@webiny/pulumi-aws 0.0.0-ee-vpcs.549378cf03
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +328 -0
- package/apps/admin/createAdminPulumiApp.d.ts +24 -0
- package/apps/admin/createAdminPulumiApp.js +21 -0
- package/apps/admin/createAdminPulumiApp.js.map +1 -0
- package/apps/admin/index.d.ts +1 -0
- package/apps/admin/index.js +18 -0
- package/apps/admin/index.js.map +1 -0
- package/apps/api/ApiApwScheduler.d.ts +20 -0
- package/apps/api/ApiApwScheduler.js +246 -0
- package/apps/api/ApiApwScheduler.js.map +1 -0
- package/apps/api/ApiCloudfront.d.ts +3 -0
- package/apps/api/ApiCloudfront.js +101 -0
- package/apps/api/ApiCloudfront.js.map +1 -0
- package/apps/api/ApiFileManager.d.ts +10 -0
- package/apps/api/ApiFileManager.js +166 -0
- package/apps/api/ApiFileManager.js.map +1 -0
- package/apps/api/ApiGateway.d.ts +18 -0
- package/apps/api/ApiGateway.js +88 -0
- package/apps/api/ApiGateway.js.map +1 -0
- package/apps/api/ApiGraphql.d.ts +26 -0
- package/apps/api/ApiGraphql.js +167 -0
- package/apps/api/ApiGraphql.js.map +1 -0
- package/apps/api/ApiHeadlessCMS.d.ts +13 -0
- package/apps/api/ApiHeadlessCMS.js +94 -0
- package/apps/api/ApiHeadlessCMS.js.map +1 -0
- package/apps/api/ApiOutput.d.ts +15 -0
- package/apps/api/ApiOutput.js +43 -0
- package/apps/api/ApiOutput.js.map +1 -0
- package/apps/api/ApiPageBuilder.d.ts +24 -0
- package/apps/api/ApiPageBuilder.js +248 -0
- package/apps/api/ApiPageBuilder.js.map +1 -0
- package/apps/api/createApiPulumiApp.d.ts +71 -0
- package/apps/api/createApiPulumiApp.js +188 -0
- package/apps/api/createApiPulumiApp.js.map +1 -0
- package/apps/api/index.d.ts +9 -0
- package/apps/api/index.js +122 -0
- package/apps/api/index.js.map +1 -0
- package/apps/awsUtils.d.ts +3 -0
- package/apps/awsUtils.js +23 -0
- package/apps/awsUtils.js.map +1 -0
- package/apps/common/CoreOutput.d.ts +21 -0
- package/apps/common/CoreOutput.js +50 -0
- package/apps/common/CoreOutput.js.map +1 -0
- package/apps/common/VpcConfig.d.ts +8 -0
- package/apps/common/VpcConfig.js +37 -0
- package/apps/common/VpcConfig.js.map +1 -0
- package/apps/common/index.d.ts +2 -0
- package/apps/common/index.js +31 -0
- package/apps/common/index.js.map +1 -0
- package/apps/core/CoreCognito.d.ts +10 -0
- package/apps/core/CoreCognito.js +100 -0
- package/apps/core/CoreCognito.js.map +1 -0
- package/apps/core/CoreDynamo.d.ts +5 -0
- package/apps/core/CoreDynamo.js +51 -0
- package/apps/core/CoreDynamo.js.map +1 -0
- package/apps/core/CoreElasticSearch.d.ts +16 -0
- package/apps/core/CoreElasticSearch.js +286 -0
- package/apps/core/CoreElasticSearch.js.map +1 -0
- package/apps/core/CoreEventBus.d.ts +1 -0
- package/apps/core/CoreEventBus.js +25 -0
- package/apps/core/CoreEventBus.js.map +1 -0
- package/apps/core/CoreFileManager.d.ts +8 -0
- package/apps/core/CoreFileManager.js +55 -0
- package/apps/core/CoreFileManager.js.map +1 -0
- package/apps/core/CoreVpc.d.ts +13 -0
- package/apps/core/CoreVpc.js +148 -0
- package/apps/core/CoreVpc.js.map +1 -0
- package/apps/core/createCorePulumiApp.d.ts +64 -0
- package/apps/core/createCorePulumiApp.js +104 -0
- package/apps/core/createCorePulumiApp.js.map +1 -0
- package/apps/core/index.d.ts +6 -0
- package/apps/core/index.js +83 -0
- package/apps/core/index.js.map +1 -0
- package/apps/createAppBucket.d.ts +13 -0
- package/apps/createAppBucket.js +106 -0
- package/apps/createAppBucket.js.map +1 -0
- package/apps/customDomain.d.ts +9 -0
- package/apps/customDomain.js +14 -0
- package/apps/customDomain.js.map +1 -0
- package/apps/index.d.ts +7 -0
- package/apps/index.js +100 -0
- package/apps/index.js.map +1 -0
- package/apps/lambdaUtils.d.ts +10 -0
- package/apps/lambdaUtils.js +82 -0
- package/apps/lambdaUtils.js.map +1 -0
- package/apps/react/createReactPulumiApp.d.ts +33 -0
- package/apps/react/createReactPulumiApp.js +144 -0
- package/apps/react/createReactPulumiApp.js.map +1 -0
- package/apps/react/index.d.ts +1 -0
- package/apps/react/index.js +18 -0
- package/apps/react/index.js.map +1 -0
- package/apps/tenantRouter.d.ts +3 -0
- package/apps/tenantRouter.js +115 -0
- package/apps/tenantRouter.js.map +1 -0
- package/apps/website/WebsitePrerendering.d.ts +39 -0
- package/apps/website/WebsitePrerendering.js +300 -0
- package/apps/website/WebsitePrerendering.js.map +1 -0
- package/apps/website/createWebsitePulumiApp.d.ts +74 -0
- package/apps/website/createWebsitePulumiApp.js +246 -0
- package/apps/website/createWebsitePulumiApp.js.map +1 -0
- package/apps/website/deliveryViewerRequest.d.ts +2 -0
- package/apps/website/deliveryViewerRequest.js +32 -0
- package/apps/website/deliveryViewerRequest.js.map +1 -0
- package/apps/website/index.d.ts +1 -0
- package/apps/website/index.js +18 -0
- package/apps/website/index.js.map +1 -0
- package/components/tenantRouter/WebsiteTenantRouter.d.ts +11 -0
- package/components/tenantRouter/WebsiteTenantRouter.js +98 -0
- package/components/tenantRouter/WebsiteTenantRouter.js.map +1 -0
- package/components/tenantRouter/functions/origin/request.d.ts +1 -0
- package/components/tenantRouter/functions/origin/request.js +129 -0
- package/components/tenantRouter/functions/origin/request.js.map +1 -0
- package/enterprise/createAdminPulumiApp.d.ts +1 -0
- package/enterprise/createAdminPulumiApp.js +25 -0
- package/enterprise/createAdminPulumiApp.js.map +1 -0
- package/enterprise/createApiPulumiApp.d.ts +61 -0
- package/enterprise/createApiPulumiApp.js +68 -0
- package/enterprise/createApiPulumiApp.js.map +1 -0
- package/enterprise/createCorePulumiApp.d.ts +42 -0
- package/enterprise/createCorePulumiApp.js +137 -0
- package/enterprise/createCorePulumiApp.js.map +1 -0
- package/enterprise/createWebsitePulumiApp.d.ts +56 -0
- package/enterprise/createWebsitePulumiApp.js +68 -0
- package/enterprise/createWebsitePulumiApp.js.map +1 -0
- package/enterprise/index.d.ts +4 -0
- package/enterprise/index.js +57 -0
- package/enterprise/index.js.map +1 -0
- package/index.d.ts +3 -0
- package/index.js +44 -0
- package/index.js.map +1 -0
- package/package.json +53 -0
- package/utils/crawlDirectory.d.ts +1 -0
- package/utils/crawlDirectory.js +33 -0
- package/utils/crawlDirectory.js.map +1 -0
- package/utils/getPresignedPost.d.ts +11 -0
- package/utils/getPresignedPost.js +46 -0
- package/utils/getPresignedPost.js.map +1 -0
- package/utils/index.d.ts +3 -0
- package/utils/index.js +51 -0
- package/utils/index.js.map +1 -0
- package/utils/lambdaEnvVariables.d.ts +20 -0
- package/utils/lambdaEnvVariables.js +78 -0
- package/utils/lambdaEnvVariables.js.map +1 -0
- package/utils/storageMigrate.d.ts +0 -0
- package/utils/storageMigrate.js +292 -0
- package/utils/storageMigrate.js.map +1 -0
- package/utils/tagResources.d.ts +5 -0
- package/utils/tagResources.js +43 -0
- package/utils/tagResources.js.map +1 -0
- package/utils/uploadFolderToS3.d.ts +26 -0
- package/utils/uploadFolderToS3.js +188 -0
- package/utils/uploadFolderToS3.js.map +1 -0
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
import { PulumiAppParam } from "@webiny/pulumi";
|
|
2
|
+
export declare type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;
|
|
3
|
+
export interface CreateCorePulumiAppParams {
|
|
4
|
+
/**
|
|
5
|
+
* Secures against deleting database by accident.
