@webiny/pulumi-aws 5.26.0 → 5.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (95) hide show
  1. package/apps/admin/AdminApp.d.ts +1 -1
  2. package/apps/admin/AdminApp.js +20 -1
  3. package/apps/admin/AdminApp.js.map +1 -1
  4. package/apps/api/ApiApp.d.ts +11 -14
  5. package/apps/api/ApiApp.js +62 -67
  6. package/apps/api/ApiApp.js.map +1 -1
  7. package/apps/api/ApiApwScheduler.d.ts +0 -2
  8. package/apps/api/ApiApwScheduler.js +14 -8
  9. package/apps/api/ApiApwScheduler.js.map +1 -1
  10. package/apps/api/ApiCloudfront.js +2 -2
  11. package/apps/api/ApiCloudfront.js.map +1 -1
  12. package/apps/api/ApiFileManager.d.ts +1 -8
  13. package/apps/api/ApiFileManager.js +31 -32
  14. package/apps/api/ApiFileManager.js.map +1 -1
  15. package/apps/api/ApiGraphql.d.ts +0 -10
  16. package/apps/api/ApiGraphql.js +59 -39
  17. package/apps/api/ApiGraphql.js.map +1 -1
  18. package/apps/api/ApiHeadlessCMS.d.ts +0 -4
  19. package/apps/api/ApiHeadlessCMS.js +30 -20
  20. package/apps/api/ApiHeadlessCMS.js.map +1 -1
  21. package/apps/api/ApiPageBuilder.d.ts +0 -8
  22. package/apps/api/ApiPageBuilder.js +79 -60
  23. package/apps/api/ApiPageBuilder.js.map +1 -1
  24. package/apps/common/StorageOutput.d.ts +21 -0
  25. package/apps/common/StorageOutput.js +50 -0
  26. package/apps/common/StorageOutput.js.map +1 -0
  27. package/apps/common/VpcConfig.d.ts +8 -0
  28. package/apps/common/VpcConfig.js +37 -0
  29. package/apps/common/VpcConfig.js.map +1 -0
  30. package/apps/common/index.d.ts +2 -0
  31. package/apps/common/index.js +31 -0
  32. package/apps/common/index.js.map +1 -0
  33. package/apps/gateway/GatewayApi.d.ts +17 -0
  34. package/apps/gateway/GatewayApi.js +187 -0
  35. package/apps/gateway/GatewayApi.js.map +1 -0
  36. package/apps/gateway/GatewayApp.d.ts +25 -0
  37. package/apps/gateway/GatewayApp.js +85 -0
  38. package/apps/gateway/GatewayApp.js.map +1 -0
  39. package/apps/gateway/GatewayLambdas.d.ts +13 -0
  40. package/apps/gateway/GatewayLambdas.js +92 -0
  41. package/apps/gateway/GatewayLambdas.js.map +1 -0
  42. package/apps/gateway/GatewayReactApp.d.ts +17 -0
  43. package/apps/gateway/GatewayReactApp.js +163 -0
  44. package/apps/gateway/GatewayReactApp.js.map +1 -0
  45. package/apps/index.d.ts +1 -0
  46. package/apps/index.js +14 -0
  47. package/apps/index.js.map +1 -1
  48. package/apps/{api/ApiLambdaUtils.d.ts → lambdaUtils.d.ts} +6 -3
  49. package/apps/lambdaUtils.js +75 -0
  50. package/apps/lambdaUtils.js.map +1 -0
  51. package/apps/storage/StorageApp.d.ts +42 -5
  52. package/apps/storage/StorageApp.js +27 -9
  53. package/apps/storage/StorageApp.js.map +1 -1
  54. package/apps/storage/StorageElasticSearch.d.ts +15 -0
  55. package/apps/storage/StorageElasticSearch.js +242 -0
  56. package/apps/storage/StorageElasticSearch.js.map +1 -0
  57. package/apps/storage/StorageEventBus.d.ts +2 -0
  58. package/apps/{api/ApiLambdaUtils.js → storage/StorageEventBus.js} +15 -33
  59. package/apps/storage/StorageEventBus.js.map +1 -0
  60. package/apps/{api/ApiVpc.d.ts → storage/StorageVpc.d.ts} +4 -4
  61. package/apps/storage/StorageVpc.js +145 -0
  62. package/apps/storage/StorageVpc.js.map +1 -0
  63. package/apps/storage/index.d.ts +2 -0
  64. package/apps/storage/index.js +26 -0
  65. package/apps/storage/index.js.map +1 -1
  66. package/apps/utils.d.ts +5 -0
  67. package/apps/utils.js +14 -0
  68. package/apps/utils.js.map +1 -0
  69. package/apps/website/WebsiteApp.d.ts +33 -3
  70. package/apps/website/WebsiteApp.js +57 -5
  71. package/apps/website/WebsiteApp.js.map +1 -1
  72. package/apps/website/WebsiteHookRender.js +20 -22
  73. package/apps/website/WebsiteHookRender.js.map +1 -1
  74. package/apps/website/WebsitePrerendering.d.ts +31 -0
  75. package/apps/website/WebsitePrerendering.js +266 -0
  76. package/apps/website/WebsitePrerendering.js.map +1 -0
  77. package/apps/website/WebsiteUpload.d.ts +6 -0
  78. package/apps/website/WebsiteUpload.js +50 -0
  79. package/apps/website/WebsiteUpload.js.map +1 -0
  80. package/package.json +9 -8
  81. package/apps/api/ApiLambdaUtils.js.map +0 -1
  82. package/apps/api/ApiPrerendering.d.ts +0 -24
  83. package/apps/api/ApiPrerendering.js +0 -200
  84. package/apps/api/ApiPrerendering.js.map +0 -1
  85. package/apps/api/ApiVpc.js +0 -129
  86. package/apps/api/ApiVpc.js.map +0 -1
  87. package/apps/getStorageOutput.d.ts +0 -13
  88. package/apps/getStorageOutput.js +0 -29
  89. package/apps/getStorageOutput.js.map +0 -1
  90. package/apps/website/WebsiteHookUpdatePbSettings.d.ts +0 -5
  91. package/apps/website/WebsiteHookUpdatePbSettings.js +0 -80
  92. package/apps/website/WebsiteHookUpdatePbSettings.js.map +0 -1
  93. package/apps/website/WebsiteHookUpload.d.ts +0 -1
  94. package/apps/website/WebsiteHookUpload.js +0 -65
  95. package/apps/website/WebsiteHookUpload.js.map +0 -1
package/apps/api/ApiHeadlessCMS.js CHANGED
@@ -17,7 +17,9 @@ var aws = _interopRequireWildcard(require("@pulumi/aws"));
17
17
 
18
18
  var _pulumiSdk = require("@webiny/pulumi-sdk");
19
19
 
20
- var _ApiLambdaUtils = require("./ApiLambdaUtils");
20
+ var _lambdaUtils = require("../lambdaUtils");
21
+
22
+ var _common = require("../common");
21
23
 
22
24
  function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
23
25
 
@@ -31,11 +33,10 @@ const ApiHeadlessCMS = (0, _pulumiSdk.defineAppModule)({
31
33
  name: "ApiHeadlessCMS",
32
34
 
33
35
  config(app, params) {
34
- const policy = createHeadlessCmsLambdaPolicy(app, params);
35
- const role = (0, _ApiLambdaUtils.createLambdaRole)(app, {
36
+ const policy = createHeadlessCmsLambdaPolicy(app);
37
+ const role = (0, _lambdaUtils.createLambdaRole)(app, {
36
38
  name: "headless-cms-lambda-role",
37
- policy: policy.output,
38
- vpc: params.vpc
39
+ policy: policy.output
39
40
  });
40
41
  const graphql = app.addResource(aws.lambda.Function, {
41
42
  name: "headless-cms",
@@ -49,14 +50,11 @@ const ApiHeadlessCMS = (0, _pulumiSdk.defineAppModule)({
49
50
  ".": new pulumi.asset.FileArchive(_path.default.join(app.ctx.appDir, "code/headlessCMS/build"))
50
51
  }),
51
52
  environment: {
52
- variables: _objectSpread(_objectSpread({}, params.env), {}, {
53
+ variables: _objectSpread(_objectSpread(_objectSpread({}, (0, _lambdaUtils.getCommonLambdaEnvVariables)(app)), params.env), {}, {
53
54
  AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1"
54
55
  })
55
56
  },
56
- vpcConfig: params.vpc ? {
57
- subnetIds: params.vpc.subnets.private.map(subNet => subNet.output.id),
58
- securityGroupIds: [params.vpc.vpc.output.defaultSecurityGroupId]
59
- } : undefined
57
+ vpcConfig: app.getModule(_common.VpcConfig).functionVpcConfig
60
58
  }
61
59
  });
62
60
  return {
@@ -71,20 +69,32 @@ const ApiHeadlessCMS = (0, _pulumiSdk.defineAppModule)({
71
69
  });
72
70
  exports.ApiHeadlessCMS = ApiHeadlessCMS;
73
71
 
