@webiny/project-aws 6.3.0 → 6.4.0-beta.0

package/pulumi/apps/core/CoreOpenSearch.js.map

@@ -1 +1 @@
-{"version":3,"names":["path","pulumi","aws","random","createAppModule","getAwsAccountId","CoreVpc","LAMBDA_RUNTIME","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","OS_ENGINE_VERSION","OpenSearch","name","config","app","params","isProduction","env","vpc","getModule","optional","domain","domainPolicy","domainEndpoint","domainArn","providedEndpoint","process","OPENSEARCH_ENDPOINT","providedDomainName","AWS_OS_DOMAIN_NAME","Error","addRemoteResource","opensearch","getDomain","domainName","async","output","arn","endpoint","randomId","RandomId","byteLength","domainLogicalName","domainPhysicalName","hex","apply","prevDomainName","namePrefix","slice","addResource","Domain","engineVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","accountId","DomainPolicy","accessPolicies","all","JSON","stringify","Version","Statement","Effect","Principal","AWS","Action","Resource","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","globalSecondaryIndexes","keySchemas","attributeName","keyType","projectionType","ttl","enabled","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","handler","timeout","memorySize","environment","variables","DEBUG","String","OPENSEARCH_USERNAME","OPENSEARCH_PASSWORD","description","code","asset","AssetArchive","FileArchive","join","paths","workspace","vpcConfig","loggingConfig","logFormat","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","opensearchDomainArn","opensearchDomainEndpoint","opensearchDomainName","opensearchDynamodbTableArn","opensearchDynamodbTableName","dynamoToElastic","Policy","Sid","interpolate"],"sources":["CoreOpenSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as random from \"@pulumi/random\";\nimport {\n    createAppModule,\n    type PulumiApp,\n    type PulumiAppRemoteResource,\n    type PulumiAppResource,\n    type PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\n\nexport interface OpenSearchParams {\n    protect: boolean;\n    namePrefix: string;\n    prevDomainName: string | undefined;\n}\n\nfunction getDevClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n    return {\n        instanceType: \"t3.small.search\"\n    };\n}\n\nfunction getProdClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n    return {\n        // For production deployments, we create 3 instances and configure multi-AZ across 3 zones.\n        instanceType: \"t3.medium.search\",\n        instanceCount: 3,\n        zoneAwarenessEnabled: true,\n        zoneAwarenessConfig: {\n            availabilityZoneCount: 3\n        }\n    };\n}\n\nconst OS_ENGINE_VERSION = \"OpenSearch_3.3\";\n\nexport const OpenSearch = createAppModule({\n    name: \"OpenSearch\",\n    config(app, params: OpenSearchParams) {\n        const isProduction = app.env.isProduction;\n\n        const vpc = app.getModule(CoreVpc, { optional: true });\n\n        let domain:\n            | PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain>>\n            | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>\n            | null = null;\n\n        let domainPolicy;\n        let domainEndpoint: pulumi.Output<string> | string;\n        let domainArn: pulumi.Output<string>;\n\n        const providedEndpoint = process.env.OPENSEARCH_ENDPOINT;\n        const providedDomainName = process.env.AWS_OS_DOMAIN_NAME;\n\n        if (providedEndpoint && !providedDomainName) {\n            throw new Error(\n                \"OPENSEARCH_ENDPOINT was provided but AWS_OS_DOMAIN_NAME is missing. \" +\n                    \"A domain name is required to look up the domain ARN when using a custom endpoint.\"\n            );\n        }\n\n        if (providedDomainName) {\n            // Look up the existing domain by name to obtain its ARN and (if no explicit endpoint is\n            // provided) its endpoint. This covers both the ephemeral-environment pattern and the\n            // case where an external endpoint is supplied alongside a domain name.\n            // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n            domain = app.addRemoteResource(providedDomainName, () => {\n                return aws.opensearch.getDomain(\n                    { domainName: providedDomainName },\n                    { async: true }\n                );\n            });\n            domainArn = domain.output.arn;\n            // Prefer an explicitly provided endpoint; fall back to the one reported by AWS.\n            domainEndpoint = providedEndpoint ?? domain.output.endpoint;\n        } else {\n            const randomId = new random.RandomId(\"osDomainRandomId\", { byteLength: 8 });\n\n            const domainLogicalName = \"webiny-js\";\n\n            /**\n             * The physical domain name must remain stable across re-deploys. Changing it causes\n             * Pulumi to delete and recreate the cluster, which is a destructive operation.\n             *\n             * To avoid this, we read the domain name that was stored in the previous deploy's\n             * stack output (via `sdk.getAppStackOutput`) and reuse it unchanged. Only on the\n             * very first deploy, when there is no previous output, do we generate a new name\n             * (with the resource name prefix applied for consistent naming going forward).\n             *\n             * NOTE: `params.namePrefix` may be \"\" when upgrading from old code that never stored\n             * the domain name in the stack output. In that case the caller passes \"\" explicitly so\n             * the fallback formula reproduces the legacy name (`webiny-js-<hex>`) rather than\n             * prepending the SDK default prefix and triggering an unintended cluster replacement.\n             * See `createCorePulumiApp.ts` → `isUpgradeFromOldCode` for details.\n             */\n            const domainPhysicalName = randomId.hex.apply(\n                hex =>\n                    params.prevDomainName ??\n                    `${params.namePrefix}${domainLogicalName}-${hex.slice(-7)}`\n            );\n\n            domain = app.addResource(aws.opensearch.Domain, {\n                name: domainLogicalName,\n                config: {\n                    domainName: domainPhysicalName,\n                    engineVersion: OS_ENGINE_VERSION,\n                    clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n                    vpcOptions: vpc\n                        ? {\n                              subnetIds: vpc.subnets.private.map(s => s.output.id),\n                              securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                          }\n                        : undefined,\n                    ebsOptions: {\n                        ebsEnabled: true,\n                        volumeSize: 10,\n                        volumeType: \"gp2\"\n                    },\n                    advancedOptions: {\n                        \"rest.action.multi.allow_explicit_index\": \"true\"\n                    },\n                    snapshotOptions: {\n                        automatedSnapshotStartHour: 23\n                    }\n                },\n                opts: { protect: params.protect }\n            });\n\n            domainEndpoint = domain.output.endpoint;\n            domainArn = domain.output.arn;\n\n            /**\n             * Domain policy defines who can access your OpenSearch Domain.\n             * For details on OpenSearch security, read the official documentation:\n             * https://docs.aws.amazon.com/openSearch-service/latest/developerguide/security.html\n             */\n            const accountId = getAwsAccountId(app);\n\n            domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {\n                name: `${domainLogicalName}-policy`,\n                config: {\n                    domainName: domain.output.domainName,\n                    accessPolicies: pulumi\n                        .all([accountId, domainArn])\n                        .apply(([accountId, domainArn]) => {\n                            return JSON.stringify({\n                                Version: \"2012-10-17\",\n                                Statement: [\n                                    /**\n                                     * Allow requests signed with current account\n                                     */\n                                    {\n                                        Effect: \"Allow\",\n                                        Principal: {\n                                            AWS: accountId\n                                        },\n                                        Action: \"es:*\",\n                                        Resource: `${domainArn}/*`\n                                    }\n                                ]\n                            });\n                        })\n                },\n                opts: { protect: params.protect }\n            });\n        }\n\n        /**\n         * Create a table for OpenSearch records. All ES records are stored in this table to dramatically improve\n         * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n         * a single source of truth for your OpenSearch domain. Streaming is enabled on this table, and it will\n         * allow asynchronous synchronization of data with OpenSearch domain.