|
|
6
|
+
* By default enabled in production environments.
|
|
7
|
+
*/
|
|
8
|
+
protect?: PulumiAppParam<boolean>;
|
|
9
|
+
/**
|
|
10
|
+
* Enables ElasticSearch infrastructure.
|
|
11
|
+
* Note that it requires also changes in application code.
|
|
12
|
+
*/
|
|
13
|
+
elasticSearch?: PulumiAppParam<boolean>;
|
|
14
|
+
/**
|
|
15
|
+
* Enables VPC for the application.
|
|
16
|
+
* By default enabled in production environments.
|
|
17
|
+
*/
|
|
18
|
+
vpc?: PulumiAppParam<boolean>;
|
|
19
|
+
/**
|
|
20
|
+
* Additional settings for backwards compatibility.
|
|
21
|
+
*/
|
|
22
|
+
legacy?: PulumiAppParam<CoreAppLegacyConfig>;
|
|
23
|
+
/**
|
|
24
|
+
* Provides a way to adjust existing Pulumi code (cloud infrastructure resources)
|
|
25
|
+
* or add additional ones into the mix.
|
|
26
|
+
*/
|
|
27
|
+
pulumi?: (app: CorePulumiApp) => void | Promise<void>;
|
|
28
|
+
/**
|
|
29
|
+
* Prefixes names of all Pulumi cloud infrastructure resource with given prefix.
|
|
30
|
+
*/
|
|
31
|
+
pulumiResourceNamePrefix?: PulumiAppParam<string>;
|
|
32
|
+
}
|
|
33
|
+
export interface CoreAppLegacyConfig {
|
|
34
|
+
useEmailAsUsername?: boolean;
|
|
35
|
+
}
|
|
36
|
+
export declare function createCorePulumiApp(projectAppParams?: CreateCorePulumiAppParams): import("@webiny/pulumi").PulumiApp<{
|
|
37
|
+
fileManagerBucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
|
|
38
|
+
eventBus: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventBus").EventBus>;
|
|
39
|
+
elasticSearch: {
|
|
40
|
+
domain: import("@webiny/pulumi").PulumiAppResource<import("@webiny/pulumi").PulumiAppResourceConstructor<import("@pulumi/aws/elasticsearch/domain").Domain, any>> | import("@webiny/pulumi").PulumiAppRemoteResource<import("@pulumi/aws/elasticsearch").GetDomainResult>;
|
|
41
|
+
domainPolicy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/elasticsearch/domainPolicy").DomainPolicy> | undefined;
|
|
42
|
+
table: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/table").Table>;
|
|
43
|
+
dynamoToElastic: {
|
|
44
|
+
role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
|
|
45
|
+
policy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/policy").Policy>;
|
|
46
|
+
lambda: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
|
|
47
|
+
eventSourceMapping: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/eventSourceMapping").EventSourceMapping>;
|
|
48
|
+
};
|
|
49
|
+
} | null;
|
|
50
|
+
userPool: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cognito/userPool").UserPool>;
|
|
51
|
+
userPoolClient: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cognito/userPoolClient").UserPoolClient>;
|
|
52
|
+
dynamoDbTable: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/table").Table>;
|
|
53
|
+
vpc: {
|
|
54
|
+
vpc: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/vpc").Vpc>;
|
|
55
|
+
subnets: {
|
|
56
|
+
public: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/subnet").Subnet>[];
|
|
57
|
+
private: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/subnet").Subnet>[];
|
|
58
|
+
};
|
|
59
|
+
routeTables: {
|
|
60
|
+
privateSubnets: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/routeTable").RouteTable>;
|
|
61
|
+
publicSubnets: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/routeTable").RouteTable>;
|
|
62
|
+
};
|
|
63
|
+
} | null;
|
|
64
|
+
}>;
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault").default;
|
|
4
|
+
|
|
5
|
+
Object.defineProperty(exports, "__esModule", {
|
|
6
|
+
value: true
|
|
7
|
+
});
|
|
8
|
+
exports.createCorePulumiApp = createCorePulumiApp;
|
|
9
|
+
|
|
10
|
+
var _objectSpread2 = _interopRequireDefault(require("@babel/runtime/helpers/objectSpread2"));
|
|
11
|
+
|
|
12
|
+
var _pulumi = require("@webiny/pulumi");
|
|
13
|
+
|
|
14
|
+
var _CoreCognito = require("./CoreCognito");
|
|
15
|
+
|
|
16
|
+
var _CoreDynamo = require("./CoreDynamo");
|
|
17
|
+
|
|
18
|
+
var _CoreElasticSearch = require("./CoreElasticSearch");
|
|
19
|
+
|
|
20
|
+
var _CoreEventBus = require("./CoreEventBus");
|
|
21
|
+
|
|
22
|
+
var _CoreFileManager = require("./CoreFileManager");
|
|
23
|
+
|
|
24
|
+
var _CoreVpc = require("./CoreVpc");
|
|
25
|
+
|
|
26
|
+
var _utils = require("../../utils");
|
|
27
|
+
|
|
28
|
+
function createCorePulumiApp(projectAppParams = {}) {
|
|
29
|
+
return (0, _pulumi.createPulumiApp)({
|
|
30
|
+
name: "core",
|
|
31
|
+
path: "apps/core",
|
|
32
|
+
config: projectAppParams,
|
|
33
|
+
program: async app => {
|
|
34
|
+
const pulumiResourceNamePrefix = app.getParam(projectAppParams.pulumiResourceNamePrefix);
|
|
35
|
+
|
|
36
|
+
if (pulumiResourceNamePrefix) {
|
|
37
|
+
app.onResource(resource => {
|
|
38
|
+
if (!resource.name.startsWith(pulumiResourceNamePrefix)) {
|
|
39
|
+
resource.name = `${pulumiResourceNamePrefix}${resource.name}`;
|
|
40
|
+
}
|
|
41
|
+
});
|
|
42
|
+
} // Overrides must be applied via a handler, registered at the very start of the program.
|
|
43
|
+
// By doing this, we're ensuring user's adjustments are not applied to late.
