@webiny/pulumi-aws 0.0.0-ee-vpcs.549378cf03

package/apps/website/WebsitePrerendering.js

@@ -0,0 +1,300 @@
+"use strict";
+
+var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
+
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault").default;
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.createPrerenderingService = createPrerenderingService;
+
+var _objectSpread2 = _interopRequireDefault(require("@babel/runtime/helpers/objectSpread2"));
+
+var path = _interopRequireWildcard(require("path"));
+
+var pulumi = _interopRequireWildcard(require("@pulumi/pulumi"));
+
+var aws = _interopRequireWildcard(require("@pulumi/aws"));
+
+var _dynamodb = require("aws-sdk/clients/dynamodb");
+
+var _awsLayers = require("@webiny/aws-layers");
+
+var _lambdaUtils = require("../lambdaUtils");
+
+var _common = require("../common");
+
+var _awsUtils = require("../awsUtils");
+
+// @ts-ignore
+function createPrerenderingService(app, params) {
+  const queue = app.addResource(aws.sqs.Queue, {
+    name: "ps-render-queue",
+    config: {
+      visibilityTimeoutSeconds: 300,
+      fifoQueue: true
+    }
+  });
+  const policy = createLambdaPolicy(app, queue.output, params);
+  const renderer = createRenderer(app, queue.output, policy.output, params);
+  const subscriber = createRenderSubscriber(app, policy.output, params);
+  const flush = createFlushService(app, policy.output, params);
+  const settings = createPrerenderingSettingsDbItem(app, queue.output, params);
+  return {
+    subscriber,
+    renderer,
+    flush,
+    settings
+  };
+}
+
+function createPrerenderingSettingsDbItem(app, queue, params) {
+  /**
+   * To handle everything related to prerendering, we need the following information:
+   * - appUrl - SPA URL used to prerender HTML
+   * - bucket - name of the S3 bucket used for storage of HTML snapshots
+   * - cloudfrontId - for cache invalidation
+   * - sqsQueueUrl - an SQS queue for prerendering tasks (messages)
+   */
+  const tableItem = app.addResource(aws.dynamodb.TableItem, {
+    name: "psSettings",
+    config: {
+      tableName: params.dbTableName,
+      hashKey: params.dbTableHashKey,
+      rangeKey: params.dbTableRangeKey,
+      item: pulumi.interpolate`{
+                "PK": "PS#SETTINGS",
+                "SK": "${app.params.run.variant || "default"}",
+                "data": {
+                    "appUrl": "${params.appUrl}",
+                    "deliveryUrl": "${params.deliveryUrl}",
+                    "bucket": "${params.bucket}",
+                    "cloudfrontId": "${params.cloudfrontId}",
+                    "sqsQueueUrl": "${queue.url}"
+                }
+            }` // We're using the native DynamoDB converter to avoid building those nested objects ourselves.
+      .apply(v => JSON.stringify(_dynamodb.Converter.marshall(JSON.parse(v))))
+    }
+  });
+  return {
+    tableItem
+  };
+}
+
+function createRenderSubscriber(app, policy, params) {
+  const core = app.getModule(_common.CoreOutput);
+  const role = (0, _lambdaUtils.createLambdaRole)(app, {
+    name: "ps-render-subscriber-role",
+    policy: policy
+  });
+  const lambda = app.addResource(aws.lambda.Function, {
+    name: "ps-render-subscriber-lambda",
+    config: {
+      role: role.output.arn,
+      runtime: "nodejs14.x",
+      handler: "handler.handler",
+      timeout: 30,
+      memorySize: 512,
+      environment: {
+        variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => (0, _objectSpread2.default)((0, _objectSpread2.default)({}, value), {}, {
+          DB_TABLE: params.dbTableName
+        }))
+      },
+      description: "Subscribes to render events on event bus",
+      code: new pulumi.asset.AssetArchive({
+        ".": new pulumi.asset.FileArchive(path.join(app.paths.workspace, "prerendering/subscribe/build"))
+      }),
+      vpcConfig: app.getModule(_common.VpcConfig).functionVpcConfig
+    }
+  });
+  /**
+   * TODO: when we get to staged rollouts and variants, maybe we can create per-variant event rules,
+   * to avoid invocation of all variant lambdas just to do a `detail-type` check and exit early.
+   * That way, we would be publishing events scoped to a variant, like "RenderPages-{variant}".
+   */
+
+  const eventRule = app.addResource(aws.cloudwatch.EventRule, {
+    name: "ps-render-subscriber-event-rule",
+    config: {
+      eventBusName: core.eventBusArn,
+      eventPattern: JSON.stringify({
+        "detail-type": ["RenderPages"]
+      })
+    }
+  });
+  const eventPermission = app.addResource(aws.lambda.Permission, {
+    name: "ps-render-subscriber-event-permission",
+    config: {
+      action: "lambda:InvokeFunction",
+      function: lambda.output.arn,
+      principal: "events.amazonaws.com",
+      sourceArn: eventRule.output.arn
+    }
+  });
+  const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {
+    name: "ps-render-subscriber-event-target",
+    config: {
+      rule: eventRule.output.name,
+      eventBusName: core.eventBusArn,
+      arn: lambda.output.arn
+    }
+  });
+  return {
+    policy,
+    role,
+    lambda,
+    eventRule,
+    eventPermission,
+    eventTarget
+  };
+}
+
+function createRenderer(app, queue, policy, params) {
+  const role = (0, _lambdaUtils.createLambdaRole)(app, {
+    name: "ps-render-lambda-role",
+    policy: policy,
+    executionRole: aws.iam.ManagedPolicy.AWSLambdaSQSQueueExecutionRole
+  });
+  const lambda = app.addResource(aws.lambda.Function, {
+    name: "ps-render-lambda",