74
- function createHeadlessCmsLambdaPolicy(app, params) {
72
+ function createHeadlessCmsLambdaPolicy(app) {
73
+ const storageOutput = app.getModule(_common.StorageOutput);
75
74
  return app.addResource(aws.iam.Policy, {
76
75
  name: "HeadlessCmsLambdaPolicy",
77
76
  config: {
78
77
  description: "This policy enables access to Dynamodb streams",
79
- policy: {
80
- Version: "2012-10-17",
81
- Statement: [{
82
- Sid: "PermissionDynamodb",
83
- Effect: "Allow",
84
- Action: ["dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:ConditionCheckItem", "dynamodb:CreateBackup", "dynamodb:CreateTable", "dynamodb:CreateTableReplica", "dynamodb:DeleteBackup", "dynamodb:DeleteItem", "dynamodb:DeleteTable", "dynamodb:DeleteTableReplica", "dynamodb:DescribeBackup", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeContributorInsights", "dynamodb:DescribeExport", "dynamodb:DescribeKinesisStreamingDestination", "dynamodb:DescribeLimits", "dynamodb:DescribeReservedCapacity", "dynamodb:DescribeReservedCapacityOfferings", "dynamodb:DescribeStream", "dynamodb:DescribeTable", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "dynamodb:DisableKinesisStreamingDestination", "dynamodb:EnableKinesisStreamingDestination", "dynamodb:ExportTableToPointInTime", "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListBackups", "dynamodb:ListContributorInsights", "dynamodb:ListExports", "dynamodb:ListStreams", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLSelect", "dynamodb:PartiQLUpdate", "dynamodb:PurchaseReservedCapacityOfferings", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:RestoreTableFromBackup", "dynamodb:RestoreTableToPointInTime", "dynamodb:Scan", "dynamodb:UpdateContinuousBackups", "dynamodb:UpdateContributorInsights", "dynamodb:UpdateItem", "dynamodb:UpdateTable", "dynamodb:UpdateTableReplicaAutoScaling", "dynamodb:UpdateTimeToLive"],
85
- Resource: [pulumi.interpolate`${params.primaryDynamodbTableArn}`, pulumi.interpolate`${params.primaryDynamodbTableArn}/*`]
86
- }]
87
- }
78
+ // Storage is pulumi.Output, so we need to run apply() to resolve policy based on it
79
+ policy: storageOutput.apply(storage => {
80
+ const policy = {
81
+ Version: "2012-10-17",
82
+ Statement: [{
83
+ Sid: "PermissionDynamodb",
84
+ Effect: "Allow",
85
+ Action: ["dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:ConditionCheckItem", "dynamodb:CreateBackup", "dynamodb:CreateTable", "dynamodb:CreateTableReplica", "dynamodb:DeleteBackup", "dynamodb:DeleteItem", "dynamodb:DeleteTable", "dynamodb:DeleteTableReplica", "dynamodb:DescribeBackup", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeContributorInsights", "dynamodb:DescribeExport", "dynamodb:DescribeKinesisStreamingDestination", "dynamodb:DescribeLimits", "dynamodb:DescribeReservedCapacity", "dynamodb:DescribeReservedCapacityOfferings", "dynamodb:DescribeStream", "dynamodb:DescribeTable", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "dynamodb:DisableKinesisStreamingDestination", "dynamodb:EnableKinesisStreamingDestination", "dynamodb:ExportTableToPointInTime", "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListBackups", "dynamodb:ListContributorInsights", "dynamodb:ListExports", "dynamodb:ListStreams", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLSelect", "dynamodb:PartiQLUpdate", "dynamodb:PurchaseReservedCapacityOfferings", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:RestoreTableFromBackup", "dynamodb:RestoreTableToPointInTime", "dynamodb:Scan", "dynamodb:UpdateContinuousBackups", "dynamodb:UpdateContributorInsights", "dynamodb:UpdateItem", "dynamodb:UpdateTable", "dynamodb:UpdateTableReplicaAutoScaling", "dynamodb:UpdateTimeToLive"],
86
+ Resource: [`${storage.primaryDynamodbTableArn}`, `${storage.primaryDynamodbTableArn}/*`, // Attach permissions for elastic search dynamo as well (if ES is enabled).
87
+ ...(storage.elasticsearchDynamodbTableArn ? [`${storage.elasticsearchDynamodbTableArn}`, `${storage.elasticsearchDynamodbTableArn}/*`] : [])]
88
+ }, // Attach permissions for elastic search domain as well (if ES is enabled).
89
+ ...(storage.elasticsearchDomainArn ? [{
90
+ Sid: "PermissionForES",
91
+ Effect: "Allow",
92
+ Action: "es:*",
93
+ Resource: [`${storage.elasticsearchDomainArn}`, `${storage.elasticsearchDomainArn}/*`]
94
+ }] : [])]
95
+ };
96
+ return policy;
97
+ })
88
98
  }
89
99
  });
90
100
  }
package/apps/api/ApiHeadlessCMS.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["ApiHeadlessCMS.ts"],"names":["ApiHeadlessCMS","name","config","app","params","policy","createHeadlessCmsLambdaPolicy","role","output","vpc","graphql","addResource","aws","lambda","Function","runtime","handler","arn","timeout","memorySize","code","pulumi","asset","AssetArchive","FileArchive","path","join","ctx","appDir","environment","variables","env","AWS_NODEJS_CONNECTION_REUSE_ENABLED","vpcConfig","subnetIds","subnets","private","map","subNet","id","securityGroupIds","defaultSecurityGroupId","undefined","functions","iam","Policy","description","Version","Statement","Sid","Effect","Action","Resource","interpolate","primaryDynamodbTableArn"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AAEA;;AAGA;;;;;;;;;;AAUO,MAAMA,cAAc,GAAG,gCAAgB;AAC1CC,EAAAA,IAAI,EAAE,gBADoC;;AAE1CC,EAAAA,MAAM,CAACC,GAAD,EAAiBC,MAAjB,EAA4C;AAC9C,UAAMC,MAAM,GAAGC,6BAA6B,CAACH,GAAD,EAAMC,MAAN,CAA5C;AACA,UAAMG,IAAI,GAAG,sCAAiBJ,GAAjB,EAAsB;AAC/BF,MAAAA,IAAI,EAAE,0BADyB;AAE/BI,MAAAA,MAAM,EAAEA,MAAM,CAACG,MAFgB;AAG/BC,MAAAA,GAAG,EAAEL,MAAM,CAACK;AAHmB,KAAtB,CAAb;AAMA,UAAMC,OAAO,GAAGP,GAAG,CAACQ,WAAJ,CAAgBC,GAAG,CAACC,MAAJ,CAAWC,QAA3B,EAAqC;AACjDb,MAAAA,IAAI,EAAE,cAD2C;AAEjDC,MAAAA,MAAM,EAAE;AACJa,QAAAA,OAAO,EAAE,YADL;AAEJC,QAAAA,OAAO,EAAE,iBAFL;AAGJT,QAAAA,IAAI,EAAEA,IAAI,CAACC,MAAL,CAAYS,GAHd;AAIJC,QAAAA,OAAO,EAAE,EAJL;AAKJC,QAAAA,UAAU,EAAE,GALR;AAMJC,QAAAA,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;AAChC,eAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,cAAKC,IAAL,CAAUvB,GAAG,CAACwB,GAAJ,CAAQC,MAAlB,EAA0B,wBAA1B,CADC;AAD2B,SAA9B,CANF;AAWJC,QAAAA,WAAW,EAAE;AACTC,UAAAA,SAAS,kCACF1B,MAAM,CAAC2B,GADL;AAELC,YAAAA,mCAAmC,EAAE;AAFhC;AADA,SAXT;AAiBJC,QAAAA,SAAS,EAAE7B,MAAM,CAACK,GAAP,GACL;AACIyB,UAAAA,SAAS,EAAE9B,MAAM,CAACK,GAAP,CAAW0B,OAAX,CAAmBC,OAAnB,CAA2BC,GAA3B,CAA+BC,MAAM,IAAIA,MAAM,CAAC9B,MAAP,CAAc+B,EAAvD,CADf;AAEIC,UAAAA,gBAAgB,EAAE,CAACpC,MAAM,CAACK,GAAP,CAAWA,GAAX,CAAeD,MAAf,CAAsBiC,sBAAvB;AAFtB,SADK,GAKLC;AAtBF;AAFyC,KAArC,CAAhB;AA4BA,WAAO;AACHnC,MAAAA,IADG;AAEHF,MAAAA,MAFG;AAGHsC,MAAAA,SAAS,EAAE;AACPjC,QAAAA;AADO;AAHR,KAAP;AAOH;;AA7CyC,CAAhB,CAAvB;;;AAgDP,SAASJ,6BAAT,CAAuCH,GAAvC,EAAuDC,MAAvD,EAAkF;AAC9E,SAAOD,GAAG,CAACQ,WAAJ,CAAgBC,GAAG,CAACgC,GAAJ,CAAQC,MAAxB,EAAgC;AACnC5C,IAAAA,IAAI,EAAE,yBAD6B;AAEnCC,IAAAA,MAAM,EAAE;AACJ4C,MAAAA,WAAW,EAAE,gDADT;AAEJzC,MAAAA,MAAM,EAAE;AACJ0C,QAAAA,OAAO,EAAE,YADL;AAEJC,QAAAA,SAAS,EAAE,CACP;AACIC,UAAAA,GAAG,EAAE,oBADT;AAEIC,UAAAA,MAAM,EAAE,OAFZ;AAGIC,UAAAA,MAAM,EAAE,CACJ,uBADI,EAEJ,yBAFI,EAGJ,6BAHI,EAIJ,uBAJI,EAKJ,sBALI,EAMJ,6BANI,EAOJ,uBAPI,EAQJ,qBARI,EASJ,sBATI,EAUJ,6BAVI,EAWJ,yBAXI,EAYJ,oCAZI,EAaJ,sCAbI,EAcJ,yBAdI,EAeJ,8CAfI,EAgBJ,yBAhBI,EAiBJ,mCAjBI,EAkBJ,4CAlBI,EAmBJ,yBAnBI,EAoBJ,wBApBI,EAqBJ,0CArBI,EAsBJ,6BAtBI,EAuBJ,6CAvBI,EAwBJ,4CAxBI,EAyBJ,mCAzBI,EA0BJ,kBA1BI,EA2BJ,qBA3BI,EA4BJ,2BA5BI,EA6BJ,sBA7BI,EA8BJ,kCA9BI,EA+BJ,sBA/BI,EAgCJ,sBAhCI,EAiCJ,qBAjCI,EAkCJ,6BAlCI,EAmCJ,wBAnCI,EAoCJ,wBApCI,EAqCJ,wBArCI,EAsCJ,wBAtCI,EAuCJ,4CAvCI,EAwCJ,kBAxCI,EAyCJ,gBAzCI,EA0CJ,iCA1CI,EA2CJ,oCA3CI,EA4CJ,eA5CI,EA6CJ,kCA7CI,EA8CJ,oCA9CI,EA+CJ,qBA/CI,EAgDJ,sBAhDI,EAiDJ,wCAjDI,EAkDJ,2BAlDI,CAHZ;AAuDIC,UAAAA,QAAQ,EAAE,CACN/B,MAAM,CAACgC,WAAY,GAAEjD,MAAM,CAACkD,uBAAwB,EAD9C,EAENjC,MAAM,CAACgC,WAAY,GAAEjD,MAAM,CAACkD,uBAAwB,IAF9C;AAvDd,SADO;AAFP;AAFJ;AAF2B,GAAhC,CAAP;AAuEH","sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nimport { defineAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi-sdk\";\n\nimport { Vpc } from \"./ApiVpc\";\nimport { createLambdaRole } from \"./ApiLambdaUtils\";\n\ninterface HeadlessCMSParams {\n env: Record<string, any>;\n primaryDynamodbTableArn: pulumi.Input<string>;\n vpc: Vpc | undefined;\n}\n\nexport type ApiHeadlessCMS = PulumiAppModule<typeof ApiHeadlessCMS>;\n\nexport const ApiHeadlessCMS = defineAppModule({\n name: \"ApiHeadlessCMS\",\n config(app: PulumiApp, params: HeadlessCMSParams) {\n const policy = createHeadlessCmsLambdaPolicy(app, params);\n const role = createLambdaRole(app, {\n name: \"headless-cms-lambda-role\",\n policy: policy.output,\n vpc: params.vpc\n });\n\n const graphql = app.addResource(aws.lambda.Function, {\n name: \"headless-cms\",\n config: {\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n role: role.output.arn,\n timeout: 30,\n memorySize: 512,\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.ctx.appDir, \"code/headlessCMS/build\")\n )\n }),\n environment: {\n variables: {\n ...params.env,\n AWS_NODEJS_CONNECTION_REUSE_ENABLED: \"1\"\n }\n },\n vpcConfig: params.vpc\n ? {\n subnetIds: params.vpc.subnets.private.map(subNet => subNet.output.id),\n securityGroupIds: [params.vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined\n }\n });\n\n return {\n role,\n policy,\n functions: {\n graphql\n }\n };\n }\n});\n\nfunction createHeadlessCmsLambdaPolicy(app: PulumiApp, params: HeadlessCMSParams) {\n return app.addResource(aws.iam.Policy, {\n name: \"HeadlessCmsLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:ConditionCheckItem\",\n \"dynamodb:CreateBackup\",\n \"dynamodb:CreateTable\",\n \"dynamodb:CreateTableReplica\",\n \"dynamodb:DeleteBackup\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:DeleteTable\",\n \"dynamodb:DeleteTableReplica\",\n \"dynamodb:DescribeBackup\",\n \"dynamodb:DescribeContinuousBackups\",\n \"dynamodb:DescribeContributorInsights\",\n \"dynamodb:DescribeExport\",\n \"dynamodb:DescribeKinesisStreamingDestination\",\n \"dynamodb:DescribeLimits\",\n \"dynamodb:DescribeReservedCapacity\",\n \"dynamodb:DescribeReservedCapacityOfferings\",\n \"dynamodb:DescribeStream\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:DescribeTableReplicaAutoScaling\",\n \"dynamodb:DescribeTimeToLive\",\n \"dynamodb:DisableKinesisStreamingDestination\",\n \"dynamodb:EnableKinesisStreamingDestination\",\n \"dynamodb:ExportTableToPointInTime\",\n \"dynamodb:GetItem\",\n \"dynamodb:GetRecords\",\n \"dynamodb:GetShardIterator\",\n \"dynamodb:ListBackups\",\n \"dynamodb:ListContributorInsights\",\n \"dynamodb:ListExports\",\n \"dynamodb:ListStreams\",\n \"dynamodb:ListTables\",\n \"dynamodb:ListTagsOfResource\",\n \"dynamodb:PartiQLDelete\",\n \"dynamodb:PartiQLInsert\",\n \"dynamodb:PartiQLSelect\",\n \"dynamodb:PartiQLUpdate\",\n \"dynamodb:PurchaseReservedCapacityOfferings\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:RestoreTableFromBackup\",\n \"dynamodb:RestoreTableToPointInTime\",\n \"dynamodb:Scan\",\n \"dynamodb:UpdateContinuousBackups\",\n \"dynamodb:UpdateContributorInsights\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:UpdateTable\",\n \"dynamodb:UpdateTableReplicaAutoScaling\",\n \"dynamodb:UpdateTimeToLive\"\n ],\n Resource: [\n pulumi.interpolate`${params.primaryDynamodbTableArn}`,\n pulumi.interpolate`${params.primaryDynamodbTableArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"]}
1
+ {"version":3,"sources":["ApiHeadlessCMS.ts"],"names":["ApiHeadlessCMS","name","config","app","params","policy","createHeadlessCmsLambdaPolicy","role","output","graphql","addResource","aws","lambda","Function","runtime","handler","arn","timeout","memorySize","code","pulumi","asset","AssetArchive","FileArchive","path","join","ctx","appDir","environment","variables","env","AWS_NODEJS_CONNECTION_REUSE_ENABLED","vpcConfig","getModule","VpcConfig","functionVpcConfig","functions","storageOutput","StorageOutput","iam","Policy","description","apply","storage","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","elasticsearchDynamodbTableArn","elasticsearchDomainArn"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AAEA;;AAEA;;AACA;;;;;;;;;;AAQO,MAAMA,cAAc,GAAG,gCAAgB;AAC1CC,EAAAA,IAAI,EAAE,gBADoC;;AAE1CC,EAAAA,MAAM,CAACC,GAAD,EAAiBC,MAAjB,EAA4C;AAC9C,UAAMC,MAAM,GAAGC,6BAA6B,CAACH,GAAD,CAA5C;AACA,UAAMI,IAAI,GAAG,mCAAiBJ,GAAjB,EAAsB;AAC/BF,MAAAA,IAAI,EAAE,0BADyB;AAE/BI,MAAAA,MAAM,EAAEA,MAAM,CAACG;AAFgB,KAAtB,CAAb;AAKA,UAAMC,OAAO,GAAGN,GAAG,CAACO,WAAJ,CAAgBC,GAAG,CAACC,MAAJ,CAAWC,QAA3B,EAAqC;AACjDZ,MAAAA,IAAI,EAAE,cAD2C;AAEjDC,MAAAA,MAAM,EAAE;AACJY,QAAAA,OAAO,EAAE,YADL;AAEJC,QAAAA,OAAO,EAAE,iBAFL;AAGJR,QAAAA,IAAI,EAAEA,IAAI,CAACC,MAAL,CAAYQ,GAHd;AAIJC,QAAAA,OAAO,EAAE,EAJL;AAKJC,QAAAA,UAAU,EAAE,GALR;AAMJC,QAAAA,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;AAChC,eAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,cAAKC,IAAL,CAAUtB,GAAG,CAACuB,GAAJ,CAAQC,MAAlB,EAA0B,wBAA1B,CADC;AAD2B,SAA9B,CANF;AAWJC,QAAAA,WAAW,EAAE;AACTC,UAAAA,SAAS,gDACF,8CAA4B1B,GAA5B,CADE,GAEFC,MAAM,CAAC0B,GAFL;AAGLC,YAAAA,mCAAmC,EAAE;AAHhC;AADA,SAXT;AAkBJC,QAAAA,SAAS,EAAE7B,GAAG,CAAC8B,SAAJ,CAAcC,iBAAd,EAAyBC;AAlBhC;AAFyC,KAArC,CAAhB;AAwBA,WAAO;AACH5B,MAAAA,IADG;AAEHF,MAAAA,MAFG;AAGH+B,MAAAA,SAAS,EAAE;AACP3B,QAAAA;AADO;AAHR,KAAP;AAOH;;AAxCyC,CAAhB,CAAvB;;;AA2CP,SAASH,6BAAT,CAAuCH,GAAvC,EAAuD;AACnD,QAAMkC,aAAa,GAAGlC,GAAG,CAAC8B,SAAJ,CAAcK,qBAAd,CAAtB;AAEA,SAAOnC,GAAG,CAACO,WAAJ,CAAgBC,GAAG,CAAC4B,GAAJ,CAAQC,MAAxB,EAAgC;AACnCvC,IAAAA,IAAI,EAAE,yBAD6B;AAEnCC,IAAAA,MAAM,EAAE;AACJuC,MAAAA,WAAW,EAAE,gDADT;AAEJ;AACApC,MAAAA,MAAM,EAAEgC,aAAa,CAACK,KAAd,CAAoBC,OAAO,IAAI;AACnC,cAAMtC,MAA8B,GAAG;AACnCuC,UAAAA,OAAO,EAAE,YAD0B;AAEnCC,UAAAA,SAAS,EAAE,CACP;AACIC,YAAAA,GAAG,EAAE,oBADT;AAEIC,YAAAA,MAAM,EAAE,OAFZ;AAGIC,YAAAA,MAAM,EAAE,CACJ,uBADI,EAEJ,yBAFI,EAGJ,6BAHI,EAIJ,uBAJI,EAKJ,sBALI,EAMJ,6BANI,EAOJ,uBAPI,EAQJ,qBARI,EASJ,sBATI,EAUJ,6BAVI,EAWJ,yBAXI,EAYJ,oCAZI,EAaJ,sCAbI,EAcJ,yBAdI,EAeJ,8CAfI,EAgBJ,yBAhBI,EAiBJ,mCAjBI,EAkBJ,4CAlBI,EAmBJ,yBAnBI,EAoBJ,wBApBI,EAqBJ,0CArBI,EAsBJ,6BAtBI,EAuBJ,6CAvBI,EAwBJ,4CAxBI,EAyBJ,mCAzBI,EA0BJ,kBA1BI,EA2BJ,qBA3BI,EA4BJ,2BA5BI,EA6BJ,sBA7BI,EA8BJ,kCA9BI,EA+BJ,sBA/BI,EAgCJ,sBAhCI,EAiCJ,qBAjCI,EAkCJ,6BAlCI,EAmCJ,wBAnCI,EAoCJ,wBApCI,EAqCJ,wBArCI,EAsCJ,wBAtCI,EAuCJ,4CAvCI,EAwCJ,kBAxCI,EAyCJ,gBAzCI,EA0CJ,iCA1CI,EA2CJ,oCA3CI,EA4CJ,eA5CI,EA6CJ,kCA7CI,EA8CJ,oCA9CI,EA+CJ,qBA/CI,EAgDJ,sBAhDI,EAiDJ,wCAjDI,EAkDJ,2BAlDI,CAHZ;AAuDIC,YAAAA,QAAQ,EAAE,CACL,GAAEN,OAAO,CAACO,uBAAwB,EAD7B,EAEL,GAAEP,OAAO,CAACO,uBAAwB,IAF7B,EAGN;AACA,gBAAIP,OAAO,CAACQ,6BAAR,GACE,CACK,GAAER,OAAO,CAACQ,6BAA8B,EAD7C,EAEK,GAAER,OAAO,CAACQ,6BAA8B,IAF7C,CADF,GAKE,EALN,CAJM;AAvDd,WADO,EAoEP;AACA,cAAIR,OAAO,CAACS,sBAAR,GACE,CACI;AACIN,YAAAA,GAAG,EAAE,iBADT;AAEIC,YAAAA,MAAM,EAAE,OAFZ;AAGIC,YAAAA,MAAM,EAAE,MAHZ;AAIIC,YAAAA,QAAQ,EAAE,CACL,GAAEN,OAAO,CAACS,sBAAuB,EAD5B,EAEL,GAAET,OAAO,CAACS,sBAAuB,IAF5B;AAJd,WADJ,CADF,GAYE,EAZN,CArEO;AAFwB,SAAvC;AAuFA,eAAO/C,MAAP;AACH,OAzFO;AAHJ;AAF2B,GAAhC,CAAP;AAiGH","sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nimport { defineAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi-sdk\";\n\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { StorageOutput, VpcConfig } from \"../common\";\n\ninterface HeadlessCMSParams {\n env: Record<string, any>;\n}\n\nexport type ApiHeadlessCMS = PulumiAppModule<typeof ApiHeadlessCMS>;\n\nexport const ApiHeadlessCMS = defineAppModule({\n name: \"ApiHeadlessCMS\",\n config(app: PulumiApp, params: HeadlessCMSParams) {\n const policy = createHeadlessCmsLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"headless-cms-lambda-role\",\n policy: policy.output\n });\n\n const graphql = app.addResource(aws.lambda.Function, {\n name: \"headless-cms\",\n config: {\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n role: role.output.arn,\n timeout: 30,\n memorySize: 512,\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.ctx.appDir, \"code/headlessCMS/build\")\n )\n }),\n environment: {\n variables: {\n ...getCommonLambdaEnvVariables(app),\n ...params.env,\n AWS_NODEJS_CONNECTION_REUSE_ENABLED: \"1\"\n }\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n return {\n role,\n policy,\n functions: {\n graphql\n }\n };\n }\n});\n\nfunction createHeadlessCmsLambdaPolicy(app: PulumiApp) {\n const storageOutput = app.getModule(StorageOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"HeadlessCmsLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb streams\",\n // Storage is pulumi.Output, so we need to run apply() to resolve policy based on it\n policy: storageOutput.apply(storage => {\n const policy: aws.iam.PolicyDocument = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:ConditionCheckItem\",\n \"dynamodb:CreateBackup\",\n \"dynamodb:CreateTable\",\n \"dynamodb:CreateTableReplica\",\n \"dynamodb:DeleteBackup\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:DeleteTable\",\n \"dynamodb:DeleteTableReplica\",\n \"dynamodb:DescribeBackup\",\n \"dynamodb:DescribeContinuousBackups\",\n \"dynamodb:DescribeContributorInsights\",\n \"dynamodb:DescribeExport\",\n \"dynamodb:DescribeKinesisStreamingDestination\",\n \"dynamodb:DescribeLimits\",\n \"dynamodb:DescribeReservedCapacity\",\n \"dynamodb:DescribeReservedCapacityOfferings\",\n \"dynamodb:DescribeStream\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:DescribeTableReplicaAutoScaling\",\n \"dynamodb:DescribeTimeToLive\",\n \"dynamodb:DisableKinesisStreamingDestination\",\n \"dynamodb:EnableKinesisStreamingDestination\",\n \"dynamodb:ExportTableToPointInTime\",\n \"dynamodb:GetItem\",\n \"dynamodb:GetRecords\",\n \"dynamodb:GetShardIterator\",\n \"dynamodb:ListBackups\",\n \"dynamodb:ListContributorInsights\",\n \"dynamodb:ListExports\",\n \"dynamodb:ListStreams\",\n \"dynamodb:ListTables\",\n \"dynamodb:ListTagsOfResource\",\n \"dynamodb:PartiQLDelete\",\n \"dynamodb:PartiQLInsert\",\n \"dynamodb:PartiQLSelect\",\n \"dynamodb:PartiQLUpdate\",\n \"dynamodb:PurchaseReservedCapacityOfferings\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:RestoreTableFromBackup\",\n \"dynamodb:RestoreTableToPointInTime\",\n \"dynamodb:Scan\",\n \"dynamodb:UpdateContinuousBackups\",\n \"dynamodb:UpdateContributorInsights\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:UpdateTable\",\n \"dynamodb:UpdateTableReplicaAutoScaling\",\n \"dynamodb:UpdateTimeToLive\"\n ],\n Resource: [\n `${storage.primaryDynamodbTableArn}`,\n `${storage.primaryDynamodbTableArn}/*`,\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n ...(storage.elasticsearchDynamodbTableArn\n ? [\n `${storage.elasticsearchDynamodbTableArn}`,\n `${storage.elasticsearchDynamodbTableArn}/*`\n ]\n : [])\n ]\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(storage.elasticsearchDomainArn\n ? [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\" as const,\n Action: \"es:*\",\n Resource: [\n `${storage.elasticsearchDomainArn}`,\n `${storage.elasticsearchDomainArn}/*`\n ]\n }\n ]\n : [])\n ]\n };\n\n return policy;\n })\n }\n });\n}\n"]}
package/apps/api/ApiPageBuilder.d.ts CHANGED
@@ -1,15 +1,7 @@
1
- import * as pulumi from "@pulumi/pulumi";
2
1
  import * as aws from "@pulumi/aws";
3
2
  import { PulumiAppModule } from "@webiny/pulumi-sdk";
4
- import { Vpc } from "./ApiVpc";
5
3
  interface PageBuilderParams {
6
4
  env: Record<string, any>;
7
- primaryDynamodbTableArn: pulumi.Input<string>;
8
- fileManagerBucketId: pulumi.Input<string>;
9
- cognitoUserPoolArn: pulumi.Input<string>;
10
- awsAccountId: pulumi.Input<string>;
11
- awsRegion: pulumi.Input<string>;
12
- vpc: Vpc | undefined;
13
5
  }
14
6
  export declare type ApiPageBuilder = PulumiAppModule<typeof ApiPageBuilder>;
15
7
  export declare const ApiPageBuilder: import("@webiny/pulumi-sdk").PulumiAppModuleDefinition<{
package/apps/api/ApiPageBuilder.js CHANGED
@@ -19,7 +19,11 @@ var _installation = require("@webiny/api-page-builder/installation");
19
19
 