|
|
44
|
+
|
|
45
|
+
|
|
46
|
+
if (projectAppParams.pulumi) {
|
|
47
|
+
app.addHandler(() => {
|
|
48
|
+
return projectAppParams.pulumi(app);
|
|
49
|
+
});
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
const prod = app.params.run.env === "prod";
|
|
53
|
+
const protect = app.getParam(projectAppParams.protect) ?? prod;
|
|
54
|
+
const legacyConfig = app.getParam(projectAppParams.legacy) || {}; // Setup DynamoDB table
|
|
55
|
+
|
|
56
|
+
const dynamoDbTable = app.addModule(_CoreDynamo.CoreDynamo, {
|
|
57
|
+
protect
|
|
58
|
+
}); // Setup VPC
|
|
59
|
+
|
|
60
|
+
const vpcEnabled = app.getParam(projectAppParams === null || projectAppParams === void 0 ? void 0 : projectAppParams.vpc) ?? prod;
|
|
61
|
+
const vpc = vpcEnabled ? app.addModule(_CoreVpc.CoreVpc) : null; // Setup Cognito
|
|
62
|
+
|
|
63
|
+
const cognito = app.addModule(_CoreCognito.CoreCognito, {
|
|
64
|
+
protect,
|
|
65
|
+
useEmailAsUsername: legacyConfig.useEmailAsUsername ?? false
|
|
66
|
+
}); // Setup event bus
|
|
67
|
+
|
|
68
|
+
const eventBus = app.addModule(_CoreEventBus.CoreEventBus); // Setup file core bucket
|
|
69
|
+
|
|
70
|
+
const {
|
|
71
|
+
bucket: fileManagerBucket
|
|
72
|
+
} = app.addModule(_CoreFileManager.CoreFileManger, {
|
|
73
|
+
protect
|
|
74
|
+
});
|
|
75
|
+
const elasticSearch = app.getParam(projectAppParams === null || projectAppParams === void 0 ? void 0 : projectAppParams.elasticSearch) ? app.addModule(_CoreElasticSearch.ElasticSearch, {
|
|
76
|
+
protect
|
|
77
|
+
}) : null;
|
|
78
|
+
app.addOutputs({
|
|
79
|
+
fileManagerBucketId: fileManagerBucket.output.id,
|
|
80
|
+
primaryDynamodbTableArn: dynamoDbTable.output.arn,
|
|
81
|
+
primaryDynamodbTableName: dynamoDbTable.output.name,
|
|
82
|
+
primaryDynamodbTableHashKey: dynamoDbTable.output.hashKey,
|
|
83
|
+
primaryDynamodbTableRangeKey: dynamoDbTable.output.rangeKey,
|
|
84
|
+
cognitoUserPoolId: cognito.userPool.output.id,
|
|
85
|
+
cognitoUserPoolArn: cognito.userPool.output.arn,
|
|
86
|
+
cognitoUserPoolPasswordPolicy: cognito.userPool.output.passwordPolicy,
|
|
87
|
+
cognitoAppClientId: cognito.userPoolClient.output.id,
|
|
88
|
+
eventBusArn: eventBus.output.arn
|
|
89
|
+
});
|
|
90
|
+
(0, _utils.tagResources)({
|
|
91
|
+
WbyProjectName: String(process.env["WEBINY_PROJECT_NAME"]),
|
|
92
|
+
WbyEnvironment: String(process.env["WEBINY_ENV"])
|
|
93
|
+
});
|
|
94
|
+
return (0, _objectSpread2.default)((0, _objectSpread2.default)({
|
|
95
|
+
dynamoDbTable,
|
|
96
|
+
vpc
|
|
97
|
+
}, cognito), {}, {
|
|
98
|
+
fileManagerBucket,
|
|
99
|
+
eventBus,
|
|
100
|
+
elasticSearch
|
|
101
|
+
});
|
|
102
|
+
}
|
|
103
|
+
});
|
|
104
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["createCorePulumiApp","projectAppParams","createPulumiApp","name","path","config","program","app","pulumiResourceNamePrefix","getParam","onResource","resource","startsWith","pulumi","addHandler","prod","params","run","env","protect","legacyConfig","legacy","dynamoDbTable","addModule","CoreDynamo","vpcEnabled","vpc","CoreVpc","cognito","CoreCognito","useEmailAsUsername","eventBus","CoreEventBus","bucket","fileManagerBucket","CoreFileManger","elasticSearch","ElasticSearch","addOutputs","fileManagerBucketId","output","id","primaryDynamodbTableArn","arn","primaryDynamodbTableName","primaryDynamodbTableHashKey","hashKey","primaryDynamodbTableRangeKey","rangeKey","cognitoUserPoolId","userPool","cognitoUserPoolArn","cognitoUserPoolPasswordPolicy","passwordPolicy","cognitoAppClientId","userPoolClient","eventBusArn","tagResources","WbyProjectName","String","process","WbyEnvironment"],"sources":["createCorePulumiApp.ts"],"sourcesContent":["import { createPulumiApp, PulumiAppParam } from \"@webiny/pulumi\";\nimport { CoreCognito } from \"./CoreCognito\";\nimport { CoreDynamo } from \"./CoreDynamo\";\nimport { ElasticSearch } from \"./CoreElasticSearch\";\nimport { CoreEventBus } from \"./CoreEventBus\";\nimport { CoreFileManger } from \"./CoreFileManager\";\nimport { CoreVpc } from \"./CoreVpc\";\nimport { tagResources } from \"~/utils\";\n\nexport type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;\n\nexport interface CreateCorePulumiAppParams {\n /**\n * Secures against deleting database by accident.\n * By default enabled in production environments.\n */\n protect?: PulumiAppParam<boolean>;\n\n /**\n * Enables ElasticSearch infrastructure.\n * Note that it requires also changes in application code.\n */\n elasticSearch?: PulumiAppParam<boolean>;\n\n /**\n * Enables VPC for the application.\n * By default enabled in production environments.\n */\n vpc?: PulumiAppParam<boolean>;\n\n /**\n * Additional settings for backwards compatibility.\n */\n legacy?: PulumiAppParam<CoreAppLegacyConfig>;\n\n /**\n * Provides a way to adjust existing Pulumi code (cloud infrastructure resources)\n * or add additional ones into the mix.\n */\n pulumi?: (app: CorePulumiApp) => void | Promise<void>;\n\n /**\n * Prefixes names of all Pulumi cloud infrastructure resource with given prefix.