+    config: {
+      role: role.output.arn,
+      runtime: "nodejs14.x",
+      handler: "handler.handler",
+      timeout: 300,
+      memorySize: 2048,
+      layers: [(0, _awsLayers.getLayerArn)("shelf-io-chrome-aws-lambda-layer")],
+      environment: {
+        variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => (0, _objectSpread2.default)((0, _objectSpread2.default)({}, value), {}, {
+          DB_TABLE: params.dbTableName
+        }))
+      },
+      description: "Renders pages and stores output in an S3 bucket of choice.",
+      code: new pulumi.asset.AssetArchive({
+        ".": new pulumi.asset.FileArchive(path.join(app.paths.workspace, "prerendering/render/build"))
+      }),
+      vpcConfig: app.getModule(_common.VpcConfig).functionVpcConfig
+    }
+  });
+  const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {
+    name: "ps-render-event-source-mapping",
+    config: {
+      functionName: lambda.output.arn,
+      eventSourceArn: queue.arn,
+      batchSize: 1
+    }
+  });
+  return {
+    policy,
+    role,
+    lambda,
+    eventSourceMapping
+  };
+}
+
+function createFlushService(app, policy, params) {
+  const core = app.getModule(_common.CoreOutput);
+  const role = (0, _lambdaUtils.createLambdaRole)(app, {
+    name: "ps-flush-lambda-role",
+    policy: policy
+  });
+  const lambda = app.addResource(aws.lambda.Function, {
+    name: "ps-flush-lambda",
+    config: {
+      role: role.output.arn,
+      runtime: "nodejs14.x",
+      handler: "handler.handler",
+      timeout: 30,
+      memorySize: 512,
+      environment: {
+        variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => (0, _objectSpread2.default)((0, _objectSpread2.default)({}, value), {}, {
+          DB_TABLE: params.dbTableName
+        }))
+      },
+      description: "Subscribes to flush events on event bus",
+      code: new pulumi.asset.AssetArchive({
+        ".": new pulumi.asset.FileArchive(path.join(app.paths.workspace, "prerendering/flush/build"))
+      }),
+      vpcConfig: app.getModule(_common.VpcConfig).functionVpcConfig
+    }
+  });
+  const eventRule = app.addResource(aws.cloudwatch.EventRule, {
+    name: "ps-flush-event-rule",
+    config: {
+      eventBusName: core.eventBusArn,
+      eventPattern: JSON.stringify({
+        "detail-type": ["FlushPages"]
+      })
+    }
+  });
+  const eventPermission = app.addResource(aws.lambda.Permission, {
+    name: "ps-flush-event-permission",
+    config: {
+      action: "lambda:InvokeFunction",
+      function: lambda.output.arn,
+      principal: "events.amazonaws.com",
+      sourceArn: eventRule.output.arn
+    }
+  });
+  const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {
+    name: "ps-flush-event-target",
+    config: {
+      rule: eventRule.output.name,
+      eventBusName: core.eventBusArn,
+      arn: lambda.output.arn
+    }
+  });
+  return {
+    policy,
+    role,
+    lambda,
+    eventRule,
+    eventPermission,
+    eventTarget
+  };
+}
+
+function createLambdaPolicy(app, queue, params) {
+  const core = app.getModule(_common.CoreOutput);
+  const awsAccountId = (0, _awsUtils.getAwsAccountId)(app);
+  return app.addResource(aws.iam.Policy, {
+    name: "ps-lambda-policy",
+    config: {
+      description: "This policy enables access to Lambda, S3, Cloudfront, SQS and Dynamodb",
+      policy: {
+        Version: "2012-10-17",
+        Statement: [{
+          Sid: "PermissionForDynamodb",
+          Effect: "Allow",
+          Action: ["dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:UpdateItem"],
+          Resource: core.apply(s => {
+            // Add permissions to DynamoDB table
+            const resources = [`${s.primaryDynamodbTableArn}`, `${s.primaryDynamodbTableArn}/*`]; // Attach permissions for elastic search dynamo as well (if ES is enabled).
+
+            if (s.elasticsearchDynamodbTableArn) {
+              resources.push(`${s.elasticsearchDynamodbTableArn}`, `${s.elasticsearchDynamodbTableArn}/*`);
+            }
+
+            return resources;
+          })
+        }, {
+          Sid: "PermissionForS3",
+          Effect: "Allow",
+          Action: ["s3:DeleteObject", "s3:GetObject", "s3:PutObject"],
+          Resource: [pulumi.interpolate`arn:aws:s3:::${params.bucket}/*`]
+        }, {
+          Sid: "PermissionForCloudfront",
+          Effect: "Allow",
+          Action: "cloudfront:CreateInvalidation",
+          Resource: pulumi.interpolate`arn:aws:cloudfront::${awsAccountId}:distribution/*`
+        }, {
+          Sid: "PermissionForSQS",
+          Effect: "Allow",
+          Action: ["sqs:SendMessage", "sqs:SendMessageBatch"],
+          Resource: queue.arn
+        }]
+      }
+    }
+  });
+}

