOA,mBAAmB,KAAK,SAAS;QAEnE,MAAMqB,YAAY,GAAG,MAAM1B,GAAG,CAAC2B,eAAe,CAAC,CAAC;QAChD,IAAID,YAAY,CAACE,mCAAmC,CAAC,CAAC,EAAE;UACpDrC,kCAAkC,CAACQ,GAAoB,CAAC;QAC5D;;QAEA;QACA,IAAI,CAAC0B,sBAAsB,EAAE;UACzB;QACJ;QAEA,MAAM;UAAEI,SAAS;UAAEC,WAAW;UAAET;QAAW,CAAC,GAAGtB,GAAoB;QACnE,MAAM;UAAEgC,cAAc;UAAEC;QAAgB,CAAC,GAAG3B,mBAAmB;;QAE/D;QACA,IAAI0B,cAAc,EAAE;UAChB,IAAI,iBAAiB,IAAI1B,mBAAmB,EAAE;YAC1C,MAAM,IAAI4B,KAAK,CACX,4JACJ,CAAC;UACL;UAEA,IAAI3B,yBAAyB,EAAE;YAC3B,IAAI,CAACyB,cAAc,CAACG,yBAAyB,EAAE;cAC3C,MAAM,IAAID,KAAK,CACX,8GACJ,CAAC;YACL;YAEAZ,UAAU,CAACC,QAAQ,IAAI;cACnB,IAAIhD,gBAAgB,CAACgD,QAAQ,EAAElD,GAAG,CAAC+D,UAAU,CAACC,MAAM,CAAC,EAAE;gBACnDd,QAAQ,CAACe,MAAM,CAACC,UAAU,CACtBP,cAAc,CAAEG,yBACpB,CAAC;cACL;YACJ,CAAC,CAAC;UACN;UAEA,IAAI,CAACH,cAAc,CAACQ,wBAAwB,EAAE;YAC1C,MAAM,IAAIN,KAAK,CACX,6GACJ,CAAC;UACL;UAEAZ,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAIhD,gBAAgB,CAACgD,QAAQ,EAAElD,GAAG,CAACoE,MAAM,CAACC,QAAQ,CAAC,EAAE;cACjD,MAAMC,SAAS,GAAGpB,QAAQ,CAACqB,IAAI,CAACD,SAAS,KAAK,KAAK;cACnD,IAAIA,SAAS,EAAE;gBACXpB,QAAQ,CAACe,MAAM,CAACO,SAAS,CAACb,cAAc,CAAEQ,wBAAwB,CAAC;cACvE;YACJ;YAEA,IAAIjE,gBAAgB,CAACgD,QAAQ,EAAElD,GAAG,CAACyE,GAAG,CAACC,IAAI,CAAC,EAAE;cAC1C,IAAIxB,QAAQ,CAACqB,IAAI,CAACI,oBAAoB,EAAE;gBACpCjB,WAAW,CAAC1D,GAAG,CAACyE,GAAG,CAACG,oBAAoB,EAAE;kBACtCpD,IAAI,EAAE,GAAG0B,QAAQ,CAAC1B,IAAI,4BAA4B;kBAClDyC,MAAM,EAAE;oBACJY,IAAI,EAAE3B,QAAQ,CAAC4B,MAAM,CAACtD,IAAI;oBAC1BuD,SAAS,EACL/E,GAAG,CAACyE,GAAG,CAACO,aAAa,CAACC;kBAC9B;gBACJ,CAAC,CAAC;cACN;YACJ;UACJ,CAAC,CAAC;UAEF;QACJ;;QAEA;QACA,IAAIrB,eAAe,EAAE;UACjB,MAAMsB,MAAM,GAAGhE,YAAY,CAACS,GAAG,CAAC;UAEhCsB,UAAU,CAACC,QAAQ,IAAI;YACnB,IAAIhD,gBAAgB,CAACgD,QAAQ,EAAElD,GAAG,CAACmF,GAAG,CAACC,GAAG,CAAC,EAAE;cACzClC,QAAQ,CAACe,MAAM,CAACoB,gBAAgB,CAAC,IAAI,CAAC;cACtCnC,QAAQ,CAACe,MAAM,CAACqB,kBAAkB,CAAC,IAAI,CAAC;YAC5C;UACJ,CAAC,CAAC;UAEF,MAAM;YAAEC,GAAG;YAAEC,OAAO;YAAEC;UAAY,CAAC,GAAGhC,SAAS,CAAC8B,GAAI;UACpD7B,WAAW,CAAC1D,GAAG,CAACmF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,qBAAqB;YAC3ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,KAAK;cAC3Da,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC1D,GAAG,CAACmF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,2BAA2B;YACjCyC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,WAAW;cACjEa,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;YACxD;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC1D,GAAG,CAACmF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,sBAAsB;YAC5ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,MAAM;cAC5De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;UAEFlC,WAAW,CAAC1D,GAAG,CAACmF,GAAG,CAACO,WAAW,EAAE;YAC7BlE,IAAI,EAAE,yBAAyB;YAC/ByC,MAAM,EAAE;cACJ0B,KAAK,EAAEJ,GAAG,CAACT,MAAM,CAACc,EAAE;cACpBC,WAAW,EAAEzE,MAAM,CAAC0E,WAAW,iBAAiBZ,MAAM,SAAS;cAC/De,eAAe,EAAE,WAAW;cAC5BC,iBAAiB,EAAE,IAAI;cACvBC,gBAAgB,EAAE,CAACZ,GAAG,CAACT,MAAM,CAACsB,sBAAsB,CAAC;cACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;YAC7D;UACJ,CAAC,CAAC;QACN;MACJ,CAAC,CAAC;MACF;;MAEA;MACA;MACA,MAAMa,cAAc,GAAG7E,GAAG,CAAC8E,YAAY,CAAC,CAAC,CAACC,OAAO,CAAC7F,UAAU,CAAC;MAE7Da,GAAG,CAACyB,UAAU,CAAC,MAAM;QACjB,OAAOqD,cAAc,CAACG,OAAO,CAACjF,GAA+B,CAAC;MAClE,CAAC,CAAC;MAEF,MAAMkF,YAAY,GAAGlF,GAAG,CAACgB,GAAG,CAACkE,YAAY;MACzC,MAAMC,OAAO,GAAGD,YAAY;;MAE5B;MACA,MAAME,aAAa,GAAGpF,GAAG,CAACqF,SAAS,CAAC5G,UAAU,EAAE;QAAE0G;MAAQ,CAAC,CAAC;MAC5D,MAAMG,sBAAsB,GAAGtF,GAAG,CAACqF,SAAS,CAAC3F,mBAAmB,EAAE;QAAEyF;MAAQ,CAAC,CAAC;;MAE9E;MACA,MAAMI,UAAU,GACZjF,mBAAmB,KAAK,IAAI,IAC5B,OAAOA,mBAAmB,KAAK,QAAQ,IACvC4E,YAAY;MAEhB,MAAMtB,GAAG,GAAG2B,UAAU,GAAGvF,GAAG,CAACqF,SAAS,CAACxG,OAAO,CAAC,GAAG,IAAI;;MAEtD;MACA,MAAM2G,OAAO,GAAGxF,GAAG,CAACqF,SAAS,CAAC7G,WAAW,EAAE;QACvC2G,OAAO;QACPM,kBAAkB,EAAE;MACxB,CAAC,CAAC;;MAEF;MACA,MAAMC,QAAQ,GAAG1F,GAAG,CAACqF,SAAS,CAAC1G,YAAY,CAAC;;MAE5C;MACA,MAAM;QAAEgH,MAAM,EAAEC;MAAkB,CAAC,GAAG5F,GAAG,CAACqF,SAAS,CAACzG,cAAc,EAAE;QAAEuG;MAAQ,CAAC,CAAC;MAEhF,IAAI/C,UAAU;MACd,IAAIzB,gBAAgB,KAAK,YAAY,EAAE;QACnCyB,UAAU,GAAGpC,GAAG,CAACqF,SAAS,CAAC3G,UAAU,EAAE;UAAEyG;QAAQ,CAAC,CAAC;MACvD;MAEAnF,GAAG,CAACqF,SAAS,CAACvG,YAAY,EAAE;QAAE0B,YAAY,EAAEA,YAAY,CAACqF;MAAI,CAAC,CAAC;MAE/D7F,GAAG,CAAC8F,UAAU,CAAC;QACXtF,YAAY,EAAEA,YAAY,CAACqF,GAAG;QAC9BtC,MAAM,EAAElF,GAAG,CAACiE,MAAM,CAACiB,MAAM;QACzBwC,mBAAmB,EAAEH,iBAAiB,CAACzC,MAAM,CAACc,EAAE;QAChD+B,uBAAuB,EAAEZ,aAAa,CAACjC,MAAM,CAAC8C,GAAG;QACjDC,wBAAwB,EAAEd,aAAa,CAACjC,MAAM,CAACtD,IAAI;QACnDsG,2BAA2B,EAAEf,aAAa,CAACjC,MAAM,CAACiD,OAAO;QACzDC,4BAA4B,EAAEjB,aAAa,CAACjC,MAAM,CAACmD,QAAQ;QAC3DC,yBAAyB,EAAEjB,sBAAsB,CAACnC,MAAM,CAAC8C,GAAG;QAC5DO,0BAA0B,EAAElB,sBAAsB,CAACnC,MAAM,CAACtD,IAAI;QAC9D4G,6BAA6B,EAAEnB,sBAAsB,CAACnC,MAAM,CAACiD,OAAO;QACpEM,8BAA8B,EAAEpB,sBAAsB,CAACnC,MAAM,CAACmD,QAAQ;QACtEK,iBAAiB,EAAEnB,OAAO,CAACoB,QAAQ,CAACzD,MAAM,CAACc,EAAE;QAC7C4C,kBAAkB,EAAErB,OAAO,CAACoB,QAAQ,CAACzD,MAAM,CAAC8C,GAAG;QAC/Ca,6BAA6B,EAAEtB,OAAO,CAACoB,QAAQ,CAACzD,MAAM,CAAC4D,cAAc;QACrEC,kBAAkB,EAAExB,OAAO,CAACyB,cAAc,CAAC9D,MAAM,CAACc,EAAE;QACpDiD,YAAY,EAAExB,QAAQ,CAACvC,MAAM,CAACtD,IAAI;QAClCsH,WAAW,EAAEzB,QAAQ,CAACvC,MAAM,CAAC8C;MACjC,CAAC,CAAC;;MAEF;MACA,MAAM3G,oBAAoB,CAAC,MAAM,CAAC;MAElC,OAAO;QACH8F,aAAa;QACbxB,GAAG;QACH,GAAG4B,OAAO;QACVI,iBAAiB;QACjBF,QAAQ;QACRtD;MACJ,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMpC,GAAG,GAAGjB,mBAAmB,CAACa,OAAO,EAAEwH,SAAS,IAAI;IAClD,MAAMC,WAAW,GAAGzH,OAAO,CAACkC,SAAS,CAACsD,aAAa;IAEnD,MAAMkC,KAAsB,GAAG;MAC3BC,SAAS,EAAEF,WAAW,CAAClE,MAAM,CAACtD,IAAI;MAClCuG,OAAO,EAAEiB,WAAW,CAAClE,MAAM,CAACiD,OAAO;MACnCE,QAAQ,EAAEe,WAAW,CAAClE,MAAM,CAACmD;IACjC,CAAC;IAEDc,SAAS,CAACI,OAAO,CAACC,QAAQ,IAAIzI,2