@webiny/pulumi-aws 0.0.0-ee-vpcs.549378cf03

package/apps/core/CoreElasticSearch.js

@@ -0,0 +1,286 @@
+"use strict";
+
+var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
+
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault").default;
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.ElasticSearch = void 0;
+
+var _path = _interopRequireDefault(require("path"));
+
+var pulumi = _interopRequireWildcard(require("@pulumi/pulumi"));
+
+var aws = _interopRequireWildcard(require("@pulumi/aws"));
+
+var _pulumi2 = require("@webiny/pulumi");
+
+var _awsUtils = require("../awsUtils");
+
+var _CoreVpc = require("./CoreVpc");
+
+function getDevClusterConfig() {
+  return {
+    instanceType: "t3.small.elasticsearch"
+  };
+}
+
+function getProdClusterConfig() {
+  return {
+    // For production deployments, we create 2 instances and configure multi-AZ.
+    instanceType: "t3.medium.elasticsearch",
+    instanceCount: 2,
+    zoneAwarenessEnabled: true,
+    zoneAwarenessConfig: {
+      availabilityZoneCount: 2
+    }
+  };
+}
+
+const ElasticSearch = (0, _pulumi2.createAppModule)({
+  name: "ElasticSearch",
+
+  config(app, params) {
+    const domainName = "webiny-js";
+    const accountId = (0, _awsUtils.getAwsAccountId)(app);
+    const prod = app.params.run.env === "prod";
+    const vpc = app.getModule(_CoreVpc.CoreVpc, {
+      optional: true
+    }); // This needs to be implemented in order to be able to use a shared ElasticSearch cluster.
+
+    let domain;
+    let domainPolicy;
+
+    if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {
+      const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME); // This can be useful for testing purposes in ephemeral environments. More information here:
+      // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments
+
+      domain = app.addRemoteResource(domainName, () => {
+        return aws.elasticsearch.getDomain({
+          domainName
+        }, {
+          async: true
+        });
+      });
+    } else {
+      // Regular ElasticSearch deployment.
+      domain = app.addResource(aws.elasticsearch.Domain, {
+        name: domainName,
+        config: {
+          elasticsearchVersion: "7.10",
+          clusterConfig: prod ? getProdClusterConfig() : getDevClusterConfig(),
+          vpcOptions: vpc ? {
+            subnetIds: vpc.subnets.private.map(s => s.output.id),
+            securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]
+          } : undefined,
+          ebsOptions: {
+            ebsEnabled: true,
+            volumeSize: 10,
+            volumeType: "gp2"
+          },
+          advancedOptions: {
+            "rest.action.multi.allow_explicit_index": "true"
+          },
+          snapshotOptions: {
+            automatedSnapshotStartHour: 23
+          }
+        },
+        opts: {
+          protect: params.protect
+        }
+      });
+      /**
+       * Domain policy defines who can access your Elasticsearch Domain.
+       * For details on Elasticsearch security, read the official documentation:
+       * https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/security.html
+       */
+
+      domainPolicy = app.addResource(aws.elasticsearch.DomainPolicy, {
+        name: `${domainName}-policy`,
+        config: {
+          domainName: domain.output.domainName,
+          accessPolicies: {
+            Version: "2012-10-17",
+            Statement: [
+            /**
+             * Allow requests signed with current account
+             */
+            {
+              Effect: "Allow",
+              Principal: {
+                AWS: accountId
+              },
+              Action: "es:*",
+              Resource: pulumi.interpolate`${domain.output.arn}/*`
+            }]
+          }
+        },
+        opts: {
+          protect: params.protect
+        }
+      });
+    }
+    /**
+     * Create a table for Elasticsearch records. All ES records are stored in this table to dramatically improve
+     * performance and stability on write operations (especially massive data imports). This table also serves as a backup and
+     * a single source of truth for your Elasticsearch domain. Streaming is enabled on this table, and it will
+     * allow asynchronous synchronization of data with Elasticsearch domain.
+     */
+
+
+    const table = app.addResource(aws.dynamodb.Table, {
+      name: "webiny-es",
+      config: {
+        attributes: [{
+          name: "PK",
+          type: "S"
+        }, {
+          name: "SK",
+          type: "S"
+        }],
+        streamEnabled: true,
+        streamViewType: "NEW_AND_OLD_IMAGES",
+        billingMode: "PAY_PER_REQUEST",
+        hashKey: "PK",
+        rangeKey: "SK"
+      },
+      opts: {
+        protect: params.protect
+      }
+    });
+    const roleName = "dynamo-to-elastic-lambda-role";
+    const role = app.addResource(aws.iam.Role, {
+      name: roleName,
+      config: {
+        assumeRolePolicy: {
+          Version: "2012-10-17",
+          Statement: [{
+            Action: "sts:AssumeRole",
+            Principal: {
+              Service: "lambda.amazonaws.com"
+            },
+            Effect: "Allow"
+          }]
+        }
+      },
+      meta: {
+        isLambdaFunctionRole: true
+      }
+    });
+    const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);
+    app.addResource(aws.iam.RolePolicyAttachment, {
+      name: `${roleName}-DynamoDbToElasticLambdaPolicy`,
+      config: {
+        role: role.output,
+        policyArn: policy.output.arn
+      }
+    }); // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.
+
+    if (vpc) {
+      app.addResource(aws.iam.RolePolicyAttachment, {
+        name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,
+        config: {
+          role: role.output,
+          policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole
+        }
+      });
+    } else {
+      app.addResource(aws.iam.RolePolicyAttachment, {
+        name: `${roleName}-AWSLambdaBasicExecutionRole`,
+        config: {
+          role: role.output,
+          policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole
+        }
+      });
+    }
+
+    app.addResource(aws.iam.RolePolicyAttachment, {
+      name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,
+      config: {
+        role: role.output,
+        policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole
+      }
+    });
+    /**
+     * This Lambda will process the stream events from DynamoDB table that contains Elasticsearch items.
+     * Elasticsearch can't take large amount of individual writes in a short period of time, so this way
+     * we store data for Elasticsearch in a DynamoDB table, and asynchronously insert it into Elasticsearch
+     * using batching.
+     */
+
+    const lambda = app.addResource(aws.lambda.Function, {
+      name: "dynamo-to-elastic",
+      config: {
+        role: role.output.arn,
+        runtime: "nodejs14.x",
+        handler: "handler.handler",
+        timeout: 600,
+        memorySize: 512,
+        environment: {
+          variables: {
+            DEBUG: String(process.env.DEBUG),
+            ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint
+          }
+        },
+        description: "Process DynamoDB Stream.",
+        code: new pulumi.asset.AssetArchive({
+          ".": new pulumi.asset.FileArchive(_path.default.join(app.paths.workspace, "dynamoToElastic/build"))
+        }),
+        vpcConfig: vpc ? {
+          subnetIds: vpc.subnets.private.map(s => s.output.id),
+          securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]
+        } : undefined
+      }
+    });
+    const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {
+      name: "dynamo-to-elastic",
+      config: {
+        eventSourceArn: table.output.streamArn,
+        functionName: lambda.output.arn,
+        startingPosition: "LATEST",
+        maximumRetryAttempts: 3,
+        batchSize: 1000,
+        maximumBatchingWindowInSeconds: 1
+      }
+    });
+    app.addOutputs({
+      elasticsearchDomainArn: domain.output.arn,
+      elasticsearchDomainEndpoint: domain.output.endpoint,
+      elasticsearchDynamodbTableArn: table.output.arn,
+      elasticsearchDynamodbTableName: table.output.name
+    });
+    return {
+      domain,
+      domainPolicy,
+      table,
+      dynamoToElastic: {
+        role,
+        policy,
+        lambda,
+        eventSourceMapping
+      }
+    };
+  }
+
+});
+exports.ElasticSearch = ElasticSearch;
+
+function getDynamoDbToElasticLambdaPolicy(app, domain) {
+  return app.addResource(aws.iam.Policy, {
+    name: "DynamoDbToElasticLambdaPolicy-updated",
+    config: {
+      description: "This policy enables access to ES and Dynamodb streams",
+      policy: {
+        Version: "2012-10-17",
+        Statement: [{
+          Sid: "PermissionForES",
+          Effect: "Allow",
+          Action: ["es:ESHttpDelete", "es:ESHttpPatch", "es:ESHttpPost", "es:ESHttpPut"],
+          Resource: [pulumi.interpolate`${domain.arn}`, pulumi.interpolate`${domain.arn}/*`]
+        }]
+      }
+    }
+  });
+}