package/apps/website/WebsitePrerendering.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["createPrerenderingService","app","params","queue","addResource","aws","sqs","Queue","name","config","visibilityTimeoutSeconds","fifoQueue","policy","createLambdaPolicy","output","renderer","createRenderer","subscriber","createRenderSubscriber","flush","createFlushService","settings","createPrerenderingSettingsDbItem","tableItem","dynamodb","TableItem","tableName","dbTableName","hashKey","dbTableHashKey","rangeKey","dbTableRangeKey","item","pulumi","interpolate","run","variant","appUrl","deliveryUrl","bucket","cloudfrontId","url","apply","v","JSON","stringify","Converter","marshall","parse","core","getModule","CoreOutput","role","createLambdaRole","lambda","Function","arn","runtime","handler","timeout","memorySize","environment","variables","getCommonLambdaEnvVariables","value","DB_TABLE","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","VpcConfig","functionVpcConfig","eventRule","cloudwatch","EventRule","eventBusName","eventBusArn","eventPattern","eventPermission","Permission","action","function","principal","sourceArn","eventTarget","EventTarget","rule","executionRole","iam","ManagedPolicy","AWSLambdaSQSQueueExecutionRole","layers","getLayerArn","eventSourceMapping","EventSourceMapping","functionName","eventSourceArn","batchSize","awsAccountId","getAwsAccountId","Policy","Version","Statement","Sid","Effect","Action","Resource","s","resources","primaryDynamodbTableArn","elasticsearchDynamodbTableArn","push"],"sources":["WebsitePrerendering.ts"],"sourcesContent":["import * as path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { Converter } from \"aws-sdk/clients/dynamodb\";\n\nimport { PulumiApp } from \"@webiny/pulumi\";\n// @ts-ignore\nimport { getLayerArn } from \"@webiny/aws-layers\";\n\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"../common\";\nimport { getAwsAccountId } from \"../awsUtils\";\n\ninterface PreRenderingServiceParams {\n    dbTableName: pulumi.Output<string>;\n    dbTableHashKey: pulumi.Output<string>;\n    dbTableRangeKey: pulumi.Output<string>;\n    appUrl: pulumi.Output<string>;\n    deliveryUrl: pulumi.Output<string>;\n    bucket: pulumi.Output<string>;\n    cloudfrontId: pulumi.Output<string>;\n}\n\nexport function createPrerenderingService(app: PulumiApp, params: PreRenderingServiceParams) {\n    const queue = app.addResource(aws.sqs.Queue, {\n        name: \"ps-render-queue\",\n        config: {\n            visibilityTimeoutSeconds: 300,\n            fifoQueue: true\n        }\n    });\n\n    const policy = createLambdaPolicy(app, queue.output, params);\n    const renderer = createRenderer(app, queue.output, policy.output, params);\n    const subscriber = createRenderSubscriber(app, policy.output, params);\n    const flush = createFlushService(app, policy.output, params);\n    const settings = createPrerenderingSettingsDbItem(app, queue.output, params);\n\n    return {\n        subscriber,\n        renderer,\n        flush,\n        settings\n    };\n}\n\nfunction createPrerenderingSettingsDbItem(\n    app: PulumiApp,\n    queue: pulumi.Output<aws.sqs.Queue>,\n    params: PreRenderingServiceParams\n) {\n    /**\n     * To handle everything related to prerendering, we need the following information:\n     * - appUrl - SPA URL used to prerender HTML\n     * - bucket - name of the S3 bucket used for storage of HTML snapshots\n     * - cloudfrontId - for cache invalidation\n     * - sqsQueueUrl - an SQS queue for prerendering tasks (messages)\n     */\n    const tableItem = app.addResource(aws.dynamodb.TableItem, {\n        name: \"psSettings\",\n        config: {\n            tableName: params.dbTableName,\n            hashKey: params.dbTableHashKey,\n            rangeKey: params.dbTableRangeKey,\n            item: pulumi.interpolate`{\n                \"PK\": \"PS#SETTINGS\",\n                \"SK\": \"${app.params.run.variant || \"default\"}\",\n                \"data\": {\n                    \"appUrl\": \"${params.appUrl}\",\n                    \"deliveryUrl\": \"${params.deliveryUrl}\",\n                    \"bucket\": \"${params.bucket}\",\n                    \"cloudfrontId\": \"${params.cloudfrontId}\",\n                    \"sqsQueueUrl\": \"${queue.url}\"\n                }\n            }`\n                // We're using the native DynamoDB converter to avoid building those nested objects ourselves.\n                .apply(v => JSON.stringify(Converter.marshall(JSON.parse(v))))\n        }\n    });\n\n    return { tableItem };\n}\n\nfunction createRenderSubscriber(\n    app: PulumiApp,\n    policy: pulumi.Output<aws.iam.Policy>,\n    params: PreRenderingServiceParams\n) {\n    const core = app.getModule(CoreOutput);\n\n    const role = createLambdaRole(app, {\n        name: \"ps-render-subscriber-role\",\n        policy: policy\n    });\n\n    const lambda = app.addResource(aws.lambda.Function, {\n        name: \"ps-render-subscriber-lambda\",\n        config: {\n            role: role.output.arn,\n            runtime: \"nodejs14.x\",\n            handler: \"handler.handler\",\n            timeout: 30,\n            memorySize: 512,\n            environment: {\n                variables: getCommonLambdaEnvVariables().apply(value => ({\n                    ...value,\n                    DB_TABLE: params.dbTableName\n                }))\n            },\n            description: \"Subscribes to render events on event bus\",\n            code: new pulumi.asset.AssetArchive({\n                \".\": new pulumi.asset.FileArchive(\n                    path.join(app.paths.workspace, \"prerendering/subscribe/build\")\n                )\n            }),\n            vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n        }\n    });\n\n    /**\n     * TODO: when we get to staged rollouts and variants, maybe we can create per-variant event rules,\n     * to avoid invocation of all variant lambdas just to do a `detail-type` check and exit early.\n     * That way, we would be publishing events scoped to a variant, like \"RenderPages-{variant}\".