\n */\n pulumiResourceNamePrefix?: PulumiAppParam<string>;\n}\n\nexport interface CoreAppLegacyConfig {\n useEmailAsUsername?: boolean;\n}\n\nexport function createCorePulumiApp(projectAppParams: CreateCorePulumiAppParams = {}) {\n return createPulumiApp({\n name: \"core\",\n path: \"apps/core\",\n config: projectAppParams,\n program: async app => {\n const pulumiResourceNamePrefix = app.getParam(\n projectAppParams.pulumiResourceNamePrefix\n );\n if (pulumiResourceNamePrefix) {\n app.onResource(resource => {\n if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n }\n });\n }\n\n // Overrides must be applied via a handler, registered at the very start of the program.\n // By doing this, we're ensuring user's adjustments are not applied to late.\n if (projectAppParams.pulumi) {\n app.addHandler(() => {\n return projectAppParams.pulumi!(app as CorePulumiApp);\n });\n }\n\n const prod = app.params.run.env === \"prod\";\n const protect = app.getParam(projectAppParams.protect) ?? prod;\n const legacyConfig = app.getParam(projectAppParams.legacy) || {};\n\n // Setup DynamoDB table\n const dynamoDbTable = app.addModule(CoreDynamo, { protect });\n\n // Setup VPC\n const vpcEnabled = app.getParam(projectAppParams?.vpc) ?? prod;\n const vpc = vpcEnabled ? app.addModule(CoreVpc) : null;\n\n // Setup Cognito\n const cognito = app.addModule(CoreCognito, {\n protect,\n useEmailAsUsername: legacyConfig.useEmailAsUsername ?? false\n });\n\n // Setup event bus\n const eventBus = app.addModule(CoreEventBus);\n\n // Setup file core bucket\n const { bucket: fileManagerBucket } = app.addModule(CoreFileManger, { protect });\n\n const elasticSearch = app.getParam(projectAppParams?.elasticSearch)\n ? app.addModule(ElasticSearch, { protect })\n : null;\n\n app.addOutputs({\n fileManagerBucketId: fileManagerBucket.output.id,\n primaryDynamodbTableArn: dynamoDbTable.output.arn,\n primaryDynamodbTableName: dynamoDbTable.output.name,\n primaryDynamodbTableHashKey: dynamoDbTable.output.hashKey,\n primaryDynamodbTableRangeKey: dynamoDbTable.output.rangeKey,\n cognitoUserPoolId: cognito.userPool.output.id,\n cognitoUserPoolArn: cognito.userPool.output.arn,\n cognitoUserPoolPasswordPolicy: cognito.userPool.output.passwordPolicy,\n cognitoAppClientId: cognito.userPoolClient.output.id,\n eventBusArn: eventBus.output.arn\n });\n\n tagResources({\n WbyProjectName: String(process.env[\"WEBINY_PROJECT_NAME\"]),\n WbyEnvironment: String(process.env[\"WEBINY_ENV\"])\n });\n\n return {\n dynamoDbTable,\n vpc,\n ...cognito,\n fileManagerBucket,\n eventBus,\n elasticSearch\n };\n }\n });\n}\n"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AA4CO,SAASA,mBAAT,CAA6BC,gBAA2C,GAAG,EAA3E,EAA+E;EAClF,OAAO,IAAAC,uBAAA,EAAgB;IACnBC,IAAI,EAAE,MADa;IAEnBC,IAAI,EAAE,WAFa;IAGnBC,MAAM,EAAEJ,gBAHW;IAInBK,OAAO,EAAE,MAAMC,GAAN,IAAa;MAClB,MAAMC,wBAAwB,GAAGD,GAAG,CAACE,QAAJ,CAC7BR,gBAAgB,CAACO,wBADY,CAAjC;;MAGA,IAAIA,wBAAJ,EAA8B;QAC1BD,GAAG,CAACG,UAAJ,CAAeC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAACR,IAAT,CAAcS,UAAd,CAAyBJ,wBAAzB,CAAL,EAAyD;YACrDG,QAAQ,CAACR,IAAT,GAAiB,GAAEK,wBAAyB,GAAEG,QAAQ,CAACR,IAAK,EAA5D;UACH;QACJ,CAJD;MAKH,CAViB,CAYlB;MACA;;;MACA,IAAIF,gBAAgB,CAACY,MAArB,EAA6B;QACzBN,GAAG,CAACO,UAAJ,CAAe,MAAM;UACjB,OAAOb,gBAAgB,CAACY,MAAjB,CAAyBN,GAAzB,CAAP;QACH,CAFD;MAGH;;MAED,MAAMQ,IAAI,GAAGR,GAAG,CAACS,MAAJ,CAAWC,GAAX,CAAeC,GAAf,KAAuB,MAApC;MACA,MAAMC,OAAO,GAAGZ,GAAG,CAACE,QAAJ,CAAaR,gBAAgB,CAACkB,OAA9B,KAA0CJ,IAA1D;MACA,MAAMK,YAAY,GAAGb,GAAG,CAACE,QAAJ,CAAaR,gBAAgB,CAACoB,MAA9B,KAAyC,EAA9D,CAtBkB,CAwBlB;;MACA,MAAMC,aAAa,GAAGf,GAAG,CAACgB,SAAJ,CAAcC,sBAAd,EAA0B;QAAEL;MAAF,CAA1B,CAAtB,CAzBkB,CA2BlB;;MACA,MAAMM,UAAU,GAAGlB,GAAG,CAACE,QAAJ,CAAaR,gBAAb,aAAaA,gBAAb,uBAAaA,gBAAgB,CAAEyB,GAA/B,KAAuCX,IAA1D;MACA,MAAMW,GAAG,GAAGD,UAAU,GAAGlB,GAAG,CAACgB,SAAJ,CAAcI,gBAAd,CAAH,GAA4B,IAAlD,CA7BkB,CA+BlB;;MACA,MAAMC,OAAO,GAAGrB,GAAG,CAACgB,SAAJ,CAAcM,wBAAd,EAA2B;QACvCV,OADuC;QAEvCW,kBAAkB,EAAEV,YAAY,CAACU,kBAAb,IAAmC;MAFhB,CAA3B,CAAhB,CAhCkB,CAqClB;;MACA,MAAMC,QAAQ,GAAGxB,GAAG,CAACgB,SAAJ,CAAcS,0BAAd,CAAjB,CAtCkB,CAwClB;;MACA,MAAM;QAAEC,MAAM,EAAEC;MAAV,IAAgC3B,GAAG,CAACgB,SAAJ,CAAcY,+BAAd,EAA8B;QAAEhB;MAAF,CAA9B,CAAtC;MAEA,MAAMiB,aAAa,GAAG7B,GAAG,CAACE,QAAJ,CAAaR,gBAAb,aAAaA,gBAAb,uBAAaA,gBAAgB,CAAEmC,aAA/B,IAChB7B,GAAG,CAACgB,SAAJ,CAAcc,gCAAd,EAA6B;QAAElB;MAAF,CAA7B,CADgB,GAEhB,IAFN;MAIAZ,GAAG,CAAC+B,UAAJ,CAAe;QACXC,mBAAmB,EAAEL,iBAAiB,CAACM,MAAlB,CAAyBC,EADnC;QAEXC,uBAAuB,EAAEpB,aAAa,CAACkB,MAAd,CAAqBG,GAFnC;QAGXC,wBAAwB,EAAEtB,aAAa,CAACkB,MAAd,CAAqBrC,IAHpC;QAIX0C,2BAA2B,EAAEvB,aAAa,CAACkB,MAAd,CAAqBM,OAJvC;QAKXC,4BAA4B,EAAEzB,aAAa,CAACkB,MAAd,CAAqBQ,QALxC;QAMXC,iBAAiB,EAAErB,OAAO,CAACsB,QAAR,CAAiBV,MAAjB,CAAwBC,EANhC;QAOXU,kBAAkB,EAAEvB,OAAO,CAACsB,QAAR,CAAiBV,MAAjB,CAAwBG,GAPjC;QAQXS,6BAA6B,EAAExB,OAAO,CAACsB,QAAR,CAAiBV,MAAjB,CAAwBa,cAR5C;QASXC,kBAAkB,EAAE1B,OAAO,CAAC2B,cAAR,CAAuBf,MAAvB,CAA8BC,EATvC;QAUXe,WAAW,EAAEzB,QAAQ,CAACS,MAAT,CAAgBG;MAVlB,CAAf;MAaA,IAAAc,mBAAA,EAAa;QACTC,cAAc,EAAEC,MAAM,CAACC,OAAO,CAAC1C,GAAR,CAAY,qBAAZ,CAAD,CADb;QAET2C,cAAc,EAAEF,MAAM,CAACC,OAAO,CAAC1C,GAAR,CAAY,YAAZ,CAAD;MAFb,CAAb;MAKA;QACII,aADJ;QAEII;MAFJ,GAGOE,OAHP;QAIIM,iBAJJ;QAKIH,QALJ;QAMIK;MANJ;IAQH;EA7EkB,CAAhB,CAAP;AA+EH"}
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
|
4
|
+
value: true
|
|
5
|
+
});
|
|
6
|
+
|
|
7
|
+
var _CoreCognito = require("./CoreCognito");
|
|
8
|
+
|
|
9
|
+
Object.keys(_CoreCognito).forEach(function (key) {
|
|
10
|
+
if (key === "default" || key === "__esModule") return;