20
20
  var _pulumiSdk = require("@webiny/pulumi-sdk");
21
21
 
22
- var _ApiLambdaUtils = require("./ApiLambdaUtils");
22
+ var _common = require("../common");
23
+
24
+ var _lambdaUtils = require("../lambdaUtils");
25
+
26
+ var _awsUtils = require("../awsUtils");
23
27
 
24
28
  function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
25
29
 
@@ -33,6 +37,7 @@ const ApiPageBuilder = (0, _pulumiSdk.defineAppModule)({
33
37
  name: "ApiPageBuilder",
34
38
 
35
39
  config(app, params) {
40
+ const storage = app.getModule(_common.StorageOutput);
36
41
  app.addHandler(() => {
37
42
  const pbInstallationZipPath = path.join(path.resolve(), ".tmp", "pbInstallation.zip"); // Will create "pbInstallation.zip" and save it in the `pbInstallationZipPath` path.
38
43
 
@@ -40,7 +45,7 @@ const ApiPageBuilder = (0, _pulumiSdk.defineAppModule)({
40
45
  new aws.s3.BucketObject("./pbInstallation.zip", {
41
46
  key: "pbInstallation.zip",
42
47
  acl: "public-read",
43
- bucket: params.fileManagerBucketId,
48
+ bucket: storage.fileManagerBucketId,
44
49
  contentType: "application/octet-stream",
45
50
  source: new pulumi.asset.FileAsset(pbInstallationZipPath)
46
51
  });
@@ -59,11 +64,10 @@ const ApiPageBuilder = (0, _pulumiSdk.defineAppModule)({
59
64
  exports.ApiPageBuilder = ApiPageBuilder;
60
65
 
61
66
  function createUpdateSettingsResources(app, params) {
62
- const policy = createUpdateSettingsLambdaPolicy(app, params);
63
- const role = (0, _ApiLambdaUtils.createLambdaRole)(app, {
67
+ const policy = createUpdateSettingsLambdaPolicy(app);
68
+ const role = (0, _lambdaUtils.createLambdaRole)(app, {
64
69
  name: "pb-update-settings-lambda-role",
65
- policy: policy.output,
66
- vpc: params.vpc
70
+ policy: policy.output
67
71
  });
68
72
  const update = app.addResource(aws.lambda.Function, {
69
73
  name: "pb-update-settings",
@@ -78,12 +82,9 @@ function createUpdateSettingsResources(app, params) {
78
82
  ".": new pulumi.asset.FileArchive(path.join(app.ctx.appDir, "code/pageBuilder/updateSettings/build"))
79
83
  }),
80
84
  environment: {
81
- variables: _objectSpread({}, params.env)
85
+ variables: _objectSpread(_objectSpread({}, (0, _lambdaUtils.getCommonLambdaEnvVariables)(app)), params.env)
82
86
  },
83
- vpcConfig: params.vpc ? {
84
- subnetIds: params.vpc.subnets.private.map(subNet => subNet.output.id),
85
- securityGroupIds: [params.vpc.vpc.output.defaultSecurityGroupId]
86
- } : undefined
87
+ vpcConfig: app.getModule(_common.VpcConfig).functionVpcConfig
87
88
  }
88
89
  });
89
90
  return {
@@ -95,7 +96,8 @@ function createUpdateSettingsResources(app, params) {
95
96
  };
96
97
  }
97
98
 
98
- function createUpdateSettingsLambdaPolicy(app, params) {
99
+ function createUpdateSettingsLambdaPolicy(app) {
100
+ const storage = app.getModule(_common.StorageOutput);
99
101
  return app.addResource(aws.iam.Policy, {
100
102
  name: "PbUpdateSettingsLambdaPolicy",
101
103
  config: {
@@ -106,7 +108,7 @@ function createUpdateSettingsLambdaPolicy(app, params) {
106
108
  Sid: "AllowDynamoDBAccess",
107
109
  Effect: "Allow",
108
110
  Action: ["dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:Query", "dynamodb:UpdateItem"],
109
- Resource: [pulumi.interpolate`${params.primaryDynamodbTableArn}`, pulumi.interpolate`${params.primaryDynamodbTableArn}/*`]
111
+ Resource: [pulumi.interpolate`${storage.primaryDynamodbTableArn}`, pulumi.interpolate`${storage.primaryDynamodbTableArn}/*`]
110
112
  }]
111
113
  }
112
114
  }
@@ -114,11 +116,11 @@ function createUpdateSettingsLambdaPolicy(app, params) {
114
116
  }
115
117
 
116
118
  function createExportPagesResources(app, params) {
117
- const policy = createExportPagesLambdaPolicy(app, params);
118
- const role = (0, _ApiLambdaUtils.createLambdaRole)(app, {
119
+ const storage = app.getModule(_common.StorageOutput);
120
+ const policy = createExportPagesLambdaPolicy(app);
121
+ const role = (0, _lambdaUtils.createLambdaRole)(app, {
119
122
  name: "pb-export-pages-lambda-role",
120
- policy: policy.output,
121
- vpc: params.vpc
123
+ policy: policy.output
122
124
  });
123
125
  const combine = app.addResource(aws.lambda.Function, {
124
126
  name: "pb-export-pages-combine",
@@ -133,8 +135,8 @@ function createExportPagesResources(app, params) {
133
135
  ".": new pulumi.asset.FileArchive(path.join(app.ctx.appDir, "code/pageBuilder/exportPages/combine/build"))
134
136
  }),
135
137
  environment: {
136
- variables: _objectSpread(_objectSpread({}, params.env), {}, {
137
- S3_BUCKET: params.fileManagerBucketId
138
+ variables: _objectSpread(_objectSpread(_objectSpread({}, (0, _lambdaUtils.getCommonLambdaEnvVariables)(app)), params.env), {}, {
139
+ S3_BUCKET: storage.fileManagerBucketId
138
140
  })
139
141
  }
140
142
  }
@@ -152,8 +154,8 @@ function createExportPagesResources(app, params) {
152
154
  ".": new pulumi.asset.FileArchive(path.join(app.ctx.appDir, "code/pageBuilder/exportPages/process/build"))
153
155
  }),
154
156
  environment: {
155
- variables: _objectSpread(_objectSpread({}, params.env), {}, {
156
- S3_BUCKET: params.fileManagerBucketId,
157
+ variables: _objectSpread(_objectSpread(_objectSpread({}, (0, _lambdaUtils.getCommonLambdaEnvVariables)(app)), params.env), {}, {
158
+ S3_BUCKET: storage.fileManagerBucketId,
157
159
  EXPORT_PAGE_COMBINE_HANDLER: combine.output.arn
158
160
  })
159
161
  }
@@ -169,7 +171,10 @@ function createExportPagesResources(app, params) {
169
171
  };
170
172
  }
171
173
 
