@webiny/pulumi-aws 5.29.0-beta.0 → 5.29.0-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/apps/core/CoreElasticSearch.js +21 -9
- package/apps/core/CoreElasticSearch.js.map +1 -1
- package/apps/core/CoreOpenSearch.d.ts +20 -0
- package/apps/core/CoreOpenSearch.js +264 -0
- package/apps/core/CoreOpenSearch.js.map +1 -0
- package/apps/core/createCorePulumiApp.js +3 -2
- package/apps/core/createCorePulumiApp.js.map +1 -1
- package/package.json +8 -8
|
@@ -23,12 +23,31 @@ function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "functio
|
|
|
23
23
|
|
|
24
24
|
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
25
25
|
|
|
26
|
+
function getDevClusterConfig() {
|
|
27
|
+
return {
|
|
28
|
+
instanceType: "t3.small.elasticsearch"
|
|
29
|
+
};
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
function getProdClusterConfig() {
|
|
33
|
+
return {
|
|
34
|
+
// For production deployments, we create 2 instances and configure multi-AZ.
|
|
35
|
+
instanceType: "t3.medium.elasticsearch",
|
|
36
|
+
instanceCount: 2,
|
|
37
|
+
zoneAwarenessEnabled: true,
|
|
38
|
+
zoneAwarenessConfig: {
|
|
39
|
+
availabilityZoneCount: 2
|
|
40
|
+
}
|
|
41
|
+
};
|
|
42
|
+
}
|
|
43
|
+
|
|
26
44
|
const ElasticSearch = (0, _pulumi2.createAppModule)({
|
|
27
45
|
name: "ElasticSearch",
|
|
28
46
|
|
|
29
47
|
config(app, params) {
|
|
30
48
|
const domainName = "webiny-js";
|
|
31
49
|
const accountId = (0, _awsUtils.getAwsAccountId)(app);
|
|
50
|
+
const prod = app.params.run.env === "prod";
|
|
32
51
|
const vpc = app.getModule(_CoreVpc.CoreVpc, {
|
|
33
52
|
optional: true
|
|
34
53
|
}); // This needs to be implemented in order to be able to use a shared ElasticSearch cluster.
|
|
@@ -52,15 +71,8 @@ const ElasticSearch = (0, _pulumi2.createAppModule)({
|
|
|
52
71
|
domain = app.addResource(aws.elasticsearch.Domain, {
|
|
53
72
|
name: domainName,
|
|
54
73
|
config: {
|
|
55
|
-
elasticsearchVersion: "7.
|
|
56
|
-
clusterConfig:
|
|
57
|
-
instanceType: "t3.medium.elasticsearch",
|
|
58
|
-
instanceCount: 2,
|
|
59
|
-
zoneAwarenessEnabled: true,
|
|
60
|
-
zoneAwarenessConfig: {
|
|
61
|
-
availabilityZoneCount: 2
|
|
62
|
-
}
|
|
63
|
-
},
|
|
74
|
+
elasticsearchVersion: "7.10",
|
|
75
|
+
clusterConfig: prod ? getDevClusterConfig() : getProdClusterConfig(),
|
|
64
76
|
vpcOptions: vpc ? {
|
|
65
77
|
subnetIds: vpc.subnets.private.map(s => s.output.id),
|
|
66
78
|
securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["ElasticSearch","createAppModule","name","config","app","params","domainName","accountId","getAwsAccountId","vpc","getModule","CoreVpc","optional","domain","domainPolicy","process","env","AWS_ELASTIC_SEARCH_DOMAIN_NAME","String","addRemoteResource","aws","elasticsearch","getDomain","async","addResource","Domain","elasticsearchVersion","clusterConfig","instanceType","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","DomainPolicy","accessPolicies","Version","Statement","Effect","Principal","AWS","Action","Resource","pulumi","interpolate","arn","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","roleName","role","iam","Role","assumeRolePolicy","Service","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","handler","timeout","memorySize","environment","variables","DEBUG","ELASTIC_SEARCH_ENDPOINT","endpoint","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","elasticsearchDomainArn","elasticsearchDomainEndpoint","elasticsearchDynamodbTableArn","elasticsearchDynamodbTableName","dynamoToElastic","Policy","Sid"],"sources":["CoreElasticSearch.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport {\n createAppModule,\n PulumiApp,\n PulumiAppResource,\n PulumiAppResourceConstructor,\n PulumiAppRemoteResource\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { CoreVpc } from \"./CoreVpc\";\n\nexport interface ElasticSearchParams {\n protect: boolean;\n}\n\nexport const ElasticSearch = createAppModule({\n name: \"ElasticSearch\",\n config(app, params: ElasticSearchParams) {\n const domainName = \"webiny-js\";\n const accountId = getAwsAccountId(app);\n\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n // This needs to be implemented in order to be able to use a shared ElasticSearch cluster.\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.elasticsearch.Domain>>\n | PulumiAppRemoteResource<aws.elasticsearch.GetDomainResult>;\n\n let domainPolicy;\n\n if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {\n const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME);\n // This can be useful for testing purposes in ephemeral environments. More information here:\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(domainName, () => {\n return aws.elasticsearch.getDomain({ domainName }, { async: true });\n });\n } else {\n // Regular ElasticSearch deployment.\n domain = app.addResource(aws.elasticsearch.Domain, {\n name: domainName,\n config: {\n elasticsearchVersion: \"7.7\",\n clusterConfig: {\n instanceType: \"t3.medium.elasticsearch\",\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 2\n }\n },\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n /**\n * Domain policy defines who can access your Elasticsearch Domain.\n * For details on Elasticsearch security, read the official documentation:\n * https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/security.html\n */\n domainPolicy = app.addResource(aws.elasticsearch.DomainPolicy, {\n name: `${domainName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: {\n Version: \"2012-10-17\",\n Statement: [\n /**\n * Allow requests signed with current account\n */\n {\n Effect: \"Allow\",\n Principal: {\n AWS: accountId\n },\n Action: \"es:*\",\n Resource: pulumi.interpolate`${domain.output.arn}/*`\n }\n ]\n }\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for Elasticsearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your Elasticsearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with Elasticsearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\"\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains Elasticsearch items.