package/apps/core/CoreElasticSearch.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","ElasticSearch","createAppModule","name","config","app","params","domainName","accountId","getAwsAccountId","prod","run","env","vpc","getModule","CoreVpc","optional","domain","domainPolicy","process","AWS_ELASTIC_SEARCH_DOMAIN_NAME","String","addRemoteResource","aws","elasticsearch","getDomain","async","addResource","Domain","elasticsearchVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","DomainPolicy","accessPolicies","Version","Statement","Effect","Principal","AWS","Action","Resource","pulumi","interpolate","arn","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","handler","timeout","memorySize","environment","variables","DEBUG","ELASTIC_SEARCH_ENDPOINT","endpoint","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","elasticsearchDomainArn","elasticsearchDomainEndpoint","elasticsearchDynamodbTableArn","elasticsearchDynamodbTableName","dynamoToElastic","Policy","Sid"],"sources":["CoreElasticSearch.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport {\n    createAppModule,\n    PulumiApp,\n    PulumiAppResource,\n    PulumiAppResourceConstructor,\n    PulumiAppRemoteResource\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { CoreVpc } from \"./CoreVpc\";\n\nexport interface ElasticSearchParams {\n    protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n    return {\n        instanceType: \"t3.small.elasticsearch\"\n    };\n}\n\nfunction getProdClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n    return {\n        // For production deployments, we create 2 instances and configure multi-AZ.\n        instanceType: \"t3.medium.elasticsearch\",\n        instanceCount: 2,\n        zoneAwarenessEnabled: true,\n        zoneAwarenessConfig: {\n            availabilityZoneCount: 2\n        }\n    };\n}\n\nexport const ElasticSearch = createAppModule({\n    name: \"ElasticSearch\",\n    config(app, params: ElasticSearchParams) {\n        const domainName = \"webiny-js\";\n        const accountId = getAwsAccountId(app);\n        const prod = app.params.run.env === \"prod\";\n        const vpc = app.getModule(CoreVpc, { optional: true });\n\n        // This needs to be implemented in order to be able to use a shared ElasticSearch cluster.\n        let domain:\n            | PulumiAppResource<PulumiAppResourceConstructor<aws.elasticsearch.Domain>>\n            | PulumiAppRemoteResource<aws.elasticsearch.GetDomainResult>;\n\n        let domainPolicy;\n\n        if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {\n            const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME);\n            // This can be useful for testing purposes in ephemeral environments. More information here:\n            // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n            domain = app.addRemoteResource(domainName, () => {\n                return aws.elasticsearch.getDomain({ domainName }, { async: true });\n            });\n        } else {\n            // Regular ElasticSearch deployment.\n            domain = app.addResource(aws.elasticsearch.Domain, {\n                name: domainName,\n                config: {\n                    elasticsearchVersion: \"7.10\",\n                    clusterConfig: prod ? getProdClusterConfig() : getDevClusterConfig(),\n                    vpcOptions: vpc\n                        ? {\n                              subnetIds: vpc.subnets.private.map(s => s.output.id),\n                              securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                          }\n                        : undefined,\n                    ebsOptions: {\n                        ebsEnabled: true,\n                        volumeSize: 10,\n                        volumeType: \"gp2\"\n                    },\n                    advancedOptions: {\n                        \"rest.action.multi.allow_explicit_index\": \"true\"\n                    },\n                    snapshotOptions: {\n                        automatedSnapshotStartHour: 23\n                    }\n                },\n                opts: { protect: params.protect }\n            });\n\n            /**\n             * Domain policy defines who can access your Elasticsearch Domain.\n             * For details on Elasticsearch security, read the official documentation:\n             * https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/security.html\n             */\n            domainPolicy = app.addResource(aws.elasticsearch.DomainPolicy, {\n                name: `${domainName}-policy`,\n                config: {\n                    domainName: domain.output.domainName,\n                    accessPolicies: {\n                        Version: \"2012-10-17\",\n                        Statement: [\n                            /**\n                             * Allow requests signed with current account\n                             */\n                            {\n                                Effect: \"Allow\",\n                                Principal: {\n                                    AWS: accountId\n                                },\n                                Action: \"es:*\",\n                                Resource: pulumi.interpolate`${domain.output.arn}/*`\n                            }\n                        ]\n                    }\n                },\n                opts: { protect: params.protect }\n            });\n        }\n\n        /**\n         * Create a table for Elasticsearch records. All ES records are stored in this table to dramatically improve\n         * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n         * a single source of truth for your Elasticsearch domain. Streaming is enabled on this table, and it will\n         * allow asynchronous synchronization of data with Elasticsearch domain.