BAA2B,CAACY,OAAO,EAAE0H,KAAK,EAAEG,QAAQ,CAAC,CAAC;EACxF,CAAC,CAAC;EAEFzH,GAAG,CAACyB,UAAU,CAAC,MAAM;IACjBzB,GAAG,CAAC0H,kBAAkB,CAAC;MACnB7H,IAAI,EAAE,MAAM;MACZ4H,QAAQ,EAAE;QACN/B,QAAQ,EAAE;UACNO,GAAG,EAAErG,OAAO,CAACkC,SAAS,CAAC4D,QAAQ,CAACvC,MAAM,CAAC8C,GAAG;UAC1CpG,IAAI,EAAED,OAAO,CAACkC,SAAS,CAAC4D,QAAQ,CAACvC,MAAM,CAACtD;QAC5C,CAAC;QACD8H,aAAa,EAAE;UACX1B,GAAG,EAAErG,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAAC8C,GAAG;UAC/CpG,IAAI,EAAED,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACtD,IAAI;UACjDuG,OAAO,EAAExG,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACiD,OAAO;UACvDE,QAAQ,EAAE1G,OAAO,CAACkC,SAAS,CAACsD,aAAa,CAACjC,MAAM,CAACmD;QACrD;MACJ;IACJ,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,OAAOtG,GAAG;AACd","ignoreList":[]}
package/pulumi/types.d.ts CHANGED
@@ -23,10 +23,6 @@ export interface IDefaultStackOutput extends IStackOutput {
23
23
  primaryDynamodbTableName: string;
24
24
  primaryDynamodbTableHashKey: string;
25
25
  primaryDynamodbTableRangeKey: string;
26
- logDynamodbTableArn: string;
27
- logDynamodbTableName: string;
28
- logDynamodbTableHashKey: string;
29
- logDynamodbTableRangeKey: string;
30
26
  eventBusName: string;
31
27
  eventBusArn: string;
32
28
  vpcPublicSubnetIds: string[] | undefined;
package/pulumi/types.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":[],"sources":["types.ts"],"sourcesContent":["import { type IStackOutput } from \"@webiny/project\";\n\n// TODO: split into this per-app stack outputs.\nexport interface IDefaultStackOutput extends IStackOutput {\n deploymentId: string;\n region: string;\n dynamoDbTable: string;\n migrationLambdaArn: string;\n iotAuthorizerName: string;\n apiDomain: string;\n apiUrl: string;\n graphqlLambdaRole: string;\n graphqlLambdaRoleName: string;\n fileManagerManageLambdaArn: string;\n fileManagerManageLambdaRole: string;\n fileManagerManageLambdaRoleName: string;\n cognitoUserPoolArn: string;\n cognitoAppClientId: string;\n cognitoUserPoolId: string;\n cognitoUserPoolPasswordPolicy: string;\n websocketApiUrl: string;\n fileManagerBucketId: string;\n fileManagerBucketArn: string;\n primaryDynamodbTableArn: string;\n primaryDynamodbTableName: string;\n primaryDynamodbTableHashKey: string;\n primaryDynamodbTableRangeKey: string;\n logDynamodbTableArn: string;\n logDynamodbTableName: string;\n logDynamodbTableHashKey: string;\n logDynamodbTableRangeKey: string;\n eventBusName: string;\n eventBusArn: string;\n vpcPublicSubnetIds: string[] | undefined;\n vpcPrivateSubnetIds: string[] | undefined;\n vpcSecurityGroupIds: string[] | undefined;\n opensearchDomainArn: string | undefined;\n opensearchDomainEndpoint: string | undefined;\n opensearchDynamodbTableHashKey: string;\n opensearchDynamodbTableRangeKey: string;\n opensearchDynamodbTableArn: string | undefined;\n opensearchDynamodbTableName: string | undefined;\n appStorage: string;\n appDomain?: string;\n deliveryDomain?: string;\n}\n"],"mappings":"","ignoreList":[]}