\n * Elasticsearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for Elasticsearch in a DynamoDB table, and asynchronously insert it into Elasticsearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 600,\n memorySize: 512,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 1000,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n elasticsearchDomainArn: domain.output.arn,\n elasticsearchDomainEndpoint: domain.output.endpoint,\n elasticsearchDynamodbTableArn: table.output.arn,\n elasticsearchDynamodbTableName: table.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n app: PulumiApp,\n domain: pulumi.Output<aws.elasticsearch.Domain | aws.elasticsearch.GetDomainResult>\n) {\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\"\n ],\n Resource: [\n pulumi.interpolate`${domain.arn}`,\n pulumi.interpolate`${domain.arn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;;AAAA;;AACA;;AACA;;AACA;;AAQA;;AACA;;;;;;AAMO,MAAMA,aAAa,GAAG,IAAAC,wBAAA,EAAgB;EACzCC,IAAI,EAAE,eADmC;;EAEzCC,MAAM,CAACC,GAAD,EAAMC,MAAN,EAAmC;IACrC,MAAMC,UAAU,GAAG,WAAnB;IACA,MAAMC,SAAS,GAAG,IAAAC,yBAAA,EAAgBJ,GAAhB,CAAlB;IAEA,MAAMK,GAAG,GAAGL,GAAG,CAACM,SAAJ,CAAcC,gBAAd,EAAuB;MAAEC,QAAQ,EAAE;IAAZ,CAAvB,CAAZ,CAJqC,CAMrC;;IACA,IAAIC,MAAJ;IAIA,IAAIC,YAAJ;;IAEA,IAAIC,OAAO,CAACC,GAAR,CAAYC,8BAAhB,EAAgD;MAC5C,MAAMX,UAAU,GAAGY,MAAM,CAACH,OAAO,CAACC,GAAR,CAAYC,8BAAb,CAAzB,CAD4C,CAE5C;MACA;;MACAJ,MAAM,GAAGT,GAAG,CAACe,iBAAJ,CAAsBb,UAAtB,EAAkC,MAAM;QAC7C,OAAOc,GAAG,CAACC,aAAJ,CAAkBC,SAAlB,CAA4B;UAAEhB;QAAF,CAA5B,EAA4C;UAAEiB,KAAK,EAAE;QAAT,CAA5C,CAAP;MACH,CAFQ,CAAT;IAGH,CAPD,MAOO;MACH;MACAV,MAAM,GAAGT,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACC,aAAJ,CAAkBI,MAAlC,EAA0C;QAC/CvB,IAAI,EAAEI,UADyC;QAE/CH,MAAM,EAAE;UACJuB,oBAAoB,EAAE,KADlB;UAEJC,aAAa,EAAE;YACXC,YAAY,EAAE,yBADH;YAEXC,aAAa,EAAE,CAFJ;YAGXC,oBAAoB,EAAE,IAHX;YAIXC,mBAAmB,EAAE;cACjBC,qBAAqB,EAAE;YADN;UAJV,CAFX;UAUJC,UAAU,EAAExB,GAAG,GACT;YACIyB,SAAS,EAAEzB,GAAG,CAAC0B,OAAJ,CAAYC,OAAZ,CAAoBC,GAApB,CAAwBC,CAAC,IAAIA,CAAC,CAACC,MAAF,CAASC,EAAtC,CADf;YAEIC,gBAAgB,EAAE,CAAChC,GAAG,CAACA,GAAJ,CAAQ8B,MAAR,CAAeG,sBAAhB;UAFtB,CADS,GAKTC,SAfF;UAgBJC,UAAU,EAAE;YACRC,UAAU,EAAE,IADJ;YAERC,UAAU,EAAE,EAFJ;YAGRC,UAAU,EAAE;UAHJ,CAhBR;UAqBJC,eAAe,EAAE;YACb,0CAA0C;UAD7B,CArBb;UAwBJC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UADf;QAxBb,CAFuC;QA8B/CC,IAAI,EAAE;UAAEC,OAAO,EAAE/C,MAAM,CAAC+C;QAAlB;MA9ByC,CAA1C,CAAT;MAiCA;AACZ;AACA;AACA;AACA;;MACYtC,YAAY,GAAGV,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACC,aAAJ,CAAkBgC,YAAlC,EAAgD;QAC3DnD,IAAI,EAAG,GAAEI,UAAW,SADuC;QAE3DH,MAAM,EAAE;UACJG,UAAU,EAAEO,MAAM,CAAC0B,MAAP,CAAcjC,UADtB;UAEJgD,cAAc,EAAE;YACZC,OAAO,EAAE,YADG;YAEZC,SAAS,EAAE;YACP;AAC5B;AACA;YAC4B;cACIC,MAAM,EAAE,OADZ;cAEIC,SAAS,EAAE;gBACPC,GAAG,EAAEpD;cADE,CAFf;cAKIqD,MAAM,EAAE