\n         */\n        const table = app.addResource(aws.dynamodb.Table, {\n            name: \"webiny-es\",\n            config: {\n                attributes: [\n                    { name: \"PK\", type: \"S\" },\n                    { name: \"SK\", type: \"S\" }\n                ],\n                streamEnabled: true,\n                streamViewType: \"NEW_AND_OLD_IMAGES\",\n                billingMode: \"PAY_PER_REQUEST\",\n                hashKey: \"PK\",\n                rangeKey: \"SK\"\n            },\n            opts: { protect: params.protect }\n        });\n\n        const roleName = \"dynamo-to-elastic-lambda-role\";\n\n        const role = app.addResource(aws.iam.Role, {\n            name: roleName,\n            config: {\n                assumeRolePolicy: {\n                    Version: \"2012-10-17\",\n                    Statement: [\n                        {\n                            Action: \"sts:AssumeRole\",\n                            Principal: {\n                                Service: \"lambda.amazonaws.com\"\n                            },\n                            Effect: \"Allow\"\n                        }\n                    ]\n                }\n            },\n            meta: { isLambdaFunctionRole: true }\n        });\n\n        const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n            config: {\n                role: role.output,\n                policyArn: policy.output.arn\n            }\n        });\n\n        // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n        if (vpc) {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n                }\n            });\n        } else {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaBasicExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n                }\n            });\n        }\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n            config: {\n                role: role.output,\n                policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n            }\n        });\n\n        /**\n         * This Lambda will process the stream events from DynamoDB table that contains Elasticsearch items.\n         * Elasticsearch can't take large amount of individual writes in a short period of time, so this way\n         * we store data for Elasticsearch in a DynamoDB table, and asynchronously insert it into Elasticsearch\n         * using batching.\n         */\n        const lambda = app.addResource(aws.lambda.Function, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                role: role.output.arn,\n                runtime: \"nodejs14.x\",\n                handler: \"handler.handler\",\n                timeout: 600,\n                memorySize: 512,\n                environment: {\n                    variables: {\n                        DEBUG: String(process.env.DEBUG),\n                        ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint\n                    }\n                },\n                description: \"Process DynamoDB Stream.\",\n                code: new pulumi.asset.AssetArchive({\n                    \".\": new pulumi.asset.FileArchive(\n                        path.join(app.paths.workspace, \"dynamoToElastic/build\")\n                    )\n                }),\n                vpcConfig: vpc\n                    ? {\n                          subnetIds: vpc.subnets.private.map(s => s.output.id),\n                          securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                      }\n                    : undefined\n            }\n        });\n\n        const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                eventSourceArn: table.output.streamArn,\n                functionName: lambda.output.arn,\n                startingPosition: \"LATEST\",\n                maximumRetryAttempts: 3,\n                batchSize: 1000,\n                maximumBatchingWindowInSeconds: 1\n            }\n        });\n\n        app.addOutputs({\n            elasticsearchDomainArn: domain.output.arn,\n            elasticsearchDomainEndpoint: domain.output.endpoint,\n            elasticsearchDynamodbTableArn: table.output.arn,\n            elasticsearchDynamodbTableName: table.output.name\n        });\n\n        return {\n            domain,\n            domainPolicy,\n            table,\n            dynamoToElastic: {\n                role,\n                policy,\n                lambda,\n                eventSourceMapping\n            }\n        };\n    }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n    app: PulumiApp,\n    domain: pulumi.Output<aws.elasticsearch.Domain | aws.elasticsearch.GetDomainResult>\n) {\n    return app.addResource(aws.iam.Policy, {\n        name: \"DynamoDbToElasticLambdaPolicy-updated\",\n        config: {\n            description: \"This policy enables access to ES and Dynamodb streams\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForES\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"es:ESHttpDelete\",\n                            \"es:ESHttpPatch\",\n                            \"es:ESHttpPost\",\n                            \"es:ESHttpPut\"\n                        ],\n                        Resource: [\n                            pulumi.interpolate`${domain.arn}`,\n                            pulumi.interpolate`${domain.arn}/*`\n                        ]\n                    }\n                ]\n            }\n        }\n    });\n}\n"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AACA;;AAQA;;AACA;;AAMA,SAASA,mBAAT,GAAkF;EAC9E,OAAO;IACHC,YAAY,EAAE;EADX,CAAP;AAGH;;AAED,SAASC,oBAAT,GAAmF;EAC/E,OAAO;IACH;IACAD,YAAY,EAAE,yBAFX;IAGHE,aAAa,EAAE,CAHZ;IAIHC,oBAAoB,EAAE,IAJnB;IAKHC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IADN;EALlB,CAAP;AASH;;AAEM,MAAMC,aAAa,GAAG,IAAAC,wBAAA,EAAgB;EACzCC,IAAI,EAAE,eADmC;;EAEzCC,MAAM,CAACC,GAAD,EAAMC,MAAN,EAAmC;IACrC,MAAMC,UAAU,GAAG,WAAnB;IACA,MAAMC,SAAS,GAAG,IAAAC,yBAAA,EAAgBJ,GAAhB,CAAlB;IACA,MAAMK,IAAI,GAAGL,GAAG,CAACC,MAAJ,CAAWK,GAAX,CAAeC,GAAf,KAAuB,MAApC;IACA,MAAMC,GAAG,GAAGR,GAAG,CAACS,SAAJ,CAAcC,gBAAd,EAAuB;MAAEC,QAAQ,EAAE;IAAZ,CAAvB,CAAZ,CAJqC,CAMrC;;IACA,IAAIC,MAAJ;IAIA,IAAIC,YAAJ;;IAEA,IAAIC,OAAO,CAACP,GAAR,CAAYQ,8BAAhB,EAAgD;MAC5C,MAAMb,UAAU,GAAGc,MAAM,CAACF,OAAO,CAACP,GAAR,CAAYQ,8BAAb,CAAzB,CAD4C,CAE5C;MACA;;MACAH,MAAM,GAAGZ,GAAG,CAACiB,iBAAJ,CAAsBf,UAAtB,EAAkC,MAAM;QAC7C,OAAOgB,GAAG,CAACC,aAAJ,CAAkBC,SAAlB,CAA4B;UAAElB;QAAF,CAA5B,EAA4C;UAAEmB,KAAK,EAAE;QAAT,CAA5C,CAAP;MACH,CAFQ,CAAT;IAGH,CAPD,MAOO;MACH;MACAT,MAAM,GAAGZ,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACC,aAAJ,CAAkBI,MAAlC,EAA0C;QAC/CzB,IAAI,EAAEI,UADyC;QAE/CH,MAAM,EAAE;UACJyB,oBAAoB,EAAE,MADlB;UAEJC,aAAa,EAAEpB,IAAI,GAAGd,oBAAoB,EAAvB,GAA4BF,mBAAmB,EAF9D;UAGJqC,UAAU,EAAElB,GAAG,GACT;YACImB,SAAS,EAAEnB,GAAG,CAACoB,OAAJ,CAAYC,OAAZ,CAAoBC,GAApB,CAAwBC,CAAC,IAAIA,CAAC,CAACC,MAAF,CAASC,EAAtC,CADf;YAEIC,gBAAgB,EAAE,CAAC1B,GAAG,CAACA,GAAJ,CAAQwB,MAAR,CAAeG,sBAAhB;UAFtB,CADS,GAKTC,SARF;UASJC,UAAU,EAAE;YACRC,UAAU,EAAE,IADJ;YAERC,UAAU,EAAE,EAFJ;YAGRC,UAAU,EAAE;UAHJ,CATR;UAcJC,eAAe,EAAE;YACb,0CAA0C;UAD7B,CAdb;UAiBJC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UADf;QAjBb,CAFuC;QAuB/CC,IAAI,EAAE;UAAEC,OAAO,EAAE5C,MAAM,CAAC4C;QAAlB;MAvByC,CAA1C,CAAT;MA0BA;AACZ;AACA;AACA;AACA;;MACYhC,YAAY,GAAGb,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACC,aAAJ,CAAkB2B,YAAlC,EAAgD;QAC3DhD,IAAI,EAAG,GAAEI,UAAW,SADuC;QAE3DH,MAAM,EAAE;UACJG,UAAU,EAAEU,MAAM,CAACoB,MAAP,CAAc9B,UADtB;UAEJ6C,cAAc,EAAE;YACZC,OAAO,EAAE,YADG;YAEZC,SAAS,EAAE;YACP;AAC5B;AACA;YAC4B;cACIC,MAAM,EAAE,OADZ;cAEIC,SAAS,EAAE;gBACPC,GAAG,EAAEjD;cADE,CAFf;cAKIkD,MAAM,EAAE,MALZ;cAMIC,QAAQ,EAAEC,MAAM,CAACC,WAAY,GAAE5C,MAAM,CAACoB,MAAP,CAAcyB,GAAI;YANrD,CAJO;UAFC;QAFZ,CAFmD;QAqB3Db,IAAI,EAAE;UAAEC,OAAO,EAAE5C,MAAM,CAAC4C;QAAlB;MArBqD,CAAhD,CAAf;IAuBH;IAED;AACR;AACA;AACA;AACA;AACA;;;IACQ,MAAMa,KAAK,GAAG1D,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACyC,QAAJ,CAAaC,KAA7B,EAAoC;MAC9C9D,IAAI,EAAE,WADwC;MAE9CC,MAAM,EAAE;QACJ8D,UAAU,EAAE,CACR;UAAE/D,IAAI,EAAE,IAAR;UAAcgE,IAAI,EAAE;QAApB,CADQ,EAER;UAAEhE,IAAI,EAAE,IAAR;UAAcgE,IAAI,EAAE;QAApB,CAFQ,CADR;QAKJC,aAAa,EAAE,IALX;QAMJC,cAAc,EAAE,oBANZ;QAOJC,WAAW,EAAE,iBAPT;QAQJC,OAAO,EAAE,IARL;QASJC,QAAQ,EAAE;MATN,CAFsC;MAa9CvB,IAAI,EAAE;QAAEC,OAAO,EAAE5C,MAAM,CAAC4C;MAAlB;IAbwC,CAApC,CAAd;IAgBA,MAAMuB,QAAQ,GAAG,+BAAjB;IAEA,MAAMC,IAAI,GAAGrE,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQC,IAAxB,EAA8B;MACvCzE,IAAI,EAAEsE,QADiC;MAEvCrE,MAAM,EAAE;QACJyE,gBAAgB,EAAE;UACdxB,OAAO,EAAE,YADK;UAEdC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBADZ;YAEIF,SAAS,EAAE;cACPsB,OAAO,EAAE;YADF,CAFf;YAKIvB,MAAM,EAAE;UALZ,CADO;QAFG;MADd,CAF+B;MAgBvCwB,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAxB;IAhBiC,CAA9B,CAAb;IAmBA,MAAMC,MAAM,GAAGC,gCAAgC,CAAC7E,GAAD,EAAMY,MAAM,CAACoB,MAAb,CAA/C;IAEAhC,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQQ,oBAAxB,EAA8C;MAC1ChF,IAAI,EAAG,GAAEsE,QAAS,gCADwB;MAE1CrE,MAAM,EAAE;QACJsE,IAAI,EAAEA,IAAI,CAACrC,MADP;QAEJ+C,SAAS,EAAEH,MAAM,CAAC5C,MAAP,CAAcyB;MAFrB;IAFkC,CAA9C,EA3HqC,CAmIrC;;IACA,IAAIjD,GAAJ,EAAS;MACLR,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQQ,oBAAxB,EAA8C;QAC1ChF,IAAI,EAAG,GAAEsE,QAAS,kCADwB;QAE1CrE,MAAM,EAAE;UACJsE,IAAI,EAAEA,IAAI,CAACrC,MADP;UAEJ+C,SAAS,EAAE7D,GAAG,CAACoD,GAAJ,CAAQU,aAAR,CAAsBC;QAF7B;MAFkC,CAA9C;IAOH,CARD,MAQO;MACHjF,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQQ,oBAAxB,EAA8C;QAC1ChF,IAAI,EAAG,GAAEsE,QAAS,8BADwB;QAE1CrE,MAAM,EAAE;UACJsE,IAAI,EAAEA,IAAI,CAACrC,MADP;UAEJ+C,SAAS,EAAE7D,GAAG,CAACoD,GAAJ,CAAQU,aAAR,CAAsBE;QAF7B;MAFkC,CAA9C;IAOH;;IAEDlF,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQQ,oBAAxB,EAA8C;MAC1ChF,IAAI,EAAG,GAAEsE,QAAS,iCADwB;MAE1CrE,MAAM,EAAE;QACJsE,IAAI,EAAEA,IAAI,CAACrC,MADP;QAEJ+C,SAAS,EAAE7D,GAAG,CAACoD,GAAJ,CAAQU,aAAR,CAAsBG;MAF7B;IAFkC,CAA9C;IAQA;AACR;AACA;AACA;AACA;AACA;;IACQ,MAAMC,MAAM,GAAGpF,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACkE,MAAJ,CAAWC,QAA3B,EAAqC;MAChDvF,IAAI,EAAE,mBAD0C;MAEhDC,MAAM,EAAE;QACJsE,IAAI,EAAEA,IAAI,CAACrC,MAAL,CAAYyB,GADd;QAEJ6B,OAAO,EAAE,YAFL;QAGJC,OAAO,EAAE,iBAHL;QAIJC,OAAO,EAAE,GAJL;QAKJC,UAAU,EAAE,GALR;QAMJC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE5E,MAAM,CAACF,OAAO,CAACP,GAAR,CAAYqF,KAAb,CADN;YAEPC,uBAAuB,EAAEjF,MAAM,CAACoB,MAAP,CAAc8D;UAFhC;QADF,CANT;QAYJC,WAAW,EAAE,0BAZT;QAaJC,IAAI,EAAE,IAAIzC,MAAM,CAAC0C,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAI3C,MAAM,CAAC0C,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUrG,GAAG,CAACsG,KAAJ,CAAUC,SAApB,EAA+B,uBAA/B,CADC;QAD2B,CAA9B,CAbF;QAkBJC,SAAS,EAAEhG,GAAG,GACR;UACImB,SAAS,EAAEnB,GAAG,CAACoB,OAAJ,CAAYC,OAAZ,CAAoBC,GAApB,CAAwBC,CAAC,IAAIA,CAAC,CAACC,MAAF,CAASC,EAAtC,CADf;UAEIC,gBAAgB,EAAE,CAAC1B,GAAG,CAACA,GAAJ,CAAQwB,MAAR,CAAeG,sBAAhB;QAFtB,CADQ,GAKRC;MAvBF;IAFwC,CAArC,CAAf;IA6BA,MAAMqE,kBAAkB,GAAGzG,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACkE,MAAJ,CAAWsB,kBAA3B,EAA+C;MACtE5G,IAAI,EAAE,mBADgE;MAEtEC,MAAM,EAAE;QACJ4G,cAAc,EAAEjD,KAAK,CAAC1B,MAAN,CAAa4E,SADzB;QAEJC,YAAY,EAAEzB,MAAM,CAACpD,MAAP,CAAcyB,GAFxB;QAGJqD,gBAAgB,EAAE,QAHd;QAIJC,oBAAoB,EAAE,CAJlB;QAKJC,SAAS,EAAE,IALP;QAMJC,8BAA8B,EAAE;MAN5B;IAF8D,CAA/C,CAA3B;IAYAjH,GAAG,CAACkH,UAAJ,CAAe;MACXC,sBAAsB,EAAEvG,MAAM,CAACoB,MAAP,CAAcyB,GAD3B;MAEX2D,2BAA2B,EAAExG,MAAM,CAACoB,MAAP,CAAc8D,QAFhC;MAGXuB,6BAA6B,EAAE3D,KAAK,CAAC1B,MAAN,CAAayB,GAHjC;MAIX6D,8BAA8B,EAAE5D,KAAK,CAAC1B,MAAN,CAAalC;IAJlC,CAAf;IAOA,OAAO;MACHc,MADG;MAEHC,YAFG;MAGH6C,KAHG;MAIH6D,eAAe,EAAE;QACblD,IADa;QAEbO,MAFa;QAGbQ,MAHa;QAIbqB;MAJa;IAJd,CAAP;EAWH;;AAjOwC,CAAhB,CAAtB;;;AAoOP,SAAS5B,gCAAT,CACI7E,GADJ,EAEIY,MAFJ,EAGE;EACE,OAAOZ,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQkD,MAAxB,EAAgC;IACnC1H,IAAI,EAAE,uCAD6B;IAEnCC,MAAM,EAAE;MACJgG,WAAW,EAAE,uDADT;MAEJnB,MAAM,EAAE;QACJ5B,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACIwE,GAAG,EAAE,iBADT;UAEIvE,MAAM,EAAE,OAFZ;UAGIG,MAAM,EAAE,CACJ,iBADI,EAEJ,gBAFI,EAGJ,eAHI,EAIJ,cAJI,CAHZ;UASIC,QAAQ,EAAE,CACNC,MAAM,CAACC,WAAY,GAAE5C,MAAM,CAAC6C,GAAI,EAD1B,EAENF,MAAM,CAACC,WAAY,GAAE5C,MAAM,CAAC6C,GAAI,IAF1B;QATd,CADO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AAyBH"}