|
|
11
|
+
if (key in exports && exports[key] === _CoreCognito[key]) return;
|
|
12
|
+
Object.defineProperty(exports, key, {
|
|
13
|
+
enumerable: true,
|
|
14
|
+
get: function () {
|
|
15
|
+
return _CoreCognito[key];
|
|
16
|
+
}
|
|
17
|
+
});
|
|
18
|
+
});
|
|
19
|
+
|
|
20
|
+
var _CoreDynamo = require("./CoreDynamo");
|
|
21
|
+
|
|
22
|
+
Object.keys(_CoreDynamo).forEach(function (key) {
|
|
23
|
+
if (key === "default" || key === "__esModule") return;
|
|
24
|
+
if (key in exports && exports[key] === _CoreDynamo[key]) return;
|
|
25
|
+
Object.defineProperty(exports, key, {
|
|
26
|
+
enumerable: true,
|
|
27
|
+
get: function () {
|
|
28
|
+
return _CoreDynamo[key];
|
|
29
|
+
}
|
|
30
|
+
});
|
|
31
|
+
});
|
|
32
|
+
|
|
33
|
+
var _CoreEventBus = require("./CoreEventBus");
|
|
34
|
+
|
|
35
|
+
Object.keys(_CoreEventBus).forEach(function (key) {
|
|
36
|
+
if (key === "default" || key === "__esModule") return;
|
|
37
|
+
if (key in exports && exports[key] === _CoreEventBus[key]) return;
|
|
38
|
+
Object.defineProperty(exports, key, {
|
|
39
|
+
enumerable: true,
|
|
40
|
+
get: function () {
|
|
41
|
+
return _CoreEventBus[key];
|
|
42
|
+
}
|
|
43
|
+
});
|
|
44
|
+
});
|
|
45
|
+
|
|
46
|
+
var _CoreFileManager = require("./CoreFileManager");
|
|
47
|
+
|
|
48
|
+
Object.keys(_CoreFileManager).forEach(function (key) {
|
|
49
|
+
if (key === "default" || key === "__esModule") return;
|
|
50
|
+
if (key in exports && exports[key] === _CoreFileManager[key]) return;
|
|
51
|
+
Object.defineProperty(exports, key, {
|
|
52
|
+
enumerable: true,
|
|
53
|
+
get: function () {
|
|
54
|
+
return _CoreFileManager[key];
|
|
55
|
+
}
|
|
56
|
+
});
|
|
57
|
+
});
|
|
58
|
+
|
|
59
|
+
var _CoreVpc = require("./CoreVpc");
|
|
60
|
+
|
|
61
|
+
Object.keys(_CoreVpc).forEach(function (key) {
|
|
62
|
+
if (key === "default" || key === "__esModule") return;
|
|
63
|
+
if (key in exports && exports[key] === _CoreVpc[key]) return;
|
|
64
|
+
Object.defineProperty(exports, key, {
|
|
65
|
+
enumerable: true,
|
|
66
|
+
get: function () {
|
|
67
|
+
return _CoreVpc[key];
|
|
68
|
+
}
|
|
69
|
+
});
|
|
70
|
+
});
|
|
71
|
+
|
|
72
|
+
var _createCorePulumiApp = require("./createCorePulumiApp");
|
|
73
|
+
|
|
74
|
+
Object.keys(_createCorePulumiApp).forEach(function (key) {
|
|
75
|
+
if (key === "default" || key === "__esModule") return;
|
|
76
|
+
if (key in exports && exports[key] === _createCorePulumiApp[key]) return;
|
|
77
|
+
Object.defineProperty(exports, key, {
|
|
78
|
+
enumerable: true,
|
|
79
|
+
get: function () {
|
|
80
|
+
return _createCorePulumiApp[key];
|
|
81
|
+
}
|
|
82
|
+
});
|
|
83
|
+
});
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":[],"sources":["index.ts"],"sourcesContent":["export * from \"./CoreCognito\";\nexport * from \"./CoreDynamo\";\nexport * from \"./CoreEventBus\";\nexport * from \"./CoreFileManager\";\nexport * from \"./CoreVpc\";\nexport * from \"./createCorePulumiApp\";\n"],"mappings":";;;;;;AAAA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import * as aws from "@pulumi/aws";
|
|
2
|
+
import { PulumiApp } from "@webiny/pulumi";
|
|
3
|
+
export declare function createPublicAppBucket(app: PulumiApp, name: string): {
|
|
4
|
+
bucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
|
|
5
|
+
origin: aws.types.input.cloudfront.DistributionOrigin;
|
|
6
|
+
};
|
|
7
|
+
export declare function createPrivateAppBucket(app: PulumiApp, name: string): {
|
|
8
|
+
bucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
|
|
9
|
+
originIdentity: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/originAccessIdentity").OriginAccessIdentity>;
|
|
10
|
+
origin: aws.types.input.cloudfront.DistributionOrigin;
|
|
11
|
+
bucketPublicAccessBlock: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPublicAccessBlock").BucketPublicAccessBlock>;
|
|
12
|
+
bucketPolicy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPolicy").BucketPolicy>;
|
|
13
|
+
};
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
|
|
4
|
+
|
|
5
|
+
Object.defineProperty(exports, "__esModule", {
|
|
6
|
+
value: true
|
|
7
|
+
});
|
|
8
|
+
exports.createPrivateAppBucket = createPrivateAppBucket;
|
|
9
|
+
exports.createPublicAppBucket = createPublicAppBucket;
|
|
10
|
+
|
|
11
|
+
var aws = _interopRequireWildcard(require("@pulumi/aws"));
|
|
12
|
+
|
|
13
|
+
function createPublicAppBucket(app, name) {
|
|
14
|
+
const bucket = app.addResource(aws.s3.Bucket, {
|
|
15
|
+
name: name,
|
|
16
|
+
config: {
|
|
17
|
+
acl: aws.s3.CannedAcl.PublicRead,
|
|
18
|
+
forceDestroy: true,
|
|
19
|
+
website: {
|
|
20
|
+
indexDocument: "index.html",
|
|
21
|
+
errorDocument: "_NOT_FOUND_PAGE_/index.html"
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
});
|
|
25
|
+
const origin = {
|
|
26
|
+
originId: bucket.output.arn,
|
|
27
|
+
domainName: bucket.output.websiteEndpoint,
|
|
28
|
+
customOriginConfig: {
|
|
29
|
+
originProtocolPolicy: "http-only",
|
|
30
|
+
httpPort: 80,
|
|
31
|
+
httpsPort: 443,
|
|
32
|
+
originSslProtocols: ["TLSv1.2"]
|
|
33
|
+
}
|
|
34
|
+
};
|
|
35
|
+
return {
|
|
36
|
+
bucket,
|
|
37
|
+
origin
|
|
38
|
+
};
|
|
39
|
+
} // Forces S3 buckets to be available only through a cloudfront distribution.