\n         */\n        const table = app.addResource(aws.dynamodb.Table, {\n            name: \"webiny-es\",\n            config: {\n                attributes: [\n                    { name: \"PK\", type: \"S\" },\n                    { name: \"SK\", type: \"S\" },\n                    { name: \"GSI_TENANT\", type: \"S\" }\n                ],\n                streamEnabled: true,\n                streamViewType: \"NEW_AND_OLD_IMAGES\",\n                billingMode: \"PAY_PER_REQUEST\",\n                hashKey: \"PK\",\n                rangeKey: \"SK\",\n                globalSecondaryIndexes: [\n                    {\n                        name: \"GSI_TENANT\",\n                        keySchemas: [\n                            {\n                                attributeName: \"GSI_TENANT\",\n                                keyType: \"HASH\"\n                            }\n                        ],\n                        projectionType: \"KEYS_ONLY\"\n                    }\n                ],\n                ttl: {\n                    attributeName: \"expiresAt\",\n                    enabled: true\n                }\n            },\n            opts: { protect: params.protect }\n        });\n\n        const roleName = \"dynamo-to-elastic-lambda-role\";\n\n        const role = app.addResource(aws.iam.Role, {\n            name: roleName,\n            config: {\n                assumeRolePolicy: {\n                    Version: \"2012-10-17\",\n                    Statement: [\n                        {\n                            Action: \"sts:AssumeRole\",\n                            Principal: {\n                                Service: \"lambda.amazonaws.com\"\n                            },\n                            Effect: \"Allow\"\n                        }\n                    ]\n                }\n            },\n            meta: { isLambdaFunctionRole: true }\n        });\n\n        const policy = getDynamoDbToElasticLambdaPolicy(app, domainArn);\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n            config: {\n                role: role.output,\n                policyArn: policy.output.arn\n            }\n        });\n\n        // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n        if (vpc) {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n                }\n            });\n        } else {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaBasicExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n                }\n            });\n        }\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n            config: {\n                role: role.output,\n                policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n            }\n        });\n\n        /**\n         * This Lambda will process the stream events from DynamoDB table that contains OpenSearch items.\n         * OpenSearch can't take large amount of individual writes in a short period of time, so this way\n         * we store data for OpenSearch in a DynamoDB table, and asynchronously insert it into OpenSearch\n         * using batching.\n         */\n        const lambda = app.addResource(aws.lambda.Function, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                role: role.output.arn,\n                runtime: LAMBDA_RUNTIME,\n                handler: \"handler.handler\",\n                timeout: 900,\n                memorySize: 1024,\n                environment: {\n                    variables: {\n                        DEBUG: String(process.env.DEBUG),\n                        OPENSEARCH_ENDPOINT: domainEndpoint,\n                        OPENSEARCH_USERNAME: process.env.OPENSEARCH_USERNAME ?? \"\",\n                        OPENSEARCH_PASSWORD: process.env.OPENSEARCH_PASSWORD ?? \"\"\n                    }\n                },\n                description: \"Process DynamoDB Stream.\",\n                code: new pulumi.asset.AssetArchive({\n                    \".\": new pulumi.asset.FileArchive(\n                        path.join(app.paths.workspace, \"dynamoToElastic/build\")\n                    )\n                }),\n                vpcConfig: vpc\n                    ? {\n                          subnetIds: vpc.subnets.private.map(s => s.output.id),\n                          securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                      }\n                    : undefined,\n                loggingConfig: {\n                    logFormat: \"JSON\"\n                }\n            }\n        });\n\n        const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                eventSourceArn: table.output.streamArn,\n                functionName: lambda.output.arn,\n                startingPosition: \"LATEST\",\n                maximumRetryAttempts: 3,\n                batchSize: 50,\n                maximumBatchingWindowInSeconds: 1\n            }\n        });\n\n        app.addOutputs({\n            opensearchDomainArn: domainArn,\n            opensearchDomainEndpoint: domainEndpoint,\n            opensearchDomainName: domain!.output.domainName,\n            opensearchDynamodbTableArn: table.output.arn,\n            opensearchDynamodbTableName: table.output.name\n        });\n\n        return {\n            domain,\n            domainPolicy,\n            table,\n            dynamoToElastic: {\n                role,\n                policy,\n                lambda,\n                eventSourceMapping\n            }\n        };\n    }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(app: PulumiApp, domainArn: pulumi.Output<string>) {\n    return app.addResource(aws.iam.Policy, {\n        name: \"DynamoDbToElasticLambdaPolicy-updated\",\n        config: {\n            description: \"This policy enables access to ES and Dynamodb streams\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForES\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"es:ESHttpGet\",\n                            \"es:ESHttpDelete\",\n                            \"es:ESHttpPatch\",\n                            \"es:ESHttpPost\",\n                            \"es:ESHttpPut\",\n                            \"dynamodb:BatchGetItem\",\n                            \"dynamodb:BatchWriteItem\",\n                            \"dynamodb:PutItem\",\n                            \"dynamodb:GetItem\",\n                            \"dynamodb:DeleteItem\",\n                            \"dynamodb:Query\",\n                            \"dynamodb:UpdateItem\"\n                        ],\n                        Resource: [\n                            pulumi.interpolate`${domainArn}`,\n                            pulumi.interpolate`${domainArn}/*`\n                        ]\n                    }\n                ]\n            }\n        }\n    });\n}\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA,OAAOA,IAAI,MAAM,MAAM;AACvB,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,OAAO,KAAKC,GAAG,MAAM,aAAa;AAClC,OAAO,KAAKC,MAAM,MAAM,gBAAgB;AACxC,SACIC,eAAe,QAKZ,gBAAgB;AAEvB,SAASC,eAAe;AACxB,SAASC,OAAO;AAChB,SAASC,cAAc;AAQvB,SAASC,mBAAmBA,CAAA,EAAmD;EAC3E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAmD;EAC5E,OAAO;IACH;IACAD,YAAY,EAAE,kBAAkB;IAChCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEA,MAAMC,iBAAiB,GAAG,gBAAgB;AAE1C,OAAO,MAAMC,UAAU,GAAGZ,eAAe,CAAC;EACtCa,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAG,EAAEC,MAAwB,EAAE;IAClC,MAAMC,YAAY,GAAGF,GAAG,CAACG,GAAG,CAACD,YAAY;IAEzC,MAAME,GAAG,GAAGJ,GAAG,CAACK,SAAS,CAAClB,OAAO,EAAE;MAAEmB,QAAQ,EAAE;IAAK,CAAC,CAAC;IAEtD,IAAIC,MAGM,GAAG,IAAI;IAEjB,IAAIC,YAAY;IAChB,IAAIC,cAA8C;IAClD,IAAIC,SAAgC;IAEpC,MAAMC,gBAAgB,GAAGC,OAAO,CAACT,GAAG,CAACU,mBAAmB;IACxD,MAAMC,kBAAkB,GAAGF,OAAO,CAACT,GAAG,CAACY,kBAAkB;IAEzD,IAAIJ,gBAAgB,IAAI,CAACG,kBAAkB,EAAE;MACzC,MAAM,IAAIE,KAAK,CACX,sEAAsE,GAClE,mFACR,CAAC;IACL;IAEA,IAAIF,kBAAkB,EAAE;MACpB;MACA;MACA;MACA;MACAP,MAAM,GAAGP,GAAG,CAACiB,iBAAiB,CAACH,kBAAkB,EAAE,MAAM;QACrD,OAAO/B,GAAG,CAACmC,UAAU,CAACC,SAAS,CAC3B;UAAEC,UAAU,EAAEN;QAAmB,CAAC,EAClC;UAAEO,KAAK,EAAE;QAAK,CAClB,CAAC;MACL,CAAC,CAAC;MACFX,SAAS,GAAGH,MAAM,CAACe,MAAM,CAACC,GAAG;MAC7B;MACAd,cAAc,GAAGE,gBAAgB,IAAIJ,MAAM,CAACe,MAAM,CAACE,QAAQ;IAC/D,CAAC,MAAM;MACH,MAAMC,QAAQ,GAAG,IAAIzC,MAAM,CAAC0C,QAAQ,CAAC,kBAAkB,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAE3E,MAAMC,iBAAiB,GAAG,WAAW;;MAErC;AACZ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;MACY,MAAMC,kBAAkB,GAAGJ,QAAQ,CAACK,GAAG,CAACC,KAAK,CACzCD,GAAG,IACC7B,MAAM,CAAC+B,cAAc,IACrB,GAAG/B,MAAM,CAACgC,UAAU,GAAGL,iBAAiB,IAAIE,GAAG,CAACI,KAAK,CAAC,CAAC,CAAC,CAAC,EACjE,CAAC;MAED3B,MAAM,GAAGP,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAACmC,UAAU,CAACkB,MAAM,EAAE;QAC5CtC,IAAI,EAAE8B,iBAAiB;QACvB7B,MAAM,EAAE;UACJqB,UAAU,EAAES,kBAAkB;UAC9BQ,aAAa,EAAEzC,iBAAiB;UAChC0C,aAAa,EAAEpC,YAAY,GAAGX,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5EkD,UAAU,EAAEnC,GAAG,GACT;YACIoC,SAAS,EAAEpC,GAAG,CAACqC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACtB,MAAM,CAACuB,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAAC1C,GAAG,CAACA,GAAG,CAACkB,MAAM,CAACyB,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAExD,MAAM,CAACwD;QAAQ;MACpC,CAAC,CAAC;MAEFhD,cAAc,GAAGF,MAAM,CAACe,MAAM,CAACE,QAAQ;MACvCd,SAAS,GAAGH,MAAM,CAACe,MAAM,CAACC,GAAG;;MAE7B;AACZ;AACA;AACA;AACA;MACY,MAAMmC,SAAS,GAAGxE,eAAe,CAACc,GAAG,CAAC;MAEtCQ,YAAY,GAAGR,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAACmC,UAAU,CAACyC,YAAY,EAAE;QACxD7D,IAAI,EAAE,GAAG8B,iBAAiB,SAAS;QACnC7B,MAAM,EAAE;UACJqB,UAAU,EAAEb,MAAM,CAACe,MAAM,CAACF,UAAU;UACpCwC,cAAc,EAAE9E,MAAM,CACjB+E,GAAG,CAAC,CAACH,SAAS,EAAEhD,SAAS,CAAC,CAAC,CAC3BqB,KAAK,CAAC,CAAC,CAAC2B,SAAS,EAAEhD,SAAS,CAAC,