package/apps/core/CoreEventBus.d.ts

@@ -0,0 +1 @@
+export declare const CoreEventBus: import("@webiny/pulumi").PulumiAppModuleDefinition<import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventBus").EventBus>, void>;

package/apps/core/CoreEventBus.js

@@ -0,0 +1,25 @@
+"use strict";
+
+var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.CoreEventBus = void 0;
+
+var aws = _interopRequireWildcard(require("@pulumi/aws"));
+
+var _pulumi = require("@webiny/pulumi");
+
+const CoreEventBus = (0, _pulumi.createAppModule)({
+  name: "CoreEventBus",
+
+  config(app) {
+    return app.addResource(aws.cloudwatch.EventBus, {
+      name: "event-bus",
+      config: {}
+    });
+  }
+
+});
+exports.CoreEventBus = CoreEventBus;

package/apps/core/CoreEventBus.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["CoreEventBus","createAppModule","name","config","app","addResource","aws","cloudwatch","EventBus"],"sources":["CoreEventBus.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, PulumiApp } from \"@webiny/pulumi\";\n\nexport const CoreEventBus = createAppModule({\n    name: \"CoreEventBus\",\n    config(app: PulumiApp) {\n        return app.addResource(aws.cloudwatch.EventBus, {\n            name: \"event-bus\",\n            config: {}\n        });\n    }\n});\n"],"mappings":";;;;;;;;;AAAA;;AACA;;AAEO,MAAMA,YAAY,GAAG,IAAAC,uBAAA,EAAgB;EACxCC,IAAI,EAAE,cADkC;;EAExCC,MAAM,CAACC,GAAD,EAAiB;IACnB,OAAOA,GAAG,CAACC,WAAJ,CAAgBC,GAAG,CAACC,UAAJ,CAAeC,QAA/B,EAAyC;MAC5CN,IAAI,EAAE,WADsC;MAE5CC,MAAM,EAAE;IAFoC,CAAzC,CAAP;EAIH;;AAPuC,CAAhB,CAArB"}

package/apps/core/CoreFileManager.d.ts

@@ -0,0 +1,8 @@
+import { PulumiAppModule } from "@webiny/pulumi";
+export declare type CoreFileManger = PulumiAppModule<typeof CoreFileManger>;
+export declare const CoreFileManger: import("@webiny/pulumi").PulumiAppModuleDefinition<{
+    bucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
+    blockPublicAccessBlock: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPublicAccessBlock").BucketPublicAccessBlock>;
+}, {
+    protect: boolean;
+}>;

package/apps/core/CoreFileManager.js

@@ -0,0 +1,55 @@
+"use strict";
+
+var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.CoreFileManger = void 0;
+
+var aws = _interopRequireWildcard(require("@pulumi/aws"));
+
+var _pulumi = require("@webiny/pulumi");
+
+const CoreFileManger = (0, _pulumi.createAppModule)({
+  name: "FileManagerBucket",
+
+  config(app, params) {
+    const name = "fm-bucket";
+    const bucket = app.addResource(aws.s3.Bucket, {
+      name,
+      config: {
+        acl: aws.s3.CannedAcl.Private,
+        // We definitely don't want to force-destroy if "protected" flag is true.
+        forceDestroy: !params.protect,
+        // We need these rules to be able to upload to this bucket from the browser.
+        corsRules: [{
+          allowedHeaders: ["*"],
+          allowedMethods: ["POST", "GET"],
+          allowedOrigins: ["*"],
+          maxAgeSeconds: 3000
+        }]
+      },
+      opts: {
+        protect: params.protect
+      }
+    }); // Block any public access
+
+    const blockPublicAccessBlock = app.addResource(aws.s3.BucketPublicAccessBlock, {
+      name: `${name}-block-public-access`,
+      config: {
+        bucket: bucket.output.id,
+        blockPublicAcls: true,
+        blockPublicPolicy: true,
+        ignorePublicAcls: true,
+        restrictPublicBuckets: true
+      }
+    });
+    return {
+      bucket,
+      blockPublicAccessBlock
+    };
+  }
+
+});
+exports.CoreFileManger = CoreFileManger;