|
|
40
|
+
|
|
41
|
+
|
|
42
|
+
function createPrivateAppBucket(app, name) {
|
|
43
|
+
const bucket = app.addResource(aws.s3.Bucket, {
|
|
44
|
+
name: name,
|
|
45
|
+
config: {
|
|
46
|
+
acl: aws.s3.CannedAcl.Private,
|
|
47
|
+
forceDestroy: true
|
|
48
|
+
}
|
|
49
|
+
}); // Origin Identity is a kind of AWS user that represents Cloudfront distribution
|
|
50
|
+
// We can add IAM policies to it later, to allow accessing private S3 bucket
|
|
51
|
+
|
|
52
|
+
const originIdentity = app.addResource(aws.cloudfront.OriginAccessIdentity, {
|
|
53
|
+
name: `${name}-origin-identity`,
|
|
54
|
+
config: {}
|
|
55
|
+
});
|
|
56
|
+
const origin = {
|
|
57
|
+
originId: bucket.output.arn,
|
|
58
|
+
domainName: bucket.output.bucket.apply( // We need to create a regional domain name. Otherwise, we'll run into the following issue:
|
|
59
|
+
// https://aws.amazon.com/premiumsupport/knowledge-center/s3-http-307-response/
|
|
60
|
+
name => `${name}.s3.${String(process.env.AWS_REGION)}.amazonaws.com`),
|
|
61
|
+
s3OriginConfig: {
|
|
62
|
+
originAccessIdentity: originIdentity.output.cloudfrontAccessIdentityPath
|
|
63
|
+
}
|
|
64
|
+
}; // block any public access
|
|
65
|
+
|
|
66
|
+
const bucketPublicAccessBlock = app.addResource(aws.s3.BucketPublicAccessBlock, {
|
|
67
|
+
name: `${name}-bucket-block-access`,
|
|
68
|
+
config: {
|
|
69
|
+
bucket: bucket.output.id,
|
|
70
|
+
blockPublicAcls: true,
|
|
71
|
+
blockPublicPolicy: true,
|
|
72
|
+
ignorePublicAcls: true,
|
|
73
|
+
restrictPublicBuckets: true
|
|
74
|
+
}
|
|
75
|
+
}); // Create an IAM policy to allow access to S3 bucket from cloudfront
|
|
76
|
+
|
|
77
|
+
const bucketPolicy = app.addResource(aws.s3.BucketPolicy, {
|
|
78
|
+
name: `${name}-bucket-policy`,
|
|
79
|
+
config: {
|
|
80
|
+
bucket: bucket.output.bucket,
|
|
81
|
+
policy: {
|
|
82
|
+
Version: "2012-10-17",
|
|
83
|
+
Statement: bucket.output.arn.apply(arn => {
|
|
84
|
+
const statements = [{
|
|
85
|
+
Effect: "Allow",
|
|
86
|
+
Principal: {
|
|
87
|
+
AWS: originIdentity.output.iamArn
|
|
88
|
+
},
|
|
89
|
+
// we need GetObject to retrieve objects from S3
|
|
90
|
+
// and ListBucket allows to properly handle non-existing files (404)
|
|
91
|
+
Action: ["s3:ListBucket", "s3:GetObject"],
|
|
92
|
+
Resource: [`${arn}`, `${arn}/*`]
|
|
93
|
+
}];
|
|
94
|
+
return statements;
|
|
95
|
+
})
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
});
|
|
99
|
+
return {
|
|
100
|
+
bucket,
|
|
101
|
+
originIdentity,
|
|
102
|
+
origin,
|
|
103
|
+
bucketPublicAccessBlock,
|
|
104
|
+
bucketPolicy
|
|
105
|
+
};
|
|
106
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["createPublicAppBucket","app","name","bucket","addResource","aws","s3","Bucket","config","acl","CannedAcl","PublicRead","forceDestroy","website","indexDocument","errorDocument","origin","originId","output","arn","domainName","websiteEndpoint","customOriginConfig","originProtocolPolicy","httpPort","httpsPort","originSslProtocols","createPrivateAppBucket","Private","originIdentity","cloudfront","OriginAccessIdentity","apply","String","process","env","AWS_REGION","s3OriginConfig","originAccessIdentity","cloudfrontAccessIdentityPath","bucketPublicAccessBlock","BucketPublicAccessBlock","id","blockPublicAcls","blockPublicPolicy","ignorePublicAcls","restrictPublicBuckets","bucketPolicy","BucketPolicy","policy","Version","Statement","statements","Effect","Principal","AWS","iamArn","Action","Resource"],"sources":["createAppBucket.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { PulumiApp } from \"@webiny/pulumi\";\n\nexport function createPublicAppBucket(app: PulumiApp, name: string) {\n const bucket = app.addResource(aws.s3.Bucket, {\n name: name,\n config: {\n acl: aws.s3.CannedAcl.PublicRead,\n forceDestroy: true,\n website: {\n indexDocument: \"index.html\",\n errorDocument: \"_NOT_FOUND_PAGE_/index.html\"\n }\n }\n });\n\n const origin: aws.types.input.cloudfront.DistributionOrigin = {\n originId: bucket.output.arn,\n domainName: bucket.output.websiteEndpoint,\n customOriginConfig: {\n originProtocolPolicy: \"http-only\",\n httpPort: 80,\n httpsPort: 443,\n originSslProtocols: [\"TLSv1.2\"]\n }\n };\n\n return {\n bucket,\n origin\n };\n}\n\n// Forces S3 buckets to be available only through a cloudfront distribution.\nexport function createPrivateAppBucket(app: PulumiApp, name: string) {\n const bucket = app.addResource(aws.s3.Bucket, {\n name: name,\n config: {\n acl: aws.s3.CannedAcl.Private,\n forceDestroy: true\n }\n });\n\n // Origin Identity is a kind of AWS user that represents Cloudfront distribution\n // We can add IAM policies to it later, to allow accessing private S3 bucket\n const originIdentity = app.addResource(aws.cloudfront.OriginAccessIdentity, {\n name: `${name}-origin-identity`,\n config: {}\n });\n\n const origin: aws.types.input.cloudfront.DistributionOrigin = {\n originId: bucket.output.arn,\n domainName: bucket.output.bucket.apply(\n // We need to create a regional domain name. Otherwise, we'll run into the following issue:\n // https://aws.amazon.com/premiumsupport/knowledge-center/s3-http-307-response/\n name => `${name}.s3.