,MALZ;cAMIC,QAAQ,EAAEC,MAAM,CAACC,WAAY,GAAElD,MAAM,CAAC0B,MAAP,CAAcyB,GAAI;YANrD,CAJO;UAFC;QAFZ,CAFmD;QAqB3Db,IAAI,EAAE;UAAEC,OAAO,EAAE/C,MAAM,CAAC+C;QAAlB;MArBqD,CAAhD,CAAf;IAuBH;IAED;AACR;AACA;AACA;AACA;AACA;;;IACQ,MAAMa,KAAK,GAAG7D,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAAC8C,QAAJ,CAAaC,KAA7B,EAAoC;MAC9CjE,IAAI,EAAE,WADwC;MAE9CC,MAAM,EAAE;QACJiE,UAAU,EAAE,CACR;UAAElE,IAAI,EAAE,IAAR;UAAcmE,IAAI,EAAE;QAApB,CADQ,EAER;UAAEnE,IAAI,EAAE,IAAR;UAAcmE,IAAI,EAAE;QAApB,CAFQ,CADR;QAKJC,aAAa,EAAE,IALX;QAMJC,cAAc,EAAE,oBANZ;QAOJC,WAAW,EAAE,iBAPT;QAQJC,OAAO,EAAE,IARL;QASJC,QAAQ,EAAE;MATN,CAFsC;MAa9CvB,IAAI,EAAE;QAAEC,OAAO,EAAE/C,MAAM,CAAC+C;MAAlB;IAbwC,CAApC,CAAd;IAgBA,MAAMuB,QAAQ,GAAG,+BAAjB;IAEA,MAAMC,IAAI,GAAGxE,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACyD,GAAJ,CAAQC,IAAxB,EAA8B;MACvC5E,IAAI,EAAEyE,QADiC;MAEvCxE,MAAM,EAAE;QACJ4E,gBAAgB,EAAE;UACdxB,OAAO,EAAE,YADK;UAEdC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBADZ;YAEIF,SAAS,EAAE;cACPsB,OAAO,EAAE;YADF,CAFf;YAKIvB,MAAM,EAAE;UALZ,CADO;QAFG;MADd;IAF+B,CAA9B,CAAb;IAkBA,MAAMwB,MAAM,GAAGC,gCAAgC,CAAC9E,GAAD,EAAMS,MAAM,CAAC0B,MAAb,CAA/C;IAEAnC,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACyD,GAAJ,CAAQM,oBAAxB,EAA8C;MAC1CjF,IAAI,EAAG,GAAEyE,QAAS,gCADwB;MAE1CxE,MAAM,EAAE;QACJyE,IAAI,EAAEA,IAAI,CAACrC,MADP;QAEJ6C,SAAS,EAAEH,MAAM,CAAC1C,MAAP,CAAcyB;MAFrB;IAFkC,CAA9C;IAQA5D,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACyD,GAAJ,CAAQM,oBAAxB,EAA8C;MAC1CjF,IAAI,EAAG,GAAEyE,QAAS,kCADwB;MAE1CxE,MAAM,EAAE;QACJyE,IAAI,EAAEA,IAAI,CAACrC,MADP;QAEJ6C,SAAS,EAAEhE,GAAG,CAACyD,GAAJ,CAAQQ,aAAR,CAAsBC;MAF7B;IAFkC,CAA9C;IAQAlF,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACyD,GAAJ,CAAQM,oBAAxB,EAA8C;MAC1CjF,IAAI,EAAG,GAAEyE,QAAS,iCADwB;MAE1CxE,MAAM,EAAE;QACJyE,IAAI,EAAEA,IAAI,CAACrC,MADP;QAEJ6C,SAAS,EAAEhE,GAAG,CAACyD,GAAJ,CAAQQ,aAAR,CAAsBE;MAF7B;IAFkC,CAA9C;IAQA;AACR;AACA;AACA;AACA;AACA;;IACQ,MAAMC,MAAM,GAAGpF,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACoE,MAAJ,CAAWC,QAA3B,EAAqC;MAChDvF,IAAI,EAAE,mBAD0C;MAEhDC,MAAM,EAAE;QACJyE,IAAI,EAAEA,IAAI,CAACrC,MAAL,CAAYyB,GADd;QAEJ0B,OAAO,EAAE,YAFL;QAGJC,OAAO,EAAE,iBAHL;QAIJC,OAAO,EAAE,GAJL;QAKJC,UAAU,EAAE,GALR;QAMJC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE9E,MAAM,CAACH,OAAO,CAACC,GAAR,CAAYgF,KAAb,CADN;YAEPC,uBAAuB,EAAEpF,MAAM,CAAC0B,MAAP,CAAc2D;UAFhC;QADF,CANT;QAYJC,WAAW,EAAE,0BAZT;QAaJC,IAAI,EAAE,IAAItC,MAAM,CAACuC,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAIxC,MAAM,CAACuC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUrG,GAAG,CAACsG,KAAJ,CAAUC,SAApB,EAA+B,uBAA/B,CADC;QAD2B,CAA9B,CAbF;QAkBJC,SAAS,EAAEnG,GAAG,GACR;UACIyB,SAAS,EAAEzB,GAAG,CAAC0B,OAAJ,CAAYC,OAAZ,CAAoBC,GAApB,CAAwBC,CAAC,IAAIA,CAAC,CAACC,MAAF,CAASC,EAAtC,CADf;UAEIC,gBAAgB,EAAE,CAAChC,GAAG,CAACA,GAAJ,CAAQ8B,MAAR,CAAeG,sBAAhB;QAFtB,CADQ,GAKRC;MAvBF;IAFwC,CAArC,CAAf;IA6BA,MAAMkE,kBAAkB,GAAGzG,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACoE,MAAJ,CAAWsB,kBAA3B,EAA+C