KAAK;YAC/B,OAAOoD,IAAI,CAACC,SAAS,CAAC;cAClBC,OAAO,EAAE,YAAY;cACrBC,SAAS,EAAE;cACP;AACpC;AACA;cACoC;gBACIC,MAAM,EAAE,OAAO;gBACfC,SAAS,EAAE;kBACPC,GAAG,EAAEV;gBACT,CAAC;gBACDW,MAAM,EAAE,MAAM;gBACdC,QAAQ,EAAE,GAAG5D,SAAS;cAC1B,CAAC;YAET,CAAC,CAAC;UACN,CAAC;QACT,CAAC;QACD8C,IAAI,EAAE;UAAEC,OAAO,EAAExD,MAAM,CAACwD;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMc,KAAK,GAAGvE,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAACyF,QAAQ,CAACC,KAAK,EAAE;MAC9C3E,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJ2E,UAAU,EAAE,CACR;UAAE5E,IAAI,EAAE,IAAI;UAAE6E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE7E,IAAI,EAAE,IAAI;UAAE6E,IAAI,EAAE;QAAI,CAAC,EACzB;UAAE7E,IAAI,EAAE,YAAY;UAAE6E,IAAI,EAAE;QAAI,CAAC,CACpC;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE,IAAI;QACdC,sBAAsB,EAAE,CACpB;UACInF,IAAI,EAAE,YAAY;UAClBoF,UAAU,EAAE,CACR;YACIC,aAAa,EAAE,YAAY;YAC3BC,OAAO,EAAE;UACb,CAAC,CACJ;UACDC,cAAc,EAAE;QACpB,CAAC,CACJ;QACDC,GAAG,EAAE;UACDH,aAAa,EAAE,WAAW;UAC1BI,OAAO,EAAE;QACb;MACJ,CAAC;MACD/B,IAAI,EAAE;QAAEC,OAAO,EAAExD,MAAM,CAACwD;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAM+B,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAGzF,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAAC2G,GAAG,CAACC,IAAI,EAAE;MACvC7F,IAAI,EAAE0F,QAAQ;MACdzF,MAAM,EAAE;QACJ6F,gBAAgB,EAAE;UACd5B,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACP0B,OAAO,EAAE;YACb,CAAC;YACD3B,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACD4B,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAACjG,GAAG,EAAEU,SAAS,CAAC;IAE/DV,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAAC2G,GAAG,CAACQ,oBAAoB,EAAE;MAC1CpG,IAAI,EAAE,GAAG0F,QAAQ,gCAAgC;MACjDzF,MAAM,EAAE;QACJ0F,IAAI,EAAEA,IAAI,CAACnE,MAAM;QACjB6E,SAAS,EAAEH,MAAM,CAAC1E,MAAM,CAACC;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAInB,GAAG,EAAE;MACLJ,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAAC2G,GAAG,CAACQ,oBAAoB,EAAE;QAC1CpG,IAAI,EAAE,GAAG0F,QAAQ,kCAAkC;QACnDzF,MAAM,EAAE;UACJ0F,IAAI,EAAEA,IAAI,CAACnE,MAAM;UACjB6E,SAAS,EAAEpH,GAAG,CAAC2G,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHrG,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAAC2G,GAAG,CAACQ,oBAAoB,EAAE;QAC1CpG,IAAI,EAAE,GAAG0F,QAAQ,8BAA8B;QAC/CzF,MAAM,EAAE;UACJ0F,IAAI,EAAEA,IAAI,CAACnE,MAAM;UACjB6E,SAAS,EAAEpH,GAAG,CAAC2G,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEAtG,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAAC2G,GAAG,CAACQ,oBAAoB,EAAE;MAC1CpG,IAAI,EAAE,GAAG0F,QAAQ,iCAAiC;MAClDzF,MAAM,EAAE;QACJ0F,IAAI,EAAEA,IAAI,CAACnE,MAAM;QACjB6E,SAAS,EAAEpH,GAAG,CAAC2G,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAGxG,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAACyH,MAAM,CAACC,QAAQ,EAAE;MAChD3G,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJ0F,IAAI,EAAEA,IAAI,CAACnE,MAAM,CAACC,GAAG;QACrBmF,OAAO,EAAEtH,cAAc;QACvBuH,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAEC,MAAM,CAACrG,OAAO,CAACT,GAAG,CAAC6G,KAAK,CAAC;YAChCnG,mBAAmB,EAAEJ,cAAc;YACnCyG,mBAAmB,EAAEtG,OAAO,CAACT,GAAG,CAAC+G,mBAAmB,IAAI,EAAE;YAC1DC,mBAAmB,EAAEvG,OAAO,CAACT,GAAG,CAACgH,mBAAmB,IAAI;UAC5D;QACJ,CAAC;QACDC,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAIvI,MAAM,CAACwI,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIzI,MAAM,CAACwI,KAAK,CAACE,WAAW,CAC7B3I,IAAI,CAAC4I,IAAI,CAACzH,GAAG,CAAC0H,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAExH,GAAG,GACR;UACIoC,SAAS,EAAEpC,GAAG,CAACqC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACtB,MAAM,CAACuB,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAAC1C,GAAG,CAACA,GAAG,CAACkB,MAAM,CAACyB,sBAAsB;QAC5D,CAAC,GACDC,SAAS;QACf6E,aAAa,EAAE;UACXC,SAAS,EAAE;QACf;MACJ;IACJ,CAAC,CAAC;IAEF,MAAMC,kBAAkB,GAAG/H,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAACyH,MAAM,CAACwB,kBAAkB,EAAE;MACtElI,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJkI,cAAc,EAAE1D,KAAK,CAACjD,MAAM,CAAC4G,SAAS;QACtCC,YAAY,EAAE3B,MAAM,CAAClF,MAAM,CAACC,GAAG;QAC/B6G,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,EAAE;QACbC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFvI,GAAG,CAACwI,UAAU,CAAC;MACXC,mBAAmB,EAAE/H,SAAS;MAC9BgI,wBAAwB,EAAEjI,cAAc;MACxCkI,oBAAoB,EAAEpI,MAAM,CAAEe,MAAM,CAACF,UAAU;MAC/CwH,0BAA0B,EAAErE,KAAK,CAACjD,MAAM,CAACC,GAAG;MAC5CsH,2BAA2B,EAAEtE,KAAK,CAACjD,MAAM,CAACxB;IAC9C,CAAC,CAAC;IAEF,OAAO;MACHS,MAAM;MACNC,YAAY;MACZ+D,KAAK;MACLuE,eAAe,EAAE;QACbrD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNuB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS9B,gCAAgCA,CAACjG,GAAc,EAAEU,SAAgC,EAAE;EACxF,OAAOV,GAAG,CAACmC,WAAW,CAACpD,GAAG,CAAC2G,GAAG,CAACqD,MAAM,EAAE;IACnCjJ,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJqH,WAAW,EAAE,uDAAuD;MACpEpB,MAAM,EAAE;QACJhC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACI+E,GAAG,EAAE,iBAAiB;UACtB9E,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,EAChB,qBAAqB,CACxB;UACDC,QAAQ,EAAE,CACNxF,MAAM,CAACmK,WAAW,GAAGvI,SAAS,EAAE,EAChC5B,MAAM,CAACmK,WAAW,GAAGvI,SAAS,IAAI;QAE1C,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
+{"version":3,"file":"pulumi/apps/core/CoreOpenSearch.js","sources":["../../../../src/pulumi/apps/core/CoreOpenSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as random from \"@pulumi/random\";\nimport {\n    createAppModule,\n    type PulumiApp,\n    type PulumiAppRemoteResource,\n    type PulumiAppResource,\n    type PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils.js\";\nimport { CoreVpc } from \"./CoreVpc.js\";\nimport { LAMBDA_RUNTIME } from \"~/pulumi/constants.js\";\n\nexport interface OpenSearchParams {\n    protect: boolean;\n    namePrefix: string;\n    prevDomainName: string | undefined;\n}\n\nfunction getDevClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n    return {\n        instanceType: \"t3.small.search\"\n    };\n}\n\nfunction getProdClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n    return {\n        // For production deployments, we create 3 instances and configure multi-AZ across 3 zones.\n        instanceType: \"t3.medium.search\",\n        instanceCount: 3,\n        zoneAwarenessEnabled: true,\n        zoneAwarenessConfig: {\n            availabilityZoneCount: 3\n        }\n    };\n}\n\nconst OS_ENGINE_VERSION = \"OpenSearch_3.3\";\n\nexport const OpenSearch = createAppModule({\n    name: \"OpenSearch\",\n    config(app, params: OpenSearchParams) {\n        const isProduction = app.env.isProduction;\n\n        const vpc = app.getModule(CoreVpc, { optional: true });\n\n        let domain:\n            | PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain>>\n            | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>\n            | null = null;\n\n        let domainPolicy;\n        let domainEndpoint: pulumi.Output<string> | string;\n        let domainArn: pulumi.Output<string>;\n\n        const providedEndpoint = process.env.OPENSEARCH_ENDPOINT;\n        const providedDomainName = process.env.AWS_OS_DOMAIN_NAME;\n\n        if (providedEndpoint && !providedDomainName) {\n            throw new Error(\n                \"OPENSEARCH_ENDPOINT was provided but AWS_OS_DOMAIN_NAME is missing. \" +\n                    \"A domain name is required to look up the domain ARN when using a custom endpoint.\"\n            );\n        }\n\n        if (providedDomainName) {\n            // Look up the existing domain by name to obtain its ARN and (if no explicit endpoint is\n            // provided) its endpoint. This covers both the ephemeral-environment pattern and the\n            // case where an external endpoint is supplied alongside a domain name.\n            // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n            domain = app.addRemoteResource(providedDomainName, () => {\n                return aws.opensearch.getDomain(\n                    { domainName: providedDomainName },\n                    { async: true }\n                );\n            });\n            domainArn = domain.output.arn;\n            // Prefer an explicitly provided endpoint; fall back to the one reported by AWS.\n            domainEndpoint = providedEndpoint ?? domain.output.endpoint;\n        } else {\n            const randomId = new random.RandomId(\"osDomainRandomId\", { byteLength: 8 });\n\n            const domainLogicalName = \"webiny-js\";\n\n            /**\n             * The physical domain name must remain stable across re-deploys. Changing it causes\n             * Pulumi to delete and recreate the cluster, which is a destructive operation.\n             *\n             * To avoid this, we read the domain name that was stored in the previous deploy's\n             * stack output (via `sdk.getAppStackOutput`) and reuse it unchanged. Only on the\n             * very first deploy, when there is no previous output, do we generate a new name\n             * (with the resource name prefix applied for consistent naming going forward).\n             *\n             * NOTE: `params.namePrefix` may be \"\" when upgrading from old code that never stored\n             * the domain name in the stack output. In that case the caller passes \"\" explicitly so\n             * the fallback formula reproduces the legacy name (`webiny-js-<hex>`) rather than\n             * prepending the SDK default prefix and triggering an unintended cluster replacement.\n             * See `createCorePulumiApp.ts` → `isUpgradeFromOldCode` for details.\n             */\n            const domainPhysicalName = randomId.hex.apply(\n                hex =>\n                    params.prevDomainName ??