${String(process.env.AWS_REGION)}.amazonaws.com`\n ),\n s3OriginConfig: {\n originAccessIdentity: originIdentity.output.cloudfrontAccessIdentityPath\n }\n };\n\n // block any public access\n const bucketPublicAccessBlock = app.addResource(aws.s3.BucketPublicAccessBlock, {\n name: `${name}-bucket-block-access`,\n config: {\n bucket: bucket.output.id,\n blockPublicAcls: true,\n blockPublicPolicy: true,\n ignorePublicAcls: true,\n restrictPublicBuckets: true\n }\n });\n\n // Create an IAM policy to allow access to S3 bucket from cloudfront\n const bucketPolicy = app.addResource(aws.s3.BucketPolicy, {\n name: `${name}-bucket-policy`,\n config: {\n bucket: bucket.output.bucket,\n policy: {\n Version: \"2012-10-17\",\n Statement: bucket.output.arn.apply(arn => {\n const statements: aws.iam.PolicyStatement[] = [\n {\n Effect: \"Allow\",\n Principal: { AWS: originIdentity.output.iamArn },\n // we need GetObject to retrieve objects from S3\n // and ListBucket allows to properly handle non-existing files (404)\n Action: [\"s3:ListBucket\", \"s3:GetObject\"],\n Resource: [`${arn}`, `${arn}/*`]\n }\n ];\n\n return statements;\n })\n }\n }\n });\n\n return {\n bucket,\n originIdentity,\n origin,\n bucketPublicAccessBlock,\n bucketPolicy\n };\n}\n"],"mappings":";;;;;;;;;;AAAA;;AAGO,SAASA,qBAAT,CAA+BC,GAA/B,EAA+CC,IAA/C,EAA6D;EAChE,MAAMC,MAAM,GAAGF,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,EAAJ,CAAOC,MAAvB,EAA+B;IAC1CL,IAAI,EAAEA,IADoC;IAE1CM,MAAM,EAAE;MACJC,GAAG,EAAEJ,GAAG,CAACC,EAAJ,CAAOI,SAAP,CAAiBC,UADlB;MAEJC,YAAY,EAAE,IAFV;MAGJC,OAAO,EAAE;QACLC,aAAa,EAAE,YADV;QAELC,aAAa,EAAE;MAFV;IAHL;EAFkC,CAA/B,CAAf;EAYA,MAAMC,MAAqD,GAAG;IAC1DC,QAAQ,EAAEd,MAAM,CAACe,MAAP,CAAcC,GADkC;IAE1DC,UAAU,EAAEjB,MAAM,CAACe,MAAP,CAAcG,eAFgC;IAG1DC,kBAAkB,EAAE;MAChBC,oBAAoB,EAAE,WADN;MAEhBC,QAAQ,EAAE,EAFM;MAGhBC,SAAS,EAAE,GAHK;MAIhBC,kBAAkB,EAAE,CAAC,SAAD;IAJJ;EAHsC,CAA9D;EAWA,OAAO;IACHvB,MADG;IAEHa;EAFG,CAAP;AAIH,C,CAED;;;AACO,SAASW,sBAAT,CAAgC1B,GAAhC,EAAgDC,IAAhD,EAA8D;EACjE,MAAMC,MAAM,GAAGF,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,EAAJ,CAAOC,MAAvB,EAA+B;IAC1CL,IAAI,EAAEA,IADoC;IAE1CM,MAAM,EAAE;MACJC,GAAG,EAAEJ,GAAG,CAACC,EAAJ,CAAOI,SAAP,CAAiBkB,OADlB;MAEJhB,YAAY,EAAE;IAFV;EAFkC,CAA/B,CAAf,CADiE,CASjE;EACA;;EACA,MAAMiB,cAAc,GAAG5B,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACyB,UAAJ,CAAeC,oBAA/B,EAAqD;IACxE7B,IAAI,EAAG,GAAEA,IAAK,kBAD0D;IAExEM,MAAM,EAAE;EAFgE,CAArD,CAAvB;EAKA,MAAMQ,MAAqD,GAAG;IAC1DC,QAAQ,EAAEd,MAAM,CAACe,MAAP,CAAcC,GADkC;IAE1DC,UAAU,EAAEjB,MAAM,CAACe,MAAP,CAAcf,MAAd,CAAqB6B,KAArB,EACR;IACA;IACA9B,IAAI,IAAK,GAAEA,IAAK,OAAM+B,MAAM,CAACC,OAAO,CAACC,GAAR,CAAYC,UAAb,CAAyB,gBAH7C,CAF8C;IAO1DC,cAAc,EAAE;MACZC,oBAAoB,EAAET,cAAc,CAACX,MAAf,CAAsBqB;IADhC;EAP0C,CAA9D,CAhBiE,CA4BjE;;EACA,MAAMC,uBAAuB,GAAGvC,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,EAAJ,CAAOmC,uBAAvB,EAAgD;IAC5EvC,IAAI,EAAG,GAAEA,IAAK,sBAD8D;IAE5EM,MAAM,EAAE;MACJL,MAAM,EAAEA,MAAM,CAACe,MAAP,CAAcwB,EADlB;MAEJC,eAAe,EAAE,IAFb;MAGJC,iBAAiB,EAAE,IAHf;MAIJC,gBAAgB,EAAE,IAJd;MAKJC,qBAAqB,EAAE;IALnB;EAFoE,CAAhD,CAAhC,CA7BiE,CAwCjE;;EACA,MAAMC,YAAY,GAAG9C,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,EAAJ,CAAO0C,YAAvB,EAAqC;IACtD9C,IAAI,EAAG,GAAEA,IAAK,gBADwC;IAEtDM,MAAM,EAAE;MACJL,MAAM,EAAEA,MAAM,CAACe,MAAP,CAAcf,MADlB;MAEJ8C,MAAM,EAAE;QACJC,OAAO,EAAE,YADL;QAEJC,SAAS,EAAEhD,MAAM,CAACe,MAAP,CAAcC,GAAd,CAAkBa,KAAlB,CAAwBb,GAAG,IAAI;UACtC,MAAMiC,UAAqC,GAAG,CAC1C;YACIC,MAAM,EAAE,OADZ;YAEIC,SAAS,EAAE;cAAEC,GAAG,EAAE1B,cAAc,CAACX,MAAf,CAAsBsC;YAA7B,CAFf;YAGI;YACA;YACAC,MAAM,EAAE,CAAC,eAAD,EAAkB,cAAlB,CALZ;YAMIC,QAAQ,EAAE,CAAE,GAAEvC,GAAI,EAAR,EAAY,GAAEA,GAAI,IAAlB;UANd,CAD0C,CAA9C;UAWA,OAAOiC,UAAP;QACH,CAbU;MAFP;IAFJ;EAF8C,CAArC,CAArB;EAwBA,OAAO;IACHjD,MADG;IAEH0B,cAFG;IAGHb,MAHG;IAIHwB,uBAJG;IAKHO;EALG,CAAP;AAOH"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { Input } from "@pulumi/pulumi";
|
|
2
|
+
import * as aws from "@pulumi/aws";
|
|
3
|
+
import { PulumiAppResource } from "@webiny/pulumi";
|
|
4
|
+
export interface CustomDomainParams {
|
|
5
|
+
domains: Input<string[]>;
|
|
6
|
+
acmCertificateArn: Input<string>;
|
|
7
|
+
sslSupportMethod?: Input<string>;
|
|
8
|
+
}
|
|
9
|
+
export declare function applyCustomDomain(cloudfront: PulumiAppResource<typeof aws.cloudfront.Distribution>, params: CustomDomainParams): void;
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
|
4
|
+
value: true
|
|
5
|
+
});
|
|
6
|
+
exports.applyCustomDomain = applyCustomDomain;
|
|
7
|
+
|
|
8
|
+
function applyCustomDomain(cloudfront, params) {
|
|
9
|
+
cloudfront.config.aliases(params.domains);
|
|
10
|
+
cloudfront.config.viewerCertificate({
|
|
11
|
+
acmCertificateArn: params.acmCertificateArn,
|
|
12
|
+
sslSupportMethod: params.sslSupportMethod ?? "sni-only"
|
|
13
|
+
});
|
|
14
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["applyCustomDomain","cloudfront","params","config","aliases","domains","viewerCertificate","acmCertificateArn","sslSupportMethod"],"sources":["customDomain.ts"],"sourcesContent":["import { Input } from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { PulumiAppResource } from \"@webiny/pulumi\";\n\nexport interface CustomDomainParams {\n domains: Input<string[]>;\n acmCertificateArn: Input<string>;\n sslSupportMethod?: Input<string>;\n}\n\nexport function applyCustomDomain(\n cloudfront: PulumiAppResource<typeof aws.cloudfront.Distribution>,\n params: CustomDomainParams\n) {\n cloudfront.config.aliases(params.domains);\n\n cloudfront.config.viewerCertificate({\n acmCertificateArn: params.acmCertificateArn,\n sslSupportMethod: params.sslSupportMethod ?? \"sni-only\"\n });\n}\n"],"mappings":";;;;;;;AAUO,SAASA,iBAAT,CACHC,UADG,EAEHC,MAFG,EAGL;EACED,UAAU,CAACE,MAAX,CAAkBC,OAAlB,CAA0BF,MAAM,CAACG,OAAjC;EAEAJ,UAAU,CAACE,MAAX,CAAkBG,iBAAlB,CAAoC;IAChCC,iBAAiB,EAAEL,MAAM,CAACK,iBADM;IAEhCC,gBAAgB,EAAEN,MAAM,CAACM,gBAAP,IAA2B;EAFb,CAApC;AAIH"}
|
package/apps/index.d.ts
ADDED
package/apps/index.js
ADDED
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
|
4
|
+
value: true
|
|
5
|
+
});
|
|
6
|
+
var _exportNames = {
|
|
7
|
+
CustomDomainParams: true
|
|
8
|
+
};
|
|
9
|
+
Object.defineProperty(exports, "CustomDomainParams", {
|
|
10
|
+
enumerable: true,
|
|
11
|
+
get: function () {
|
|
12
|
+
return _customDomain.CustomDomainParams;
|
|
13
|
+
}
|
|
14
|
+
});
|
|
15
|
+
|
|
16
|
+
var _core = require("./core");
|
|
17
|
+
|
|
18
|
+
Object.keys(_core).forEach(function (key) {
|
|
19
|
+
if (key === "default" || key === "__esModule") return;
|
|
20
|
+
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
21
|
+
if (key in exports && exports[key] === _core[key]) return;
|
|
22
|
+
Object.defineProperty(exports, key, {
|
|
23
|
+
enumerable: true,
|
|
24
|
+
get: function () {
|
|
25
|
+
return _core[key];
|
|
26
|
+
}
|
|
27
|
+
});
|
|
28
|
+
});
|
|
29
|
+
|
|
30
|
+
var _common = require("./common");
|
|
31
|
+
|
|
32
|
+
Object.keys(_common).forEach(function (key) {