\n     */\n\n    const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n        name: \"ps-render-subscriber-event-rule\",\n        config: {\n            eventBusName: core.eventBusArn,\n            eventPattern: JSON.stringify({\n                \"detail-type\": [\"RenderPages\"]\n            })\n        }\n    });\n\n    const eventPermission = app.addResource(aws.lambda.Permission, {\n        name: \"ps-render-subscriber-event-permission\",\n        config: {\n            action: \"lambda:InvokeFunction\",\n            function: lambda.output.arn,\n            principal: \"events.amazonaws.com\",\n            sourceArn: eventRule.output.arn\n        }\n    });\n\n    const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n        name: \"ps-render-subscriber-event-target\",\n        config: {\n            rule: eventRule.output.name,\n            eventBusName: core.eventBusArn,\n            arn: lambda.output.arn\n        }\n    });\n\n    return {\n        policy,\n        role,\n        lambda,\n        eventRule,\n        eventPermission,\n        eventTarget\n    };\n}\n\nfunction createRenderer(\n    app: PulumiApp,\n    queue: pulumi.Output<aws.sqs.Queue>,\n    policy: pulumi.Output<aws.iam.Policy>,\n    params: PreRenderingServiceParams\n) {\n    const role = createLambdaRole(app, {\n        name: \"ps-render-lambda-role\",\n        policy: policy,\n        executionRole: aws.iam.ManagedPolicy.AWSLambdaSQSQueueExecutionRole\n    });\n\n    const lambda = app.addResource(aws.lambda.Function, {\n        name: \"ps-render-lambda\",\n        config: {\n            role: role.output.arn,\n            runtime: \"nodejs14.x\",\n            handler: \"handler.handler\",\n            timeout: 300,\n            memorySize: 2048,\n            layers: [getLayerArn(\"shelf-io-chrome-aws-lambda-layer\")],\n            environment: {\n                variables: getCommonLambdaEnvVariables().apply(value => ({\n                    ...value,\n                    DB_TABLE: params.dbTableName\n                }))\n            },\n            description: \"Renders pages and stores output in an S3 bucket of choice.\",\n            code: new pulumi.asset.AssetArchive({\n                \".\": new pulumi.asset.FileArchive(\n                    path.join(app.paths.workspace, \"prerendering/render/build\")\n                )\n            }),\n            vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n        }\n    });\n\n    const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n        name: \"ps-render-event-source-mapping\",\n        config: {\n            functionName: lambda.output.arn,\n            eventSourceArn: queue.arn,\n            batchSize: 1\n        }\n    });\n\n    return {\n        policy,\n        role,\n        lambda,\n        eventSourceMapping\n    };\n}\n\nfunction createFlushService(\n    app: PulumiApp,\n    policy: pulumi.Output<aws.iam.Policy>,\n    params: PreRenderingServiceParams\n) {\n    const core = app.getModule(CoreOutput);\n\n    const role = createLambdaRole(app, {\n        name: \"ps-flush-lambda-role\",\n        policy: policy\n    });\n\n    const lambda = app.addResource(aws.lambda.Function, {\n        name: \"ps-flush-lambda\",\n        config: {\n            role: role.output.arn,\n            runtime: \"nodejs14.x\",\n            handler: \"handler.handler\",\n            timeout: 30,\n            memorySize: 512,\n            environment: {\n                variables: getCommonLambdaEnvVariables().apply(value => ({\n                    ...value,\n                    DB_TABLE: params.dbTableName\n                }))\n            },\n            description: \"Subscribes to flush events on event bus\",\n            code: new pulumi.asset.AssetArchive({\n                \".\": new pulumi.asset.FileArchive(\n                    path.join(app.paths.workspace, \"prerendering/flush/build\")\n                )\n            }),\n            vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n        }\n    });\n\n    const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n        name: \"ps-flush-event-rule\",\n        config: {\n            eventBusName: core.eventBusArn,\n            eventPattern: JSON.stringify({\n                \"detail-type\": [\"FlushPages\"]\n            })\n        }\n    });\n\n    const eventPermission = app.addResource(aws.lambda.Permission, {\n        name: \"ps-flush-event-permission\",\n        config: {\n            action: \"lambda:InvokeFunction\",\n            function: lambda.output.arn,\n            principal: \"events.amazonaws.com\",\n            sourceArn: eventRule.output.arn\n        }\n    });\n\n    const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n        name: \"ps-flush-event-target\",\n        config: {\n            rule: eventRule.output.name,\n            eventBusName: core.eventBusArn,\n            arn: lambda.output.arn\n        }\n    });\n\n    return {\n        policy,\n        role,\n        lambda,\n        eventRule,\n        eventPermission,\n        eventTarget\n    };\n}\n\nfunction createLambdaPolicy(\n    app: PulumiApp,\n    queue: pulumi.Output<aws.sqs.Queue>,\n    params: PreRenderingServiceParams\n) {\n    const core = app.getModule(CoreOutput);\n    const awsAccountId = getAwsAccountId(app);\n\n    return app.addResource(aws.iam.Policy, {\n        name: \"ps-lambda-policy\",\n        config: {\n            description: \"This policy enables access to Lambda, S3, Cloudfront, SQS and Dynamodb\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForDynamodb\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"dynamodb:BatchGetItem\",\n                            \"dynamodb:BatchWriteItem\",\n                            \"dynamodb:DeleteItem\",\n                            \"dynamodb:GetItem\",\n                            \"dynamodb:PutItem\",\n                            \"dynamodb:Query\",\n                            \"dynamodb:Scan\",\n                            \"dynamodb:UpdateItem\"\n                        ],\n                        Resource: core.apply(s => {\n                            // Add permissions to DynamoDB table\n                            const resources = [\n                                `${s.primaryDynamodbTableArn}`,\n                                `${s.primaryDynamodbTableArn}/*`\n                            ];\n\n                            // Attach permissions for elastic search dynamo as well (if ES is enabled).\n                            if (s.elasticsearchDynamodbTableArn) {\n                                resources.push(\n                                    `${s.elasticsearchDynamodbTableArn}`,\n                                    `${s.elasticsearchDynamodbTableArn}/*`\n                                );\n                            }\n\n                            return resources;\n                        })\n                    },\n                    {\n                        Sid: \"PermissionForS3\",\n                        Effect: \"Allow\",\n                        Action: [\"s3:DeleteObject\", \"s3:GetObject\", \"s3:PutObject\"],\n                        Resource: [pulumi.interpolate`arn:aws:s3:::${params.bucket}/*`]\n                    },\n                    {\n                        Sid: \"PermissionForCloudfront\",\n                        Effect: \"Allow\",\n                        Action: \"cloudfront:CreateInvalidation\",\n                        Resource: pulumi.interpolate`arn:aws:cloudfront::${awsAccountId}:distribution/*`\n                    },\n                    {\n                        Sid: \"PermissionForSQS\",\n                        Effect: \"Allow\",\n                        Action: [\"sqs:SendMessage\", \"sqs:SendMessageBatch\"],\n                        Resource: queue.arn\n                    }\n                ]\n            }\n        }\n    });\n}\n"],"mappings":";;;;;;;;;;;;;AAAA;;AACA;;AACA;;AACA;;AAIA;;AAEA;;AACA;;AACA;;AALA;AAiBO,SAASA,yBAAT,CAAmCC,GAAnC,EAAmDC,MAAnD,EAAsF;EACzF,MAAMC,KAAK,GAAGF,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQC,KAAxB,EAA+B;IACzCC,IAAI,EAAE,iBADmC;IAEzCC,MAAM,EAAE;MACJC,wBAAwB,EAAE,GADtB;MAEJC,SAAS,EAAE;IAFP;EAFiC,CAA/B,CAAd;EAQA,MAAMC,MAAM,GAAGC,kBAAkB,CAACZ,GAAD,EAAME,KAAK,CAACW,MAAZ,EAAoBZ,MAApB,CAAjC;EACA,MAAMa,QAAQ,GAAGC,cAAc,CAACf,GAAD,EAAME,KAAK,CAACW,MAAZ,EAAoBF,MAAM,CAACE,MAA3B,EAAmCZ,MAAnC,CAA/B;EACA,MAAMe,UAAU,GAAGC,sBAAsB,CAACjB,GAAD,EAAMW,MAAM,CAACE,MAAb,EAAqBZ,MAArB,CAAzC;EACA,MAAMiB,KAAK,GAAGC,kBAAkB,CAACnB,GAAD,EAAMW,MAAM,CAACE,MAAb,EAAqBZ,MAArB,CAAhC;EACA,MAAMmB,QAAQ,GAAGC,gCAAgC,CAACrB,GAAD,EAAME,KAAK,CAACW,MAAZ,EAAoBZ,MAApB,CAAjD;EAEA,OAAO;IACHe,UADG;IAEHF,QAFG;IAGHI,KAHG;IAIHE;EAJG,CAAP;AAMH;;AAED,SAASC,gCAAT,CACIrB,GADJ,EAEIE,KAFJ,EAGID,MAHJ,EAIE;EACE;AACJ;AACA;AACA;AACA;AACA;AACA;EACI,MAAMqB,SAAS,GAAGtB,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACmB,QAAJ,CAAaC,SAA7B,EAAwC;IACtDjB,IAAI,EAAE,YADgD;IAEtDC,MAAM,EAAE;MACJiB,SAAS,EAAExB,MAAM,CAACyB,WADd;MAEJC,OAAO,EAAE1B,MAAM,CAAC2B,cAFZ;MAGJC,QAAQ,EAAE5B,MAAM,CAAC6B,eAHb;MAIJC,IAAI,EAAEC,MAAM,CAACC,WAAY;AACrC;AACA,yBAAyBjC,GAAG,CAACC,MAAJ,CAAWiC,GAAX,CAAeC,OAAf,IAA0B,SAAU;AAC7D;AACA,iCAAiClC,MAAM,CAACmC,MAAO;AAC/C,sCAAsCnC,MAAM,CAACoC,WAAY;AACzD,iCAAiCpC,MAAM,CAACqC,MAAO;AAC/C,uCAAuCrC,MAAM,CAACsC,YAAa;AAC3D,sCAAsCrC,KAAK,CAACsC,GAAI;AAChD;AACA,cAVkB,CAWF;MAXE,CAYDC,KAZC,CAYKC,CAAC,IAAIC,IAAI,CAACC,SAAL,CAAeC,mBAAA,CAAUC,QAAV,CAAmBH,IAAI,CAACI,KAAL,CAAWL,CAAX,CAAnB,CAAf,CAZV;IAJF;EAF8C,CAAxC,CAAlB;EAsBA,OAAO;IAAEpB;EAAF,CAAP;AACH;;AAED,SAASL,sBAAT,CACIjB,GADJ,EAEIW,MAFJ,EAGIV,MAHJ,EAIE;EACE,MAAM+C,IAAI,GAAGhD,GAAG,CAACiD,SAAJ,CAAcC,kBAAd,CAAb;EAEA,MAAMC,IAAI,GAAG,IAAAC,6BAAA,EAAiBpD,GAAjB,EAAsB;IAC/BO,IAAI,EAAE,2BADyB;IAE/BI,MAAM,EAAEA;EAFuB,CAAtB,CAAb;EAKA,MAAM0C,MAAM,GAAGrD,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACiD,MAAJ,CAAWC,QAA3B,EAAqC;IAChD/C,IAAI,EAAE,6BAD0C;IAEhDC,MAAM,EAAE;MACJ2C,IAAI,EAAEA,IAAI,CAACtC,MAAL,CAAY0C,GADd;MAEJC,OAAO,EAAE,YAFL;MAGJC,OAAO,EAAE,iBAHL;MAIJC,OAAO,EAAE,EAJL;MAKJC,UAAU,EAAE,GALR;MAMJC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAAA,IAA8BrB,KAA9B,CAAoCsB,KAAK,gEAC7CA,KAD6C;UAEhDC,QAAQ,EAAE/D,MAAM,CAACyB;QAF+B,EAAzC;MADF,CANT;MAYJuC,WAAW,EAAE,0CAZT;MAaJC,IAAI,EAAE,IAAIlC,MAAM,CAACmC,KAAP,CAAaC,YAAjB,CAA8B;QAChC,KAAK,IAAIpC,MAAM,CAACmC,KAAP,CAAaE,WAAjB,CACDC,IAAI,CAACC,IAAL,CAAUvE,GAAG,CAACwE,KAAJ,CAAUC,SAApB,EAA+B,8BAA/B,CADC;MAD2B,CAA9B,CAbF;MAkBJC,SAAS,EAAE1E,GAAG,CAACiD,SAAJ,CAAc0B,iBAAd,EAAyBC;IAlBhC;EAFwC,CAArC,CAAf;EAwBA;AACJ;AACA;AACA;AACA;;EAEI,MAAMC,SAAS,GAAG7E,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAAC0E,UAAJ,CAAeC,SAA/B,EAA0C;IACxDxE,IAAI,EAAE,iCADkD;IAExDC,MAAM,EAAE;MACJwE,YAAY,EAAEhC,IAAI,CAACiC,WADf;MAEJC,YAAY,EAAEvC,IAAI,CAACC,SAAL,CAAe;QACzB,eAAe,CAAC,aAAD;MADU,CAAf;IAFV;EAFgD,CAA1C,CAAlB;EAUA,MAAMuC,eAAe,GAAGnF,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACiD,MAAJ,CAAW+B,UAA3B,EAAuC;IAC3D7E,IAAI,EAAE,uCADqD;IAE3DC,MAAM,EAAE;MACJ6E,MAAM,EAAE,uBADJ;MAEJC,QAAQ,EAAEjC,MAAM,CAACxC,MAAP,CAAc0C,GAFpB;MAGJgC,SAAS,EAAE,sBAHP;MAIJC,SAAS,EAAEX,SAAS,CAAChE,MAAV,CAAiB0C;IAJxB;EAFmD,CAAvC,CAAxB;EAUA,MAAMkC,WAAW,GAAGzF,