1
+ {"version":3,"names":[],"sources":["types.ts"],"sourcesContent":["import { type IStackOutput } from \"@webiny/project\";\n\n// TODO: split into this per-app stack outputs.\nexport interface IDefaultStackOutput extends IStackOutput {\n deploymentId: string;\n region: string;\n dynamoDbTable: string;\n migrationLambdaArn: string;\n iotAuthorizerName: string;\n apiDomain: string;\n apiUrl: string;\n graphqlLambdaRole: string;\n graphqlLambdaRoleName: string;\n fileManagerManageLambdaArn: string;\n fileManagerManageLambdaRole: string;\n fileManagerManageLambdaRoleName: string;\n cognitoUserPoolArn: string;\n cognitoAppClientId: string;\n cognitoUserPoolId: string;\n cognitoUserPoolPasswordPolicy: string;\n websocketApiUrl: string;\n fileManagerBucketId: string;\n fileManagerBucketArn: string;\n primaryDynamodbTableArn: string;\n primaryDynamodbTableName: string;\n primaryDynamodbTableHashKey: string;\n primaryDynamodbTableRangeKey: string;\n eventBusName: string;\n eventBusArn: string;\n vpcPublicSubnetIds: string[] | undefined;\n vpcPrivateSubnetIds: string[] | undefined;\n vpcSecurityGroupIds: string[] | undefined;\n opensearchDomainArn: string | undefined;\n opensearchDomainEndpoint: string | undefined;\n opensearchDynamodbTableHashKey: string;\n opensearchDynamodbTableRangeKey: string;\n opensearchDynamodbTableArn: string | undefined;\n opensearchDynamodbTableName: string | undefined;\n appStorage: string;\n appDomain?: string;\n deliveryDomain?: string;\n}\n"],"mappings":"","ignoreList":[]}
package/pulumi/apps/core/LogDynamo.d.ts DELETED
@@ -1,5 +0,0 @@
1
- import { type PulumiAppModule } from "@webiny/pulumi";
2
- export type LogDynamo = PulumiAppModule<typeof LogDynamo>;
3
- export declare const LogDynamo: import("@webiny/pulumi").PulumiAppModuleDefinition<import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/table").Table>, {
4
- protect: boolean;
5
- }>;
package/pulumi/apps/core/LogDynamo.js DELETED
@@ -1,122 +0,0 @@
1
- import * as aws from "@pulumi/aws";
2
- import { createAppModule } from "@webiny/pulumi";
3
- export const LogDynamo = createAppModule({
4
- name: "DynamoDbLog",
5
- config(app, params) {
6
- return app.addResource(aws.dynamodb.Table, {
7
- name: "webiny-log",
8
- config: {
9
- attributes: [{
10
- name: "PK",
11
- type: "S"
12
- }, {
13
- name: "SK",
14
- type: "S"
15
- }, {
16
- name: "GSI_TENANT",
17
- type: "S"
18
- }, {
19
- name: "GSI1_PK",
20
- type: "S"
21
- }, {
22
- name: "GSI1_SK",
23
- type: "S"
24
- }, {
25
- name: "GSI2_PK",
26
- type: "S"