|
|
33
|
+
if (key === "default" || key === "__esModule") return;
|
|
34
|
+
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
35
|
+
if (key in exports && exports[key] === _common[key]) return;
|
|
36
|
+
Object.defineProperty(exports, key, {
|
|
37
|
+
enumerable: true,
|
|
38
|
+
get: function () {
|
|
39
|
+
return _common[key];
|
|
40
|
+
}
|
|
41
|
+
});
|
|
42
|
+
});
|
|
43
|
+
|
|
44
|
+
var _api = require("./api");
|
|
45
|
+
|
|
46
|
+
Object.keys(_api).forEach(function (key) {
|
|
47
|
+
if (key === "default" || key === "__esModule") return;
|
|
48
|
+
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
49
|
+
if (key in exports && exports[key] === _api[key]) return;
|
|
50
|
+
Object.defineProperty(exports, key, {
|
|
51
|
+
enumerable: true,
|
|
52
|
+
get: function () {
|
|
53
|
+
return _api[key];
|
|
54
|
+
}
|
|
55
|
+
});
|
|
56
|
+
});
|
|
57
|
+
|
|
58
|
+
var _react = require("./react");
|
|
59
|
+
|
|
60
|
+
Object.keys(_react).forEach(function (key) {
|
|
61
|
+
if (key === "default" || key === "__esModule") return;
|
|
62
|
+
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
63
|
+
if (key in exports && exports[key] === _react[key]) return;
|
|
64
|
+
Object.defineProperty(exports, key, {
|
|
65
|
+
enumerable: true,
|
|
66
|
+
get: function () {
|
|
67
|
+
return _react[key];
|
|
68
|
+
}
|
|
69
|
+
});
|
|
70
|
+
});
|
|
71
|
+
|
|
72
|
+
var _admin = require("./admin");
|
|
73
|
+
|
|
74
|
+
Object.keys(_admin).forEach(function (key) {
|
|
75
|
+
if (key === "default" || key === "__esModule") return;
|
|
76
|
+
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
77
|
+
if (key in exports && exports[key] === _admin[key]) return;
|
|
78
|
+
Object.defineProperty(exports, key, {
|
|
79
|
+
enumerable: true,
|
|
80
|
+
get: function () {
|
|
81
|
+
return _admin[key];
|
|
82
|
+
}
|
|
83
|
+
});
|
|
84
|
+
});
|
|
85
|
+
|
|
86
|
+
var _website = require("./website");
|
|
87
|
+
|
|
88
|
+
Object.keys(_website).forEach(function (key) {
|
|
89
|
+
if (key === "default" || key === "__esModule") return;
|
|
90
|
+
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
91
|
+
if (key in exports && exports[key] === _website[key]) return;
|
|
92
|
+
Object.defineProperty(exports, key, {
|
|
93
|
+
enumerable: true,
|
|
94
|
+
get: function () {
|
|
95
|
+
return _website[key];
|
|
96
|
+
}
|
|
97
|
+
});
|
|
98
|
+
});
|
|
99
|
+
|
|
100
|
+
var _customDomain = require("./customDomain");
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":[],"sources":["index.ts"],"sourcesContent":["export * from \"./core\";\nexport * from \"./common\";\nexport * from \"./api\";\nexport * from \"./react\";\nexport * from \"./admin\";\nexport * from \"./website\";\nexport { CustomDomainParams } from \"./customDomain\";\n"],"mappings":";;;;;;;;;;;;;;;AAAA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import * as pulumi from "@pulumi/pulumi";
|
|
2
|
+
import * as aws from "@pulumi/aws";
|
|
3
|
+
import { PulumiApp } from "@webiny/pulumi";
|
|
4
|
+
export * from "../utils/lambdaEnvVariables";
|
|
5
|
+
interface LambdaRoleParams {
|
|
6
|
+
name: string;
|
|
7
|
+
policy?: pulumi.Output<aws.iam.Policy>;
|
|
8
|
+
executionRole?: pulumi.Input<string>;
|
|
9
|
+
}
|
|
10
|
+
export declare function createLambdaRole(app: PulumiApp, params: LambdaRoleParams): import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
|
|
4
|
+
|
|
5
|
+
Object.defineProperty(exports, "__esModule", {
|
|
6
|
+
value: true
|
|
7
|
+
});
|
|
8
|
+
var _exportNames = {
|
|
9
|
+
createLambdaRole: true
|
|
10
|
+
};
|
|
11
|
+
exports.createLambdaRole = createLambdaRole;
|
|
12
|
+
|
|
13
|
+
var aws = _interopRequireWildcard(require("@pulumi/aws"));
|
|
14
|
+
|
|
15
|
+
var _lambdaEnvVariables = require("../utils/lambdaEnvVariables");
|
|
16
|
+
|
|
17
|
+
Object.keys(_lambdaEnvVariables).forEach(function (key) {
|
|
18
|
+
if (key === "default" || key === "__esModule") return;
|
|
19
|
+
if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
|
|
20
|
+
if (key in exports && exports[key] === _lambdaEnvVariables[key]) return;
|
|
21
|
+
Object.defineProperty(exports, key, {
|
|
22
|
+
enumerable: true,
|
|
23
|
+
get: function () {
|
|
24
|
+
return _lambdaEnvVariables[key];
|
|
25
|
+
}
|
|
26
|
+
});
|
|
27
|
+
});
|
|
28
|
+
|
|
29
|
+
var _common = require("./common");
|
|
30
|
+
|
|
31
|
+
function createLambdaRole(app, params) {
|
|
32
|
+
const role = app.addResource(aws.iam.Role, {
|
|
33
|
+
name: params.name,
|
|
34
|
+
config: {
|
|
35
|
+
assumeRolePolicy: {
|
|
36
|
+
Version: "2012-10-17",
|
|
37
|
+
Statement: [{
|
|
38
|
+
Action: "sts:AssumeRole",
|
|
39
|
+
Principal: {
|
|
40
|
+
Service: "lambda.amazonaws.com"
|
|
41
|
+
},
|
|
42
|
+
Effect: "Allow"
|
|
43
|
+
}]
|
|
44
|
+
}
|
|
45
|
+
},
|
|
46
|
+
meta: {
|
|
47
|
+
isLambdaFunctionRole: true
|
|
48
|
+
}
|
|
49
|
+
});
|
|
50
|
+
|
|
51
|
+
if (params.policy) {
|
|
52
|
+
app.addResource(aws.iam.RolePolicyAttachment, {
|
|
53
|
+
name: `${params.name}-policy`,
|
|
54
|
+
config: {
|
|
55
|
+
role: role.output,
|
|
56
|
+
policyArn: params.policy.arn
|
|
57
|
+
}
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
if (params.executionRole) {
|
|
62
|
+
// If execution role is set, use it.
|
|
63
|
+
app.addResource(aws.iam.RolePolicyAttachment, {
|
|
64
|
+
name: `${params.name}-execution-role`,
|
|
65
|
+
config: {
|
|
66
|
+
role: role.output,
|
|
67
|
+
policyArn: params.executionRole
|
|
68
|
+
}
|
|
69
|
+
});
|
|
70
|
+
} // Add default execution role.
|
|
71
|
+
|
|
72
|
+
|
|
73
|
+
const vpc = app.getModule(_common.VpcConfig);
|
|
74
|
+
app.addResource(aws.iam.RolePolicyAttachment, {
|
|
75
|
+
name: `${params.name}-default-execution-role`,
|
|
76
|
+
config: {
|
|
77
|
+
role: role.output,
|
|
78
|
+
policyArn: vpc.enabled.apply(enabled => enabled ? aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole : aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole)
|
|
79
|
+
}
|
|
80
|
+
});
|
|
81
|
+
return role;
|
|
82
|
+
}
|