172
- function createExportPagesLambdaPolicy(app, params) {
174
+ function createExportPagesLambdaPolicy(app) {
175
+ const storage = app.getModule(_common.StorageOutput);
176
+ const awsAccountId = (0, _awsUtils.getAwsAccountId)(app);
177
+ const awsRegion = (0, _awsUtils.getAwsRegion)(app);
173
178
  return app.addResource(aws.iam.Policy, {
174
179
  name: "PbExportPageTaskLambdaPolicy",
175
180
  config: {
@@ -180,18 +185,18 @@ function createExportPagesLambdaPolicy(app, params) {
180
185
  Sid: "AllowDynamoDBAccess",
181
186
  Effect: "Allow",
182
187
  Action: ["dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:Query", "dynamodb:UpdateItem"],
183
- Resource: [pulumi.interpolate`${params.primaryDynamodbTableArn}`, pulumi.interpolate`${params.primaryDynamodbTableArn}/*`]
188
+ Resource: [pulumi.interpolate`${storage.primaryDynamodbTableArn}`, pulumi.interpolate`${storage.primaryDynamodbTableArn}/*`]
184
189
  }, {
185
190
  Sid: "PermissionForS3",
186
191
  Effect: "Allow",
187
192
  Action: ["s3:GetObjectAcl", "s3:DeleteObject", "s3:PutObjectAcl", "s3:PutObject", "s3:GetObject", "s3:ListBucket"],
188
- Resource: [pulumi.interpolate`arn:aws:s3:::${params.fileManagerBucketId}/*`, // We need to explicitly add bucket ARN to "Resource" list for "s3:ListBucket" action.
189
- pulumi.interpolate`arn:aws:s3:::${params.fileManagerBucketId}`]
193
+ Resource: [pulumi.interpolate`arn:aws:s3:::${storage.fileManagerBucketId}/*`, // We need to explicitly add bucket ARN to "Resource" list for "s3:ListBucket" action.
194
+ pulumi.interpolate`arn:aws:s3:::${storage.fileManagerBucketId}`]
190
195
  }, {
191
196
  Sid: "PermissionForLambda",
192
197
  Effect: "Allow",
193
198
  Action: ["lambda:InvokeFunction"],
194
- Resource: pulumi.interpolate`arn:aws:lambda:${params.awsRegion}:${params.awsAccountId}:function:*`
199
+ Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:*`
195
200
  }]
196
201
  }
197
202
  }
@@ -199,11 +204,11 @@ function createExportPagesLambdaPolicy(app, params) {
199
204
  }
200
205
 
201
206
  function createImportPagesResources(app, params) {
202
- const policy = createImportPagesLambdaPolicy(app, params);
203
- const role = (0, _ApiLambdaUtils.createLambdaRole)(app, {
207
+ const storage = app.getModule(_common.StorageOutput);
208
+ const policy = createImportPagesLambdaPolicy(app);
209
+ const role = (0, _lambdaUtils.createLambdaRole)(app, {
204
210
  name: "pb-import-page-lambda-role",
205
- policy: policy.output,
206
- vpc: params.vpc
211
+ policy: policy.output
207
212
  });
208
213
  const process = app.addResource(aws.lambda.Function, {
209
214
  name: "pb-import-page-queue-process",
@@ -218,8 +223,8 @@ function createImportPagesResources(app, params) {
218
223
  ".": new pulumi.asset.FileArchive(path.join(app.ctx.appDir, "code/pageBuilder/importPages/process/build"))
219
224
  }),
220
225
  environment: {
221
- variables: _objectSpread(_objectSpread({}, params.env), {}, {
222
- S3_BUCKET: params.fileManagerBucketId
226
+ variables: _objectSpread(_objectSpread(_objectSpread({}, (0, _lambdaUtils.getCommonLambdaEnvVariables)(app)), params.env), {}, {
227
+ S3_BUCKET: storage.fileManagerBucketId
223
228
  })
224
229
  }
225
230
  }
@@ -237,8 +242,8 @@ function createImportPagesResources(app, params) {
237
242
  ".": new pulumi.asset.FileArchive(path.join(app.ctx.appDir, "code/pageBuilder/importPages/create/build"))
238
243
  }),
239
244
  environment: {
240
- variables: _objectSpread(_objectSpread({}, params.env), {}, {
241
- S3_BUCKET: params.fileManagerBucketId,
245
+ variables: _objectSpread(_objectSpread(_objectSpread({}, (0, _lambdaUtils.getCommonLambdaEnvVariables)(app)), params.env), {}, {
246
+ S3_BUCKET: storage.fileManagerBucketId,
242
247
  IMPORT_PAGE_QUEUE_PROCESS_HANDLER: process.output.arn
243
248
  })
244
249
  }
@@ -254,36 +259,50 @@ function createImportPagesResources(app, params) {
254
259
  };
255
260
  }
256
261
 
