@webiny/pulumi-aws 0.0.0-ee-vpcs.549378cf03

package/apps/lambdaUtils.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["createLambdaRole","app","params","role","addResource","aws","iam","Role","name","config","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","meta","isLambdaFunctionRole","policy","RolePolicyAttachment","output","policyArn","arn","executionRole","vpc","getModule","VpcConfig","enabled","apply","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole"],"sources":["lambdaUtils.ts"],"sourcesContent":["import * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { PulumiApp } from \"@webiny/pulumi\";\n\nexport * from \"../utils/lambdaEnvVariables\";\n\nimport { VpcConfig } from \"./common\";\n\ninterface LambdaRoleParams {\n    name: string;\n    policy?: pulumi.Output<aws.iam.Policy>;\n    executionRole?: pulumi.Input<string>;\n}\n\nexport function createLambdaRole(app: PulumiApp, params: LambdaRoleParams) {\n    const role = app.addResource(aws.iam.Role, {\n        name: params.name,\n        config: {\n            assumeRolePolicy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Action: \"sts:AssumeRole\",\n                        Principal: {\n                            Service: \"lambda.amazonaws.com\"\n                        },\n                        Effect: \"Allow\"\n                    }\n                ]\n            }\n        },\n        meta: { isLambdaFunctionRole: true }\n    });\n\n    if (params.policy) {\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${params.name}-policy`,\n            config: {\n                role: role.output,\n                policyArn: params.policy.arn\n            }\n        });\n    }\n\n    if (params.executionRole) {\n        // If execution role is set, use it.\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${params.name}-execution-role`,\n            config: {\n                role: role.output,\n                policyArn: params.executionRole\n            }\n        });\n    }\n\n    // Add default execution role.\n    const vpc = app.getModule(VpcConfig);\n\n    app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${params.name}-default-execution-role`,\n        config: {\n            role: role.output,\n            policyArn: vpc.enabled.apply(enabled =>\n                enabled\n                    ? aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n                    : aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n            )\n        }\n    });\n\n    return role;\n}\n"],"mappings":";;;;;;;;;;;;AACA;;AAGA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AAEA;;AAQO,SAASA,gBAAT,CAA0BC,GAA1B,EAA0CC,MAA1C,EAAoE;EACvE,MAAMC,IAAI,GAAGF,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQC,IAAxB,EAA8B;IACvCC,IAAI,EAAEN,MAAM,CAACM,IAD0B;IAEvCC,MAAM,EAAE;MACJC,gBAAgB,EAAE;QACdC,OAAO,EAAE,YADK;QAEdC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBADZ;UAEIC,SAAS,EAAE;YACPC,OAAO,EAAE;UADF,CAFf;UAKIC,MAAM,EAAE;QALZ,CADO;MAFG;IADd,CAF+B;IAgBvCC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAxB;EAhBiC,CAA9B,CAAb;;EAmBA,IAAIhB,MAAM,CAACiB,MAAX,EAAmB;IACflB,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQc,oBAAxB,EAA8C;MAC1CZ,IAAI,EAAG,GAAEN,MAAM,CAACM,IAAK,SADqB;MAE1CC,MAAM,EAAE;QACJN,IAAI,EAAEA,IAAI,CAACkB,MADP;QAEJC,SAAS,EAAEpB,MAAM,CAACiB,MAAP,CAAcI;MAFrB;IAFkC,CAA9C;EAOH;;EAED,IAAIrB,MAAM,CAACsB,aAAX,EAA0B;IACtB;IACAvB,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQc,oBAAxB,EAA8C;MAC1CZ,IAAI,EAAG,GAAEN,MAAM,CAACM,IAAK,iBADqB;MAE1CC,MAAM,EAAE;QACJN,IAAI,EAAEA,IAAI,CAACkB,MADP;QAEJC,SAAS,EAAEpB,MAAM,CAACsB;MAFd;IAFkC,CAA9C;EAOH,CAvCsE,CAyCvE;;;EACA,MAAMC,GAAG,GAAGxB,GAAG,CAACyB,SAAJ,CAAcC,iBAAd,CAAZ;EAEA1B,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQc,oBAAxB,EAA8C;IAC1CZ,IAAI,EAAG,GAAEN,MAAM,CAACM,IAAK,yBADqB;IAE1CC,MAAM,EAAE;MACJN,IAAI,EAAEA,IAAI,CAACkB,MADP;MAEJC,SAAS,EAAEG,GAAG,CAACG,OAAJ,CAAYC,KAAZ,CAAkBD,OAAO,IAChCA,OAAO,GACDvB,GAAG,CAACC,GAAJ,CAAQwB,aAAR,CAAsBC,+BADrB,GAED1B,GAAG,CAACC,GAAJ,CAAQwB,aAAR,CAAsBE,2BAHrB;IAFP;EAFkC,CAA9C;EAYA,OAAO7B,IAAP;AACH"}