;MACtE5G,IAAI,EAAE,mBADgE;MAEtEC,MAAM,EAAE;QACJ4G,cAAc,EAAE9C,KAAK,CAAC1B,MAAN,CAAayE,SADzB;QAEJC,YAAY,EAAEzB,MAAM,CAACjD,MAAP,CAAcyB,GAFxB;QAGJkD,gBAAgB,EAAE,QAHd;QAIJC,oBAAoB,EAAE,CAJlB;QAKJC,SAAS,EAAE,IALP;QAMJC,8BAA8B,EAAE;MAN5B;IAF8D,CAA/C,CAA3B;IAYAjH,GAAG,CAACkH,UAAJ,CAAe;MACXC,sBAAsB,EAAE1G,MAAM,CAAC0B,MAAP,CAAcyB,GAD3B;MAEXwD,2BAA2B,EAAE3G,MAAM,CAAC0B,MAAP,CAAc2D,QAFhC;MAGXuB,6BAA6B,EAAExD,KAAK,CAAC1B,MAAN,CAAayB,GAHjC;MAIX0D,8BAA8B,EAAEzD,KAAK,CAAC1B,MAAN,CAAarC;IAJlC,CAAf;IAOA,OAAO;MACHW,MADG;MAEHC,YAFG;MAGHmD,KAHG;MAIH0D,eAAe,EAAE;QACb/C,IADa;QAEbK,MAFa;QAGbO,MAHa;QAIbqB;MAJa;IAJd,CAAP;EAWH;;AA5NwC,CAAhB,CAAtB;;;AA+NP,SAAS3B,gCAAT,CACI9E,GADJ,EAEIS,MAFJ,EAGE;EACE,OAAOT,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACyD,GAAJ,CAAQ+C,MAAxB,EAAgC;IACnC1H,IAAI,EAAE,uCAD6B;IAEnCC,MAAM,EAAE;MACJgG,WAAW,EAAE,uDADT;MAEJlB,MAAM,EAAE;QACJ1B,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACIqE,GAAG,EAAE,iBADT;UAEIpE,MAAM,EAAE,OAFZ;UAGIG,MAAM,EAAE,CACJ,iBADI,EAEJ,gBAFI,EAGJ,eAHI,EAIJ,cAJI,CAHZ;UASIC,QAAQ,EAAE,CACNC,MAAM,CAACC,WAAY,GAAElD,MAAM,CAACmD,GAAI,EAD1B,EAENF,MAAM,CAACC,WAAY,GAAElD,MAAM,CAACmD,GAAI,IAF1B;QATd,CADO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AAyBH"}
|
|
1
|
+
{"version":3,"names":["getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","ElasticSearch","createAppModule","name","config","app","params","domainName","accountId","getAwsAccountId","prod","run","env","vpc","getModule","CoreVpc","optional","domain","domainPolicy","process","AWS_ELASTIC_SEARCH_DOMAIN_NAME","String","addRemoteResource","aws","elasticsearch","getDomain","async","addResource","Domain","elasticsearchVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","DomainPolicy","accessPolicies","Version","Statement","Effect","Principal","AWS","Action","Resource","pulumi","interpolate","arn","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","roleName","role","iam","Role","assumeRolePolicy","Service","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","handler","timeout","memorySize","environment","variables","DEBUG","ELASTIC_SEARCH_ENDPOINT","endpoint","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","elasticsearchDomainArn","elasticsearchDomainEndpoint","elasticsearchDynamodbTableArn","elasticsearchDynamodbTableName","dynamoToElastic","Policy","Sid"],"sources":["CoreElasticSearch.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport {\n createAppModule,\n PulumiApp,\n PulumiAppResource,\n PulumiAppResourceConstructor,\n PulumiAppRemoteResource\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { CoreVpc } from \"./CoreVpc\";\n\nexport interface ElasticSearchParams {\n protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n return {\n instanceType: \"t3.small.elasticsearch\"\n };\n}\n\nfunction getProdClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n return {\n // For production deployments, we create 2 instances and configure multi-AZ.