257
- function createImportPagesLambdaPolicy(app, params) {
262
+ function createImportPagesLambdaPolicy(app) {
263
+ const storageOutput = app.getModule(_common.StorageOutput);
264
+ const awsAccountId = (0, _awsUtils.getAwsAccountId)(app);
265
+ const awsRegion = (0, _awsUtils.getAwsRegion)(app);
258
266
  return app.addResource(aws.iam.Policy, {
259
267
  name: "ImportPageLambdaPolicy",
260
268
  config: {
261
269
  description: "This policy enables access Dynamodb, S3, Lambda and Cognito IDP",
262
- policy: {
263
- Version: "2012-10-17",
264
- Statement: [{
265
- Sid: "PermissionForDynamodb",
266
- Effect: "Allow",
267
- Action: ["dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:Query", "dynamodb:UpdateItem"],
268
- Resource: [pulumi.interpolate`${params.primaryDynamodbTableArn}`, pulumi.interpolate`${params.primaryDynamodbTableArn}/*`]
269
- }, {
270
- Sid: "PermissionForS3",
271
- Effect: "Allow",
272
- Action: ["s3:GetObjectAcl", "s3:DeleteObject", "s3:PutObjectAcl", "s3:PutObject", "s3:GetObject", "s3:ListBucket"],
273
- Resource: [pulumi.interpolate`arn:aws:s3:::${params.fileManagerBucketId}/*`, // We need to explicitly add bucket ARN to "Resource" list for "s3:ListBucket" action.
274
- pulumi.interpolate`arn:aws:s3:::${params.fileManagerBucketId}`]
275
- }, {
276
- Sid: "PermissionForLambda",
277
- Effect: "Allow",
278
- Action: ["lambda:InvokeFunction"],
279
- Resource: pulumi.interpolate`arn:aws:lambda:${params.awsRegion}:${params.awsAccountId}:function:*`
280
- }, {
281
- Sid: "PermissionForCognitoIdp",
282
- Effect: "Allow",
283
- Action: "cognito-idp:*",
284
- Resource: pulumi.interpolate`${params.cognitoUserPoolArn}`
285
- }]
286
- }
270
+ // Storage is pulumi.Output, so we need to run apply() to resolve policy based on it
271
+ policy: storageOutput.apply(storage => {
272
+ const policy = {
273
+ Version: "2012-10-17",
274
+ Statement: [{
275
+ Sid: "PermissionForDynamodb",
276
+ Effect: "Allow",
277
+ Action: ["dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:Query", "dynamodb:UpdateItem"],
278
+ Resource: [`${storage.primaryDynamodbTableArn}`, `${storage.primaryDynamodbTableArn}/*`, // Attach permissions for elastic search dynamo as well (if ES is enabled).
279
+ ...(storage.elasticsearchDynamodbTableArn ? [`${storage.elasticsearchDynamodbTableArn}`, `${storage.elasticsearchDynamodbTableArn}/*`] : [])]
280
+ }, {
281
+ Sid: "PermissionForS3",
282
+ Effect: "Allow",
283
+ Action: ["s3:GetObjectAcl", "s3:DeleteObject", "s3:PutObjectAcl", "s3:PutObject", "s3:GetObject", "s3:ListBucket"],
284
+ Resource: [`arn:aws:s3:::${storage.fileManagerBucketId}/*`, // We need to explicitly add bucket ARN to "Resource" list for "s3:ListBucket" action.
285
+ `arn:aws:s3:::${storage.fileManagerBucketId}`]
286
+ }, {
287
+ Sid: "PermissionForLambda",
288
+ Effect: "Allow",
289
+ Action: ["lambda:InvokeFunction"],
290
+ Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:*`
291
+ }, {
292
+ Sid: "PermissionForCognitoIdp",
293
+ Effect: "Allow",
294
+ Action: "cognito-idp:*",
295
+ Resource: `${storage.cognitoUserPoolArn}`
296
+ }, // Attach permissions for elastic search domain as well (if ES is enabled).
297
+ ...(storage.elasticsearchDomainArn ? [{
298
+ Sid: "PermissionForES",
299
+ Effect: "Allow",
300
+ Action: "es:*",
301
+ Resource: [`${storage.elasticsearchDomainArn}`, `${storage.elasticsearchDomainArn}/*`]
302
+ }] : [])]
303
+ };
304
+ return policy;
305
+ })
287
306
  }
288
307
  });
289
308
  }
package/apps/api/ApiPageBuilder.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["ApiPageBuilder.ts"],"names":["ApiPageBuilder","name","config","app","params","addHandler","pbInstallationZipPath","path","join","resolve","aws","s3","BucketObject","key","acl","bucket","fileManagerBucketId","contentType","source","pulumi","asset","FileAsset","updateSettings","createUpdateSettingsResources","exportPages","createExportPagesResources","importPages","createImportPagesResources","policy","createUpdateSettingsLambdaPolicy","role","output","vpc","update","addResource","lambda","Function","arn","runtime","handler","timeout","memorySize","description","code","AssetArchive","FileArchive","ctx","appDir","environment","variables","env","vpcConfig","subnetIds","subnets","private","map","subNet","id","securityGroupIds","defaultSecurityGroupId","undefined","functions","iam","Policy","Version","Statement","Sid","Effect","Action","Resource","interpolate","primaryDynamodbTableArn","createExportPagesLambdaPolicy","combine","S3_BUCKET","process","EXPORT_PAGE_COMBINE_HANDLER","awsRegion","awsAccountId","createImportPagesLambdaPolicy","create","IMPORT_PAGE_QUEUE_PROCESS_HANDLER","cognitoUserPoolArn"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AAGA;;AACA;;AAEA;;;;;;;;;;AAcO,MAAMA,cAAc,GAAG,gCAAgB;AAC1CC,EAAAA,IAAI,EAAE,gBADoC;;AAE1CC,EAAAA,MAAM,CAACC,GAAD,EAAiBC,MAAjB,EAA4C;AAC9CD,IAAAA,GAAG,CAACE,UAAJ,CAAe,MAAM;AACjB,YAAMC,qBAAqB,GAAGC,IAAI,CAACC,IAAL,CAAUD,IAAI,CAACE,OAAL,EAAV,EAA0B,MAA1B,EAAkC,oBAAlC,CAA9B,CADiB,CAEjB;;AACA,+CAAsBH,qBAAtB;AAEA,UAAII,GAAG,CAACC,EAAJ,CAAOC,YAAX,CAAwB,sBAAxB,EAAgD;AAC5CC,QAAAA,GAAG,EAAE,oBADuC;AAE5CC,QAAAA,GAAG,EAAE,aAFuC;AAG5CC,QAAAA,MAAM,EAAEX,MAAM,CAACY,mBAH6B;AAI5CC,QAAAA,WAAW,EAAE,0BAJ+B;AAK5CC,QAAAA,MAAM,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,SAAjB,CAA2Bf,qBAA3B;AALoC,OAAhD;AAOH,KAZD;AAcA,UAAMgB,cAAc,GAAGC,6BAA6B,CAACpB,GAAD,EAAMC,MAAN,CAApD;AACA,UAAMoB,WAAW,GAAGC,0BAA0B,CAACtB,GAAD,EAAMC,MAAN,CAA9C;AACA,UAAMsB,WAAW,GAAGC,0BAA0B,CAACxB,GAAD,EAAMC,MAAN,CAA9C;AAEA,WAAO;AACHkB,MAAAA,cADG;AAEHE,MAAAA,WAFG;AAGHE,MAAAA;AAHG,KAAP;AAKH;;AA1ByC,CAAhB,CAAvB;;;AA6BP,SAASH,6BAAT,CAAuCpB,GAAvC,EAAuDC,MAAvD,EAAkF;AAC9E,QAAMwB,MAAM,GAAGC,gCAAgC,CAAC1B,GAAD,EAAMC,MAAN,CAA/C;AACA,QAAM0B,IAAI,GAAG,sCAAiB3B,GAAjB,EAAsB;AAC/BF,IAAAA,IAAI,EAAE,gCADyB;AAE/B2B,IAAAA,MAAM,EAAEA,MAAM,CAACG,MAFgB;AAG/BC,IAAAA,GAAG,EAAE5B,MAAM,CAAC4B;AAHmB,GAAtB,CAAb;AAMA,QAAMC,MAAM,GAAG9B,GAAG,CAAC+B,WAAJ,CAAgBxB,GAAG,CAACyB,MAAJ,CAAWC,QAA3B,EAAqC;AAChDnC,IAAAA,IAAI,EAAE,oBAD0C;AAEhDC,IAAAA,MAAM,EAAE;AACJ4B,MAAAA,IAAI,EAAEA,IAAI,CAACC,MAAL,CAAYM,GADd;AAEJC,MAAAA,OAAO,EAAE,YAFL;AAGJC,MAAAA,OAAO,EAAE,iBAHL;AAIJC,MAAAA,OAAO,EAAE,EAJL;AAKJC,MAAAA,UAAU,EAAE,GALR;AAMJC,MAAAA,WAAW,EACP,qGAPA;AAQJC,MAAAA,IAAI,EAAE,IAAIxB,MAAM,CAACC,KAAP,CAAawB,YAAjB,CAA8B;AAChC,aAAK,IAAIzB,MAAM,CAACC,KAAP,CAAayB,WAAjB,CACDtC,IAAI,CAACC,IAAL,CAAUL,GAAG,CAAC2C,GAAJ,CAAQC,MAAlB,EAA0B,uCAA1B,CADC;AAD2B,OAA9B,CARF;AAaJC,MAAAA,WAAW,EAAE;AACTC,QAAAA,SAAS,oBACF7C,MAAM,CAAC8C,GADL;AADA,OAbT;AAkBJC,MAAAA,SAAS,EAAE/C,MAAM,CAAC4B,GAAP,GACL;AACIoB,QAAAA,SAAS,EAAEhD,MAAM,CAAC4B,GAAP,CAAWqB,OAAX,CAAmBC,OAAnB,CAA2BC,GAA3B,CAA+BC,MAAM,IAAIA,MAAM,CAACzB,MAAP,CAAc0B,EAAvD,CADf;AAEIC,QAAAA,gBAAgB,EAAE,CAACtD,MAAM,CAAC4B,GAAP,CAAWA,GAAX,CAAeD,MAAf,CAAsB4B,sBAAvB;AAFtB,OADK,GAKLC;AAvBF;AAFwC,GAArC,CAAf;AA6BA,SAAO;AACH9B,IAAAA,IADG;AAEHF,IAAAA,MAFG;AAGHiC,IAAAA,SAAS,EAAE;AACP5B,MAAAA;AADO;AAHR,GAAP;AAOH;;AAED,SAASJ,gCAAT,CAA0C1B,GAA1C,EAA0DC,MAA1D,EAAqF;AACjF,SAAOD,GAAG,CAAC+B,WAAJ,CAAgBxB,GAAG,CAACoD,GAAJ,CAAQC,MAAxB,EAAgC;AACnC9D,IAAAA,IAAI,EAAE,8BAD6B;AAEnCC,IAAAA,MAAM,EAAE;AACJwC,MAAAA,WAAW,EAAE,wCADT;AAEJd,MAAAA,MAAM,EAAE;AACJoC,QAAAA,OAAO,EAAE,YADL;AAEJC,QAAAA,SAAS,EAAE,CACP;AACIC,UAAAA,GAAG,EAAE,qBADT;AAEIC,UAAAA,MAAM,EAAE,OAFZ;AAGIC,UAAAA,MAAM,EAAE,CACJ,uBADI,EAEJ,yBAFI,EAGJ,kBAHI,EAIJ,qBAJI,EAKJ,kBALI,EAMJ,gBANI,EAOJ,qBAPI,CAHZ;AAYIC,UAAAA,QAAQ,EAAE,CACNlD,MAAM,CAACmD,WAAY,GAAElE,MAAM,CAACmE,uBAAwB,EAD9C,EAENpD,MAAM,CAACmD,WAAY,GAAElE,MAAM,CAACmE,uBAAwB,IAF9C;AAZd,SADO;AAFP;AAFJ;AAF2B,GAAhC,CAAP;AA4BH;;AAED,SAAS9C,0BAAT,CAAoCtB,GAApC,EAAoDC,MAApD,EAA+E;AAC3E,QAAMwB,MAAM,GAAG4C,6BAA6B,CAACrE,GAAD,EAAMC,MAAN,CAA5C;AACA,QAAM0B,IAAI,GAAG,sCAAiB3B,GAAjB,EAAsB;AAC/BF,IAAAA,IAAI,EAAE,6BADyB;AAE/B2B,IAAAA,MAAM,EAAEA,MAAM,CAACG,MAFgB;AAG/BC,IAAAA,GAAG,EAAE5B,MAAM,CAAC4B;AAHmB,GAAtB,CAAb;AAMA,QAAMyC,OAAO,GAAGtE,GAAG,CAAC+B,WAAJ,CAAgBxB,GAAG,CAACyB,MAAJ,CAAWC,QAA3B,EAAqC;AACjDnC,IAAAA,IAAI,EAAE,yBAD2C;AAEjDC,IAAAA,MAAM,EAAE;AACJ4B,MAAAA,IAAI,EAAEA,IAAI,CAACC,MAAL,CAAYM,GADd;AAEJC,MAAAA,OAAO,EAAE,YAFL;AAGJC,MAAAA,OAAO,EAAE,iBAHL;AAIJC,MAAAA,OAAO,EAAE,EAJL;AAKJC,MAAAA,UAAU,EAAE,GALR;AAMJC,MAAAA,WAAW,EAAE,uCANT;AAOJC,MAAAA,IAAI,EAAE,IAAIxB,MAAM,CAACC,KAAP,CAAawB,YAAjB,CAA8B;AAChC,aAAK,IAAIzB,MAAM,CAACC,KAAP,CAAayB,WAAjB,CACDtC,IAAI,CAACC,IAAL,CAAUL,GAAG,CAAC2C,GAAJ,CAAQC,MAAlB,EAA0B,4CAA1B,CADC;AAD2B,OAA9B,CAPF;AAYJC,MAAAA,WAAW,EAAE;AACTC,QAAAA,SAAS,kCACF7C,MAAM,CAAC8C,GADL;AAELwB,UAAAA,SAAS,EAAEtE,MAAM,CAACY;AAFb;AADA;AAZT;AAFyC,GAArC,CAAhB;AAuBA,QAAM2D,OAAO,GAAGxE,GAAG,CAAC+B,WAAJ,CAAgBxB,GAAG,CAACyB,MAAJ,CAAWC,QAA3B,EAAqC;AACjDnC,IAAAA,IAAI,EAAE,yBAD2C;AAEjDC,IAAAA,MAAM,EAAE;AACJ4B,MAAAA,IAAI,EAAEA,IAAI,CAACC,MAAL,CAAYM,GADd;AAEJC,MAAAA,OAAO,EAAE,YAFL;AAGJC,MAAAA,OAAO,EAAE,iBAHL;AAIJC,MAAAA,OAAO,EAAE,EAJL;AAKJC,MAAAA,UAAU,EAAE,GALR;AAMJC,MAAAA,WAAW,EAAE,uCANT;AAOJC,MAAAA,IAAI,EAAE,IAAIxB,MAAM,CAACC,KAAP,CAAawB,YAAjB,CAA8B;AAChC,aAAK,IAAIzB,MAAM,CAACC,KAAP,CAAayB,WAAjB,CACDtC,IAAI,CAACC,IAAL,CAAUL,GAAG,CAAC2C,GAAJ,CAAQC,MAAlB,EAA0B,4CAA1B,CADC;AAD2B,OAA9B,CAPF;AAYJC,MAAAA,WAAW,EAAE;AACTC,QAAAA,SAAS,kCACF7C,MAAM,CAAC8C,GADL;AAELwB,UAAAA,SAAS,EAAEtE,MAAM,CAACY,mBAFb;AAGL4D,UAAAA,2BAA2B,EAAEH,OAAO,CAAC1C,MAAR,CAAeM;AAHvC;AADA;AAZT;AAFyC,GAArC,CAAhB;AAwBA,SAAO;AACHP,IAAAA,IADG;AAEHF,IAAAA,MAFG;AAGHiC,IAAAA,SAAS,EAAE;AACPc,MAAAA,OADO;AAEPF,MAAAA;AAFO;AAHR,GAAP;AAQH;;AAED,SAASD,6BAAT,CAAuCrE,GAAvC,EAAuDC,MAAvD,EAAkF;AAC9E,SAAOD,GAAG,CAAC+B,WAAJ,CAAgBxB,GAAG,CAACoD,GAAJ,CAAQC,MAAxB,EAAgC;AACnC9D,IAAAA,IAAI,EAAE,8BAD6B;AAEnCC,IAAAA,MAAM,EAAE;AACJwC,MAAAA,WAAW,EAAE,wCADT;AAEJd,MAAAA,MAAM,EAAE;AACJoC,QAAAA,OAAO,EAAE,YADL;AAEJC,QAAAA,SAAS,EAAE,CACP;AACIC,UAAAA,GAAG,EAAE,qBADT;AAEIC,UAAAA,MAAM,EAAE,OAFZ;AAGIC,UAAAA,MAAM,EAAE,CACJ,uBADI,EAEJ,yBAFI,EAGJ,kBAHI,EAIJ,qBAJI,EAKJ,kBALI,EAMJ,gBANI,EAOJ,qBAPI,CAHZ;AAYIC,UAAAA,QAAQ,EAAE,CACNlD,MAAM,CAACmD,WAAY,GAAElE,MAAM,CAACmE,uBAAwB,EAD9C,EAENpD,MAAM,CAACmD,WAAY,GAAElE,MAAM,CAACmE,uBAAwB,IAF9C;AAZd,SADO,EAkBP;AACIL,UAAAA,GAAG,EAAE,iBADT;AAEIC,UAAAA,MAAM,EAAE,OAFZ;AAGIC,UAAAA,MAAM,EAAE,CACJ,iBADI,EAEJ,iBAFI,EAGJ,iBAHI,EAIJ,cAJI,EAKJ,cALI,EAMJ,eANI,CAHZ;AAWIC,UAAAA,QAAQ,EAAE,CACNlD,MAAM,CAACmD,WAAY,gBAAelE,MAAM,CAACY,mBAAoB,IADvD,EAEN;AACAG,UAAAA,MAAM,CAACmD,WAAY,gBAAelE,MAAM,CAACY,mBAAoB,EAHvD;AAXd,SAlBO,EAmCP;AACIkD,UAAAA,GAAG,EAAE,qBADT;AAEIC,UAAAA,MAAM,EAAE,OAFZ;AAGIC,UAAAA,MAAM,EAAE,CAAC,uBAAD,CAHZ;AAIIC,UAAAA,QAAQ,EAAElD,MAAM,CAACmD,WAAY,kBAAiBlE,MAAM,CAACyE,SAAU,IAAGzE,MAAM,CAAC0E,YAAa;AAJ1F,SAnCO;AAFP;AAFJ;AAF2B,GAAhC,CAAP;AAmDH;;AAED,SAASnD,0BAAT,CAAoCxB,GAApC,EAAoDC,MAApD,EAA+E;AAC3E,QAAMwB,MAAM,GAAGmD,6BAA6B,CAAC5E,GAAD,EAAMC,MAAN,CAA5C;AACA,QAAM0B,IAAI,GAAG,sCAAiB3B,GAAjB,EAAsB;AAC/BF,IAAAA,IAAI,EAAE,4