package/apps/core/CoreFileManager.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["CoreFileManger","createAppModule","name","config","app","params","bucket","addResource","aws","s3","Bucket","acl","CannedAcl","Private","forceDestroy","protect","corsRules","allowedHeaders","allowedMethods","allowedOrigins","maxAgeSeconds","opts","blockPublicAccessBlock","BucketPublicAccessBlock","output","id","blockPublicAcls","blockPublicPolicy","ignorePublicAcls","restrictPublicBuckets"],"sources":["CoreFileManager.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type CoreFileManger = PulumiAppModule<typeof CoreFileManger>;\n\nexport const CoreFileManger = createAppModule({\n    name: \"FileManagerBucket\",\n    config(app: PulumiApp, params: { protect: boolean }) {\n        const name = \"fm-bucket\";\n\n        const bucket = app.addResource(aws.s3.Bucket, {\n            name,\n            config: {\n                acl: aws.s3.CannedAcl.Private,\n                // We definitely don't want to force-destroy if \"protected\" flag is true.\n                forceDestroy: !params.protect,\n                // We need these rules to be able to upload to this bucket from the browser.\n                corsRules: [\n                    {\n                        allowedHeaders: [\"*\"],\n                        allowedMethods: [\"POST\", \"GET\"],\n                        allowedOrigins: [\"*\"],\n                        maxAgeSeconds: 3000\n                    }\n                ]\n            },\n            opts: {\n                protect: params.protect\n            }\n        });\n\n        // Block any public access\n        const blockPublicAccessBlock = app.addResource(aws.s3.BucketPublicAccessBlock, {\n            name: `${name}-block-public-access`,\n            config: {\n                bucket: bucket.output.id,\n                blockPublicAcls: true,\n                blockPublicPolicy: true,\n                ignorePublicAcls: true,\n                restrictPublicBuckets: true\n            }\n        });\n\n        return {\n            bucket,\n            blockPublicAccessBlock\n        };\n    }\n});\n"],"mappings":";;;;;;;;;AAAA;;AACA;;AAIO,MAAMA,cAAc,GAAG,IAAAC,uBAAA,EAAgB;EAC1CC,IAAI,EAAE,mBADoC;;EAE1CC,MAAM,CAACC,GAAD,EAAiBC,MAAjB,EAA+C;IACjD,MAAMH,IAAI,GAAG,WAAb;IAEA,MAAMI,MAAM,GAAGF,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,EAAJ,CAAOC,MAAvB,EAA+B;MAC1CR,IAD0C;MAE1CC,MAAM,EAAE;QACJQ,GAAG,EAAEH,GAAG,CAACC,EAAJ,CAAOG,SAAP,CAAiBC,OADlB;QAEJ;QACAC,YAAY,EAAE,CAACT,MAAM,CAACU,OAHlB;QAIJ;QACAC,SAAS,EAAE,CACP;UACIC,cAAc,EAAE,CAAC,GAAD,CADpB;UAEIC,cAAc,EAAE,CAAC,MAAD,EAAS,KAAT,CAFpB;UAGIC,cAAc,EAAE,CAAC,GAAD,CAHpB;UAIIC,aAAa,EAAE;QAJnB,CADO;MALP,CAFkC;MAgB1CC,IAAI,EAAE;QACFN,OAAO,EAAEV,MAAM,CAACU;MADd;IAhBoC,CAA/B,CAAf,CAHiD,CAwBjD;;IACA,MAAMO,sBAAsB,GAAGlB,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,EAAJ,CAAOc,uBAAvB,EAAgD;MAC3ErB,IAAI,EAAG,GAAEA,IAAK,sBAD6D;MAE3EC,MAAM,EAAE;QACJG,MAAM,EAAEA,MAAM,CAACkB,MAAP,CAAcC,EADlB;QAEJC,eAAe,EAAE,IAFb;QAGJC,iBAAiB,EAAE,IAHf;QAIJC,gBAAgB,EAAE,IAJd;QAKJC,qBAAqB,EAAE;MALnB;IAFmE,CAAhD,CAA/B;IAWA,OAAO;MACHvB,MADG;MAEHgB;IAFG,CAAP;EAIH;;AA1CyC,CAAhB,CAAvB"}

package/apps/core/CoreVpc.d.ts

@@ -0,0 +1,13 @@
+import { PulumiAppModule } from "@webiny/pulumi";
+export declare type CoreVpc = PulumiAppModule<typeof CoreVpc>;
+export declare const CoreVpc: import("@webiny/pulumi").PulumiAppModuleDefinition<{
+    vpc: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/vpc").Vpc>;
+    subnets: {
+        public: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/subnet").Subnet>[];
+        private: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/subnet").Subnet>[];
+    };
+    routeTables: {
+        privateSubnets: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/routeTable").RouteTable>;
+        publicSubnets: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/routeTable").RouteTable>;
+    };
+}, void>;

package/apps/core/CoreVpc.js

@@ -0,0 +1,148 @@
+"use strict";
+
+var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.CoreVpc = void 0;
+
+var aws = _interopRequireWildcard(require("@pulumi/aws"));
+
+var _pulumi = require("@webiny/pulumi");
+
+const CoreVpc = (0, _pulumi.createAppModule)({
+  name: "CoreVpc",
+
+  config(app) {
+    // Create VPC.
+    const vpc = app.addResource(aws.ec2.Vpc, {
+      name: "webiny",
+      config: {
+        cidrBlock: "10.0.0.0/16"
+      }
+    }); // Create one public and two private subnets.
+
+    const publicSubnet = app.addResource(aws.ec2.Subnet, {
+      name: "public",
+      config: {
+        vpcId: vpc.output.id,
+        cidrBlock: "10.0.0.0/24",
+        tags: {
+          Name: "public-subnet"
+        }
+      }
+    });
+    const availabilityZones = app.addHandler(() => {
+      return aws.getAvailabilityZones({
+        state: "available"
+      });
+    });
+    const privateSubnet1 = app.addResource(aws.ec2.Subnet, {
+      name: "private-subnet-1",
+      config: {
+        vpcId: vpc.output.id,
+        cidrBlock: "10.0.1.0/24",
+        availabilityZone: availabilityZones.apply(zone => zone.names[0]),
+        tags: {
+          Name: "private-subnet-1"
+        }
+      }
+    });
+    const privateSubnet2 = app.addResource(aws.ec2.Subnet, {
+      name: "private-subnet-2",
+      config: {
+        vpcId: vpc.output.id,
+        cidrBlock: "10.0.2.0/24",
+        availabilityZone: availabilityZones.apply(zone => zone.names[1]),
+        tags: {
+          Name: "private-subnet-2"
+        }
+      }
+    }); // Create Internet gateway.
+
+    const internetGateway = app.addResource(aws.ec2.InternetGateway, {
+      name: "internet-gateway",
+      config: {
+        vpcId: vpc.output.id
+      }
+    }); // Create NAT gateway.
+
+    const elasticIpAllocation = app.addResource(aws.ec2.Eip, {
+      name: "nat-gateway-elastic-ip",
+      config: {
+        vpc: true
+      }
+    });
+    const natGateway = app.addResource(aws.ec2.NatGateway, {
+      name: "nat-gateway",
+      config: {
+        allocationId: elasticIpAllocation.output.id,
+        subnetId: publicSubnet.output.id
+      }
+    }); // Create a route table for both subnets.
+
+    const publicSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {
+      name: "public",
+      config: {
+        vpcId: vpc.output.id,
+        routes: [{
+          cidrBlock: "0.0.0.0/0",
+          gatewayId: internetGateway.output.id
+        }]
+      }
+    });
+    const privateSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {
+      name: "private",
+      config: {
+        vpcId: vpc.output.id,
+        routes: [{
+          cidrBlock: "0.0.0.0/0",
+          natGatewayId: natGateway.output.id
+        }]
+      }
+    }); // Create route table associations - links between subnets and route tables.
+
+    app.addResource(aws.ec2.RouteTableAssociation, {
+      name: "public-subnet-route-table-association",
+      config: {
+        subnetId: publicSubnet.output.id,
+        routeTableId: publicSubnetRouteTable.output.id
+      }
+    });
+    app.addResource(aws.ec2.RouteTableAssociation, {
+      name: "private-subnet-1-route-table-association",
+      config: {
+        subnetId: privateSubnet1.output.id,
+        routeTableId: privateSubnetRouteTable.output.id
+      }
+    });
+    app.addResource(aws.ec2.RouteTableAssociation, {
+      name: "private-subnet-2-route-table-association",
+      config: {
+        subnetId: privateSubnet2.output.id,
+        routeTableId: privateSubnetRouteTable.output.id
+      }
+    });
+    const subnets = {
+      public: [publicSubnet],
+      private: [privateSubnet1, privateSubnet2]
+    };
+    const routeTables = {
+      privateSubnets: privateSubnetRouteTable,
+      publicSubnets: publicSubnetRouteTable
+    };
+    app.addOutputs({
+      vpcPublicSubnetIds: subnets.public.map(subNet => subNet.output.id),
+      vpcPrivateSubnetIds: subnets.private.map(subNet => subNet.output.id),
+      vpcSecurityGroupIds: [vpc.output.defaultSecurityGroupId]
+    });
+    return {
+      vpc,
+      subnets,
+      routeTables
+    };
+  }
+
+});
+exports.CoreVpc = CoreVpc;