package/apps/react/createReactPulumiApp.d.ts

@@ -0,0 +1,33 @@
+import * as aws from "@pulumi/aws";
+import { PulumiAppParam, PulumiAppParamCallback } from "@webiny/pulumi";
+import { CustomDomainParams } from "../customDomain";
+export declare type ReactPulumiApp = ReturnType<typeof createReactPulumiApp>;
+export interface CreateReactPulumiAppParams {
+    /**
+     * A name of the app, e.g., "user-area"
+     */
+    name: string;
+    /**
+     * A folder where the app is located, e.g., "apps/user-area"
+     */
+    folder: string;
+    /** Custom domain configuration */
+    domains?: PulumiAppParamCallback<CustomDomainParams>;
+    /**
+     * Provides a way to adjust existing Pulumi code (cloud infrastructure resources)
+     * or add additional ones into the mix.
+     */
+    pulumi?: (app: ReactPulumiApp) => void | Promise<void>;
+    /**
+     * Prefixes names of all Pulumi cloud infrastructure resource with given prefix.
+     */
+    pulumiResourceNamePrefix?: PulumiAppParam<string>;
+}
+export declare const createReactPulumiApp: (projectAppParams: CreateReactPulumiAppParams) => import("@webiny/pulumi").PulumiApp<{
+    cloudfront: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/distribution").Distribution>;
+    bucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
+    originIdentity: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/originAccessIdentity").OriginAccessIdentity>;
+    origin: aws.types.input.cloudfront.DistributionOrigin;
+    bucketPublicAccessBlock: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPublicAccessBlock").BucketPublicAccessBlock>;
+    bucketPolicy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPolicy").BucketPolicy>;
+}>;

package/apps/react/createReactPulumiApp.js

@@ -0,0 +1,144 @@
+"use strict";
+
+var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
+
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault").default;
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.createReactPulumiApp = void 0;
+
+var _objectSpread2 = _interopRequireDefault(require("@babel/runtime/helpers/objectSpread2"));
+
+var aws = _interopRequireWildcard(require("@pulumi/aws"));
+
+var _pulumi = require("@webiny/pulumi");
+
+var _utils = require("../../utils");
+
+var _createAppBucket = require("../createAppBucket");
+
+var _customDomain = require("../customDomain");
+
+var pulumi = _interopRequireWildcard(require("@pulumi/pulumi"));
+
+var _CoreOutput = require("../common/CoreOutput");
+
+const createReactPulumiApp = projectAppParams => {
+  return (0, _pulumi.createPulumiApp)({
+    name: projectAppParams.name,
+    path: projectAppParams.folder,
+    config: projectAppParams,
+    program: async app => {
+      const pulumiResourceNamePrefix = app.getParam(projectAppParams.pulumiResourceNamePrefix);
+
+      if (pulumiResourceNamePrefix) {
+        app.onResource(resource => {
+          if (!resource.name.startsWith(pulumiResourceNamePrefix)) {
+            resource.name = `${pulumiResourceNamePrefix}${resource.name}`;
+          }
+        });
+      }
+
+      const {
+        name
+      } = projectAppParams; // Register core output as a module available for all other modules
+
+      const core = app.addModule(_CoreOutput.CoreOutput); // Overrides must be applied via a handler, registered at the very start of the program.
+      // By doing this, we're ensuring user's adjustments are not applied to late.
+
+      if (projectAppParams.pulumi) {
+        app.addHandler(() => {
+          return projectAppParams.pulumi(app);
+        });
+      }
+
+      const bucket = (0, _createAppBucket.createPrivateAppBucket)(app, `${name}-app`);
+      const cloudfront = app.addResource(aws.cloudfront.Distribution, {
+        name: `${name}-app-cdn`,
+        config: {
+          enabled: true,
+          waitForDeployment: false,
+          origins: [bucket.origin],
+          defaultRootObject: "index.html",
+          defaultCacheBehavior: {
+            compress: true,
+            targetOriginId: bucket.origin.originId,
+            viewerProtocolPolicy: "redirect-to-https",
+            allowedMethods: ["GET", "HEAD", "OPTIONS"],
+            cachedMethods: ["GET", "HEAD", "OPTIONS"],
+            forwardedValues: {
+              cookies: {
+                forward: "none"
+              },
+              queryString: false
+            },
+            // MinTTL <= DefaultTTL <= MaxTTL
+            minTtl: 0,
+            defaultTtl: 600,
+            maxTtl: 600
+          },
+          priceClass: "PriceClass_100",
+          customErrorResponses: [{
+            errorCode: 404,
+            responseCode: 404,
+            responsePagePath: "/index.html"
+          }],
+          restrictions: {
+            geoRestriction: {
+              restrictionType: "none"
+            }
+          },
+          viewerCertificate: {
+            cloudfrontDefaultCertificate: true
+          }
+        }
+      });
+      const domains = app.getParam(projectAppParams.domains);
+
+      if (domains) {
+        (0, _customDomain.applyCustomDomain)(cloudfront, domains);
+      }
+
+      app.addOutputs({
+        appStorage: bucket.bucket.output.id,
+        appDomain: cloudfront.output.domainName,
+        appUrl: cloudfront.output.domainName.apply(value => `https://${value}`)
+      });
+      (0, _utils.tagResources)({
+        WbyAppName: name,
+        WbyProjectName: String(process.env["WEBINY_PROJECT_NAME"]),
+        WbyEnvironment: String(process.env["WEBINY_ENV"])
+      });
+      /**
+       * We need to store the appUrl to the admin settings item in the dynamodb
+       */
+
+      app.addResource(aws.dynamodb.TableItem, {
+        name: "adminSettings",
+        config: {
+          tableName: core.primaryDynamodbTableName,
+          hashKey: core.primaryDynamodbTableHashKey,
+          rangeKey: pulumi.output(core.primaryDynamodbTableRangeKey).apply(key => key || "SK"),
+          item: pulumi.interpolate`{
+                          "PK": {"S": "ADMIN#SETTINGS"},
+                          "SK": {"S": "${app.params.run.variant || "default"}"},
+                          "data": {
+                            "M": {
+                              "appUrl": {
+                                "S": "${cloudfront.output.domainName.apply(value => `https://${value}`)}"
+                              }
+                            }
+                          }
+                        }`
+        }
+      });
+      return (0, _objectSpread2.default)((0, _objectSpread2.default)({}, bucket), {}, {
+        cloudfront
+      });
+    }
+  });
+};
+
+exports.createReactPulumiApp = createReactPulumiApp;