BADyB;AAE/B2B,IAAAA,MAAM,EAAEA,MAAM,CAACG,MAFgB;AAG/BC,IAAAA,GAAG,EAAE5B,MAAM,CAAC4B;AAHmB,GAAtB,CAAb;AAMA,QAAM2C,OAAO,GAAGxE,GAAG,CAAC+B,WAAJ,CAAgBxB,GAAG,CAACyB,MAAJ,CAAWC,QAA3B,EAAqC;AACjDnC,IAAAA,IAAI,EAAE,8BAD2C;AAEjDC,IAAAA,MAAM,EAAE;AACJ4B,MAAAA,IAAI,EAAEA,IAAI,CAACC,MAAL,CAAYM,GADd;AAEJC,MAAAA,OAAO,EAAE,YAFL;AAGJC,MAAAA,OAAO,EAAE,iBAHL;AAIJC,MAAAA,OAAO,EAAE,EAJL;AAKJC,MAAAA,UAAU,EAAE,GALR;AAMJC,MAAAA,WAAW,EAAE,2CANT;AAOJC,MAAAA,IAAI,EAAE,IAAIxB,MAAM,CAACC,KAAP,CAAawB,YAAjB,CAA8B;AAChC,aAAK,IAAIzB,MAAM,CAACC,KAAP,CAAayB,WAAjB,CACDtC,IAAI,CAACC,IAAL,CAAUL,GAAG,CAAC2C,GAAJ,CAAQC,MAAlB,EAA0B,4CAA1B,CADC;AAD2B,OAA9B,CAPF;AAYJC,MAAAA,WAAW,EAAE;AACTC,QAAAA,SAAS,kCACF7C,MAAM,CAAC8C,GADL;AAELwB,UAAAA,SAAS,EAAEtE,MAAM,CAACY;AAFb;AADA;AAZT;AAFyC,GAArC,CAAhB;AAuBA,QAAMgE,MAAM,GAAG7E,GAAG,CAAC+B,WAAJ,CAAgBxB,GAAG,CAACyB,MAAJ,CAAWC,QAA3B,EAAqC;AAChDnC,IAAAA,IAAI,EAAE,6BAD0C;AAEhDC,IAAAA,MAAM,EAAE;AACJ4B,MAAAA,IAAI,EAAEA,IAAI,CAACC,MAAL,CAAYM,GADd;AAEJC,MAAAA,OAAO,EAAE,YAFL;AAGJC,MAAAA,OAAO,EAAE,iBAHL;AAIJC,MAAAA,OAAO,EAAE,EAJL;AAKJC,MAAAA,UAAU,EAAE,GALR;AAMJC,MAAAA,WAAW,EAAE,0CANT;AAOJC,MAAAA,IAAI,EAAE,IAAIxB,MAAM,CAACC,KAAP,CAAawB,YAAjB,CAA8B;AAChC,aAAK,IAAIzB,MAAM,CAACC,KAAP,CAAayB,WAAjB,CACDtC,IAAI,CAACC,IAAL,CAAUL,GAAG,CAAC2C,GAAJ,CAAQC,MAAlB,EAA0B,2CAA1B,CADC;AAD2B,OAA9B,CAPF;AAYJC,MAAAA,WAAW,EAAE;AACTC,QAAAA,SAAS,kCACF7C,MAAM,CAAC8C,GADL;AAELwB,UAAAA,SAAS,EAAEtE,MAAM,CAACY,mBAFb;AAGLiE,UAAAA,iCAAiC,EAAEN,OAAO,CAAC5C,MAAR,CAAeM;AAH7C;AADA;AAZT;AAFwC,GAArC,CAAf;AAwBA,SAAO;AACHP,IAAAA,IADG;AAEHF,IAAAA,MAFG;AAGHiC,IAAAA,SAAS,EAAE;AACPmB,MAAAA,MADO;AAEPL,MAAAA;AAFO;AAHR,GAAP;AAQH;;AAED,SAASI,6BAAT,CAAuC5E,GAAvC,EAAuDC,MAAvD,EAAkF;AAC9E,SAAOD,GAAG,CAAC+B,WAAJ,CAAgBxB,GAAG,CAACoD,GAAJ,CAAQC,MAAxB,EAAgC;AACnC9D,IAAAA,IAAI,EAAE,wBAD6B;AAEnCC,IAAAA,MAAM,EAAE;AACJwC,MAAAA,WAAW,EAAE,iEADT;AAEJd,MAAAA,MAAM,EAAE;AACJoC,QAAAA,OAAO,EAAE,YADL;AAEJC,QAAAA,SAAS,EAAE,CACP;AACIC,UAAAA,GAAG,EAAE,uBADT;AAEIC,UAAAA,MAAM,EAAE,OAFZ;AAGIC,UAAAA,MAAM,EAAE,CACJ,uBADI,EAEJ,yBAFI,EAGJ,kBAHI,EAIJ,qBAJI,EAKJ,kBALI,EAMJ,gBANI,EAOJ,qBAPI,CAHZ;AAYIC,UAAAA,QAAQ,EAAE,CACNlD,MAAM,CAACmD,WAAY,GAAElE,MAAM,CAACmE,uBAAwB,EAD9C,EAENpD,MAAM,CAACmD,WAAY,GAAElE,MAAM,CAACmE,uBAAwB,IAF9C;AAZd,SADO,EAkBP;AACIL,UAAAA,GAAG,EAAE,iBADT;AAEIC,UAAAA,MAAM,EAAE,OAFZ;AAGIC,UAAAA,MAAM,EAAE,CACJ,iBADI,EAEJ,iBAFI,EAGJ,iBAHI,EAIJ,cAJI,EAKJ,cALI,EAMJ,eANI,CAHZ;AAWIC,UAAAA,QAAQ,EAAE,CACNlD,MAAM,CAACmD,WAAY,gBAAelE,MAAM,CAACY,mBAAoB,IADvD,EAEN;AACAG,UAAAA,MAAM,CAACmD,WAAY,gBAAelE,MAAM,CAACY,mBAAoB,EAHvD;AAXd,SAlBO,EAmCP;AACIkD,UAAAA,GAAG,EAAE,qBADT;AAEIC,UAAAA,MAAM,EAAE,OAFZ;AAGIC,UAAAA,MAAM,EAAE,CAAC,uBAAD,CAHZ;AAIIC,UAAAA,QAAQ,EAAElD,MAAM,CAACmD,WAAY,kBAAiBlE,MAAM,CAACyE,SAAU,IAAGzE,MAAM,CAAC0E,YAAa;AAJ1F,SAnCO,EAyCP;AACIZ,UAAAA,GAAG,EAAE,yBADT;AAEIC,UAAAA,MAAM,EAAE,OAFZ;AAGIC,UAAAA,MAAM,EAAE,eAHZ;AAIIC,UAAAA,QAAQ,EAAElD,MAAM,CAACmD,WAAY,GAAElE,MAAM,CAAC8E,kBAAmB;AAJ7D,SAzCO;AAFP;AAFJ;AAF2B,GAAhC,CAAP;AAyDH","sourcesContent":["import * as path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n//@ts-ignore\nimport { createInstallationZip } from \"@webiny/api-page-builder/installation\";\nimport { defineAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi-sdk\";\nimport { Vpc } from \"./ApiVpc\";\nimport { createLambdaRole } from \"./ApiLambdaUtils\";\n\ninterface PageBuilderParams {\n env: Record<string, any>;\n primaryDynamodbTableArn: pulumi.Input<string>;\n fileManagerBucketId: pulumi.Input<string>;\n cognitoUserPoolArn: pulumi.Input<string>;\n awsAccountId: pulumi.Input<string>;\n awsRegion: pulumi.Input<string>;\n vpc: Vpc | undefined;\n}\n\nexport type ApiPageBuilder = PulumiAppModule<typeof ApiPageBuilder>;\n\nexport const ApiPageBuilder = defineAppModule({\n name: \"ApiPageBuilder\",\n config(app: PulumiApp, params: PageBuilderParams) {\n app.addHandler(() => {\n const pbInstallationZipPath = path.join(path.resolve(), \".tmp\", \"pbInstallation.zip\");\n // Will create \"pbInstallation.zip\" and save it in the `pbInstallationZipPath` path.\n createInstallationZip(pbInstallationZipPath);\n\n new aws.s3.BucketObject(\"./pbInstallation.zip\", {\n key: \"pbInstallation.zip\",\n acl: \"public-read\",\n bucket: params.fileManagerBucketId,\n contentType: \"application/octet-stream\",\n source: new pulumi.asset.FileAsset(pbInstallationZipPath)\n });\n });\n\n const updateSettings = createUpdateSettingsResources(app, params);\n const exportPages = createExportPagesResources(app, params);\n const importPages = createImportPagesResources(app, params);\n\n return {\n updateSettings,\n exportPages,\n importPages\n };\n }\n});\n\nfunction createUpdateSettingsResources(app: PulumiApp, params: PageBuilderParams) {\n const policy = createUpdateSettingsLambdaPolicy(app, params);\n const role = createLambdaRole(app, {\n name: \"pb-update-settings-lambda-role\",\n policy: policy.output,\n vpc: params.vpc\n });\n\n const update = app.addResource(aws.lambda.Function, {\n name: \"pb-update-settings\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 10,\n memorySize: 128,\n description:\n \"Updates default Page Builder app's settings, e.g. website or prerendering URLs, default title, etc.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.ctx.appDir, \"code/pageBuilder/updateSettings/build\")\n )\n }),\n environment: {\n variables: {\n ...params.env\n }\n },\n vpcConfig: params.vpc\n ? {\n subnetIds: params.vpc.subnets.private.map(subNet => subNet.output.id),\n securityGroupIds: [params.vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined\n }\n });\n\n return {\n role,\n policy,\n functions: {\n update\n }\n };\n}\n\nfunction createUpdateSettingsLambdaPolicy(app: PulumiApp, params: PageBuilderParams) {\n return app.addResource(aws.iam.Policy, {\n name: \"PbUpdateSettingsLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"AllowDynamoDBAccess\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${params.primaryDynamodbTableArn}`,\n pulumi.interpolate`${params.primaryDynamodbTableArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n\nfunction createExportPagesResources(app: PulumiApp, params: PageBuilderParams) {\n const policy = createExportPagesLambdaPolicy(app, params);\n const role = createLambdaRole(app, {\n name: \"pb-export-pages-lambda-role\",\n policy: policy.output,\n vpc: params.vpc\n });\n\n const combine = app.addResource(aws.lambda.Function, {\n name: \"pb-export-pages-combine\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 128,\n description: \"Handle page export's combine workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.ctx.appDir, \"code/pageBuilder/exportPages/combine/build\")\n )\n }),\n environment: {\n variables: {\n ...params.env,\n S3_BUCKET: params.fileManagerBucketId\n }\n }\n }\n });\n\n const process = app.addResource(aws.lambda.Function, {\n name: \"pb-export-pages-process\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 128,\n description: \"Handle page export's process workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.ctx.appDir, \"code/pageBuilder/exportPages/process/build\")\n )\n }),\n environment: {\n variables: {\n ...params.env,\n S3_BUCKET: params.fileManagerBucketId,\n EXPORT_PAGE_COMBINE_HANDLER: combine.output.arn\n }\n }\n }\n });\n\n return {\n role,\n policy,\n functions: {\n process,\n combine\n }\n };\n}\n\nfunction createExportPagesLambdaPolicy(app: PulumiApp, params: PageBuilderParams) {\n return app.addResource(aws.iam.Policy, {\n name: \"PbExportPageTaskLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"AllowDynamoDBAccess\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${params.primaryDynamodbTableArn}`,\n pulumi.interpolate`${params.primaryDynamodbTableArn}/*`\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${params.fileManagerBucketId}/*`,\n // We need to explicitly add bucket ARN to \"Resource\" list for \"s3:ListBucket\" action.\n pulumi.interpolate`arn:aws:s3:::${params.fileManagerBucketId}`\n ]\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${params.awsRegion}:${params.awsAccountId}:function:*`\n }\n ]\n }\n }\n });\n}\n\nfunction createImportPagesResources(app: PulumiApp, params: PageBuilderParams) {\n const policy = createImportPagesLambdaPolicy(app, params);\n const role = createLambdaRole(app, {\n name: \"pb-import-page-lambda-role\",\n policy: policy.output,\n vpc: params.vpc\n });\n\n const process = app.addResource(aws.lambda.Function, {\n name: \"pb-import-page-queue-process\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 512,\n description: \"Handle import page queue process workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.ctx.appDir, \"code/pageBuilder/importPages/process/build\")\n )\n }),\n environment: {\n variables: {\n ...params.env,\n S3_BUCKET: params.fileManagerBucketId\n }\n }\n }\n });\n\n const create = app.addResource(aws.lambda.Function, {\n name: \"pb-import-page-queue-create\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 512,\n description: \"Handle import page queue create workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.ctx.appDir, \"code/pageBuilder/importPages/create/build\")\n )\n }),\n environment: {\n variables: {\n ...params.env,\n S3_BUCKET: params.fileManagerBucketId,\n IMPORT_PAGE_QUEUE_PROCESS_HANDLER: process.output.arn\n }\n }\n }\n });\n\n return {\n role,\n policy,\n functions: {\n create,\n process\n }\n };\n}\n\nfunction createImportPagesLambdaPolicy(app: PulumiApp, params: PageBuilderParams) {\n return app.addResource(aws.iam.Policy, {\n name: \"ImportPageLambdaPolicy\",\n config: {\n description: \"This policy enables access Dynamodb, S3, Lambda and Cognito IDP\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${params.primaryDynamodbTableArn}`,\n pulumi.interpolate`${params.primaryDynamodbTableArn}/*`\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${params.fileManagerBucketId}/*`,\n // We need to explicitly add bucket ARN to \"Resource\" list for \"s3:ListBucket\" action.\n pulumi.interpolate`arn:aws:s3:::${params.fileManagerBucketId}`\n ]\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${params.awsRegion}:${params.awsAccountId}:function:*`\n },\n {\n Sid: \"PermissionForCognitoIdp\",\n Effect: \"Allow\",\n Action: \"cognito-idp:*\",\n Resource: pulumi.interpolate`${params.cognitoUserPoolArn}`\n }\n ]\n }\n }\n });\n}\n"]}
1