\n instanceType: \"t3.medium.elasticsearch\",\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 2\n }\n };\n}\n\nexport const ElasticSearch = createAppModule({\n name: \"ElasticSearch\",\n config(app, params: ElasticSearchParams) {\n const domainName = \"webiny-js\";\n const accountId = getAwsAccountId(app);\n const prod = app.params.run.env === \"prod\";\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n // This needs to be implemented in order to be able to use a shared ElasticSearch cluster.\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.elasticsearch.Domain>>\n | PulumiAppRemoteResource<aws.elasticsearch.GetDomainResult>;\n\n let domainPolicy;\n\n if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {\n const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME);\n // This can be useful for testing purposes in ephemeral environments. More information here:\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(domainName, () => {\n return aws.elasticsearch.getDomain({ domainName }, { async: true });\n });\n } else {\n // Regular ElasticSearch deployment.\n domain = app.addResource(aws.elasticsearch.Domain, {\n name: domainName,\n config: {\n elasticsearchVersion: \"7.10\",\n clusterConfig: prod ? getDevClusterConfig() : getProdClusterConfig(),\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n /**\n * Domain policy defines who can access your Elasticsearch Domain.\n * For details on Elasticsearch security, read the official documentation:\n * https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/security.html\n */\n domainPolicy = app.addResource(aws.elasticsearch.DomainPolicy, {\n name: `${domainName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: {\n Version: \"2012-10-17\",\n Statement: [\n /**\n * Allow requests signed with current account\n */\n {\n Effect: \"Allow\",\n Principal: {\n AWS: accountId\n },\n Action: \"es:*\",\n Resource: pulumi.interpolate`${domain.output.arn}/*`\n }\n ]\n }\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for Elasticsearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your Elasticsearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with Elasticsearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\"\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains Elasticsearch items.\n * Elasticsearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for Elasticsearch in a DynamoDB table, and asynchronously insert it into Elasticsearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 600,\n memorySize: 512,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 1000,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n elasticsearchDomainArn: domain.output.arn,\n elasticsearchDomainEndpoint: domain.output.endpoint,\n elasticsearchDynamodbTableArn: table.output.arn,\n elasticsearchDynamodbTableName: table.