package/apps/react/createReactPulumiApp.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["createReactPulumiApp","projectAppParams","createPulumiApp","name","path","folder","config","program","app","pulumiResourceNamePrefix","getParam","onResource","resource","startsWith","core","addModule","CoreOutput","pulumi","addHandler","bucket","createPrivateAppBucket","cloudfront","addResource","aws","Distribution","enabled","waitForDeployment","origins","origin","defaultRootObject","defaultCacheBehavior","compress","targetOriginId","originId","viewerProtocolPolicy","allowedMethods","cachedMethods","forwardedValues","cookies","forward","queryString","minTtl","defaultTtl","maxTtl","priceClass","customErrorResponses","errorCode","responseCode","responsePagePath","restrictions","geoRestriction","restrictionType","viewerCertificate","cloudfrontDefaultCertificate","domains","applyCustomDomain","addOutputs","appStorage","output","id","appDomain","domainName","appUrl","apply","value","tagResources","WbyAppName","WbyProjectName","String","process","env","WbyEnvironment","dynamodb","TableItem","tableName","primaryDynamodbTableName","hashKey","primaryDynamodbTableHashKey","rangeKey","primaryDynamodbTableRangeKey","key","item","interpolate","params","run","variant"],"sources":["createReactPulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\n\nimport { createPulumiApp, PulumiAppParam, PulumiAppParamCallback } from \"@webiny/pulumi\";\nimport { tagResources } from \"~/utils\";\nimport { createPrivateAppBucket } from \"../createAppBucket\";\nimport { applyCustomDomain, CustomDomainParams } from \"../customDomain\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport { CoreOutput } from \"../common/CoreOutput\";\n\nexport type ReactPulumiApp = ReturnType<typeof createReactPulumiApp>;\n\nexport interface CreateReactPulumiAppParams {\n    /**\n     * A name of the app, e.g., \"user-area\"\n     */\n    name: string;\n\n    /**\n     * A folder where the app is located, e.g., \"apps/user-area\"\n     */\n    folder: string;\n\n    /** Custom domain configuration */\n    domains?: PulumiAppParamCallback<CustomDomainParams>;\n\n    /**\n     * Provides a way to adjust existing Pulumi code (cloud infrastructure resources)\n     * or add additional ones into the mix.\n     */\n    pulumi?: (app: ReactPulumiApp) => void | Promise<void>;\n\n    /**\n     * Prefixes names of all Pulumi cloud infrastructure resource with given prefix.\n     */\n    pulumiResourceNamePrefix?: PulumiAppParam<string>;\n}\n\nexport const createReactPulumiApp = (projectAppParams: CreateReactPulumiAppParams) => {\n    return createPulumiApp({\n        name: projectAppParams.name,\n        path: projectAppParams.folder,\n        config: projectAppParams,\n        program: async app => {\n            const pulumiResourceNamePrefix = app.getParam(\n                projectAppParams.pulumiResourceNamePrefix\n            );\n            if (pulumiResourceNamePrefix) {\n                app.onResource(resource => {\n                    if (!resource.name.startsWith(pulumiResourceNamePrefix)) {\n                        resource.name = `${pulumiResourceNamePrefix}${resource.name}`;\n                    }\n                });\n            }\n\n            const { name } = projectAppParams;\n\n            // Register core output as a module available for all other modules\n            const core = app.addModule(CoreOutput);\n\n            // Overrides must be applied via a handler, registered at the very start of the program.\n            // By doing this, we're ensuring user's adjustments are not applied to late.\n            if (projectAppParams.pulumi) {\n                app.addHandler(() => {\n                    return projectAppParams.pulumi!(app as ReactPulumiApp);\n                });\n            }\n\n            const bucket = createPrivateAppBucket(app, `${name}-app`);\n\n            const cloudfront = app.addResource(aws.cloudfront.Distribution, {\n                name: `${name}-app-cdn`,\n                config: {\n                    enabled: true,\n                    waitForDeployment: false,\n                    origins: [bucket.origin],\n                    defaultRootObject: \"index.html\",\n                    defaultCacheBehavior: {\n                        compress: true,\n                        targetOriginId: bucket.origin.originId,\n                        viewerProtocolPolicy: \"redirect-to-https\",\n                        allowedMethods: [\"GET\", \"HEAD\", \"OPTIONS\"],\n                        cachedMethods: [\"GET\", \"HEAD\", \"OPTIONS\"],\n                        forwardedValues: {\n                            cookies: { forward: \"none\" },\n                            queryString: false\n                        },\n                        // MinTTL <= DefaultTTL <= MaxTTL\n                        minTtl: 0,\n                        defaultTtl: 600,\n                        maxTtl: 600\n                    },\n                    priceClass: \"PriceClass_100\",\n                    customErrorResponses: [\n                        { errorCode: 404, responseCode: 404, responsePagePath: \"/index.html\" }\n                    ],\n                    restrictions: {\n                        geoRestriction: {\n                            restrictionType: \"none\"\n                        }\n                    },\n                    viewerCertificate: {\n                        cloudfrontDefaultCertificate: true\n                    }\n                }\n            });\n\n            const domains = app.getParam(projectAppParams.domains);\n            if (domains) {\n                applyCustomDomain(cloudfront, domains);\n            }\n\n            app.addOutputs({\n                appStorage: bucket.bucket.output.id,\n                appDomain: cloudfront.output.domainName,\n                appUrl: cloudfront.output.domainName.apply(value => `https://${value}`)\n            });\n\n            tagResources({\n                WbyAppName: name,\n                WbyProjectName: String(process.env[\"WEBINY_PROJECT_NAME\"]),\n                WbyEnvironment: String(process.env[\"WEBINY_ENV\"])\n            });\n\n            /**\n             * We need to store the appUrl to the admin settings item in the dynamodb\n             */\n            app.addResource(aws.dynamodb.TableItem, {\n                name: \"adminSettings\",\n                config: {\n                    tableName: core.primaryDynamodbTableName,\n                    hashKey: core.primaryDynamodbTableHashKey,\n                    rangeKey: pulumi\n                        .output(core.primaryDynamodbTableRangeKey)\n                        .apply(key => key || \"SK\"),\n                    item: pulumi.interpolate`{\n                          \"PK\": {\"S\": \"ADMIN#SETTINGS\"},\n                          \"SK\": {\"S\": \"${app.params.run.variant || \"default\"}\"},\n                          \"data\": {\n                            \"M\": {\n                              \"appUrl\": {\n                                \"S\": \"${cloudfront.output.domainName.apply(\n                                    value => `https://${value}`\n                                )}\"\n                              }\n                            }\n                          }\n                        }`\n                }\n            });\n\n            return {\n                ...bucket,\n                cloudfront\n            };\n        }\n    });\n};\n"],"mappings":";;;;;;;;;;;;;AAAA;;AAEA;;AACA;;AACA;;AACA;;AACA;;AACA;;AA8BO,MAAMA,oBAAoB,GAAIC,gBAAD,IAAkD;EAClF,OAAO,IAAAC,uBAAA,EAAgB;IACnBC,IAAI,EAAEF,gBAAgB,CAACE,IADJ;IAEnBC,IAAI,EAAEH,gBAAgB,CAACI,MAFJ;IAGnBC,MAAM,EAAEL,gBAHW;IAInBM,OAAO,EAAE,MAAMC,GAAN,IAAa;MAClB,MAAMC,wBAAwB,GAAGD,GAAG,CAACE,QAAJ,CAC7BT,gBAAgB,CAACQ,wBADY,CAAjC;;MAGA,IAAIA,wBAAJ,EAA8B;QAC1BD,GAAG,CAACG,UAAJ,CAAeC,QAAQ,IAAI;UACvB,IAAI,CAACA,QAAQ,CAACT,IAAT,CAAcU,UAAd,CAAyBJ,wBAAzB,CAAL,EAAyD;YACrDG,QAAQ,CAACT,IAAT,GAAiB,GAAEM,wBAAyB,GAAEG,QAAQ,CAACT,IAAK,EAA5D;UACH;QACJ,CAJD;MAKH;;MAED,MAAM;QAAEA;MAAF,IAAWF,gBAAjB,CAZkB,CAclB;;MACA,MAAMa,IAAI,GAAGN,GAAG,CAACO,SAAJ,CAAcC,sBAAd,CAAb,CAfkB,CAiBlB;MACA;;MACA,IAAIf,gBAAgB,CAACgB,MAArB,EAA6B;QACzBT,GAAG,CAACU,UAAJ,CAAe,MAAM;UACjB,OAAOjB,gBAAgB,CAACgB,MAAjB,CAAyBT,GAAzB,CAAP;QACH,CAFD;MAGH;;MAED,MAAMW,MAAM,GAAG,IAAAC,uCAAA,EAAuBZ,GAAvB,EAA6B,GAAEL,IAAK,MAApC,CAAf;MAEA,MAAMkB,UAAU,GAAGb,GAAG,CAACc,WAAJ,CAAgBC,GAAG,CAACF,UAAJ,CAAeG,YAA/B,EAA6C;QAC5DrB,IAAI,EAAG,GAAEA,IAAK,UAD8C;QAE5DG,MAAM,EAAE;UACJmB,OAAO,EAAE,IADL;UAEJC,iBAAiB,EAAE,KAFf;UAGJC,OAAO,EAAE,CAACR,MAAM,CAACS,MAAR,CAHL;UAIJC,iBAAiB,EAAE,YAJf;UAKJC,oBAAoB,EAAE;YAClBC,QAAQ,EAAE,IADQ;YAElBC,cAAc,EAAEb,MAAM,CAACS,MAAP,CAAcK,QAFZ;YAGlBC,oBAAoB,EAAE,mBAHJ;YAIlBC,cAAc,EAAE,CAAC,KAAD,EAAQ,MAAR,EAAgB,SAAhB,CAJE;YAKlBC,aAAa,EAAE,CAAC,KAAD,EAAQ,MAAR,EAAgB,SAAhB,CALG;YAMlBC,eAAe,EAAE;cACbC,OAAO,EAAE;gBAAEC,OAAO,EAAE;cAAX,CADI;cAEbC,WAAW,EAAE;YAFA,CANC;YAUlB;YACAC,MAAM,EAAE,CAXU;YAYlBC,UAAU,EAAE,GAZM;YAalBC,MAAM,EAAE;UAbU,CALlB;UAoBJC,UAAU,EAAE,gBApBR;UAqBJC,oBAAoB,EAAE,CAClB;YAAEC,SAAS,EAAE,GAAb;YAAkBC,YAAY,EAAE,GAAhC;YAAqCC,gBAAgB,EAAE;UAAvD,CADkB,CArBlB;UAwBJC,YAAY,EAAE;YACVC,cAAc,EAAE;cACZC,eAAe,EAAE;YADL;UADN,CAxBV;UA6BJC,iBAAiB,EAAE;YACfC,4BAA4B,EAAE;UADf;QA7Bf;MAFoD,CAA7C,CAAnB;MAqCA,MAAMC,OAAO,GAAG9C,GAAG,CAACE,QAAJ,CAAaT,gBAAgB,CAACqD,OAA9B,CAAhB;;MACA,IAAIA,OAAJ,EAAa;QACT,IAAAC,+BAAA,EAAkBlC,UAAlB,EAA8BiC,OAA9B;MACH;;MAED9C,GAAG,CAACgD,UAAJ,CAAe;QACXC,UAAU,EAAEtC,MAAM,CAACA,MAAP,CAAcuC,MAAd,CAAqBC,EADtB;QAEXC,SAAS,EAAEvC,UAAU,CAACqC,MAAX,CAAkBG,UAFlB;QAGXC,MAAM,EAAEzC,UAAU,CAACqC,MAAX,CAAkBG,UAAlB,CAA6BE,KAA7B,CAAmCC,KAAK,IAAK,WAAUA,KAAM,EAA7D;MAHG,CAAf;MAMA,IAAAC,mBAAA,EAAa;QACTC,UAAU,EAAE/D,IADH;QAETgE,cAAc,EAAEC,MAAM,CAACC,OAAO,CAACC,GAAR,CAAY,qBAAZ,CAAD,CAFb;QAGTC,cAAc,EAAEH,MAAM,CAACC,OAAO,CAACC,GAAR,CAAY,YAAZ,CAAD;MAHb,CAAb;MAMA;AACZ;AACA;;MACY9D,GAAG,CAACc,WAAJ,CAAgBC,GAAG,CAACiD,QAAJ,CAAaC,SAA7B,EAAwC;QACpCtE,IAAI,EAAE,eAD8B;QAEpCG,MAAM,EAAE;UACJoE,SAAS,EAAE5D,IAAI,CAAC6D,wBADZ;UAEJC,OAAO,EAAE9D,IAAI,CAAC+D,2BAFV;UAGJC,QAAQ,EAAE7D,MAAM,CACXyC,MADK,CACE5C,IAAI,CAACiE,4BADP,EAELhB,KAFK,CAECiB,GAAG,IAAIA,GAAG,IAAI,IAFf,CAHN;UAMJC,IAAI,EAAEhE,MAAM,CAACiE,WAAY;AAC7C;AACA,yCAAyC1E,GAAG,CAAC2E,MAAJ,CAAWC,GAAX,CAAeC,OAAf,IAA0B,SAAU;AAC7E;AACA;AACA;AACA,wCAAwChE,UAAU,CAACqC,MAAX,CAAkBG,UAAlB,CAA6BE,KAA7B,CACJC,KAAK,IAAK,WAAUA,KAAM,EADtB,CAEN;AAClC;AACA;AACA;AACA;QAlBwB;MAF4B,CAAxC;MAwBA,mEACO7C,MADP;QAEIE;MAFJ;IAIH;EApHkB,CAAhB,CAAP;AAsHH,CAvHM"}