\n                    `${params.namePrefix}${domainLogicalName}-${hex.slice(-7)}`\n            );\n\n            domain = app.addResource(aws.opensearch.Domain, {\n                name: domainLogicalName,\n                config: {\n                    domainName: domainPhysicalName,\n                    engineVersion: OS_ENGINE_VERSION,\n                    clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n                    vpcOptions: vpc\n                        ? {\n                              subnetIds: vpc.subnets.private.map(s => s.output.id),\n                              securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                          }\n                        : undefined,\n                    ebsOptions: {\n                        ebsEnabled: true,\n                        volumeSize: 10,\n                        volumeType: \"gp2\"\n                    },\n                    advancedOptions: {\n                        \"rest.action.multi.allow_explicit_index\": \"true\"\n                    },\n                    snapshotOptions: {\n                        automatedSnapshotStartHour: 23\n                    }\n                },\n                opts: { protect: params.protect }\n            });\n\n            domainEndpoint = domain.output.endpoint;\n            domainArn = domain.output.arn;\n\n            /**\n             * Domain policy defines who can access your OpenSearch Domain.\n             * For details on OpenSearch security, read the official documentation:\n             * https://docs.aws.amazon.com/openSearch-service/latest/developerguide/security.html\n             */\n            const accountId = getAwsAccountId(app);\n\n            domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {\n                name: `${domainLogicalName}-policy`,\n                config: {\n                    domainName: domain.output.domainName,\n                    accessPolicies: pulumi\n                        .all([accountId, domainArn])\n                        .apply(([accountId, domainArn]) => {\n                            return JSON.stringify({\n                                Version: \"2012-10-17\",\n                                Statement: [\n                                    /**\n                                     * Allow requests signed with current account\n                                     */\n                                    {\n                                        Effect: \"Allow\",\n                                        Principal: {\n                                            AWS: accountId\n                                        },\n                                        Action: \"es:*\",\n                                        Resource: `${domainArn}/*`\n                                    }\n                                ]\n                            });\n                        })\n                },\n                opts: { protect: params.protect }\n            });\n        }\n\n        /**\n         * Create a table for OpenSearch records. All ES records are stored in this table to dramatically improve\n         * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n         * a single source of truth for your OpenSearch domain. Streaming is enabled on this table, and it will\n         * allow asynchronous synchronization of data with OpenSearch domain.\n         */\n        const table = app.addResource(aws.dynamodb.Table, {\n            name: \"webiny-es\",\n            config: {\n                attributes: [\n                    { name: \"PK\", type: \"S\" },\n                    { name: \"SK\", type: \"S\" },\n                    { name: \"GSI_TENANT\", type: \"S\" }\n                ],\n                streamEnabled: true,\n                streamViewType: \"NEW_AND_OLD_IMAGES\",\n                billingMode: \"PAY_PER_REQUEST\",\n                hashKey: \"PK\",\n                rangeKey: \"SK\",\n                globalSecondaryIndexes: [\n                    {\n                        name: \"GSI_TENANT\",\n                        keySchemas: [\n                            {\n                                attributeName: \"GSI_TENANT\",\n                                keyType: \"HASH\"\n                            }\n                        ],\n                        projectionType: \"KEYS_ONLY\"\n                    }\n                ],\n                ttl: {\n                    attributeName: \"expiresAt\",\n                    enabled: true\n                }\n            },\n            opts: { protect: params.protect }\n        });\n\n        const roleName = \"dynamo-to-elastic-lambda-role\";\n\n        const role = app.addResource(aws.iam.Role, {\n            name: roleName,\n            config: {\n                assumeRolePolicy: {\n                    Version: \"2012-10-17\",\n                    Statement: [\n                        {\n                            Action: \"sts:AssumeRole\",\n                            Principal: {\n                                Service: \"lambda.amazonaws.com\"\n                            },\n                            Effect: \"Allow\"\n                        }\n                    ]\n                }\n            },\n            meta: { isLambdaFunctionRole: true }\n        });\n\n        const policy = getDynamoDbToElasticLambdaPolicy(app, domainArn);\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n            config: {\n                role: role.output,\n                policyArn: policy.output.arn\n            }\n        });\n\n        // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n        if (vpc) {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n                }\n            });\n        } else {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaBasicExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n                }\n            });\n        }\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n            config: {\n                role: role.output,\n                policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n            }\n        });\n\n        /**\n         * This Lambda will process the stream events from DynamoDB table that contains OpenSearch items.\n         * OpenSearch can't take large amount of individual writes in a short period of time, so this way\n         * we store data for OpenSearch in a DynamoDB table, and asynchronously insert it into OpenSearch\n         * using batching.\n         */\n        const lambda = app.addResource(aws.lambda.Function, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                role: role.output.arn,\n                runtime: LAMBDA_RUNTIME,\n                handler: \"handler.handler\",\n                timeout: 900,\n                memorySize: 1024,\n                environment: {\n                    variables: {\n                        DEBUG: String(process.env.DEBUG),\n                        OPENSEARCH_ENDPOINT: domainEndpoint,\n                        OPENSEARCH_USERNAME: process.env.OPENSEARCH_USERNAME ?? \"\",\n                        OPENSEARCH_PASSWORD: process.env.OPENSEARCH_PASSWORD ?? \"\"\n                    }\n                },\n                description: \"Process DynamoDB Stream.\",\n                code: new pulumi.asset.AssetArchive({\n                    \".\": new pulumi.asset.FileArchive(\n                        path.join(app.paths.workspace, \"dynamoToElastic/build\")\n                    )\n                }),\n                vpcConfig: vpc\n                    ? {\n                          subnetIds: vpc.subnets.private.map(s => s.output.id),\n                          securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                      }\n                    : undefined,\n                loggingConfig: {\n                    logFormat: \"JSON\"\n                }\n            }\n        });\n\n        const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                eventSourceArn: table.output.streamArn,\n                functionName: lambda.output.arn,\n                startingPosition: \"LATEST\",\n                maximumRetryAttempts: 3,\n                batchSize: 50,\n                maximumBatchingWindowInSeconds: 1\n            }\n        });\n\n        app.addOutputs({\n            opensearchDomainArn: domainArn,\n            opensearchDomainEndpoint: domainEndpoint,\n            opensearchDomainName: domain!.output.domainName,\n            opensearchDynamodbTableArn: table.output.arn,\n            opensearchDynamodbTableName: table.output.name\n        });\n\n        return {\n            domain,\n            domainPolicy,\n            table,\n            dynamoToElastic: {\n                role,\n                policy,\n                lambda,\n                eventSourceMapping\n            }\n        };\n    }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(app: PulumiApp, domainArn: pulumi.Output<string>) {\n    return app.addResource(aws.iam.Policy, {\n        name: \"DynamoDbToElasticLambdaPolicy-updated\",\n        config: {\n            description: \"This policy enables access to ES and Dynamodb streams\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForES\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"es:ESHttpGet\",\n                            \"es:ESHttpDelete\",\n                            \"es:ESHttpPatch\",\n                            \"es:ESHttpPost\",\n                            \"es:ESHttpPut\",\n                            \"dynamodb:BatchGetItem\",\n                            \"dynamodb:BatchWriteItem\",\n                            \"dynamodb:PutItem\",\n                            \"dynamodb:GetItem\",\n                            \"dynamodb:DeleteItem\",\n                            \"dynamodb:Query\",\n                            \"dynamodb:UpdateItem\"\n                        ],\n                        Resource: [\n                            pulumi.interpolate`${domainArn}`,\n                            pulumi.interpolate`${domainArn}/*`\n                        ]\n                    }\n                ]\n            }\n        }\n    });\n}\n"],"names":["getDevClusterConfig","getProdClusterConfig","OS_ENGINE_VERSION","OpenSearch","createAppModule","app","params","isProduction","vpc","CoreVpc","domain","domainPolicy","domainEndpoint","domainArn","providedEndpoint","process","providedDomainName","Error","aws","randomId","random","domainLogicalName","domainPhysicalName","hex","s","undefined","accountId","getAwsAccountId","pulumi","JSON","table","roleName","role","policy","getDynamoDbToElasticLambdaPolicy","lambda","LAMBDA_RUNTIME","String","path","eventSourceMapping"],"mappings":";;;;;;;;AA2BA,SAASA;IACL,OAAO;QACH,cAAc;IAClB;AACJ;AAEA,SAASC;IACL,OAAO;QAEH,cAAc;QACd,eAAe;QACf,sBAAsB;QACtB,qBAAqB;YACjB,uBAAuB;QAC3B;IACJ;AACJ;AAEA,MAAMC,oBAAoB;AAEnB,MAAMC,aAAaC,gBAAgB;IACtC,MAAM;IACN,QAAOC,GAAG,EAAEC,MAAwB;QAChC,MAAMC,eAAeF,IAAI,GAAG,CAAC,YAAY;QAEzC,MAAMG,MAAMH,IAAI,SAAS,CAACI,SAAS;YAAE,UAAU;QAAK;QAEpD,IAAIC,SAGS;QAEb,IAAIC;QACJ,IAAIC;QACJ,IAAIC;QAEJ,MAAMC,mBAAmBC,QAAQ,GAAG,CAAC,mBAAmB;QACxD,MAAMC,qBAAqBD,QAAQ,GAAG,CAAC,kBAAkB;QAEzD,IAAID,oBAAoB,CAACE,oBACrB,MAAM,IAAIC,MACN;QAKR,IAAID,oBAAoB;YAKpBN,SAASL,IAAI,iBAAiB,CAACW,oBAAoB,IACxCE,uCAAAA,UAAAA,CAAAA,SAAwB,CAC3B;oBAAE,YAAYF;gBAAmB,GACjC;oBAAE,OAAO;gBAAK;YAGtBH,YAAYH,OAAO,MAAM,CAAC,GAAG;YAE7BE,iBAAiBE,oBAAoBJ,OAAO,MAAM,CAAC,QAAQ;QAC/D,OAAO;YACH,MAAMS,WAAW,IAAIC,0CAAAA,QAAe,CAAC,oBAAoB;gBAAE,YAAY;YAAE;YAEzE,MAAMC,oBAAoB;YAiB1B,MAAMC,qBAAqBH,SAAS,GAAG,CAAC,KAAK,CACzCI,CAAAA,MACIjB,OAAO,cAAc,IACrB,GAAGA,OAAO,UAAU,GAAGe,kBAAkB,CAAC,EAAEE,IAAI,KAAK,CAAC,KAAK;YAGnEb,SAASL,IAAI,WAAW,CAACa,uCAAAA,UAAAA,CAAAA,MAAqB,EAAE;gBAC5C,MAAMG;gBACN,QAAQ;oBACJ,YAAYC;oBACZ,eAAepB;oBACf,eAAeK,eAAeN,yBAAyBD;oBACvD,YAAYQ,MACN;wBACI,WAAWA,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAACgB,CAAAA,IAAKA,EAAE,MAAM,CAAC,EAAE;wBACnD,kBAAkB;4BAAChB,IAAI,GAAG,CAAC,MAAM,CAAC,sBAAsB;yBAAC;oBAC7D,IACAiB;oBACN,YAAY;wBACR,YAAY;wBACZ,YAAY;wBACZ,YAAY;oBAChB;oBACA,iBAAiB;wBACb,0CAA0C;oBAC9C;oBACA,iBAAiB;wBACb,4BAA4B;oBAChC;gBACJ;gBACA,MAAM;oBAAE,SAASnB,OAAO,OAAO;gBAAC;YACpC;YAEAM,iBAAiBF,OAAO,MAAM,CAAC,QAAQ;YACvCG,YAAYH,OAAO,MAAM,CAAC,GAAG;YAO7B,MAAMgB,YAAYC,gBAAgBtB;YAElCM,eAAeN,IAAI,WAAW,CAACa,uCAAAA,UAAAA,CAAAA,YAA2B,EAAE;gBACxD,MAAM,GAAGG,kBAAkB,OAAO,CAAC;gBACnC,QAAQ;oBACJ,YAAYX,OAAO,MAAM,CAAC,UAAU;oBACpC,gBAAgBkB,0CAAAA,GACR,CAAC;wBAACF;wBAAWb;qBAAU,EAC1B,KAAK,CAAC,CAAC,CAACa,WAAWb,UAAU,GACnBgB,KAAK,SAAS,CAAC;4BAClB,SAAS;4BACT,WAAW;gCAIP;oCACI,QAAQ;oCACR,WAAW;wCACP,KAAKH;oCACT;oCACA,QAAQ;oCACR,UAAU,GAAGb,UAAU,EAAE,CAAC;gCAC9B;6BACH;wBACL;gBAEZ;gBACA,MAAM;oBAAE,SAASP,OAAO,OAAO;gBAAC;YACpC;QACJ;QAQA,MAAMwB,QAAQzB,IAAI,WAAW,CAACa,uCAAAA,QAAAA,CAAAA,KAAkB,EAAE;YAC9C,MAAM;YACN,QAAQ;gBACJ,YAAY;oBACR;wBAAE,MAAM;wBAAM,MAAM;oBAAI;oBACxB;wBAAE,MAAM;wBAAM,MAAM;oBAAI;oBACxB;wBAAE,MAAM;wBAAc,MAAM;oBAAI;iBACnC;gBACD,eAAe;gBACf,gBAAgB;gBAChB,aAAa;gBACb,SAAS;gBACT,UAAU;gBACV,wBAAwB;oBACpB;wBACI,MAAM;wBACN,YAAY;4BACR;gCACI,eAAe;gCACf,SAAS;4BACb;yBACH;wBACD,gBAAgB;oBACpB;iBACH;gBACD,KAAK;oBACD,eAAe;oBACf,SAAS;gBACb;YACJ;YACA,MAAM;gBAAE,SAASZ,OAAO,OAAO;YAAC;QACpC;QAEA,MAAMyB,WAAW;QAEjB,MAAMC,OAAO3B,IAAI,WAAW,CAACa,uCAAAA,GAAAA,CAAAA,IAAY,EAAE;YACvC,MAAMa;YACN,QAAQ;gBACJ,kBAAkB;oBACd,SAAS;oBACT,WAAW;wBACP;4BACI,QAAQ;4BACR,WAAW;gCACP,SAAS;4BACb;4BACA,QAAQ;wBACZ;qBACH;gBACL;YACJ;YACA,MAAM;gBAAE,sBAAsB;YAAK;QACvC;QAEA,MAAME,SAASC,iCAAiC7B,KAAKQ;QAErDR,IAAI,WAAW,CAACa,uCAAAA,GAAAA,CAAAA,oBAA4B,EAAE;YAC1C,MAAM,GAAGa,SAAS,8BAA8B,CAAC;YACjD,QAAQ;gBACJ,MAAMC,KAAK,MAAM;gBACjB,WAAWC,OAAO,MAAM,CAAC,GAAG;YAChC;QACJ;QAGA,IAAIzB,KACAH,IAAI,WAAW,CAACa,uCAAAA,GAAAA,CAAAA,oBAA4B,EAAE;YAC1C,MAAM,GAAGa,SAAS,gCAAgC,CAAC;YACnD,QAAQ;gBACJ,MAAMC,KAAK,MAAM;gBACjB,WAAWd,uCAAAA,GAAAA,CAAAA,aAAAA,CAAAA,+BAAqD;YACpE;QACJ;aAEAb,IAAI,WAAW,CAACa,uCAAAA,GAAAA,CAAAA,oBAA4B,EAAE;YAC1C,MAAM,GAAGa,SAAS,4BAA4B,CAAC;YAC/C,QAAQ;gBACJ,MAAMC,KAAK,MAAM;gBACjB,WAAWd,uCAAAA,GAAAA,CAAAA,aAAAA,CAAAA,2BAAiD;YAChE;QACJ;QAGJb,IAAI,WAAW,CAACa,uCAAAA,GAAAA,CAAAA,oBAA4B,EAAE;YAC1C,MAAM,GAAGa,SAAS,+BAA+B,CAAC;YAClD,QAAQ;gBACJ,MAAMC,KAAK,MAAM;gBACjB,WAAWd,uCAAAA,GAAAA,CAAAA,aAAAA,CAAAA,8BAAoD;YACnE;QACJ;QAQA,MAAMiB,SAAS9B,IAAI,WAAW,CAACa,uCAAAA,MAAAA,CAAAA,QAAmB,EAAE;YAChD,MAAM;YACN,QAAQ;gBACJ,MAAMc,KAAK,MAAM,CAAC,GAAG;gBACrB,SAASI;gBACT,SAAS;gBACT,SAAS;gBACT,YAAY;gBACZ,aAAa;oBACT,WAAW;wBACP,OAAOC,OAAOtB,QAAQ,GAAG,CAAC,KAAK;wBAC/B,qBAAqBH;wBACrB,qBAAqBG,QAAQ,GAAG,CAAC,mBAAmB,IAAI;wBACxD,qBAAqBA,QAAQ,GAAG,CAAC,mBAAmB,IAAI;oBAC5D;gBACJ;gBACA,aAAa;gBACb,MAAM,IAAIa,0CAAAA,KAAAA,CAAAA,YAAyB,CAAC;oBAChC,KAAK,IAAIA,0CAAAA,KAAAA,CAAAA,WAAwB,CAC7BU,KAAK,IAAI,CAACjC,IAAI,KAAK,CAAC,SAAS,EAAE;gBAEvC;gBACA,WAAWG,MACL;oBACI,WAAWA,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAACgB,CAAAA,IAAKA,EAAE,MAAM,CAAC,EAAE;oBACnD,kBAAkB;wBAAChB,IAAI,GAAG,CAAC,MAAM,CAAC,sBAAsB;qBAAC;gBAC7D,IACAiB;gBACN,eAAe;oBACX,WAAW;gBACf;YACJ;QACJ;QAEA,MAAMc,qBAAqBlC,IAAI,WAAW,CAACa,uCAAAA,MAAAA,CAAAA,kBAA6B,EAAE;YACtE,MAAM;YACN,QAAQ;gBACJ,gBAAgBY,MAAM,MAAM,CAAC,SAAS;gBACtC,cAAcK,OAAO,MAAM,CAAC,GAAG;gBAC/B,kBAAkB;gBAClB,sBAAsB;gBACtB,WAAW;gBACX,gCAAgC;YACpC;QACJ;QAEA9B,IAAI,UAAU,CAAC;YACX,qBAAqBQ;YACrB,0BAA0BD;YAC1B,sBAAsBF,OAAQ,MAAM,CAAC,UAAU;YAC/C,4BAA4BoB,MAAM,MAAM,CAAC,GAAG;YAC5C,6BAA6BA,MAAM,MAAM,CAAC,IAAI;QAClD;QAEA,OAAO;YACHpB;YACAC;YACAmB;YACA,iBAAiB;gBACbE;gBACAC;gBACAE;gBACAI;YACJ;QACJ;IACJ;AACJ;AAEA,SAASL,iCAAiC7B,GAAc,EAAEQ,SAAgC;IACtF,OAAOR,IAAI,WAAW,CAACa,uCAAAA,GAAAA,CAAAA,MAAc,EAAE;QACnC,MAAM;QACN,QAAQ;YACJ,aAAa;YACb,QAAQ;gBACJ,SAAS;gBACT,WAAW;oBACP;wBACI,KAAK;wBACL,QAAQ;wBACR,QAAQ;4BACJ;4BACA;4BACA;4BACA;4BACA;4BACA;4BACA;4BACA;4BACA;4BACA;4BACA;4BACA;yBACH;wBACD,UAAU;4BACNU,0CAAAA,WAAkB,CAAC,EAAEf,UAAU,CAAC;4BAChCe,0CAAAA,WAAkB,CAAC,EAAEf,UAAU,EAAE,CAAC;yBACrC;oBACL;iBACH;YACL;QACJ;IACJ;AACJ"}

package/pulumi/apps/core/CoreVpc.js

@@ -1,160 +1,159 @@
-import * as aws from "@pulumi/aws";
 import { createAppModule } from "@webiny/pulumi";
-export const CoreVpc = createAppModule({
-  name: "CoreVpc",
-  config(app) {
-    // Create VPC.
-    const vpc = app.addResource(aws.ec2.Vpc, {
-      name: "webiny",
-      config: {
-        cidrBlock: "10.0.0.0/16"
-      }
-    });
-
-    // Create one public and three private subnets.
-    // The third subnet will use the third AZ if available, otherwise reuses the first AZ.
-    const publicSubnet = app.addResource(aws.ec2.Subnet, {
-      name: "public",
-      config: {
-        vpcId: vpc.output.id,
-        cidrBlock: "10.0.0.0/24",
-        tags: {
-          Name: "public-subnet"
-        }
-      }
-    });
-    const availabilityZones = app.addHandler(() => {
-      return aws.getAvailabilityZones({
-        state: "available"
-      });
-    });
-    const privateSubnet1 = app.addResource(aws.ec2.Subnet, {
-      name: "private-subnet-1",
-      config: {
-        vpcId: vpc.output.id,
-        cidrBlock: "10.0.1.0/24",
-        availabilityZone: availabilityZones.apply(zone => zone.names[0]),
-        tags: {
-          Name: "private-subnet-1"
-        }
-      }
-    });
-    const privateSubnet2 = app.addResource(aws.ec2.Subnet, {
-      name: "private-subnet-2",
-      config: {
-        vpcId: vpc.output.id,
-        cidrBlock: "10.0.2.0/24",
-        availabilityZone: availabilityZones.apply(zone => zone.names[1] || zone.names[0]),
-        tags: {
-          Name: "private-subnet-2"
-        }
-      }
-    });
-    const privateSubnet3 = app.addResource(aws.ec2.Subnet, {
-      name: "private-subnet-3",
-      config: {
-        vpcId: vpc.output.id,
-        cidrBlock: "10.0.3.0/24",
-        availabilityZone: availabilityZones.apply(zone => zone.names[2] || zone.names[0]),
-        tags: {
-          Name: "private-subnet-3"
-        }
-      }
-    });
-
-    // Create Internet gateway.
-    const internetGateway = app.addResource(aws.ec2.InternetGateway, {
-      name: "internet-gateway",
-      config: {
-        vpcId: vpc.output.id
-      }
-    });
-
-    // Create NAT gateway.z
-    const elasticIpAllocation = app.addResource(aws.ec2.Eip, {
-      name: "nat-gateway-elastic-ip",
-      config: {
-        domain: "vpc"
-      }
-    });
-    const natGateway = app.addResource(aws.ec2.NatGateway, {
-      name: "nat-gateway",
-      config: {
-        allocationId: elasticIpAllocation.output.id,
-        subnetId: publicSubnet.output.id
-      }
-    });
-
-    // Create a route table for both subnets.
-    const publicSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {
-      name: "public",
-      config: {
-        vpcId: vpc.output.id,
-        routes: [{
-          cidrBlock: "0.0.0.0/0",
-          gatewayId: internetGateway.output.id
-        }]
-      }
-    });
-    const privateSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {
-      name: "private",
-      config: {
-        vpcId: vpc.output.id,
-        routes: [{
-          cidrBlock: "0.0.0.0/0",
-          natGatewayId: natGateway.output.id
-        }]
-      }
-    });
-
-    // Create route table associations - links between subnets and route tables.