+ {"version":3,"sources":["ApiPageBuilder.ts"],"names":["ApiPageBuilder","name","config","app","params","storage","getModule","StorageOutput","addHandler","pbInstallationZipPath","path","join","resolve","aws","s3","BucketObject","key","acl","bucket","fileManagerBucketId","contentType","source","pulumi","asset","FileAsset","updateSettings","createUpdateSettingsResources","exportPages","createExportPagesResources","importPages","createImportPagesResources","policy","createUpdateSettingsLambdaPolicy","role","output","update","addResource","lambda","Function","arn","runtime","handler","timeout","memorySize","description","code","AssetArchive","FileArchive","ctx","appDir","environment","variables","env","vpcConfig","VpcConfig","functionVpcConfig","functions","iam","Policy","Version","Statement","Sid","Effect","Action","Resource","interpolate","primaryDynamodbTableArn","createExportPagesLambdaPolicy","combine","S3_BUCKET","process","EXPORT_PAGE_COMBINE_HANDLER","awsAccountId","awsRegion","createImportPagesLambdaPolicy","create","IMPORT_PAGE_QUEUE_PROCESS_HANDLER","storageOutput","apply","elasticsearchDynamodbTableArn","cognitoUserPoolArn","elasticsearchDomainArn"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AAGA;;AACA;;AACA;;AACA;;AACA;;;;;;;;;;AAQO,MAAMA,cAAc,GAAG,gCAAgB;AAC1CC,EAAAA,IAAI,EAAE,gBADoC;;AAE1CC,EAAAA,MAAM,CAACC,GAAD,EAAiBC,MAAjB,EAA4C;AAC9C,UAAMC,OAAO,GAAGF,GAAG,CAACG,SAAJ,CAAcC,qBAAd,CAAhB;AAEAJ,IAAAA,GAAG,CAACK,UAAJ,CAAe,MAAM;AACjB,YAAMC,qBAAqB,GAAGC,IAAI,CAACC,IAAL,CAAUD,IAAI,CAACE,OAAL,EAAV,EAA0B,MAA1B,EAAkC,oBAAlC,CAA9B,CADiB,CAEjB;;AACA,+CAAsBH,qBAAtB;AAEA,UAAII,GAAG,CAACC,EAAJ,CAAOC,YAAX,CAAwB,sBAAxB,EAAgD;AAC5CC,QAAAA,GAAG,EAAE,oBADuC;AAE5CC,QAAAA,GAAG,EAAE,aAFuC;AAG5CC,QAAAA,MAAM,EAAEb,OAAO,CAACc,mBAH4B;AAI5CC,QAAAA,WAAW,EAAE,0BAJ+B;AAK5CC,QAAAA,MAAM,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,SAAjB,CAA2Bf,qBAA3B;AALoC,OAAhD;AAOH,KAZD;AAcA,UAAMgB,cAAc,GAAGC,6BAA6B,CAACvB,GAAD,EAAMC,MAAN,CAApD;AACA,UAAMuB,WAAW,GAAGC,0BAA0B,CAACzB,GAAD,EAAMC,MAAN,CAA9C;AACA,UAAMyB,WAAW,GAAGC,0BAA0B,CAAC3B,GAAD,EAAMC,MAAN,CAA9C;AAEA,WAAO;AACHqB,MAAAA,cADG;AAEHE,MAAAA,WAFG;AAGHE,MAAAA;AAHG,KAAP;AAKH;;AA5ByC,CAAhB,CAAvB;;;AA+BP,SAASH,6BAAT,CAAuCvB,GAAvC,EAAuDC,MAAvD,EAAkF;AAC9E,QAAM2B,MAAM,GAAGC,gCAAgC,CAAC7B,GAAD,CAA/C;AACA,QAAM8B,IAAI,GAAG,mCAAiB9B,GAAjB,EAAsB;AAC/BF,IAAAA,IAAI,EAAE,gCADyB;AAE/B8B,IAAAA,MAAM,EAAEA,MAAM,CAACG;AAFgB,GAAtB,CAAb;AAKA,QAAMC,MAAM,GAAGhC,GAAG,CAACiC,WAAJ,CAAgBvB,GAAG,CAACwB,MAAJ,CAAWC,QAA3B,EAAqC;AAChDrC,IAAAA,IAAI,EAAE,oBAD0C;AAEhDC,IAAAA,MAAM,EAAE;AACJ+B,MAAAA,IAAI,EAAEA,IAAI,CAACC,MAAL,CAAYK,GADd;AAEJC,MAAAA,OAAO,EAAE,YAFL;AAGJC,MAAAA,OAAO,EAAE,iBAHL;AAIJC,MAAAA,OAAO,EAAE,EAJL;AAKJC,MAAAA,UAAU,EAAE,GALR;AAMJC,MAAAA,WAAW,EACP,qGAPA;AAQJC,MAAAA,IAAI,EAAE,IAAIvB,MAAM,CAACC,KAAP,CAAauB,YAAjB,CAA8B;AAChC,aAAK,IAAIxB,MAAM,CAACC,KAAP,CAAawB,WAAjB,CACDrC,IAAI,CAACC,IAAL,CAAUR,GAAG,CAAC6C,GAAJ,CAAQC,MAAlB,EAA0B,uCAA1B,CADC;AAD2B,OAA9B,CARF;AAaJC,MAAAA,WAAW,EAAE;AACTC,QAAAA,SAAS,kCACF,8CAA4BhD,GAA5B,CADE,GAEFC,MAAM,CAACgD,GAFL;AADA,OAbT;AAmBJC,MAAAA,SAAS,EAAElD,GAAG,CAACG,SAAJ,CAAcgD,iBAAd,EAAyBC;AAnBhC;AAFwC,GAArC,CAAf;AAyBA,SAAO;AACHtB,IAAAA,IADG;AAEHF,IAAAA,MAFG;AAGHyB,IAAAA,SAAS,EAAE;AACPrB,MAAAA;AADO;AAHR,GAAP;AAOH;;AAED,SAASH,gCAAT,CAA0C7B,GAA1C,EAA0D;AACtD,QAAME,OAAO,GAAGF,GAAG,CAACG,SAAJ,CAAcC,qBAAd,CAAhB;AAEA,SAAOJ,GAAG,CAACiC,WAAJ,CAAgBvB,GAAG,CAAC4C,GAAJ,CAAQC,MAAxB,EAAgC;AACnCzD,IAAAA,IAAI,EAAE,8BAD6B;AAEnCC,IAAAA,MAAM,EAAE;AACJ0C,MAAAA,WAAW,EAAE,wCADT;AAEJb,MAAAA,MAAM,EAAE;AACJ4B,QAAAA,OAAO,EAAE,YADL;AAEJC,QAAAA,SAAS,EAAE,CACP;AACIC,UAAAA,GAAG,EAAE,qBADT;AAEIC,UAAAA,MAAM,EAAE,OAFZ;AAGIC,UAAAA,MAAM,EAAE,CACJ,uBADI,EAEJ,yBAFI,EAGJ,kBAHI,EAIJ,qBAJI,EAKJ,kBALI,EAMJ,gBANI,EAOJ,qBAPI,CAHZ;AAYIC,UAAAA,QAAQ,EAAE,CACN1C,MAAM,CAAC2C,WAAY,GAAE5D,OAAO,CAAC6D,uBAAwB,EAD/C,EAEN5C,MAAM,CAAC2C,WAAY,GAAE5D,OAAO,CAAC6D,uBAAwB,IAF/C;AAZd,SADO;AAFP;AAFJ;AAF2B,GAAhC,CAAP;AA4BH;;AAED,SAAStC,0BAAT,CAAoCzB,GAApC,EAAoDC,MAApD,EAA+E;AAC3E,QAAMC,OAAO,GAAGF,GAAG,CAACG,SAAJ,CAAcC,qBAAd,CAAhB;AAEA,QAAMwB,MAAM,GAAGoC,6BAA6B,CAAChE,GAAD,CAA5C;AACA,QAAM8B,IAAI,GAAG,mCAAiB9B,GAAjB,EAAsB;AAC/BF,IAAAA,IAAI,EAAE,6BADyB;AAE/B8B,IAAAA,MAAM,EAAEA,MAAM,CAACG;AAFgB,GAAtB,CAAb;AAKA,QAAMkC,OAAO,GAAGjE,GAAG,CAACiC,WAAJ,CAAgBvB,GAAG,CAACwB,MAAJ,CAAWC,QAA3B,EAAqC;AACjDrC,IAAAA,IAAI,EAAE,yBAD2C;AAEjDC,IAAAA,MAAM,EAAE;AACJ+B,MAAAA,IAAI,EAAEA,IAAI,CAACC,MAAL,CAAYK,GADd;AAEJC,MAAAA,OAAO,EAAE,YAFL;AAGJC,MAAAA,OAAO,EAAE,iBAHL;AAIJC,MAAAA,OAAO,EAAE,EAJL;AAKJC,MAAAA,UAAU,EAAE,GALR;AAMJC,MAAAA,WAAW,EAAE,uCANT;AAOJC,MAAAA,IAAI,EAAE,IAAIvB,MAAM,CAACC,KAAP,CAAauB,YAAjB,CAA8B;AAChC,aAAK,IAAIxB,MAAM,CAACC,KAAP,CAAawB,WAAjB,CACDrC,IAAI,CAACC,IAAL,CAAUR,GAAG,CAAC6C,GAAJ,CAAQC,MAAlB,EAA0B,4CAA1B,CADC;AAD2B,OAA9B,CAPF;AAYJC,MAAAA,WAAW,EAAE;AACTC,QAAAA,SAAS,gDACF,8CAA4BhD,GAA5B,CADE,GAEFC,MAAM,CAACgD,GAFL;AAGLiB,UAAAA,SAAS,EAAEhE,OAAO,CAACc;AAHd;AADA;AAZT;AAFyC,GAArC,CAAhB;AAwBA,QAAMmD,OAAO,GAAGnE,GAAG,CAACiC,WAAJ,CAAgBvB,GAAG,CAACwB,MAAJ,CAAWC,QAA3B,EAAqC;AACjDrC,IAAAA,IAAI,EAAE,yBAD2C;AAEjDC,IAAAA,MAAM,EAAE;AACJ+B,MAAAA,IAAI,EAAEA,IAAI,CAACC,MAAL,CAAYK,GADd;AAEJC,MAAAA,OAAO,EAAE,YAFL;AAGJC,MAAAA,OAAO,EAAE,iBAHL;AAIJC,MAAAA,OAAO,EAAE,EAJL;AAKJC,MAAAA,UAAU,EAAE,GALR;AAMJC,MAAAA,WAAW,EAAE,uCANT;AAOJC,MAAAA,IAAI,EAAE,IAAIvB,MAAM,CAACC,KAAP,CAAauB,YAAjB,CAA8B;AAChC,aAAK,IAAIxB,MAAM,CAACC,KAAP,CAAawB,WAAjB,CACDrC,IAAI,CAACC,IAAL,CAAUR,GAAG,CAAC6C,GAAJ,CAAQC,MAAlB,EAA0B,4CAA1B,CADC;AAD2B,OAA9B,CAPF;AAYJC,MAAAA,WAAW,EAAE;AACTC,QAAAA,SAAS,gDACF,8CAA4BhD,GAA5B,CADE,GAEFC,MAAM,CAACgD,GAFL;AAGLiB,UAAAA,SAAS,EAAEhE,OAAO,CAACc,mBAHd;AAILoD,UAAAA,2BAA2B,EAAEH,OAAO,CAAClC,MAAR,CAAeK;AAJvC;AADA;AAZT;AAFyC,GAArC,CAAhB;AAyBA,SAAO;AACHN,IAAAA,IADG;AAEHF,IAAAA,MAFG;AAGHyB,IAAAA,SAAS,EAAE;AACPc,MAAAA,OADO;AAEPF,MAAAA;AAFO;AAHR,GAAP;AAQH;;AAED,SAASD,6BAAT,CAAuChE,GAAvC,EAAuD;AACnD,QAAME,OAAO,GAAGF,GAAG,CAACG,SAAJ,CAAcC,qBAAd,CAAhB;AACA,QAAMiE,YAAY,GAAG,+BAAgBrE,GAAhB,CAArB;AACA,QAAMsE,SAAS,GAAG,4BAAatE,GAAb,CAAlB;AAEA,SAAOA,GAAG,CAACiC,WAAJ,CAAgBvB,GAAG,CAAC4C,GAAJ,CAAQC,MAAxB,EAAgC;AACnCzD,IAAAA,IAAI,EAAE,8BAD6B;AAEnCC,IAAAA,MAAM,EAAE;AACJ0C,MAAAA,WAAW,EAAE,wCADT;AAEJb,MAAAA,MAAM,EAAE;AACJ4B,QAAAA,OAAO,EAAE,YADL;AAEJC,QAAAA,SAAS,EAAE,CACP;AACIC,UAAAA,GAAG,EAAE,qBADT;AAEIC,UAAAA,MAAM,EAAE,OAFZ;AAGIC,UAAAA,MAAM,EAAE,CACJ,uBADI,EAEJ,yBAFI,EAGJ,kBAHI,EAIJ,qBAJI,EAKJ,kBALI,EAMJ,gBANI,EAOJ,qBAPI,CAHZ;AAYIC,UAAAA,QAAQ,EAAE,CACN1C,MAAM,CAAC2C,WAAY,GAAE5D,OAAO,CAAC6D,uBAAwB,EAD/C,EAEN5C,MAAM,CAAC2C,WAAY,GAAE5D,OAAO,CAAC6D,uBAAwB,IAF/C;AAZd,SADO,EAkBP;AACIL,UAAAA,GAAG,EAAE,iBADT;AAEIC,UAAAA,MAAM,EAAE,OAFZ;AAGIC,UAAAA,MAAM,EAAE,CACJ,iBADI,EAEJ,iBAFI,EAGJ,iBAHI,EAIJ,cAJI,EAKJ,cALI,EAMJ,eANI,CAHZ;AAWIC,UAAAA,QAAQ,EAAE,CACN1C,MAAM,CAAC2C,WAAY,gBAAe5D,OAAO,CAACc,mBAAoB,IADxD,EAEN;AACAG,UAAAA,MAAM,CAAC2C,WAAY,gBAAe5D,OAAO,CAACc,mBAAoB,EAHxD;AAXd,SAlBO,EAmCP;AACI0C,UAAAA,GAAG,EAAE,qBADT;AAEIC,UAAAA,MAAM,EAAE,OAFZ;AAGIC,UAAAA,MAAM,EAAE,CAAC,uBAAD,CAHZ;AAIIC,UAAAA,QAAQ,EAAE1C,MAAM,CAAC2C,WAAY,kBAAiBQ,SAAU,IAAGD,YAAa;AAJ5E,SAnCO;AAFP;AAFJ;AAF2B,GAAhC,CAAP;AAmDH;;AAED,SAAS1C,0BAAT,CAAoC3B,GAApC,EAAoDC,MAApD,EAA+E;AAC3E,QAAMC,OAAO,GAAGF,GAAG,CAACG,SAAJ,CAAcC,qBAAd,CAAhB;AACA,QAAMwB,MAAM,GAAG2C,6BAA6B,CAACvE,GAAD,CAA5C;AACA,QAAM8B,IAAI,GAAG,mCAAiB9B,GAAjB,EAAsB;AAC/BF,IAAAA,IAAI,EAAE,4BADyB;AAE/B8B,IAAAA,MAAM,EAAEA,MAAM,CAACG;AAFgB,GAAtB,CAAb;AAKA,QAAMoC,OAAO,GAAGnE,GAAG,CAACiC,WAAJ,CAAgBvB,GAAG,CAACwB,MAAJ,CAAWC,QAA3B,EAAqC;AACjDrC,IAAAA,IAAI,EAAE,8BAD2C;AAEjDC,IAAAA,MAAM,EAAE;AACJ+B,MAAAA,IAAI,EAAEA,IAAI,CAACC,MAAL,CAAYK,GADd;AAEJC,MAAAA,OAAO,EAAE,YAFL;AAGJC,MAAAA,OAAO,EAAE,iBAHL;AAIJC,MAAAA,OAAO,EAAE,EAJL;AAKJC,MAAAA,UAAU,EAAE,GALR;AAMJC,MAAAA,WAAW,EAAE,2CANT;AAOJC,MAAAA,IAAI,EAAE,IAAIvB,MAAM,CAACC,KAAP,CAAauB,YAAjB,CAA8B;AAChC,aAAK,IAAIxB,MAAM,CAACC,KAAP,CAAawB,WAAjB,CACDrC,IAAI,CAACC,IAAL,CAAUR,GAAG,CAAC6C,GAAJ,CAAQC,MAAlB,EAA0B,4CAA1B,CADC;AAD2B,OAA9B,CAPF;AAYJC,MAAAA,WAAW,EAAE;AACTC,QAAAA,SAAS,gDACF,8CAA4BhD,GAA5B,CADE,GAEFC,MAAM,CAACgD,GAFL;AAGLiB,UAAAA,SAAS,EAAEhE,OAAO,CAACc;AAHd;AADA;AAZT;AAFyC,GAArC,CAAhB;AAwBA,QAAMwD,MAAM,GAAGxE,GAAG,CAACiC,WAAJ,CAAgBvB,GAAG,CAACwB,MAAJ,CAAWC,QAA3B,EAAqC;AAChDrC,IAAAA,IAAI,EAAE,6BAD0C;AAEhDC,IAAAA,MAAM,EAAE;AACJ+B,MAAAA,IAAI,EAAEA,IAAI,CAACC,MAAL,CAAYK,GADd;AAEJC,MAAAA,OAAO,EAAE,YAFL;AAGJC,MAAAA,OAAO,EAAE,iBAHL;AAIJC,MAAAA,OAAO,EAAE,EAJL;AAKJC,MAAAA,UAAU,EAAE,GALR;AAMJC,MAAAA,WAAW,EAAE,0CANT;AAOJC,MAAAA,IAAI,EAAE,IAAIvB,MAAM,CAACC,KAAP,CAAauB,YAAjB,CAA8B;AAChC,aAAK,IAAIxB,MAAM,CAACC,KAAP,CAAawB,WAAjB,CACDrC,IAAI,CAACC,IAAL,CAAUR,GAAG,CAAC6C,GAAJ,CAAQC,MAAlB,EAA0B,2CAA1B,CADC;AAD2B,OAA9B,CAPF;AAYJC,MAAAA,WAAW,EAAE;AACTC,QAAAA,SAAS,gDACF,8CAA4BhD,GAA5B,CADE,GAEFC,MAAM,CAACgD,GAFL;AAGLiB,UAAAA,SAAS,EAAEhE,OAAO,CAACc,mBAHd;AAILyD,UAAAA,iCAAiC,EAAEN,OAAO,CAACpC,MAAR,CAAeK;AAJ7C;AADA;AAZT;AAFwC,GAArC,CAAf;AAyBA,SAAO;AACHN,IAAAA,IADG;AAEHF,IAAAA,MAFG;AAGHyB,IAAAA,SAAS,EAAE;AACPmB,MAAAA,MADO;AAEPL,MAAAA;AAFO;AAHR,GAAP;AAQH;;AAED,SAASI,6BAAT,CAAuCvE,GAAvC,EAAuD;AACnD,QAAM0E,aAAa,GAAG1E,GAAG,CAACG,SAAJ,CAAcC,qBAAd,CAAtB;AACA,QAAMiE,YAAY,GAAG,+BAAgBrE,GAAhB,CAArB;AACA,QAAMsE,SAAS,GAAG,4BAAatE,GAAb,CAAlB;AAEA,SAAOA,GAAG,CAACiC,WAAJ,CAAgBvB,GAAG,CAAC4C,GAAJ,CAAQC,MAAxB,EAAgC;AACnCzD,IAAAA,IAAI,EAAE,wBAD6B;AAEnCC,IAAAA,MAAM,EAAE;AACJ0C,MAAAA,WAAW,EAAE,iEADT;AAEJ;AACAb,MAAAA,MAAM,EAAE8C,aAAa,CAACC,KAAd,CAAoBzE,OAAO,IAAI;AACnC,cAAM0B,MAA8B,GAAG;AACnC4B,UAAAA,OAAO,EAAE,YAD0B;AAEnCC,UAAAA,SAAS,EAAE,CACP;AACIC,YAAAA,GAAG,EAAE,uBADT;AAEIC,YAAAA,MAAM,EAAE,OAFZ;AAGIC,YAAAA,MAAM,EAAE,CACJ,uBADI,EAEJ,yBAFI,EAGJ,kBAHI,EAIJ,qBAJI,EAKJ,kBALI,EAMJ,gBANI,EAOJ,qBAPI,CAHZ;AAYIC,YAAAA,QAAQ,EAAE,CACL,GAAE3D,OAAO,CAAC6D,uBAAwB,EAD7B,EAEL,GAAE7D,OAAO,CAAC6D,uBAAwB,IAF7B,EAGN;AACA,gBAAI7D,OAAO,CAAC0E,6BAAR,GACE,CACK,GAAE1E,OAAO,CAAC0E,6BAA8B,EAD7C,EAEK,GAAE1E,OAAO,CAAC0E,6BAA8B,IAF7C,CADF,GAKE,EALN,CAJM;AAZd,WADO,EAyBP;AACIlB,YAAAA,GAAG,EAAE,iBADT;AAEIC,YAAAA,MAAM,EAAE,OAFZ;AAGIC,YAAAA,MAAM,EAAE,CACJ,iBADI,EAEJ,iBAFI,EAGJ,iBAHI,EAIJ,cAJI,EAKJ,cALI,EAMJ,eANI,CAHZ;AAWIC,YAAAA,QAAQ,EAAE,CACL,gBAAe3D,OAAO,CAACc,mBAAoB,IADtC,EAEN;AACC,4BAAed,OAAO,CAACc,mBAAoB,EAHtC;AAXd,WAzBO,EA0CP;AACI0C,YAAAA,GAAG,EAAE,qBADT;AAEIC,YAAAA,MAAM,EAAE,OAFZ;AAGIC,YAAAA,MAAM,EAAE,CAAC,uBAAD,CAHZ;AAIIC,YAAAA,QAAQ,EAAE1C,MAAM,CAAC2C,WAAY,kBAAiBQ,SAAU,IAAGD,YAAa;AAJ5E,WA1CO,EAgDP;AACIX,YAAAA,GAAG,EAAE,yBADT;AAEIC,YAAAA,MAAM,EAAE,OAFZ;AAGIC,YAAAA,MAAM,EAAE,eAHZ;AAIIC,YAAAA,QAAQ,EAAG,GAAE3D,OAAO,CAAC2E,kBAAmB;AAJ5C,WAhDO,EAsDP;AACA,cAAI3E,OAAO,CAAC4E,sBAAR,GACE,CACI;AACIpB,YAAAA,GAAG,EAAE,iBADT;AAEIC,YAAAA,MAAM,EAAE,OAFZ;AAGIC,YAAAA,MAAM,EAAE,MAHZ;AAIIC,YAAAA,QAAQ,EAAE,CACL,GAAE3D,OAAO,CAAC4E,sBAAuB,EAD5B,EAEL,GAAE5E,OAAO,CAAC4E,sBAAuB,IAF5B;AAJd,WADJ,CADF,GAYE,EAZN,CAvDO;AAFwB,SAAvC;AAyEA,eAAOlD,MAAP;AACH,OA3EO;AAHJ;AAF2B,GAAhC,CAAP;AAmFH","sourcesContent":["import * as path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n//@ts-ignore\nimport { createInstallationZip } from \"@webiny/api-page-builder/installation\";\nimport { defineAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi-sdk\";\nimport { StorageOutput, VpcConfig } from \"../common\";\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { getAwsAccountId, getAwsRegion } from \"../awsUtils\";\n\ninterface PageBuilderParams {\n env: Record<string, any>;\n}\n\nexport type ApiPageBuilder = PulumiAppModule<typeof ApiPageBuilder>;\n\nexport const ApiPageBuilder = defineAppModule({\n name: \"ApiPageBuilder\",\n config(app: PulumiApp, params: PageBuilderParams) {\n const storage = app.getModule(StorageOutput);\n\n app.addHandler(() => {\n const pbInstallationZipPath = path.join(path.resolve(), \".tmp\", \"pbInstallation.zip\");\n // Will create \"pbInstallation.zip\" and save it in the `pbInstallationZipPath` path.