package/apps/react/index.d.ts

@@ -0,0 +1 @@
+export * from "./createReactPulumiApp";

package/apps/react/index.js

@@ -0,0 +1,18 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+
+var _createReactPulumiApp = require("./createReactPulumiApp");
+
+Object.keys(_createReactPulumiApp).forEach(function (key) {
+  if (key === "default" || key === "__esModule") return;
+  if (key in exports && exports[key] === _createReactPulumiApp[key]) return;
+  Object.defineProperty(exports, key, {
+    enumerable: true,
+    get: function () {
+      return _createReactPulumiApp[key];
+    }
+  });
+});

package/apps/react/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":[],"sources":["index.ts"],"sourcesContent":["export * from \"./createReactPulumiApp\";\n"],"mappings":";;;;;;AAAA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}

package/apps/tenantRouter.d.ts

@@ -0,0 +1,3 @@
+import * as aws from "@pulumi/aws";
+import { PulumiApp, PulumiAppResource } from "@webiny/pulumi";
+export declare function applyTenantRouter(app: PulumiApp, cloudfront: PulumiAppResource<typeof aws.cloudfront.Distribution>): void;

package/apps/tenantRouter.js

@@ -0,0 +1,115 @@
+"use strict";
+
+var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
+
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault").default;
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.applyTenantRouter = applyTenantRouter;
+
+var _objectSpread2 = _interopRequireDefault(require("@babel/runtime/helpers/objectSpread2"));
+
+var _fs = require("fs");
+
+var pulumi = _interopRequireWildcard(require("@pulumi/pulumi"));
+
+var aws = _interopRequireWildcard(require("@pulumi/aws"));
+
+var _common = require("./common");
+
+function createFunctionArchive({
+  dynamoDbTable,
+  region
+}) {
+  const handler = (0, _fs.readFileSync)(__dirname + "/../components/tenantRouter/functions/origin/request.js", "utf-8");
+  const source = handler.replace("{DB_TABLE_NAME}", dynamoDbTable).replace("{DB_TABLE_REGION}", region);
+  return new pulumi.asset.AssetArchive({
+    "index.js": new pulumi.asset.StringAsset(source)
+  });
+}
+
+const PREFIX = "website-router";
+
+function applyTenantRouter(app, cloudfront) {
+  const region = String(process.env.AWS_REGION); // Get Core app output
+
+  const core = app.getModule(_common.CoreOutput); // `primaryDynamodbTableName` is a string, hence the type cast here.
+
+  const dynamoDbTable = core.primaryDynamodbTableName; // Because of JSON.stringify, we need to resolve promises upfront.
+
+  const inlinePolicies = pulumi.all([aws.getCallerIdentity({}), dynamoDbTable]).apply(([identity, dynamoDbTable]) => [{
+    name: "tenant-router-policy",
+    policy: JSON.stringify({
+      Version: "2012-10-17",
+      Statement: [{
+        Sid: "PermissionForDynamodb",
+        Effect: "Allow",
+        Action: ["dynamodb:GetItem", "dynamodb:Query"],
+        Resource: [`arn:aws:dynamodb:${region}:${identity.accountId}:table/${dynamoDbTable}`, `arn:aws:dynamodb:${region}:${identity.accountId}:table/${dynamoDbTable}/*`]
+      }]
+    })
+  }]);
+  const role = app.addResource(aws.iam.Role, {
+    name: `${PREFIX}-role`,
+    config: {
+      inlinePolicies,
+      managedPolicyArns: [aws.iam.ManagedPolicies.AWSLambdaBasicExecutionRole],
+      assumeRolePolicy: {
+        Version: "2012-10-17",
+        Statement: [{
+          Action: "sts:AssumeRole",
+          Principal: aws.iam.Principals.LambdaPrincipal,
+          Effect: "Allow"
+        }, {
+          Action: "sts:AssumeRole",
+          Principal: aws.iam.Principals.EdgeLambdaPrincipal,
+          Effect: "Allow"
+        }]
+      }
+    }
+  });
+  const awsUsEast1 = new aws.Provider("us-east-1", {
+    region: "us-east-1"
+  });
+  const originLambda = app.addResource(aws.lambda.Function, {
+    name: `${PREFIX}-origin-request`,
+    config: {
+      publish: true,
+      runtime: "nodejs14.x",
+      handler: "index.handler",
+      role: role.output.arn,
+      timeout: 5,
+      memorySize: 128,
+      code: dynamoDbTable.apply(dynamoDbTable => {
+        return createFunctionArchive({
+          region,
+          dynamoDbTable
+        });
+      })
+    },
+    opts: {
+      provider: awsUsEast1
+    }
+  });
+  cloudfront.config.defaultCacheBehavior(value => {
+    var _value$forwardedValue, _value$forwardedValue2, _value$forwardedValue3;
+
+    return (0, _objectSpread2.default)((0, _objectSpread2.default)({}, value), {}, {
+      // We need to forward the `Host` header so the Lambda@Edge knows what custom domain was requested.
+      forwardedValues: (0, _objectSpread2.default)((0, _objectSpread2.default)({}, value.forwardedValues), {}, {
+        queryString: ((_value$forwardedValue = value.forwardedValues) === null || _value$forwardedValue === void 0 ? void 0 : _value$forwardedValue.queryString) || false,
+        cookies: ((_value$forwardedValue2 = value.forwardedValues) === null || _value$forwardedValue2 === void 0 ? void 0 : _value$forwardedValue2.cookies) || {
+          forward: "none"
+        },
+        headers: [...(((_value$forwardedValue3 = value.forwardedValues) === null || _value$forwardedValue3 === void 0 ? void 0 : _value$forwardedValue3.headers) || []), "Host"]
+      }),
+      lambdaFunctionAssociations: [...(value.lambdaFunctionAssociations || []), {
+        eventType: "origin-request",
+        includeBody: false,
+        lambdaArn: originLambda.output.qualifiedArn
+      }]
+    });
+  });
+}