-    app.addResource(aws.ec2.RouteTableAssociation, {
-      name: "public-subnet-route-table-association",
-      config: {
-        subnetId: publicSubnet.output.id,
-        routeTableId: publicSubnetRouteTable.output.id
-      }
-    });
-    app.addResource(aws.ec2.RouteTableAssociation, {
-      name: "private-subnet-1-route-table-association",
-      config: {
-        subnetId: privateSubnet1.output.id,
-        routeTableId: privateSubnetRouteTable.output.id
-      }
-    });
-    app.addResource(aws.ec2.RouteTableAssociation, {
-      name: "private-subnet-2-route-table-association",
-      config: {
-        subnetId: privateSubnet2.output.id,
-        routeTableId: privateSubnetRouteTable.output.id
-      }
-    });
-    app.addResource(aws.ec2.RouteTableAssociation, {
-      name: "private-subnet-3-route-table-association",
-      config: {
-        subnetId: privateSubnet3.output.id,
-        routeTableId: privateSubnetRouteTable.output.id
-      }
-    });
-    const subnets = {
-      public: [publicSubnet],
-      private: [privateSubnet1, privateSubnet2, privateSubnet3]
-    };
-    const routeTables = {
-      privateSubnets: privateSubnetRouteTable,
-      publicSubnets: publicSubnetRouteTable
-    };
-    app.addOutputs({
-      vpcPublicSubnetIds: subnets.public.map(subNet => subNet.output.id),
-      vpcPrivateSubnetIds: subnets.private.map(subNet => subNet.output.id),
-      vpcSecurityGroupIds: [vpc.output.defaultSecurityGroupId]
-    });
-    return {
-      vpc,
-      subnets,
-      routeTables
-    };
-  }
+import * as __rspack_external__pulumi_aws_e7af83c1 from "@pulumi/aws";
+const CoreVpc = createAppModule({
+    name: "CoreVpc",
+    config (app) {
+        const vpc = app.addResource(__rspack_external__pulumi_aws_e7af83c1.ec2.Vpc, {
+            name: "webiny",
+            config: {
+                cidrBlock: "10.0.0.0/16"
+            }
+        });
+        const publicSubnet = app.addResource(__rspack_external__pulumi_aws_e7af83c1.ec2.Subnet, {
+            name: "public",
+            config: {
+                vpcId: vpc.output.id,
+                cidrBlock: "10.0.0.0/24",
+                tags: {
+                    Name: "public-subnet"
+                }
+            }
+        });
+        const availabilityZones = app.addHandler(()=>__rspack_external__pulumi_aws_e7af83c1.getAvailabilityZones({
+                state: "available"
+            }));
+        const privateSubnet1 = app.addResource(__rspack_external__pulumi_aws_e7af83c1.ec2.Subnet, {
+            name: "private-subnet-1",
+            config: {
+                vpcId: vpc.output.id,
+                cidrBlock: "10.0.1.0/24",
+                availabilityZone: availabilityZones.apply((zone)=>zone.names[0]),
+                tags: {
+                    Name: "private-subnet-1"
+                }
+            }
+        });
+        const privateSubnet2 = app.addResource(__rspack_external__pulumi_aws_e7af83c1.ec2.Subnet, {
+            name: "private-subnet-2",
+            config: {
+                vpcId: vpc.output.id,
+                cidrBlock: "10.0.2.0/24",
+                availabilityZone: availabilityZones.apply((zone)=>zone.names[1] || zone.names[0]),
+                tags: {
+                    Name: "private-subnet-2"
+                }
+            }
+        });
+        const privateSubnet3 = app.addResource(__rspack_external__pulumi_aws_e7af83c1.ec2.Subnet, {
+            name: "private-subnet-3",
+            config: {
+                vpcId: vpc.output.id,
+                cidrBlock: "10.0.3.0/24",
+                availabilityZone: availabilityZones.apply((zone)=>zone.names[2] || zone.names[0]),
+                tags: {
+                    Name: "private-subnet-3"
+                }
+            }
+        });
+        const internetGateway = app.addResource(__rspack_external__pulumi_aws_e7af83c1.ec2.InternetGateway, {
+            name: "internet-gateway",
+            config: {
+                vpcId: vpc.output.id
+            }
+        });
+        const elasticIpAllocation = app.addResource(__rspack_external__pulumi_aws_e7af83c1.ec2.Eip, {
+            name: "nat-gateway-elastic-ip",
+            config: {
+                domain: "vpc"
+            }
+        });
+        const natGateway = app.addResource(__rspack_external__pulumi_aws_e7af83c1.ec2.NatGateway, {
+            name: "nat-gateway",
+            config: {
+                allocationId: elasticIpAllocation.output.id,
+                subnetId: publicSubnet.output.id
+            }
+        });
+        const publicSubnetRouteTable = app.addResource(__rspack_external__pulumi_aws_e7af83c1.ec2.RouteTable, {
+            name: "public",
+            config: {
+                vpcId: vpc.output.id,
+                routes: [
+                    {
+                        cidrBlock: "0.0.0.0/0",
+                        gatewayId: internetGateway.output.id
+                    }
+                ]
+            }
+        });
+        const privateSubnetRouteTable = app.addResource(__rspack_external__pulumi_aws_e7af83c1.ec2.RouteTable, {
+            name: "private",
+            config: {
+                vpcId: vpc.output.id,
+                routes: [
+                    {
+                        cidrBlock: "0.0.0.0/0",
+                        natGatewayId: natGateway.output.id
+                    }
+                ]
+            }
+        });
+        app.addResource(__rspack_external__pulumi_aws_e7af83c1.ec2.RouteTableAssociation, {
+            name: "public-subnet-route-table-association",
+            config: {
+                subnetId: publicSubnet.output.id,
+                routeTableId: publicSubnetRouteTable.output.id
+            }
+        });
+        app.addResource(__rspack_external__pulumi_aws_e7af83c1.ec2.RouteTableAssociation, {
+            name: "private-subnet-1-route-table-association",
+            config: {
+                subnetId: privateSubnet1.output.id,
+                routeTableId: privateSubnetRouteTable.output.id
+            }
+        });
+        app.addResource(__rspack_external__pulumi_aws_e7af83c1.ec2.RouteTableAssociation, {
+            name: "private-subnet-2-route-table-association",
+            config: {
+                subnetId: privateSubnet2.output.id,
+                routeTableId: privateSubnetRouteTable.output.id
+            }
+        });
+        app.addResource(__rspack_external__pulumi_aws_e7af83c1.ec2.RouteTableAssociation, {
+            name: "private-subnet-3-route-table-association",
+            config: {
+                subnetId: privateSubnet3.output.id,
+                routeTableId: privateSubnetRouteTable.output.id
+            }
+        });
+        const subnets = {
+            public: [
+                publicSubnet
+            ],
+            private: [
+                privateSubnet1,
+                privateSubnet2,
+                privateSubnet3
+            ]
+        };
+        const routeTables = {
+            privateSubnets: privateSubnetRouteTable,
+            publicSubnets: publicSubnetRouteTable
+        };
+        app.addOutputs({
+            vpcPublicSubnetIds: subnets.public.map((subNet)=>subNet.output.id),
+            vpcPrivateSubnetIds: subnets.private.map((subNet)=>subNet.output.id),
+            vpcSecurityGroupIds: [
+                vpc.output.defaultSecurityGroupId
+            ]
+        });
+        return {
+            vpc,
+            subnets,
+            routeTables
+        };
+    }
 });
+export { CoreVpc };
 
 //# sourceMappingURL=CoreVpc.js.map

package/pulumi/apps/core/CoreVpc.js.map

@@ -1 +1 @@
-{"version":3,"names":["aws","createAppModule","CoreVpc","name","config","app","vpc","addResource","ec2","Vpc","cidrBlock","publicSubnet","Subnet","vpcId","output","id","tags","Name","availabilityZones","addHandler","getAvailabilityZones","state","privateSubnet1","availabilityZone","apply","zone","names","privateSubnet2","privateSubnet3","internetGateway","InternetGateway","elasticIpAllocation","Eip","domain","natGateway","NatGateway","allocationId","subnetId","publicSubnetRouteTable","RouteTable","routes","gatewayId","privateSubnetRouteTable","natGatewayId","RouteTableAssociation","routeTableId","subnets","public","private","routeTables","privateSubnets","publicSubnets","addOutputs","vpcPublicSubnetIds","map","subNet","vpcPrivateSubnetIds","vpcSecurityGroupIds","defaultSecurityGroupId"],"sources":["CoreVpc.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, type PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type CoreVpc = PulumiAppModule<typeof CoreVpc>;\n\nexport const CoreVpc = createAppModule({\n    name: \"CoreVpc\",\n    config(app) {\n        // Create VPC.\n        const vpc = app.addResource(aws.ec2.Vpc, {\n            name: \"webiny\",\n            config: {\n                cidrBlock: \"10.0.0.0/16\"\n            }\n        });\n\n        // Create one public and three private subnets.\n        // The third subnet will use the third AZ if available, otherwise reuses the first AZ.