27
- }, {
28
- name: "GSI2_SK",
29
- type: "S"
30
- }, {
31
- name: "GSI3_PK",
32
- type: "S"
33
- }, {
34
- name: "GSI3_SK",
35
- type: "S"
36
- }, {
37
- name: "GSI4_PK",
38
- type: "S"
39
- }, {
40
- name: "GSI4_SK",
41
- type: "S"
42
- }, {
43
- name: "GSI5_PK",
44
- type: "S"
45
- }, {
46
- name: "GSI5_SK",
47
- type: "S"
48
- }],
49
- billingMode: "PAY_PER_REQUEST",
50
- hashKey: "PK",
51
- rangeKey: "SK",
52
- globalSecondaryIndexes: [{
53
- name: "GSI_TENANT",
54
- keySchemas: [{
55
- attributeName: "GSI_TENANT",
56
- keyType: "HASH"
57
- }],
58
- projectionType: "KEYS_ONLY"
59
- }, {
60
- name: "GSI1",
61
- keySchemas: [{
62
- attributeName: "GSI1_PK",
63
- keyType: "HASH"
64
- }, {
65
- attributeName: "GSI1_SK",
66
- keyType: "RANGE"
67
- }],
68
- projectionType: "ALL"
69
- }, {
70
- name: "GSI2",
71
- keySchemas: [{
72
- attributeName: "GSI2_PK",
73
- keyType: "HASH"
74
- }, {
75
- attributeName: "GSI2_SK",
76
- keyType: "RANGE"
77
- }],
78
- projectionType: "ALL"
79
- }, {
80
- name: "GSI3",
81
- keySchemas: [{
82
- attributeName: "GSI3_PK",
83
- keyType: "HASH"
84
- }, {
85
- attributeName: "GSI3_SK",
86
- keyType: "RANGE"
87
- }],
88
- projectionType: "ALL"
89
- }, {
90
- name: "GSI4",
91
- keySchemas: [{
92
- attributeName: "GSI4_PK",
93
- keyType: "HASH"
94
- }, {
95
- attributeName: "GSI4_SK",
96
- keyType: "RANGE"
97
- }],
98
- projectionType: "ALL"
99
- }, {
100
- name: "GSI5",
101
- keySchemas: [{
102
- attributeName: "GSI5_PK",
103
- keyType: "HASH"
104
- }, {
105
- attributeName: "GSI5_SK",
106
- keyType: "RANGE"
107
- }],
108
- projectionType: "ALL"
109
- }],
110
- ttl: {
111
- attributeName: "expiresAt",
112
- enabled: true
113
- }
114
- },
115
- opts: {
116
- protect: params.protect
117
- }
118
- });
119
- }
120
- });
121
-
122
- //# sourceMappingURL=LogDynamo.js.map
package/pulumi/apps/core/LogDynamo.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"names":["aws","createAppModule","LogDynamo","name","config","app","params","addResource","dynamodb","Table","attributes","type","billingMode","hashKey","rangeKey","globalSecondaryIndexes","keySchemas","attributeName","keyType","projectionType","ttl","enabled","opts","protect"],"sources":["LogDynamo.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, type PulumiApp, type PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type LogDynamo = PulumiAppModule<typeof LogDynamo>;\n\nexport const LogDynamo = createAppModule({\n name: \"DynamoDbLog\",\n config(app: PulumiApp, params: { protect: boolean }) {\n return app.addResource(aws.dynamodb.Table, {\n name: \"webiny-log\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" },\n { name: \"GSI_TENANT\", type: \"S\" },\n { name: \"GSI1_PK\", type: \"S\" },\n { name: \"GSI1_SK\", type: \"S\" },\n { name: \"GSI2_PK\", type: \"S\" },\n { name: \"GSI2_SK\", type: \"S\" },\n { name: \"GSI3_PK\", type: \"S\" },\n { name: \"GSI3_SK\", type: \"S\" },\n { name: \"GSI4_PK\", type: \"S\" },\n { name: \"GSI4_SK\", type: \"S\" },\n { name: \"GSI5_PK\", type: \"S\" },\n { name: \"GSI5_SK\", type: \"S\" }\n ],\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\",\n globalSecondaryIndexes: [\n {\n name: \"GSI_TENANT\",\n keySchemas: [\n {\n attributeName: \"GSI_TENANT\",\n keyType: \"HASH\"\n }\n ],\n projectionType: \"KEYS_ONLY\"\n },\n {\n name: \"GSI1\",\n keySchemas: [\n {\n attributeName: \"GSI1_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI1_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"ALL\"\n },\n {\n name: \"GSI2\",\n keySchemas: [\n {\n attributeName: \"GSI2_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI2_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"ALL\"\n },\n {\n name: \"GSI3\",\n keySchemas: [\n {\n attributeName: \"GSI3_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI3_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"ALL\"\n },\n {\n name: \"GSI4\",\n keySchemas: [\n {\n attributeName: \"GSI4_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI4_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"ALL\"\n },\n {\n name: \"GSI5\",\n keySchemas: [\n {\n attributeName: \"GSI5_PK\",\n keyType: \"HASH\"\n },\n {\n attributeName: \"GSI5_SK\",\n keyType: \"RANGE\"\n }\n ],\n projectionType: \"ALL\"\n }\n ],\n ttl: {\n attributeName: \"expiresAt\",\n enabled: true\n }\n },\n opts: {\n protect: params.protect\n }\n });\n }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,QAA8C,gBAAgB;AAItF,OAAO,MAAMC,SAAS,GAAGD,eAAe,CAAC;EACrCE,IAAI,EAAE,aAAa;EACnBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,OAAOD,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,QAAQ,CAACC,KAAK,EAAE;MACvCN,IAAI,EAAE,YAAY;MAClBC,MAAM,EAAE;QACJM,UAAU,EAAE,CACR;UAAEP,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,IAAI;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACzB;UAAER,IAAI,EAAE,YAAY;UAAEQ,IAAI,EAAE;QAAI,CAAC,EACjC;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,EAC9B;UAAER,IAAI,EAAE,SAAS;UAAEQ,IAAI,EAAE;QAAI,CAAC,CACjC;QACDC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACIZ,IAAI,EAAE,YAAY;UAClBa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,YAAY;YAC3BC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,EACD;UACIhB,IAAI,EAAE,MAAM;UACZa,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,EACD;YACID,aAAa,EAAE,SAAS;YACxBC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDH,aAAa,EAAE,WAAW;UAC1BI,OAAO,EAAE;QACb;MACJ,CAAC;MACDC,IAAI,EAAE;QACFC,OAAO,EAAEjB,MAAM,CAACiB;MACpB;IACJ,CAAC,CAAC;EACN;AACJ,CAAC,CAAC","ignoreList":[]}