\n createInstallationZip(pbInstallationZipPath);\n\n new aws.s3.BucketObject(\"./pbInstallation.zip\", {\n key: \"pbInstallation.zip\",\n acl: \"public-read\",\n bucket: storage.fileManagerBucketId,\n contentType: \"application/octet-stream\",\n source: new pulumi.asset.FileAsset(pbInstallationZipPath)\n });\n });\n\n const updateSettings = createUpdateSettingsResources(app, params);\n const exportPages = createExportPagesResources(app, params);\n const importPages = createImportPagesResources(app, params);\n\n return {\n updateSettings,\n exportPages,\n importPages\n };\n }\n});\n\nfunction createUpdateSettingsResources(app: PulumiApp, params: PageBuilderParams) {\n const policy = createUpdateSettingsLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"pb-update-settings-lambda-role\",\n policy: policy.output\n });\n\n const update = app.addResource(aws.lambda.Function, {\n name: \"pb-update-settings\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 10,\n memorySize: 128,\n description:\n \"Updates default Page Builder app's settings, e.g. website or prerendering URLs, default title, etc.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.ctx.appDir, \"code/pageBuilder/updateSettings/build\")\n )\n }),\n environment: {\n variables: {\n ...getCommonLambdaEnvVariables(app),\n ...params.env\n }\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n return {\n role,\n policy,\n functions: {\n update\n }\n };\n}\n\nfunction createUpdateSettingsLambdaPolicy(app: PulumiApp) {\n const storage = app.getModule(StorageOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"PbUpdateSettingsLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"AllowDynamoDBAccess\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${storage.primaryDynamodbTableArn}`,\n pulumi.interpolate`${storage.primaryDynamodbTableArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n\nfunction createExportPagesResources(app: PulumiApp, params: PageBuilderParams) {\n const storage = app.getModule(StorageOutput);\n\n const policy = createExportPagesLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"pb-export-pages-lambda-role\",\n policy: policy.output\n });\n\n const combine = app.addResource(aws.lambda.Function, {\n name: \"pb-export-pages-combine\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 128,\n description: \"Handle page export's combine workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.ctx.appDir, \"code/pageBuilder/exportPages/combine/build\")\n )\n }),\n environment: {\n variables: {\n ...getCommonLambdaEnvVariables(app),\n ...params.env,\n S3_BUCKET: storage.fileManagerBucketId\n }\n }\n }\n });\n\n const process = app.addResource(aws.lambda.Function, {\n name: \"pb-export-pages-process\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 128,\n description: \"Handle page export's process workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.ctx.appDir, \"code/pageBuilder/exportPages/process/build\")\n )\n }),\n environment: {\n variables: {\n ...getCommonLambdaEnvVariables(app),\n ...params.env,\n S3_BUCKET: storage.fileManagerBucketId,\n EXPORT_PAGE_COMBINE_HANDLER: combine.output.arn\n }\n }\n }\n });\n\n return {\n role,\n policy,\n functions: {\n process,\n combine\n }\n };\n}\n\nfunction createExportPagesLambdaPolicy(app: PulumiApp) {\n const storage = app.getModule(StorageOutput);\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n\n return app.addResource(aws.iam.Policy, {\n name: \"PbExportPageTaskLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"AllowDynamoDBAccess\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${storage.primaryDynamodbTableArn}`,\n pulumi.interpolate`${storage.primaryDynamodbTableArn}/*`\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${storage.fileManagerBucketId}/*`,\n // We need to explicitly add bucket ARN to \"Resource\" list for \"s3:ListBucket\" action.\n pulumi.interpolate`arn:aws:s3:::${storage.fileManagerBucketId}`\n ]\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:*`\n }\n ]\n }\n }\n });\n}\n\nfunction createImportPagesResources(app: PulumiApp, params: PageBuilderParams) {\n const storage = app.getModule(StorageOutput);\n const policy = createImportPagesLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"pb-import-page-lambda-role\",\n policy: policy.output\n });\n\n const process = app.addResource(aws.lambda.Function, {\n name: \"pb-import-page-queue-process\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 512,\n description: \"Handle import page queue process workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.ctx.appDir, \"code/pageBuilder/importPages/process/build\")\n )\n }),\n environment: {\n variables: {\n ...getCommonLambdaEnvVariables(app),\n ...params.env,\n S3_BUCKET: storage.fileManagerBucketId\n }\n }\n }\n });\n\n const create = app.addResource(aws.lambda.Function, {\n name: \"pb-import-page-queue-create\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 512,\n description: \"Handle import page queue create workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.ctx.appDir, \"code/pageBuilder/importPages/create/build\")\n )\n }),\n environment: {\n variables: {\n ...getCommonLambdaEnvVariables(app),\n ...params.env,\n S3_BUCKET: storage.fileManagerBucketId,\n IMPORT_PAGE_QUEUE_PROCESS_HANDLER: process.output.arn\n }\n }\n }\n });\n\n return {\n role,\n policy,\n functions: {\n create,\n process\n }\n };\n}\n\nfunction createImportPagesLambdaPolicy(app: PulumiApp) {\n const storageOutput = app.getModule(StorageOutput);\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ImportPageLambdaPolicy\",\n config: {\n description: \"This policy enables access Dynamodb, S3, Lambda and Cognito IDP\",\n // Storage is pulumi.Output, so we need to run apply() to resolve policy based on it\n policy: storageOutput.apply(storage => {\n const policy: aws.iam.PolicyDocument = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n `${storage.primaryDynamodbTableArn}`,\n `${storage.primaryDynamodbTableArn}/*`,\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n ...(storage.elasticsearchDynamodbTableArn\n ? [\n `${storage.elasticsearchDynamodbTableArn}`,\n `${storage.elasticsearchDynamodbTableArn}/*`\n ]\n : [])\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\"\n ],\n Resource: [\n `arn:aws:s3:::${storage.fileManagerBucketId}/*`,\n // We need to explicitly add bucket ARN to \"Resource\" list for \"s3:ListBucket\" action.\n `arn:aws:s3:::${storage.fileManagerBucketId}`\n ]\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:*`\n },\n {\n Sid: \"PermissionForCognitoIdp\",\n Effect: \"Allow\",\n Action: \"cognito-idp:*\",\n Resource: `${storage.cognitoUserPoolArn}`\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(storage.elasticsearchDomainArn\n ? [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\" as const,\n Action: \"es:*\",\n Resource: [\n `${storage.elasticsearchDomainArn}`,\n `${storage.elasticsearchDomainArn}/*`\n ]\n }\n ]\n : [])\n ]\n };\n\n return policy;\n })\n }\n });\n}\n"]}
package/apps/common/StorageOutput.d.ts ADDED
@@ -0,0 +1,21 @@
1
+ import { PulumiAppModule } from "@webiny/pulumi-sdk";
2
+ export declare type StorageOutput = PulumiAppModule<typeof StorageOutput>;
3
+ export declare const StorageOutput: import("@webiny/pulumi-sdk").PulumiAppModuleDefinition<import("@pulumi/pulumi").Output<import("@pulumi/pulumi").UnwrappedObject<{
4
+ fileManagerBucketId: string;
5
+ primaryDynamodbTableArn: string;
6
+ primaryDynamodbTableName: string;
7
+ primaryDynamodbTableHashKey: string;
8
+ primaryDynamodbTableRangeKey: string;
9
+ cognitoUserPoolId: string;
10
+ cognitoUserPoolArn: string;
11
+ cognitoUserPoolPasswordPolicy: any;
12
+ cognitoAppClientId: string;
13
+ eventBusArn: string;
14
+ vpcPublicSubnetIds: string[] | undefined;
15
+ vpcPrivateSubnetIds: string[] | undefined;
16
+ vpcSecurityGroupIds: string[] | undefined;
17
+ elasticsearchDomainArn: string | undefined;
18
+ elasticsearchDomainEndpoint: string | undefined;
19
+ elasticsearchDynamodbTableArn: string | undefined;
20
+ elasticsearchDynamodbTableName: string | undefined;
21
+ }>>, void>;
package/apps/common/StorageOutput.js ADDED
@@ -0,0 +1,50 @@
1
+ "use strict";
2
+
3
+ Object.defineProperty(exports, "__esModule", {
4
+ value: true
5
+ });
6
+ exports.StorageOutput = void 0;
7
+
8
+ var _pulumiSdk = require("@webiny/pulumi-sdk");
9
+
10
+ var _utils = require("@webiny/cli-plugin-deploy-pulumi/utils");
11
+
12
+ const StorageOutput = (0, _pulumiSdk.defineAppModule)({
13
+ name: "StorageOutput",
14
+
15
+ config(app) {
16
+ return app.addHandler(async () => {
17
+ const output = await (0, _utils.getStackOutput)({
18
+ folder: "apps/storage",
19
+ env: app.ctx.env
20
+ });
21
+
22
+ if (!output) {
23
+ throw new Error("Storage application is not deployed.");
24
+ }
25
+
26
+ return {
27
+ fileManagerBucketId: output["fileManagerBucketId"],
28
+ primaryDynamodbTableArn: output["primaryDynamodbTableArn"],
29
+ primaryDynamodbTableName: output["primaryDynamodbTableName"],
30
+ primaryDynamodbTableHashKey: output["primaryDynamodbTableHashKey"],
31
+ primaryDynamodbTableRangeKey: output["primaryDynamodbTableRangeKey"],
32
+ cognitoUserPoolId: output["cognitoUserPoolId"],
33
+ cognitoUserPoolArn: output["cognitoUserPoolArn"],
34
+ cognitoUserPoolPasswordPolicy: output["cognitoUserPoolPasswordPolicy"],
35
+ cognitoAppClientId: output["cognitoAppClientId"],
36
+ eventBusArn: output["eventBusArn"],
37
+ // These outputs are optional, since VPC is not always enabled.
38
+ vpcPublicSubnetIds: output["vpcPublicSubnetIds"],
39
+ vpcPrivateSubnetIds: output["vpcPrivateSubnetIds"],
40
+ vpcSecurityGroupIds: output["vpcSecurityGroupIds"],
41
+ elasticsearchDomainArn: output["elasticsearchDomainArn"],
42
+ elasticsearchDomainEndpoint: output["elasticsearchDomainEndpoint"],
43
+ elasticsearchDynamodbTableArn: output["elasticsearchDynamodbTableArn"],
44
+ elasticsearchDynamodbTableName: output["elasticsearchDynamodbTableName"]
45
+ };
46
+ });
47
+ }
48
+
49
+ });
50
+ exports.StorageOutput = StorageOutput;