package/apps/tenantRouter.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["createFunctionArchive","dynamoDbTable","region","handler","readFileSync","__dirname","source","replace","pulumi","asset","AssetArchive","StringAsset","PREFIX","applyTenantRouter","app","cloudfront","String","process","env","AWS_REGION","core","getModule","CoreOutput","primaryDynamodbTableName","inlinePolicies","all","aws","getCallerIdentity","apply","identity","name","policy","JSON","stringify","Version","Statement","Sid","Effect","Action","Resource","accountId","role","addResource","iam","Role","config","managedPolicyArns","ManagedPolicies","AWSLambdaBasicExecutionRole","assumeRolePolicy","Principal","Principals","LambdaPrincipal","EdgeLambdaPrincipal","awsUsEast1","Provider","originLambda","lambda","Function","publish","runtime","output","arn","timeout","memorySize","code","opts","provider","defaultCacheBehavior","value","forwardedValues","queryString","cookies","forward","headers","lambdaFunctionAssociations","eventType","includeBody","lambdaArn","qualifiedArn"],"sources":["tenantRouter.ts"],"sourcesContent":["import { readFileSync } from \"fs\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { PulumiApp, PulumiAppResource } from \"@webiny/pulumi\";\nimport { CoreOutput } from \"./common\";\n\ninterface Params {\n    region: string;\n    dynamoDbTable: string;\n}\n\nfunction createFunctionArchive({ dynamoDbTable, region }: Params) {\n    const handler = readFileSync(\n        __dirname + \"/../components/tenantRouter/functions/origin/request.js\",\n        \"utf-8\"\n    );\n\n    const source = handler\n        .replace(\"{DB_TABLE_NAME}\", dynamoDbTable)\n        .replace(\"{DB_TABLE_REGION}\", region);\n\n    return new pulumi.asset.AssetArchive({\n        \"index.js\": new pulumi.asset.StringAsset(source)\n    });\n}\n\nconst PREFIX = \"website-router\";\n\nexport function applyTenantRouter(\n    app: PulumiApp,\n    cloudfront: PulumiAppResource<typeof aws.cloudfront.Distribution>\n) {\n    const region = String(process.env.AWS_REGION);\n\n    // Get Core app output\n    const core = app.getModule(CoreOutput);\n\n    // `primaryDynamodbTableName` is a string, hence the type cast here.\n    const dynamoDbTable = core.primaryDynamodbTableName;\n\n    // Because of JSON.stringify, we need to resolve promises upfront.\n    const inlinePolicies = pulumi\n        .all([aws.getCallerIdentity({}), dynamoDbTable])\n        .apply(([identity, dynamoDbTable]) => [\n            {\n                name: \"tenant-router-policy\",\n                policy: JSON.stringify({\n                    Version: \"2012-10-17\",\n                    Statement: [\n                        {\n                            Sid: \"PermissionForDynamodb\",\n                            Effect: \"Allow\",\n                            Action: [\"dynamodb:GetItem\", \"dynamodb:Query\"],\n                            Resource: [\n                                `arn:aws:dynamodb:${region}:${identity.accountId}:table/${dynamoDbTable}`,\n                                `arn:aws:dynamodb:${region}:${identity.accountId}:table/${dynamoDbTable}/*`\n                            ]\n                        }\n                    ]\n                })\n            }\n        ]);\n\n    const role = app.addResource(aws.iam.Role, {\n        name: `${PREFIX}-role`,\n        config: {\n            inlinePolicies,\n            managedPolicyArns: [aws.iam.ManagedPolicies.AWSLambdaBasicExecutionRole],\n            assumeRolePolicy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Action: \"sts:AssumeRole\",\n                        Principal: aws.iam.Principals.LambdaPrincipal,\n                        Effect: \"Allow\"\n                    },\n                    {\n                        Action: \"sts:AssumeRole\",\n                        Principal: aws.iam.Principals.EdgeLambdaPrincipal,\n                        Effect: \"Allow\"\n                    }\n                ]\n            }\n        }\n    });\n\n    const awsUsEast1 = new aws.Provider(\"us-east-1\", { region: \"us-east-1\" });\n\n    const originLambda = app.addResource(aws.lambda.Function, {\n        name: `${PREFIX}-origin-request`,\n        config: {\n            publish: true,\n            runtime: \"nodejs14.x\",\n            handler: \"index.handler\",\n            role: role.output.arn,\n            timeout: 5,\n            memorySize: 128,\n            code: dynamoDbTable.apply(dynamoDbTable => {\n                return createFunctionArchive({\n                    region,\n                    dynamoDbTable\n                });\n            })\n        },\n        opts: { provider: awsUsEast1 }\n    });\n\n    cloudfront.config.defaultCacheBehavior(value => {\n        return {\n            ...value,\n            // We need to forward the `Host` header so the Lambda@Edge knows what custom domain was requested.\n            forwardedValues: {\n                ...value.forwardedValues,\n                queryString: value.forwardedValues?.queryString || false,\n                cookies: value.forwardedValues?.cookies || { forward: \"none\" },\n                headers: [...(value.forwardedValues?.headers || []), \"Host\"]\n            },\n            lambdaFunctionAssociations: [\n                ...(value.lambdaFunctionAssociations || []),\n                {\n                    eventType: \"origin-request\",\n                    includeBody: false,\n                    lambdaArn: originLambda.output.qualifiedArn\n                }\n            ]\n        };\n    });\n}\n"],"mappings":";;;;;;;;;;;;;AAAA;;AACA;;AACA;;AAEA;;AAOA,SAASA,qBAAT,CAA+B;EAAEC,aAAF;EAAiBC;AAAjB,CAA/B,EAAkE;EAC9D,MAAMC,OAAO,GAAG,IAAAC,gBAAA,EACZC,SAAS,GAAG,yDADA,EAEZ,OAFY,CAAhB;EAKA,MAAMC,MAAM,GAAGH,OAAO,CACjBI,OADU,CACF,iBADE,EACiBN,aADjB,EAEVM,OAFU,CAEF,mBAFE,EAEmBL,MAFnB,CAAf;EAIA,OAAO,IAAIM,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;IACjC,YAAY,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CAA6BL,MAA7B;EADqB,CAA9B,CAAP;AAGH;;AAED,MAAMM,MAAM,GAAG,gBAAf;;AAEO,SAASC,iBAAT,CACHC,GADG,EAEHC,UAFG,EAGL;EACE,MAAMb,MAAM,GAAGc,MAAM,CAACC,OAAO,CAACC,GAAR,CAAYC,UAAb,CAArB,CADF,CAGE;;EACA,MAAMC,IAAI,GAAGN,GAAG,CAACO,SAAJ,CAAcC,kBAAd,CAAb,CAJF,CAME;;EACA,MAAMrB,aAAa,GAAGmB,IAAI,CAACG,wBAA3B,CAPF,CASE;;EACA,MAAMC,cAAc,GAAGhB,MAAM,CACxBiB,GADkB,CACd,CAACC,GAAG,CAACC,iBAAJ,CAAsB,EAAtB,CAAD,EAA4B1B,aAA5B,CADc,EAElB2B,KAFkB,CAEZ,CAAC,CAACC,QAAD,EAAW5B,aAAX,CAAD,KAA+B,CAClC;IACI6B,IAAI,EAAE,sBADV;IAEIC,MAAM,EAAEC,IAAI,CAACC,SAAL,CAAe;MACnBC,OAAO,EAAE,YADU;MAEnBC,SAAS,EAAE,CACP;QACIC,GAAG,EAAE,uBADT;QAEIC,MAAM,EAAE,OAFZ;QAGIC,MAAM,EAAE,CAAC,kBAAD,EAAqB,gBAArB,CAHZ;QAIIC,QAAQ,EAAE,CACL,oBAAmBrC,MAAO,IAAG2B,QAAQ,CAACW,SAAU,UAASvC,aAAc,EADlE,EAEL,oBAAmBC,MAAO,IAAG2B,QAAQ,CAACW,SAAU,UAASvC,aAAc,IAFlE;MAJd,CADO;IAFQ,CAAf;EAFZ,CADkC,CAFnB,CAAvB;EAsBA,MAAMwC,IAAI,GAAG3B,GAAG,CAAC4B,WAAJ,CAAgBhB,GAAG,CAACiB,GAAJ,CAAQC,IAAxB,EAA8B;IACvCd,IAAI,EAAG,GAAElB,MAAO,OADuB;IAEvCiC,MAAM,EAAE;MACJrB,cADI;MAEJsB,iBAAiB,EAAE,CAACpB,GAAG,CAACiB,GAAJ,CAAQI,eAAR,CAAwBC,2BAAzB,CAFf;MAGJC,gBAAgB,EAAE;QACdf,OAAO,EAAE,YADK;QAEdC,SAAS,EAAE,CACP;UACIG,MAAM,EAAE,gBADZ;UAEIY,SAAS,EAAExB,GAAG,CAACiB,GAAJ,CAAQQ,UAAR,CAAmBC,eAFlC;UAGIf,MAAM,EAAE;QAHZ,CADO,EAMP;UACIC,MAAM,EAAE,gBADZ;UAEIY,SAAS,EAAExB,GAAG,CAACiB,GAAJ,CAAQQ,UAAR,CAAmBE,mBAFlC;UAGIhB,MAAM,EAAE;QAHZ,CANO;MAFG;IAHd;EAF+B,CAA9B,CAAb;EAuBA,MAAMiB,UAAU,GAAG,IAAI5B,GAAG,CAAC6B,QAAR,CAAiB,WAAjB,EAA8B;IAAErD,MAAM,EAAE;EAAV,CAA9B,CAAnB;EAEA,MAAMsD,YAAY,GAAG1C,GAAG,CAAC4B,WAAJ,CAAgBhB,GAAG,CAAC+B,MAAJ,CAAWC,QAA3B,EAAqC;IACtD5B,IAAI,EAAG,GAAElB,MAAO,iBADsC;IAEtDiC,MAAM,EAAE;MACJc,OAAO,EAAE,IADL;MAEJC,OAAO,EAAE,YAFL;MAGJzD,OAAO,EAAE,eAHL;MAIJsC,IAAI,EAAEA,IAAI,CAACoB,MAAL,CAAYC,GAJd;MAKJC,OAAO,EAAE,CALL;MAMJC,UAAU,EAAE,GANR;MAOJC,IAAI,EAAEhE,aAAa,CAAC2B,KAAd,CAAoB3B,aAAa,IAAI;QACvC,OAAOD,qBAAqB,CAAC;UACzBE,MADyB;UAEzBD;QAFyB,CAAD,CAA5B;MAIH,CALK;IAPF,CAF8C;IAgBtDiE,IAAI,EAAE;MAAEC,QAAQ,EAAEb;IAAZ;EAhBgD,CAArC,CAArB;EAmBAvC,UAAU,CAAC8B,MAAX,CAAkBuB,oBAAlB,CAAuCC,KAAK,IAAI;IAAA;;IAC5C,mEACOA,KADP;MAEI;MACAC,eAAe,8DACRD,KAAK,CAACC,eADE;QAEXC,WAAW,EAAE,0BAAAF,KAAK,CAACC,eAAN,gFAAuBC,WAAvB,KAAsC,KAFxC;QAGXC,OAAO,EAAE,2BAAAH,KAAK,CAACC,eAAN,kFAAuBE,OAAvB,KAAkC;UAAEC,OAAO,EAAE;QAAX,CAHhC;QAIXC,OAAO,EAAE,CAAC,IAAI,2BAAAL,KAAK,CAACC,eAAN,kFAAuBI,OAAvB,KAAkC,EAAtC,CAAD,EAA4C,MAA5C;MAJE,EAHnB;MASIC,0BAA0B,EAAE,CACxB,IAAIN,KAAK,CAACM,0BAAN,IAAoC,EAAxC,CADwB,EAExB;QACIC,SAAS,EAAE,gBADf;QAEIC,WAAW,EAAE,KAFjB;QAGIC,SAAS,EAAEtB,YAAY,CAACK,MAAb,CAAoBkB;MAHnC,CAFwB;IAThC;EAkBH,CAnBD;AAoBH"}