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAAC0E,UAAJ,CAAeY,WAA/B,EAA4C;IAC5DnF,IAAI,EAAE,mCADsD;IAE5DC,MAAM,EAAE;MACJmF,IAAI,EAAEd,SAAS,CAAChE,MAAV,CAAiBN,IADnB;MAEJyE,YAAY,EAAEhC,IAAI,CAACiC,WAFf;MAGJ1B,GAAG,EAAEF,MAAM,CAACxC,MAAP,CAAc0C;IAHf;EAFoD,CAA5C,CAApB;EASA,OAAO;IACH5C,MADG;IAEHwC,IAFG;IAGHE,MAHG;IAIHwB,SAJG;IAKHM,eALG;IAMHM;EANG,CAAP;AAQH;;AAED,SAAS1E,cAAT,CACIf,GADJ,EAEIE,KAFJ,EAGIS,MAHJ,EAIIV,MAJJ,EAKE;EACE,MAAMkD,IAAI,GAAG,IAAAC,6BAAA,EAAiBpD,GAAjB,EAAsB;IAC/BO,IAAI,EAAE,uBADyB;IAE/BI,MAAM,EAAEA,MAFuB;IAG/BiF,aAAa,EAAExF,GAAG,CAACyF,GAAJ,CAAQC,aAAR,CAAsBC;EAHN,CAAtB,CAAb;EAMA,MAAM1C,MAAM,GAAGrD,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACiD,MAAJ,CAAWC,QAA3B,EAAqC;IAChD/C,IAAI,EAAE,kBAD0C;IAEhDC,MAAM,EAAE;MACJ2C,IAAI,EAAEA,IAAI,CAACtC,MAAL,CAAY0C,GADd;MAEJC,OAAO,EAAE,YAFL;MAGJC,OAAO,EAAE,iBAHL;MAIJC,OAAO,EAAE,GAJL;MAKJC,UAAU,EAAE,IALR;MAMJqC,MAAM,EAAE,CAAC,IAAAC,sBAAA,EAAY,kCAAZ,CAAD,CANJ;MAOJrC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAAA,IAA8BrB,KAA9B,CAAoCsB,KAAK,gEAC7CA,KAD6C;UAEhDC,QAAQ,EAAE/D,MAAM,CAACyB;QAF+B,EAAzC;MADF,CAPT;MAaJuC,WAAW,EAAE,4DAbT;MAcJC,IAAI,EAAE,IAAIlC,MAAM,CAACmC,KAAP,CAAaC,YAAjB,CAA8B;QAChC,KAAK,IAAIpC,MAAM,CAACmC,KAAP,CAAaE,WAAjB,CACDC,IAAI,CAACC,IAAL,CAAUvE,GAAG,CAACwE,KAAJ,CAAUC,SAApB,EAA+B,2BAA/B,CADC;MAD2B,CAA9B,CAdF;MAmBJC,SAAS,EAAE1E,GAAG,CAACiD,SAAJ,CAAc0B,iBAAd,EAAyBC;IAnBhC;EAFwC,CAArC,CAAf;EAyBA,MAAMsB,kBAAkB,GAAGlG,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACiD,MAAJ,CAAW8C,kBAA3B,EAA+C;IACtE5F,IAAI,EAAE,gCADgE;IAEtEC,MAAM,EAAE;MACJ4F,YAAY,EAAE/C,MAAM,CAACxC,MAAP,CAAc0C,GADxB;MAEJ8C,cAAc,EAAEnG,KAAK,CAACqD,GAFlB;MAGJ+C,SAAS,EAAE;IAHP;EAF8D,CAA/C,CAA3B;EASA,OAAO;IACH3F,MADG;IAEHwC,IAFG;IAGHE,MAHG;IAIH6C;EAJG,CAAP;AAMH;;AAED,SAAS/E,kBAAT,CACInB,GADJ,EAEIW,MAFJ,EAGIV,MAHJ,EAIE;EACE,MAAM+C,IAAI,GAAGhD,GAAG,CAACiD,SAAJ,CAAcC,kBAAd,CAAb;EAEA,MAAMC,IAAI,GAAG,IAAAC,6BAAA,EAAiBpD,GAAjB,EAAsB;IAC/BO,IAAI,EAAE,sBADyB;IAE/BI,MAAM,EAAEA;EAFuB,CAAtB,CAAb;EAKA,MAAM0C,MAAM,GAAGrD,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACiD,MAAJ,CAAWC,QAA3B,EAAqC;IAChD/C,IAAI,EAAE,iBAD0C;IAEhDC,MAAM,EAAE;MACJ2C,IAAI,EAAEA,IAAI,CAACtC,MAAL,CAAY0C,GADd;MAEJC,OAAO,EAAE,YAFL;MAGJC,OAAO,EAAE,iBAHL;MAIJC,OAAO,EAAE,EAJL;MAKJC,UAAU,EAAE,GALR;MAMJC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAAA,IAA8BrB,KAA9B,CAAoCsB,KAAK,gEAC7CA,KAD6C;UAEhDC,QAAQ,EAAE/D,MAAM,CAACyB;QAF+B,EAAzC;MADF,CANT;MAYJuC,WAAW,EAAE,yCAZT;MAaJC,IAAI,EAAE,IAAIlC,MAAM,CAACmC,KAAP,CAAaC,YAAjB,CAA8B;QAChC,KAAK,IAAIpC,MAAM,CAACmC,KAAP,CAAaE,WAAjB,CACDC,IAAI,CAACC,IAAL,CAAUvE,GAAG,CAACwE,KAAJ,CAAUC,SAApB,EAA+B,0BAA/B,CADC;MAD2B,CAA9B,CAbF;MAkBJC,SAAS,EAAE1E,GAAG,CAACiD,SAAJ,CAAc0B,iBAAd,EAAyBC;IAlBhC;EAFwC,CAArC,CAAf;EAwBA,MAAMC,SAAS,GAAG7E,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAAC0E,UAAJ,CAAeC,SAA/B,EAA0C;IACxDxE,IAAI,EAAE,qBADkD;IAExDC,MAAM,EAAE;MACJwE,YAAY,EAAEhC,IAAI,CAACiC,WADf;MAEJC,YAAY,EAAEvC,IAAI,CAACC,SAAL,CAAe;QACzB,eAAe,CAAC,YAAD;MADU,CAAf;IAFV;EAFgD,CAA1C,CAAlB;EAUA,MAAMuC,eAAe,GAAGnF,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACiD,MAAJ,CAAW+B,UAA3B,EAAuC;IAC3D7E,IAAI,EAAE,2BADqD;IAE3DC,MAAM,EAAE;MACJ6E,MAAM,EAAE,uBADJ;MAEJC,QAAQ,EAAEjC,MAAM,CAACxC,MAAP,CAAc0C,GAFpB;MAGJgC,SAAS,EAAE,sBAHP;MAIJC,SAAS,EAAEX,SAAS,CAAChE,MAAV,CAAiB0C;IAJxB;EAFmD,CAAvC,CAAxB;EAUA,MAAMkC,WAAW,GAAGzF,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAAC0E,UAAJ,CAAeY,WAA/B,EAA4C;IAC5DnF,IAAI,EAAE,uBADsD;IAE5DC,MAAM,EAAE;MACJmF,IAAI,EAAEd,SAAS,CAAChE,MAAV,CAAiBN,IADnB;MAEJyE,YAAY,EAAEhC,IAAI,CAACiC,WAFf;MAGJ1B,GAAG,EAAEF,MAAM,CAACxC,MAAP,CAAc0C;IAHf;EAFoD,CAA5C,CAApB;EASA,OAAO;IACH5C,MADG;IAEHwC,IAFG;IAGHE,MAHG;IAIHwB,SAJG;IAKHM,eALG;IAMHM;EANG,CAAP;AAQH;;AAED,SAAS7E,kBAAT,CACIZ,GADJ,EAEIE,KAFJ,EAGID,MAHJ,EAIE;EACE,MAAM+C,IAAI,GAAGhD,GAAG,CAACiD,SAAJ,CAAcC,kBAAd,CAAb;EACA,MAAMqD,YAAY,GAAG,IAAAC,yBAAA,EAAgBxG,GAAhB,CAArB;EAEA,OAAOA,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACyF,GAAJ,CAAQY,MAAxB,EAAgC;IACnClG,IAAI,EAAE,kBAD6B;IAEnCC,MAAM,EAAE;MACJyD,WAAW,EAAE,wEADT;MAEJtD,MAAM,EAAE;QACJ+F,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,uBADT;UAEIC,MAAM,EAAE,OAFZ;UAGIC,MAAM,EAAE,CACJ,uBADI,EAEJ,yBAFI,EAGJ,qBAHI,EAIJ,kBAJI,EAKJ,kBALI,EAMJ,gBANI,EAOJ,eAPI,EAQJ,qBARI,CAHZ;UAaIC,QAAQ,EAAE/D,IAAI,CAACP,KAAL,CAAWuE,CAAC,IAAI;YACtB;YACA,MAAMC,SAAS,GAAG,CACb,GAAED,CAAC,CAACE,uBAAwB,EADf,EAEb,GAAEF,CAAC,CAACE,uBAAwB,IAFf,CAAlB,CAFsB,CAOtB;;YACA,IAAIF,CAAC,CAACG,6BAAN,EAAqC;cACjCF,SAAS,CAACG,IAAV,CACK,GAAEJ,CAAC,CAACG,6BAA8B,EADvC,EAEK,GAAEH,CAAC,CAACG,6BAA8B,IAFvC;YAIH;;YAED,OAAOF,SAAP;UACH,CAhBS;QAbd,CADO,EAgCP;UACIL,GAAG,EAAE,iBADT;UAEIC,MAAM,EAAE,OAFZ;UAGIC,MAAM,EAAE,CAAC,iBAAD,EAAoB,cAApB,EAAoC,cAApC,CAHZ;UAIIC,QAAQ,EAAE,CAAC/E,MAAM,CAACC,WAAY,gBAAehC,MAAM,CAACqC,MAAO,IAAjD;QAJd,CAhCO,EAsCP;UACIsE,GAAG,EAAE,yBADT;UAEIC,MAAM,EAAE,OAFZ;UAGIC,MAAM,EAAE,+BAHZ;UAIIC,QAAQ,EAAE/E,MAAM,CAACC,WAAY,uBAAsBsE,YAAa;QAJpE,CAtCO,EA4CP;UACIK,GAAG,EAAE,kBADT;UAEIC,MAAM,EAAE,OAFZ;UAGIC,MAAM,EAAE,CAAC,iBAAD,EAAoB,sBAApB,CAHZ;UAIIC,QAAQ,EAAE7G,KAAK,CAACqD;QAJpB,CA5CO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AA4DH"}

package/apps/website/createWebsitePulumiApp.d.ts

@@ -0,0 +1,74 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as aws from "@pulumi/aws";
+import { PulumiAppParamCallback, PulumiAppParam } from "@webiny/pulumi";
+import { CustomDomainParams } from "../customDomain";
+export declare type WebsitePulumiApp = ReturnType<typeof createWebsitePulumiApp>;
+export interface CreateWebsitePulumiAppParams {
+    /**
+     * Custom domain(s) configuration.