\n        const publicSubnet = app.addResource(aws.ec2.Subnet, {\n            name: \"public\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.0.0/24\",\n                tags: { Name: \"public-subnet\" }\n            }\n        });\n\n        const availabilityZones = app.addHandler(() => {\n            return aws.getAvailabilityZones({\n                state: \"available\"\n            });\n        });\n\n        const privateSubnet1 = app.addResource(aws.ec2.Subnet, {\n            name: \"private-subnet-1\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.1.0/24\",\n                availabilityZone: availabilityZones.apply(zone => zone.names[0]),\n                tags: { Name: \"private-subnet-1\" }\n            }\n        });\n\n        const privateSubnet2 = app.addResource(aws.ec2.Subnet, {\n            name: \"private-subnet-2\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.2.0/24\",\n                availabilityZone: availabilityZones.apply(zone => zone.names[1] || zone.names[0]),\n                tags: { Name: \"private-subnet-2\" }\n            }\n        });\n\n        const privateSubnet3 = app.addResource(aws.ec2.Subnet, {\n            name: \"private-subnet-3\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.3.0/24\",\n                availabilityZone: availabilityZones.apply(zone => zone.names[2] || zone.names[0]),\n                tags: { Name: \"private-subnet-3\" }\n            }\n        });\n\n        // Create Internet gateway.\n        const internetGateway = app.addResource(aws.ec2.InternetGateway, {\n            name: \"internet-gateway\",\n            config: {\n                vpcId: vpc.output.id\n            }\n        });\n\n        // Create NAT gateway.z\n        const elasticIpAllocation = app.addResource(aws.ec2.Eip, {\n            name: \"nat-gateway-elastic-ip\",\n            config: {\n                domain: \"vpc\"\n            }\n        });\n\n        const natGateway = app.addResource(aws.ec2.NatGateway, {\n            name: \"nat-gateway\",\n            config: {\n                allocationId: elasticIpAllocation.output.id,\n                subnetId: publicSubnet.output.id\n            }\n        });\n\n        // Create a route table for both subnets.\n        const publicSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {\n            name: \"public\",\n            config: {\n                vpcId: vpc.output.id,\n                routes: [\n                    {\n                        cidrBlock: \"0.0.0.0/0\",\n                        gatewayId: internetGateway.output.id\n                    }\n                ]\n            }\n        });\n\n        const privateSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {\n            name: \"private\",\n            config: {\n                vpcId: vpc.output.id,\n                routes: [\n                    {\n                        cidrBlock: \"0.0.0.0/0\",\n                        natGatewayId: natGateway.output.id\n                    }\n                ]\n            }\n        });\n\n        // Create route table associations - links between subnets and route tables.\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"public-subnet-route-table-association\",\n            config: {\n                subnetId: publicSubnet.output.id,\n                routeTableId: publicSubnetRouteTable.output.id\n            }\n        });\n\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"private-subnet-1-route-table-association\",\n            config: {\n                subnetId: privateSubnet1.output.id,\n                routeTableId: privateSubnetRouteTable.output.id\n            }\n        });\n\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"private-subnet-2-route-table-association\",\n            config: {\n                subnetId: privateSubnet2.output.id,\n                routeTableId: privateSubnetRouteTable.output.id\n            }\n        });\n\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"private-subnet-3-route-table-association\",\n            config: {\n                subnetId: privateSubnet3.output.id,\n                routeTableId: privateSubnetRouteTable.output.id\n            }\n        });\n\n        const subnets = {\n            public: [publicSubnet],\n            private: [privateSubnet1, privateSubnet2, privateSubnet3]\n        };\n\n        const routeTables = {\n            privateSubnets: privateSubnetRouteTable,\n            publicSubnets: publicSubnetRouteTable\n        };\n\n        app.addOutputs({\n            vpcPublicSubnetIds: subnets.public.map(subNet => subNet.output.id),\n            vpcPrivateSubnetIds: subnets.private.map(subNet => subNet.output.id),\n            vpcSecurityGroupIds: [vpc.output.defaultSecurityGroupId]\n        });\n\n        return {\n            vpc,\n            subnets,\n            routeTables\n        };\n    }\n});\n"],"mappings":"AAAA,OAAO,KAAKA,GAAG,MAAM,aAAa;AAClC,SAASC,eAAe,QAA8B,gBAAgB;AAItE,OAAO,MAAMC,OAAO,GAAGD,eAAe,CAAC;EACnCE,IAAI,EAAE,SAAS;EACfC,MAAMA,CAACC,GAAG,EAAE;IACR;IACA,MAAMC,GAAG,GAAGD,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACC,GAAG,EAAE;MACrCN,IAAI,EAAE,QAAQ;MACdC,MAAM,EAAE;QACJM,SAAS,EAAE;MACf;IACJ,CAAC,CAAC;;IAEF;IACA;IACA,MAAMC,YAAY,GAAGN,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACI,MAAM,EAAE;MACjDT,IAAI,EAAE,QAAQ;MACdC,MAAM,EAAE;QACJS,KAAK,EAAEP,GAAG,CAACQ,MAAM,CAACC,EAAE;QACpBL,SAAS,EAAE,aAAa;QACxBM,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAgB;MAClC;IACJ,CAAC,CAAC;IAEF,MAAMC,iBAAiB,GAAGb,GAAG,CAACc,UAAU,CAAC,MAAM;MAC3C,OAAOnB,GAAG,CAACoB,oBAAoB,CAAC;QAC5BC,KAAK,EAAE;MACX,CAAC,CAAC;IACN,CAAC,CAAC;IAEF,MAAMC,cAAc,GAAGjB,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACI,MAAM,EAAE;MACnDT,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;QACJS,KAAK,EAAEP,GAAG,CAACQ,MAAM,CAACC,EAAE;QACpBL,SAAS,EAAE,aAAa;QACxBa,gBAAgB,EAAEL,iBAAiB,CAACM,KAAK,CAACC,IAAI,IAAIA,IAAI,CAACC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChEV,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAmB;MACrC;IACJ,CAAC,CAAC;IAEF,MAAMU,cAAc,GAAGtB,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACI,MAAM,EAAE;MACnDT,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;QACJS,KAAK,EAAEP,GAAG,CAACQ,MAAM,CAACC,EAAE;QACpBL,SAAS,EAAE,aAAa;QACxBa,gBAAgB,EAAEL,iBAAiB,CAACM,KAAK,CAACC,IAAI,IAAIA,IAAI,CAACC,KAAK,CAAC,CAAC,CAAC,IAAID,IAAI,CAACC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjFV,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAmB;MACrC;IACJ,CAAC,CAAC;IAEF,MAAMW,cAAc,GAAGvB,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACI,MAAM,EAAE;MACnDT,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;QACJS,KAAK,EAAEP,GAAG,CAACQ,MAAM,CAACC,EAAE;QACpBL,SAAS,EAAE,aAAa;QACxBa,gBAAgB,EAAEL,iBAAiB,CAACM,KAAK,CAACC,IAAI,IAAIA,IAAI,CAACC,KAAK,CAAC,CAAC,CAAC,IAAID,IAAI,CAACC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjFV,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAmB;MACrC;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMY,eAAe,GAAGxB,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACsB,eAAe,EAAE;MAC7D3B,IAAI,EAAE,kBAAkB;MACxBC,MAAM,EAAE;QACJS,KAAK,EAAEP,GAAG,CAACQ,MAAM,CAACC;MACtB;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMgB,mBAAmB,GAAG1B,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACwB,GAAG,EAAE;MACrD7B,IAAI,EAAE,wBAAwB;MAC9BC,MAAM,EAAE;QACJ6B,MAAM,EAAE;MACZ;IACJ,CAAC,CAAC;IAEF,MAAMC,UAAU,GAAG7B,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAAC2B,UAAU,EAAE;MACnDhC,IAAI,EAAE,aAAa;MACnBC,MAAM,EAAE;QACJgC,YAAY,EAAEL,mBAAmB,CAACjB,MAAM,CAACC,EAAE;QAC3CsB,QAAQ,EAAE1B,YAAY,CAACG,MAAM,CAACC;MAClC;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMuB,sBAAsB,GAAGjC,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAAC+B,UAAU,EAAE;MAC/DpC,IAAI,EAAE,QAAQ;MACdC,MAAM,EAAE;QACJS,KAAK,EAAEP,GAAG,CAACQ,MAAM,CAACC,EAAE;QACpByB,MAAM,EAAE,CACJ;UACI9B,SAAS,EAAE,WAAW;UACtB+B,SAAS,EAAEZ,eAAe,CAACf,MAAM,CAACC;QACtC,CAAC;MAET;IACJ,CAAC,CAAC;IAEF,MAAM2B,uBAAuB,GAAGrC,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAAC+B,UAAU,EAAE;MAChEpC,IAAI,EAAE,SAAS;MACfC,MAAM,EAAE;QACJS,KAAK,EAAEP,GAAG,CAACQ,MAAM,CAACC,EAAE;QACpByB,MAAM,EAAE,CACJ;UACI9B,SAAS,EAAE,WAAW;UACtBiC,YAAY,EAAET,UAAU,CAACpB,MAAM,CAACC;QACpC,CAAC;MAET;IACJ,CAAC,CAAC;;IAEF;IACAV,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACoC,qBAAqB,EAAE;MAC3CzC,IAAI,EAAE,uCAAuC;MAC7CC,MAAM,EAAE;QACJiC,QAAQ,EAAE1B,YAAY,CAACG,MAAM,CAACC,EAAE;QAChC8B,YAAY,EAAEP,sBAAsB,CAACxB,MAAM,CAACC;MAChD;IACJ,CAAC,CAAC;IAEFV,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACoC,qBAAqB,EAAE;MAC3CzC,IAAI,EAAE,0CAA0C;MAChDC,MAAM,EAAE;QACJiC,QAAQ,EAAEf,cAAc,CAACR,MAAM,CAACC,EAAE;QAClC8B,YAAY,EAAEH,uBAAuB,CAAC5B,MAAM,CAACC;MACjD;IACJ,CAAC,CAAC;IAEFV,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACoC,qBAAqB,EAAE;MAC3CzC,IAAI,EAAE,0CAA0C;MAChDC,MAAM,EAAE;QACJiC,QAAQ,EAAEV,cAAc,CAACb,MAAM,CAACC,EAAE;QAClC8B,YAAY,EAAEH,uBAAuB,CAAC5B,MAAM,CAACC;MACjD;IACJ,CAAC,CAAC;IAEFV,GAAG,CAACE,WAAW,CAACP,GAAG,CAACQ,GAAG,CAACoC,qBAAqB,EAAE;MAC3CzC,IAAI,EAAE,0CAA0C;MAChDC,MAAM,EAAE;QACJiC,QAAQ,EAAET,cAAc,CAACd,MAAM,CAACC,EAAE;QAClC8B,YAAY,EAAEH,uBAAuB,CAAC5B,MAAM,CAACC;MACjD;IACJ,CAAC,CAAC;IAEF,MAAM+B,OAAO,GAAG;MACZC,MAAM,EAAE,CAACpC,YAAY,CAAC;MACtBqC,OAAO,EAAE,CAAC1B,cAAc,EAAEK,cAAc,EAAEC,cAAc;IAC5D,CAAC;IAED,MAAMqB,WAAW,GAAG;MAChBC,cAAc,EAAER,uBAAuB;MACvCS,aAAa,EAAEb;IACnB,CAAC;IAEDjC,GAAG,CAAC+C,UAAU,CAAC;MACXC,kBAAkB,EAAEP,OAAO,CAACC,MAAM,CAACO,GAAG,CAACC,MAAM,IAAIA,MAAM,CAACzC,MAAM,CAACC,EAAE,CAAC;MAClEyC,mBAAmB,EAAEV,OAAO,CAACE,OAAO,CAACM,GAAG,CAACC,MAAM,IAAIA,MAAM,CAACzC,MAAM,CAACC,EAAE,CAAC;MACpE0C,mBAAmB,EAAE,CAACnD,GAAG,CAACQ,MAAM,CAAC4C,sBAAsB;IAC3D,CAAC,CAAC;IAEF,OAAO;MACHpD,GAAG;MACHwC,OAAO;MACPG;IACJ,CAAC;EACL;AACJ,CAAC,CAAC","ignoreList":[]}