package/apps/website/WebsitePrerendering.d.ts

@@ -0,0 +1,39 @@
+import * as pulumi from "@pulumi/pulumi";
+import { PulumiApp } from "@webiny/pulumi";
+interface PreRenderingServiceParams {
+    dbTableName: pulumi.Output<string>;
+    dbTableHashKey: pulumi.Output<string>;
+    dbTableRangeKey: pulumi.Output<string>;
+    appUrl: pulumi.Output<string>;
+    deliveryUrl: pulumi.Output<string>;
+    bucket: pulumi.Output<string>;
+    cloudfrontId: pulumi.Output<string>;
+}
+export declare function createPrerenderingService(app: PulumiApp, params: PreRenderingServiceParams): {
+    subscriber: {
+        policy: pulumi.Output<import("@pulumi/aws/iam/policy").Policy>;
+        role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
+        lambda: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
+        eventRule: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventRule").EventRule>;
+        eventPermission: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/permission").Permission>;
+        eventTarget: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventTarget").EventTarget>;
+    };
+    renderer: {
+        policy: pulumi.Output<import("@pulumi/aws/iam/policy").Policy>;
+        role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
+        lambda: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
+        eventSourceMapping: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/eventSourceMapping").EventSourceMapping>;
+    };
+    flush: {
+        policy: pulumi.Output<import("@pulumi/aws/iam/policy").Policy>;
+        role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
+        lambda: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
+        eventRule: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventRule").EventRule>;
+        eventPermission: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/permission").Permission>;
+        eventTarget: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventTarget").EventTarget>;
+    };
+    settings: {
+        tableItem: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/tableItem").TableItem>;
+    };
+};
+export {};