+     */
+    domains?: PulumiAppParamCallback<CustomDomainParams>;
+    /**
+     * Custom preview domain(s) configuration.
+     */
+    previewDomains?: PulumiAppParamCallback<CustomDomainParams>;
+    /**
+     * Enables or disables VPC for the API.
+     * For VPC to work you also have to enable it in the `core` application.
+     */
+    vpc?: PulumiAppParam<boolean | undefined>;
+    /**
+     * Provides a way to adjust existing Pulumi code (cloud infrastructure resources)
+     * or add additional ones into the mix.
+     */
+    pulumi?: (app: WebsitePulumiApp) => void | Promise<void>;
+    /**
+     * Prefixes names of all Pulumi cloud infrastructure resource with given prefix.
+     */
+    pulumiResourceNamePrefix?: PulumiAppParam<string>;
+}
+export declare const createWebsitePulumiApp: (projectAppParams?: CreateWebsitePulumiAppParams) => import("@webiny/pulumi").PulumiApp<{
+    prerendering: {
+        subscriber: {
+            policy: pulumi.Output<import("@pulumi/aws/iam/policy").Policy>;
+            role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
+            lambda: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
+            eventRule: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventRule").EventRule>;
+            eventPermission: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/permission").Permission>;
+            eventTarget: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventTarget").EventTarget>;
+        };
+        renderer: {
+            policy: pulumi.Output<import("@pulumi/aws/iam/policy").Policy>;
+            role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
+            lambda: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
+            eventSourceMapping: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/eventSourceMapping").EventSourceMapping>;
+        };
+        flush: {
+            policy: pulumi.Output<import("@pulumi/aws/iam/policy").Policy>;
+            role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
+            lambda: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
+            eventRule: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventRule").EventRule>;
+            eventPermission: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/permission").Permission>;
+            eventTarget: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventTarget").EventTarget>;
+        };
+        settings: {
+            tableItem: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/tableItem").TableItem>;
+        };
+    };
+    app: {
+        cloudfront: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/distribution").Distribution>;
+        bucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
+        originIdentity: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/originAccessIdentity").OriginAccessIdentity>;
+        origin: aws.types.input.cloudfront.DistributionOrigin;
+        bucketPublicAccessBlock: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPublicAccessBlock").BucketPublicAccessBlock>;
+        bucketPolicy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPolicy").BucketPolicy>;
+    };
+    delivery: {
+        cloudfront: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/distribution").Distribution>;
+        bucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
+        originIdentity: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/originAccessIdentity").OriginAccessIdentity>;
+        origin: aws.types.input.cloudfront.DistributionOrigin;
+        bucketPublicAccessBlock: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPublicAccessBlock").BucketPublicAccessBlock>;
+        bucketPolicy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPolicy").BucketPolicy>;
+    };
+}> & import("../lambdaUtils").WithCommonLambdaEnvVariables;

package/apps/website/createWebsitePulumiApp.js

@@ -0,0 +1,246 @@
+"use strict";
+
+var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
+
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault").default;
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.createWebsitePulumiApp = void 0;
+
+var _objectSpread2 = _interopRequireDefault(require("@babel/runtime/helpers/objectSpread2"));
+
+var pulumi = _interopRequireWildcard(require("@pulumi/pulumi"));
+
+var aws = _interopRequireWildcard(require("@pulumi/aws"));
+
+var _fs = _interopRequireDefault(require("fs"));
+
+var _pulumi2 = require("@webiny/pulumi");
+
+var _createAppBucket = require("../createAppBucket");
+
+var _customDomain = require("../customDomain");
+
+var _WebsitePrerendering = require("./WebsitePrerendering");
+
+var _ = require("./..");
+
+var _utils = require("../../utils");
+
+var _tenantRouter = require("../tenantRouter");
+
+const createWebsitePulumiApp = (projectAppParams = {}) => {
+  const app = (0, _pulumi2.createPulumiApp)({
+    name: "website",
+    path: "apps/website",
+    config: projectAppParams,
+    program: async app => {
+      const pulumiResourceNamePrefix = app.getParam(projectAppParams.pulumiResourceNamePrefix);
+
+      if (pulumiResourceNamePrefix) {
+        app.onResource(resource => {
+          if (!resource.name.startsWith(pulumiResourceNamePrefix)) {
+            resource.name = `${pulumiResourceNamePrefix}${resource.name}`;
+          }
+        });
+      } // Overrides must be applied via a handler, registered at the very start of the program.
+      // By doing this, we're ensuring user's adjustments are not applied to late.
+
+
+      if (projectAppParams.pulumi) {
+        app.addHandler(() => {
+          return projectAppParams.pulumi(app);
+        });
+      }
+
+      const prod = app.params.run.env === "prod"; // Register core output as a module available for all other modules
+
+      const core = app.addModule(_.CoreOutput); // Register VPC config module to be available to other modules.