package/apps/core/CoreVpc.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["CoreVpc","createAppModule","name","config","app","vpc","addResource","aws","ec2","Vpc","cidrBlock","publicSubnet","Subnet","vpcId","output","id","tags","Name","availabilityZones","addHandler","getAvailabilityZones","state","privateSubnet1","availabilityZone","apply","zone","names","privateSubnet2","internetGateway","InternetGateway","elasticIpAllocation","Eip","natGateway","NatGateway","allocationId","subnetId","publicSubnetRouteTable","RouteTable","routes","gatewayId","privateSubnetRouteTable","natGatewayId","RouteTableAssociation","routeTableId","subnets","public","private","routeTables","privateSubnets","publicSubnets","addOutputs","vpcPublicSubnetIds","map","subNet","vpcPrivateSubnetIds","vpcSecurityGroupIds","defaultSecurityGroupId"],"sources":["CoreVpc.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type CoreVpc = PulumiAppModule<typeof CoreVpc>;\n\nexport const CoreVpc = createAppModule({\n    name: \"CoreVpc\",\n    config(app) {\n        // Create VPC.\n        const vpc = app.addResource(aws.ec2.Vpc, {\n            name: \"webiny\",\n            config: {\n                cidrBlock: \"10.0.0.0/16\"\n            }\n        });\n\n        // Create one public and two private subnets.\n        const publicSubnet = app.addResource(aws.ec2.Subnet, {\n            name: \"public\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.0.0/24\",\n                tags: { Name: \"public-subnet\" }\n            }\n        });\n\n        const availabilityZones = app.addHandler(() => {\n            return aws.getAvailabilityZones({\n                state: \"available\"\n            });\n        });\n\n        const privateSubnet1 = app.addResource(aws.ec2.Subnet, {\n            name: \"private-subnet-1\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.1.0/24\",\n                availabilityZone: availabilityZones.apply(zone => zone.names[0]),\n                tags: { Name: \"private-subnet-1\" }\n            }\n        });\n\n        const privateSubnet2 = app.addResource(aws.ec2.Subnet, {\n            name: \"private-subnet-2\",\n            config: {\n                vpcId: vpc.output.id,\n                cidrBlock: \"10.0.2.0/24\",\n                availabilityZone: availabilityZones.apply(zone => zone.names[1]),\n                tags: { Name: \"private-subnet-2\" }\n            }\n        });\n\n        // Create Internet gateway.\n        const internetGateway = app.addResource(aws.ec2.InternetGateway, {\n            name: \"internet-gateway\",\n            config: {\n                vpcId: vpc.output.id\n            }\n        });\n\n        // Create NAT gateway.\n        const elasticIpAllocation = app.addResource(aws.ec2.Eip, {\n            name: \"nat-gateway-elastic-ip\",\n            config: {\n                vpc: true\n            }\n        });\n\n        const natGateway = app.addResource(aws.ec2.NatGateway, {\n            name: \"nat-gateway\",\n            config: {\n                allocationId: elasticIpAllocation.output.id,\n                subnetId: publicSubnet.output.id\n            }\n        });\n\n        // Create a route table for both subnets.\n        const publicSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {\n            name: \"public\",\n            config: {\n                vpcId: vpc.output.id,\n                routes: [\n                    {\n                        cidrBlock: \"0.0.0.0/0\",\n                        gatewayId: internetGateway.output.id\n                    }\n                ]\n            }\n        });\n\n        const privateSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {\n            name: \"private\",\n            config: {\n                vpcId: vpc.output.id,\n                routes: [\n                    {\n                        cidrBlock: \"0.0.0.0/0\",\n                        natGatewayId: natGateway.output.id\n                    }\n                ]\n            }\n        });\n\n        // Create route table associations - links between subnets and route tables.