+{"version":3,"file":"pulumi/apps/core/CoreVpc.js","sources":["../../../../src/pulumi/apps/core/CoreVpc.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, type PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type CoreVpc = PulumiAppModule<typeof CoreVpc>;\n\nexport const CoreVpc = createAppModule({\n    name: \"CoreVpc\",\n    config(app) {\n        // Create VPC.\n        const vpc = app.addResource(aws.ec2.Vpc, {\n            name: \"webiny\",\n            config: {\n                cidrBlock: \"10.0.0.0/16\"\n            }\n        });\n\n        // Create one public and three private subnets.\n        // The third subnet will use the third AZ if available, otherwise reuses the first AZ.\n        const publicSubnet = app.addResource(aws.ec2.Subnet, {\n            name: \"public\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.0.0/24\",\n                tags: { Name: \"public-subnet\" }\n            }\n        });\n\n        const availabilityZones = app.addHandler(() => {\n            return aws.getAvailabilityZones({\n                state: \"available\"\n            });\n        });\n\n        const privateSubnet1 = app.addResource(aws.ec2.Subnet, {\n            name: \"private-subnet-1\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.1.0/24\",\n                availabilityZone: availabilityZones.apply(zone => zone.names[0]),\n                tags: { Name: \"private-subnet-1\" }\n            }\n        });\n\n        const privateSubnet2 = app.addResource(aws.ec2.Subnet, {\n            name: \"private-subnet-2\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.2.0/24\",\n                availabilityZone: availabilityZones.apply(zone => zone.names[1] || zone.names[0]),\n                tags: { Name: \"private-subnet-2\" }\n            }\n        });\n\n        const privateSubnet3 = app.addResource(aws.ec2.Subnet, {\n            name: \"private-subnet-3\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.3.0/24\",\n                availabilityZone: availabilityZones.apply(zone => zone.names[2] || zone.names[0]),\n                tags: { Name: \"private-subnet-3\" }\n            }\n        });\n\n        // Create Internet gateway.\n        const internetGateway = app.addResource(aws.ec2.InternetGateway, {\n            name: \"internet-gateway\",\n            config: {\n                vpcId: vpc.output.id\n            }\n        });\n\n        // Create NAT gateway.z\n        const elasticIpAllocation = app.addResource(aws.ec2.Eip, {\n            name: \"nat-gateway-elastic-ip\",\n            config: {\n                domain: \"vpc\"\n            }\n        });\n\n        const natGateway = app.addResource(aws.ec2.NatGateway, {\n            name: \"nat-gateway\",\n            config: {\n                allocationId: elasticIpAllocation.output.id,\n                subnetId: publicSubnet.output.id\n            }\n        });\n\n        // Create a route table for both subnets.\n        const publicSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {\n            name: \"public\",\n            config: {\n                vpcId: vpc.output.id,\n                routes: [\n                    {\n                        cidrBlock: \"0.0.0.0/0\",\n                        gatewayId: internetGateway.output.id\n                    }\n                ]\n            }\n        });\n\n        const privateSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {\n            name: \"private\",\n            config: {\n                vpcId: vpc.output.id,\n                routes: [\n                    {\n                        cidrBlock: \"0.0.0.0/0\",\n                        natGatewayId: natGateway.output.id\n                    }\n                ]\n            }\n        });\n\n        // Create route table associations - links between subnets and route tables.\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"public-subnet-route-table-association\",\n            config: {\n                subnetId: publicSubnet.output.id,\n                routeTableId: publicSubnetRouteTable.output.id\n            }\n        });\n\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"private-subnet-1-route-table-association\",\n            config: {\n                subnetId: privateSubnet1.output.id,\n                routeTableId: privateSubnetRouteTable.output.id\n            }\n        });\n\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"private-subnet-2-route-table-association\",\n            config: {\n                subnetId: privateSubnet2.output.id,\n                routeTableId: privateSubnetRouteTable.output.id\n            }\n        });\n\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"private-subnet-3-route-table-association\",\n            config: {\n                subnetId: privateSubnet3.output.id,\n                routeTableId: privateSubnetRouteTable.output.id\n            }\n        });\n\n        const subnets = {\n            public: [publicSubnet],\n            private: [privateSubnet1, privateSubnet2, privateSubnet3]\n        };\n\n        const routeTables = {\n            privateSubnets: privateSubnetRouteTable,\n            publicSubnets: publicSubnetRouteTable\n        };\n\n        app.addOutputs({\n            vpcPublicSubnetIds: subnets.public.map(subNet => subNet.output.id),\n            vpcPrivateSubnetIds: subnets.private.map(subNet => subNet.output.id),\n            vpcSecurityGroupIds: [vpc.output.defaultSecurityGroupId]\n        });\n\n        return {\n            vpc,\n            subnets,\n            routeTables\n        };\n    }\n});\n"],"names":["CoreVpc","createAppModule","app","vpc","aws","publicSubnet","availabilityZones","privateSubnet1","zone","privateSubnet2","privateSubnet3","internetGateway","elasticIpAllocation","natGateway","publicSubnetRouteTable","privateSubnetRouteTable","subnets","routeTables","subNet"],"mappings":";;AAKO,MAAMA,UAAUC,gBAAgB;IACnC,MAAM;IACN,QAAOC,GAAG;QAEN,MAAMC,MAAMD,IAAI,WAAW,CAACE,uCAAAA,GAAAA,CAAAA,GAAW,EAAE;YACrC,MAAM;YACN,QAAQ;gBACJ,WAAW;YACf;QACJ;QAIA,MAAMC,eAAeH,IAAI,WAAW,CAACE,uCAAAA,GAAAA,CAAAA,MAAc,EAAE;YACjD,MAAM;YACN,QAAQ;gBACJ,OAAOD,IAAI,MAAM,CAAC,EAAE;gBACpB,WAAW;gBACX,MAAM;oBAAE,MAAM;gBAAgB;YAClC;QACJ;QAEA,MAAMG,oBAAoBJ,IAAI,UAAU,CAAC,IAC9BE,uCAAAA,oBAAwB,CAAC;gBAC5B,OAAO;YACX;QAGJ,MAAMG,iBAAiBL,IAAI,WAAW,CAACE,uCAAAA,GAAAA,CAAAA,MAAc,EAAE;YACnD,MAAM;YACN,QAAQ;gBACJ,OAAOD,IAAI,MAAM,CAAC,EAAE;gBACpB,WAAW;gBACX,kBAAkBG,kBAAkB,KAAK,CAACE,CAAAA,OAAQA,KAAK,KAAK,CAAC,EAAE;gBAC/D,MAAM;oBAAE,MAAM;gBAAmB;YACrC;QACJ;QAEA,MAAMC,iBAAiBP,IAAI,WAAW,CAACE,uCAAAA,GAAAA,CAAAA,MAAc,EAAE;YACnD,MAAM;YACN,QAAQ;gBACJ,OAAOD,IAAI,MAAM,CAAC,EAAE;gBACpB,WAAW;gBACX,kBAAkBG,kBAAkB,KAAK,CAACE,CAAAA,OAAQA,KAAK,KAAK,CAAC,EAAE,IAAIA,KAAK,KAAK,CAAC,EAAE;gBAChF,MAAM;oBAAE,MAAM;gBAAmB;YACrC;QACJ;QAEA,MAAME,iBAAiBR,IAAI,WAAW,CAACE,uCAAAA,GAAAA,CAAAA,MAAc,EAAE;YACnD,MAAM;YACN,QAAQ;gBACJ,OAAOD,IAAI,MAAM,CAAC,EAAE;gBACpB,WAAW;gBACX,kBAAkBG,kBAAkB,KAAK,CAACE,CAAAA,OAAQA,KAAK,KAAK,CAAC,EAAE,IAAIA,KAAK,KAAK,CAAC,EAAE;gBAChF,MAAM;oBAAE,MAAM;gBAAmB;YACrC;QACJ;QAGA,MAAMG,kBAAkBT,IAAI,WAAW,CAACE,uCAAAA,GAAAA,CAAAA,eAAuB,EAAE;YAC7D,MAAM;YACN,QAAQ;gBACJ,OAAOD,IAAI,MAAM,CAAC,EAAE;YACxB;QACJ;QAGA,MAAMS,sBAAsBV,IAAI,WAAW,CAACE,uCAAAA,GAAAA,CAAAA,GAAW,EAAE;YACrD,MAAM;YACN,QAAQ;gBACJ,QAAQ;YACZ;QACJ;QAEA,MAAMS,aAAaX,IAAI,WAAW,CAACE,uCAAAA,GAAAA,CAAAA,UAAkB,EAAE;YACnD,MAAM;YACN,QAAQ;gBACJ,cAAcQ,oBAAoB,MAAM,CAAC,EAAE;gBAC3C,UAAUP,aAAa,MAAM,CAAC,EAAE;YACpC;QACJ;QAGA,MAAMS,yBAAyBZ,IAAI,WAAW,CAACE,uCAAAA,GAAAA,CAAAA,UAAkB,EAAE;YAC/D,MAAM;YACN,QAAQ;gBACJ,OAAOD,IAAI,MAAM,CAAC,EAAE;gBACpB,QAAQ;oBACJ;wBACI,WAAW;wBACX,WAAWQ,gBAAgB,MAAM,CAAC,EAAE;oBACxC;iBACH;YACL;QACJ;QAEA,MAAMI,0BAA0Bb,IAAI,WAAW,CAACE,uCAAAA,GAAAA,CAAAA,UAAkB,EAAE;YAChE,MAAM;YACN,QAAQ;gBACJ,OAAOD,IAAI,MAAM,CAAC,EAAE;gBACpB,QAAQ;oBACJ;wBACI,WAAW;wBACX,cAAcU,WAAW,MAAM,CAAC,EAAE;oBACtC;iBACH;YACL;QACJ;QAGAX,IAAI,WAAW,CAACE,uCAAAA,GAAAA,CAAAA,qBAA6B,EAAE;YAC3C,MAAM;YACN,QAAQ;gBACJ,UAAUC,aAAa,MAAM,CAAC,EAAE;gBAChC,cAAcS,uBAAuB,MAAM,CAAC,EAAE;YAClD;QACJ;QAEAZ,IAAI,WAAW,CAACE,uCAAAA,GAAAA,CAAAA,qBAA6B,EAAE;YAC3C,MAAM;YACN,QAAQ;gBACJ,UAAUG,eAAe,MAAM,CAAC,EAAE;gBAClC,cAAcQ,wBAAwB,MAAM,CAAC,EAAE;YACnD;QACJ;QAEAb,IAAI,WAAW,CAACE,uCAAAA,GAAAA,CAAAA,qBAA6B,EAAE;YAC3C,MAAM;YACN,QAAQ;gBACJ,UAAUK,eAAe,MAAM,CAAC,EAAE;gBAClC,cAAcM,wBAAwB,MAAM,CAAC,EAAE;YACnD;QACJ;QAEAb,IAAI,WAAW,CAACE,uCAAAA,GAAAA,CAAAA,qBAA6B,EAAE;YAC3C,MAAM;YACN,QAAQ;gBACJ,UAAUM,eAAe,MAAM,CAAC,EAAE;gBAClC,cAAcK,wBAAwB,MAAM,CAAC,EAAE;YACnD;QACJ;QAEA,MAAMC,UAAU;YACZ,QAAQ;gBAACX;aAAa;YACtB,SAAS;gBAACE;gBAAgBE;gBAAgBC;aAAe;QAC7D;QAEA,MAAMO,cAAc;YAChB,gBAAgBF;YAChB,eAAeD;QACnB;QAEAZ,IAAI,UAAU,CAAC;YACX,oBAAoBc,QAAQ,MAAM,CAAC,GAAG,CAACE,CAAAA,SAAUA,OAAO,MAAM,CAAC,EAAE;YACjE,qBAAqBF,QAAQ,OAAO,CAAC,GAAG,CAACE,CAAAA,SAAUA,OAAO,MAAM,CAAC,EAAE;YACnE,qBAAqB;gBAACf,IAAI,MAAM,CAAC,sBAAsB;aAAC;QAC5D;QAEA,OAAO;YACHA;YACAa;YACAC;QACJ;IACJ;AACJ"}