+
+      const vpcEnabled = app.getParam(projectAppParams === null || projectAppParams === void 0 ? void 0 : projectAppParams.vpc) ?? prod;
+      app.addModule(_.VpcConfig, {
+        enabled: vpcEnabled
+      });
+      const appBucket = (0, _createAppBucket.createPrivateAppBucket)(app, "app");
+      const appCloudfront = app.addResource(aws.cloudfront.Distribution, {
+        name: "app",
+        config: {
+          enabled: true,
+          waitForDeployment: true,
+          origins: [appBucket.origin],
+          defaultRootObject: "index.html",
+          defaultCacheBehavior: {
+            compress: true,
+            targetOriginId: appBucket.origin.originId,
+            viewerProtocolPolicy: "redirect-to-https",
+            allowedMethods: ["GET", "HEAD", "OPTIONS"],
+            cachedMethods: ["GET", "HEAD", "OPTIONS"],
+            forwardedValues: {
+              cookies: {
+                forward: "none"
+              },
+              queryString: false
+            },
+            // MinTTL <= DefaultTTL <= MaxTTL
+            minTtl: 0,
+            defaultTtl: 0,
+            maxTtl: 0
+          },
+          priceClass: "PriceClass_100",
+          customErrorResponses: [{
+            errorCode: 404,
+            responseCode: 404,
+            responsePagePath: "/index.html"
+          }],
+          restrictions: {
+            geoRestriction: {
+              restrictionType: "none"
+            }
+          },
+          viewerCertificate: {
+            cloudfrontDefaultCertificate: true
+          }
+        }
+      });
+      const deliveryBucket = (0, _createAppBucket.createPrivateAppBucket)(app, "delivery");
+      /**
+       * We need to have a Cloudfront Function to perform a simple request rewrite, so the request always includes
+       * an "/index.html". This is necessary because our buckets are not "website" buckets, and we need to
+       * have an exact object key when requesting page paths.
+       */
+
+      const viewerRequest = app.addResource(aws.cloudfront.Function, {
+        name: "cfViewerRequest",
+        config: {
+          runtime: "cloudfront-js-1.0",
+          publish: true,
+          code: _fs.default.readFileSync(__dirname + `/deliveryViewerRequest.js`, "utf8")
+        }
+      });
+      const deliveryCloudfront = app.addResource(aws.cloudfront.Distribution, {
+        name: "delivery",
+        config: {
+          enabled: true,
+          waitForDeployment: true,
+          origins: [deliveryBucket.origin, appBucket.origin],
+          defaultRootObject: "index.html",
+          defaultCacheBehavior: {
+            compress: true,
+            targetOriginId: deliveryBucket.origin.originId,
+            viewerProtocolPolicy: "redirect-to-https",
+            allowedMethods: ["GET", "HEAD", "OPTIONS"],
+            cachedMethods: ["GET", "HEAD", "OPTIONS"],
+            originRequestPolicyId: "",
+            forwardedValues: {
+              cookies: {
+                forward: "none"
+              },
+              queryString: true
+            },
+            // MinTTL <= DefaultTTL <= MaxTTL
+            minTtl: 0,
+            defaultTtl: 30,
+            maxTtl: 30,
+            functionAssociations: [{
+              functionArn: viewerRequest.output.arn,
+              eventType: "viewer-request"
+            }]
+          },
+          orderedCacheBehaviors: [{
+            compress: true,
+            allowedMethods: ["GET", "HEAD", "OPTIONS"],
+            cachedMethods: ["GET", "HEAD", "OPTIONS"],
+            forwardedValues: {
+              cookies: {
+                forward: "none"
+              },
+              headers: [],
+              queryString: false
+            },
+            pathPattern: "/static/*",
+            viewerProtocolPolicy: "allow-all",
+            targetOriginId: appBucket.origin.originId,
+            // MinTTL <= DefaultTTL <= MaxTTL
+            minTtl: 0,
+            defaultTtl: 2592000,
+            // 30 days
+            maxTtl: 2592000
+          }],
+          customErrorResponses: [{
+            errorCode: 404,
+            responseCode: 404,
+            responsePagePath: "/_NOT_FOUND_PAGE_/index.html"
+          }],
+          priceClass: "PriceClass_100",
+          restrictions: {
+            geoRestriction: {
+              restrictionType: "none"
+            }
+          },
+          viewerCertificate: {
+            cloudfrontDefaultCertificate: true
+          }
+        }
+      });
+      const prerendering = (0, _WebsitePrerendering.createPrerenderingService)(app, {
+        dbTableName: core.primaryDynamodbTableName,
+        dbTableHashKey: core.primaryDynamodbTableHashKey,
+        dbTableRangeKey: core.primaryDynamodbTableRangeKey,
+        appUrl: pulumi.interpolate`https://${appCloudfront.output.domainName}`,
+        deliveryUrl: pulumi.interpolate`https://${deliveryCloudfront.output.domainName}`,
+        bucket: deliveryBucket.bucket.output.bucket,
+        cloudfrontId: deliveryCloudfront.output.id
+      });
+      const domains = app.getParam(projectAppParams.domains);
+
+      if (domains) {
+        (0, _customDomain.applyCustomDomain)(deliveryCloudfront, domains);
+      }
+
+      const previewDomains = app.getParam(projectAppParams.previewDomains);
+
+      if (previewDomains) {
+        (0, _customDomain.applyCustomDomain)(appCloudfront, previewDomains);
+      }
+
+      if (process.env.WCP_PROJECT_ENVIRONMENT || process.env.WEBINY_MULTI_TENANCY === "true") {
+        (0, _tenantRouter.applyTenantRouter)(app, deliveryCloudfront);
+      }
+
+      app.addOutputs({
+        // Cloudfront and S3 bucket used to host the single-page application (SPA). The URL of the distribution is mainly
+        // utilized by the Page Builder app's prerendering engine. Using this URL, it accesses the SPA and creates HTML snapshots.
+        // The files that are generated in that process are stored in the `deliveryStorage` S3 bucket further below.
+        appId: appCloudfront.output.id,
+        appStorage: appBucket.bucket.output.id,
+        appUrl: appCloudfront.output.domainName.apply(value => `https://${value}`),
+        appDomain: appCloudfront.output.domainName,
+        // These are the Cloudfront and S3 bucket that will deliver static pages to the actual website visitors.
+        // The static HTML snapshots delivered from them still rely on the app's S3 bucket
+        // defined above, for serving static assets (JS, CSS, images).
+        deliveryId: deliveryCloudfront.output.id,
+        deliveryStorage: deliveryBucket.bucket.output.id,
+        deliveryDomain: deliveryCloudfront.output.domainName,
+        deliveryUrl: deliveryCloudfront.output.domainName.apply(value => `https://${value}`)
+      });
+      (0, _utils.tagResources)({
+        WbyProjectName: String(process.env["WEBINY_PROJECT_NAME"]),
+        WbyEnvironment: String(process.env["WEBINY_ENV"])
+      });
+      return {
+        prerendering,
+        app: (0, _objectSpread2.default)((0, _objectSpread2.default)({}, appBucket), {}, {
+          cloudfront: appCloudfront
+        }),
+        delivery: (0, _objectSpread2.default)((0, _objectSpread2.default)({}, deliveryBucket), {}, {
+          cloudfront: deliveryCloudfront
+        })
+      };
+    }
+  });
+  return (0, _utils.withCommonLambdaEnvVariables)(app);
+};
+
+exports.createWebsitePulumiApp = createWebsitePulumiApp;