\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"public-subnet-route-table-association\",\n            config: {\n                subnetId: publicSubnet.output.id,\n                routeTableId: publicSubnetRouteTable.output.id\n            }\n        });\n\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"private-subnet-1-route-table-association\",\n            config: {\n                subnetId: privateSubnet1.output.id,\n                routeTableId: privateSubnetRouteTable.output.id\n            }\n        });\n\n        app.addResource(aws.ec2.RouteTableAssociation, {\n            name: \"private-subnet-2-route-table-association\",\n            config: {\n                subnetId: privateSubnet2.output.id,\n                routeTableId: privateSubnetRouteTable.output.id\n            }\n        });\n\n        const subnets = {\n            public: [publicSubnet],\n            private: [privateSubnet1, privateSubnet2]\n        };\n\n        const routeTables = {\n            privateSubnets: privateSubnetRouteTable,\n            publicSubnets: publicSubnetRouteTable\n        };\n\n        app.addOutputs({\n            vpcPublicSubnetIds: subnets.public.map(subNet => subNet.output.id),\n            vpcPrivateSubnetIds: subnets.private.map(subNet => subNet.output.id),\n            vpcSecurityGroupIds: [vpc.output.defaultSecurityGroupId]\n        });\n\n        return {\n            vpc,\n            subnets,\n            routeTables\n        };\n    }\n});\n"],"mappings":";;;;;;;;;AAAA;;AACA;;AAIO,MAAMA,OAAO,GAAG,IAAAC,uBAAA,EAAgB;EACnCC,IAAI,EAAE,SAD6B;;EAEnCC,MAAM,CAACC,GAAD,EAAM;IACR;IACA,MAAMC,GAAG,GAAGD,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQC,GAAxB,EAA6B;MACrCP,IAAI,EAAE,QAD+B;MAErCC,MAAM,EAAE;QACJO,SAAS,EAAE;MADP;IAF6B,CAA7B,CAAZ,CAFQ,CASR;;IACA,MAAMC,YAAY,GAAGP,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQI,MAAxB,EAAgC;MACjDV,IAAI,EAAE,QAD2C;MAEjDC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJL,SAAS,EAAE,aAFP;QAGJM,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAR;MAHF;IAFyC,CAAhC,CAArB;IASA,MAAMC,iBAAiB,GAAGd,GAAG,CAACe,UAAJ,CAAe,MAAM;MAC3C,OAAOZ,GAAG,CAACa,oBAAJ,CAAyB;QAC5BC,KAAK,EAAE;MADqB,CAAzB,CAAP;IAGH,CAJyB,CAA1B;IAMA,MAAMC,cAAc,GAAGlB,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQI,MAAxB,EAAgC;MACnDV,IAAI,EAAE,kBAD6C;MAEnDC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJL,SAAS,EAAE,aAFP;QAGJa,gBAAgB,EAAEL,iBAAiB,CAACM,KAAlB,CAAwBC,IAAI,IAAIA,IAAI,CAACC,KAAL,CAAW,CAAX,CAAhC,CAHd;QAIJV,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAR;MAJF;IAF2C,CAAhC,CAAvB;IAUA,MAAMU,cAAc,GAAGvB,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQI,MAAxB,EAAgC;MACnDV,IAAI,EAAE,kBAD6C;MAEnDC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJL,SAAS,EAAE,aAFP;QAGJa,gBAAgB,EAAEL,iBAAiB,CAACM,KAAlB,CAAwBC,IAAI,IAAIA,IAAI,CAACC,KAAL,CAAW,CAAX,CAAhC,CAHd;QAIJV,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAR;MAJF;IAF2C,CAAhC,CAAvB,CAnCQ,CA6CR;;IACA,MAAMW,eAAe,GAAGxB,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQqB,eAAxB,EAAyC;MAC7D3B,IAAI,EAAE,kBADuD;MAE7DC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC;MADd;IAFqD,CAAzC,CAAxB,CA9CQ,CAqDR;;IACA,MAAMe,mBAAmB,GAAG1B,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQuB,GAAxB,EAA6B;MACrD7B,IAAI,EAAE,wBAD+C;MAErDC,MAAM,EAAE;QACJE,GAAG,EAAE;MADD;IAF6C,CAA7B,CAA5B;IAOA,MAAM2B,UAAU,GAAG5B,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQyB,UAAxB,EAAoC;MACnD/B,IAAI,EAAE,aAD6C;MAEnDC,MAAM,EAAE;QACJ+B,YAAY,EAAEJ,mBAAmB,CAAChB,MAApB,CAA2BC,EADrC;QAEJoB,QAAQ,EAAExB,YAAY,CAACG,MAAb,CAAoBC;MAF1B;IAF2C,CAApC,CAAnB,CA7DQ,CAqER;;IACA,MAAMqB,sBAAsB,GAAGhC,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQ6B,UAAxB,EAAoC;MAC/DnC,IAAI,EAAE,QADyD;MAE/DC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJuB,MAAM,EAAE,CACJ;UACI5B,SAAS,EAAE,WADf;UAEI6B,SAAS,EAAEX,eAAe,CAACd,MAAhB,CAAuBC;QAFtC,CADI;MAFJ;IAFuD,CAApC,CAA/B;IAaA,MAAMyB,uBAAuB,GAAGpC,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQ6B,UAAxB,EAAoC;MAChEnC,IAAI,EAAE,SAD0D;MAEhEC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJuB,MAAM,EAAE,CACJ;UACI5B,SAAS,EAAE,WADf;UAEI+B,YAAY,EAAET,UAAU,CAAClB,MAAX,CAAkBC;QAFpC,CADI;MAFJ;IAFwD,CAApC,CAAhC,CAnFQ,CAgGR;;IACAX,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQkC,qBAAxB,EAA+C;MAC3CxC,IAAI,EAAE,uCADqC;MAE3CC,MAAM,EAAE;QACJgC,QAAQ,EAAExB,YAAY,CAACG,MAAb,CAAoBC,EAD1B;QAEJ4B,YAAY,EAAEP,sBAAsB,CAACtB,MAAvB,CAA8BC;MAFxC;IAFmC,CAA/C;IAQAX,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQkC,qBAAxB,EAA+C;MAC3CxC,IAAI,EAAE,0CADqC;MAE3CC,MAAM,EAAE;QACJgC,QAAQ,EAAEb,cAAc,CAACR,MAAf,CAAsBC,EAD5B;QAEJ4B,YAAY,EAAEH,uBAAuB,CAAC1B,MAAxB,CAA+BC;MAFzC;IAFmC,CAA/C;IAQAX,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQkC,qBAAxB,EAA+C;MAC3CxC,IAAI,EAAE,0CADqC;MAE3CC,MAAM,EAAE;QACJgC,QAAQ,EAAER,cAAc,CAACb,MAAf,CAAsBC,EAD5B;QAEJ4B,YAAY,EAAEH,uBAAuB,CAAC1B,MAAxB,CAA+BC;MAFzC;IAFmC,CAA/C;IAQA,MAAM6B,OAAO,GAAG;MACZC,MAAM,EAAE,CAAClC,YAAD,CADI;MAEZmC,OAAO,EAAE,CAACxB,cAAD,EAAiBK,cAAjB;IAFG,CAAhB;IAKA,MAAMoB,WAAW,GAAG;MAChBC,cAAc,EAAER,uBADA;MAEhBS,aAAa,EAAEb;IAFC,CAApB;IAKAhC,GAAG,CAAC8C,UAAJ,CAAe;MACXC,kBAAkB,EAAEP,OAAO,CAACC,MAAR,CAAeO,GAAf,CAAmBC,MAAM,IAAIA,MAAM,CAACvC,MAAP,CAAcC,EAA3C,CADT;MAEXuC,mBAAmB,EAAEV,OAAO,CAACE,OAAR,CAAgBM,GAAhB,CAAoBC,MAAM,IAAIA,MAAM,CAACvC,MAAP,CAAcC,EAA5C,CAFV;MAGXwC,mBAAmB,EAAE,CAAClD,GAAG,CAACS,MAAJ,CAAW0C,sBAAZ;IAHV,CAAf;IAMA,OAAO;MACHnD,GADG;MAEHuC,OAFG;MAGHG;IAHG,CAAP;EAKH;;AAhJkC,CAAhB,CAAhB"}