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n app: PulumiApp,\n domain: pulumi.Output<aws.elasticsearch.Domain | aws.elasticsearch.GetDomainResult>\n) {\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\"\n ],\n Resource: [\n pulumi.interpolate`${domain.arn}`,\n pulumi.interpolate`${domain.arn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;;AAAA;;AACA;;AACA;;AACA;;AAQA;;AACA;;;;;;AAMA,SAASA,mBAAT,GAAkF;EAC9E,OAAO;IACHC,YAAY,EAAE;EADX,CAAP;AAGH;;AAED,SAASC,oBAAT,GAAmF;EAC/E,OAAO;IACH;IACAD,YAAY,EAAE,yBAFX;IAGHE,aAAa,EAAE,CAHZ;IAIHC,oBAAoB,EAAE,IAJnB;IAKHC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IADN;EALlB,CAAP;AASH;;AAEM,MAAMC,aAAa,GAAG,IAAAC,wBAAA,EAAgB;EACzCC,IAAI,EAAE,eADmC;;EAEzCC,MAAM,CAACC,GAAD,EAAMC,MAAN,EAAmC;IACrC,MAAMC,UAAU,GAAG,WAAnB;IACA,MAAMC,SAAS,GAAG,IAAAC,yBAAA,EAAgBJ,GAAhB,CAAlB;IACA,MAAMK,IAAI,GAAGL,GAAG,CAACC,MAAJ,CAAWK,GAAX,CAAeC,GAAf,KAAuB,MAApC;IACA,MAAMC,GAAG,GAAGR,GAAG,CAACS,SAAJ,CAAcC,gBAAd,EAAuB;MAAEC,QAAQ,EAAE;IAAZ,CAAvB,CAAZ,CAJqC,CAMrC;;IACA,IAAIC,MAAJ;IAIA,IAAIC,YAAJ;;IAEA,IAAIC,OAAO,CAACP,GAAR,CAAYQ,8BAAhB,EAAgD;MAC5C,MAAMb,UAAU,GAAGc,MAAM,CAACF,OAAO,CAACP,GAAR,CAAYQ,8BAAb,CAAzB,CAD4C,CAE5C;MACA;;MACAH,MAAM,GAAGZ,GAAG,CAACiB,iBAAJ,CAAsBf,UAAtB,EAAkC,MAAM;QAC7C,OAAOgB,GAAG,CAACC,aAAJ,CAAkBC,SAAlB,CAA4B;UAAElB;QAAF,CAA5B,EAA4C;UAAEmB,KAAK,EAAE;QAAT,CAA5C,CAAP;MACH,CAFQ,CAAT;IAGH,CAPD,MAOO;MACH;MACAT,MAAM,GAAGZ,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACC,aAAJ,CAAkBI,MAAlC,EAA0C;QAC/CzB,IAAI,EAAEI,UADyC;QAE/CH,MAAM,EAAE;UACJyB,oBAAoB,EAAE,MADlB;UAEJC,aAAa,EAAEpB,IAAI,GAAGhB,mBAAmB,EAAtB,GAA2BE,oBAAoB,EAF9D;UAGJmC,UAAU,EAAElB,GAAG,GACT;YACImB,SAAS,EAAEnB,GAAG,CAACoB,OAAJ,CAAYC,OAAZ,CAAoBC,GAApB,CAAwBC,CAAC,IAAIA,CAAC,CAACC,MAAF,CAASC,EAAtC,CADf;YAEIC,gBAAgB,EAAE,CAAC1B,GAAG,CAACA,GAAJ,CAAQwB,MAAR,CAAeG,sBAAhB;UAFtB,CADS,GAKTC,SARF;UASJC,UAAU,EAAE;YACRC,UAAU,EAAE,IADJ;YAERC,UAAU,EAAE,EAFJ;YAGRC,UAAU,EAAE;UAHJ,CATR;UAcJC,eAAe,EAAE;YACb,0CAA0C;UAD7B,CAdb;UAiBJC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UADf;QAjBb,CAFuC;QAuB/CC,IAAI,EAAE;UAAEC,OAAO,EAAE5C,MAAM,CAAC4C;QAAlB;MAvByC,CAA1C,CAAT;MA0BA;AACZ;AACA;AACA;AACA;;MACYhC,YAAY,GAAGb,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACC,aAAJ,CAAkB2B,YAAlC,EAAgD;QAC3DhD,IAAI,EAAG,GAAEI,UAAW,SADuC;QAE3DH,MAAM,EAAE;UACJG,UAAU,EAAEU,MAAM,CAACoB,MAAP,CAAc9B,UADtB;UAEJ6C,cAAc,EAAE;YACZC,OAAO,EAAE,YADG;YAEZC,SAAS,EAAE;YACP;AAC5B;AACA;YAC4B;cACIC,MAAM,EAAE,OADZ;cAEIC,SAAS,EAAE;gBACPC,GAAG,EAAEjD;cADE,CAFf;cAKIkD,MAAM,EAAE,MALZ;cAMIC,QAAQ,EAAEC,MAAM,CAACC,WAAY,GAAE5C,MAAM,CAACoB,MAAP,CAAcyB,GAAI;YANrD,CAJO;UAFC;QAFZ,CAFmD;QAqB3Db,IAAI,EAAE;UAAEC,OAAO,EAAE5C,MAAM,CAAC4C;QAAlB;MArBqD,CAAhD,CAAf;IAuBH;IAED;AACR;AACA;AACA;AACA;AACA;;;IACQ,MAAMa,KAAK,GAAG1D,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACyC,QAAJ,CAAaC,KAA7B,EAAoC;MAC9C9D,IAAI,EAAE,WADwC;MAE9CC,MAAM,EAAE;QACJ8D,UAAU,EAAE,CACR;UAAE/D,IAAI,EAAE,IAAR;UAAcgE,IAAI,EAAE;QAApB,CADQ,EAER;UAAEhE,IAAI,EAAE,IAAR;UAAcgE,IAAI,EAAE;QAApB,CAFQ,CADR;QAKJC,aAAa,EAAE,IALX;QAMJC,cAAc,EAAE,oBANZ;QAOJC,WAAW,EAAE,iBAPT;QAQJC,OAAO,EAAE,IARL;QASJC,QAAQ,EAAE;MATN,CAFsC;MAa9CvB,IAAI,EAAE;QAAEC,OAAO,EAAE5C,MAAM,CAAC4C;MAAlB;IAbwC,CAApC,CAAd;IAgBA,MAAMuB,QAAQ,GAAG,+BAAjB;IAEA,MAAMC,IAAI,GAAGrE,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQC,IAAxB,EAA8B;MACvCzE,IAAI,EAAEsE,QADiC;MAEvCrE,MAAM,EAAE;QACJyE,gBAAgB,EAAE;UACdxB,OAAO,EAAE,YADK;UAEdC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBADZ;YAEIF,SAAS,EAAE;cACPsB,OAAO,EAAE;YADF,CAFf;YAKIvB,MAAM,EAAE;UALZ,CADO;QAFG;MADd;IAF+B,CAA9B,CAAb;IAkBA,MAAMwB,MAAM,GAAGC,gCAAgC,CAAC3E,GAAD,EAAMY,MAAM,CAACoB,MAAb,CAA/C;IAEAhC,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQM,oBAAxB,EAA8C;MAC1C9E,IAAI,EAAG,GAAEsE,QAAS,gCADwB;MAE1CrE,MAAM,EAAE;QACJsE,IAAI,EAAEA,IAAI,CAACrC,MADP;QAEJ6C,SAAS,EAAEH,MAAM,CAAC1C,MAAP,CAAcyB;MAFrB;IAFkC,CAA9C;IAQAzD,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQM,oBAAxB,EAA8C;MAC1C9E,IAAI,EAAG,GAAEsE,QAAS,kCADwB;MAE1CrE,MAAM,EAAE;QACJsE,IAAI,EAAEA,IAAI,CAACrC,MADP;QAEJ6C,SAAS,EAAE3D,GAAG,CAACoD,GAAJ,CAAQQ,aAAR,CAAsBC;MAF7B;IAFkC,CAA9C;IAQA/E,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQM,oBAAxB,EAA8C;MAC1C9E,IAAI,EAAG,GAAEsE,QAAS,iCADwB;MAE1CrE,MAAM,EAAE;QACJsE,IAAI,EAAEA,IAAI,CAACrC,MADP;QAEJ6C,SAAS,EAAE3D,GAAG,CAACoD,GAAJ,CAAQQ,aAAR,CAAsBE;MAF7B;IAFkC,CAA9C;IAQA;AACR;AACA;AACA;AACA;AACA;;IACQ,MAAMC,MAAM,GAAGjF,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAAC+D,MAAJ,CAAWC,QAA3B,EAAqC;MAChDpF,IAAI,EAAE,mBAD0C;MAEhDC,MAAM,EAAE;QACJsE,IAAI,EAAEA,IAAI,CAACrC,MAAL,CAAYyB,GADd;QAEJ0B,OAAO,EAAE,YAFL;QAGJC,OAAO,EAAE,iBAHL;QAIJC,OAAO,EAAE,GAJL;QAKJC,UAAU,EAAE,GALR;QAMJC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAEzE,MAAM,CAACF,OAAO,CAACP,GAAR,CAAYkF,KAAb,CADN;YAEPC,uBAAuB,EAAE9E,MAAM,CAACoB,MAAP,CAAc2D;UAFhC;QADF,CANT;QAYJC,WAAW,EAAE,0BAZT;QAaJC,IAAI,EAAE,IAAItC,MAAM,CAACuC,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAIxC,MAAM,CAACuC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUlG,GAAG,CAACmG,KAAJ,CAAUC,SAApB,EAA+B,uBAA/B,CADC;QAD2B,CAA9B,CAbF;QAkBJC,SAAS,EAAE7F,GAAG,GACR;UACImB,SAAS,EAAEnB,GAAG,CAACoB,OAAJ,CAAYC,OAAZ,CAAoBC,GAApB,CAAwBC,CAAC,IAAIA,CAAC,CAACC,MAAF,CAASC,EAAtC,CADf;UAEIC,gBAAgB,EAAE,CAAC1B,GAAG,CAACA,GAAJ,CAAQwB,MAAR,CAAeG,sBAAhB;QAFtB,CADQ,GAKRC;MAvBF;IAFwC,CAArC,CAAf;IA6BA,MAAMkE,kBAAkB,GAAGtG,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAAC+D,MAAJ,CAAWsB,kBAA3B,EAA+C;MACtEzG,IAAI,EAAE,mBADgE;MAEtEC,MAAM,EAAE;QACJyG,cAAc,EAAE9C,KAAK,CAAC1B,MAAN,CAAayE,SADzB;QAEJC,YAAY,EAAEzB,MAAM,CAACjD,MAAP,CAAcyB,GAFxB;QAGJkD,gBAAgB,EAAE,QAHd;QAIJC,oBAAoB,EAAE,CAJlB;QAKJC,SAAS,EAAE,IALP;QAMJC,8BAA8B,EAAE;MAN5B;IAF8D,CAA/C,CAA3B;IAYA9G,GAAG,CAAC+G,UAAJ,CAAe;MACXC,sBAAsB,EAAEpG,MAAM,CAACoB,MAAP,CAAcyB,GAD3B;MAEXwD,2BAA2B,EAAErG,MAAM,CAACoB,MAAP,CAAc2D,QAFhC;MAGXuB,6BAA6B,EAAExD,KAAK,CAAC1B,MAAN,CAAayB,GAHjC;MAIX0D,8BAA8B,EAAEzD,KAAK,CAAC1B,MAAN,CAAalC;IAJlC,CAAf;IAOA,OAAO;MACHc,MADG;MAEHC,YAFG;MAGH6C,KAHG;MAIH0D,eAAe,EAAE;QACb/C,IADa;QAEbK,MAFa;QAGbO,MAHa;QAIbqB;MAJa;IAJd,CAAP;EAWH;;AArNwC,CAAhB,CAAtB;;;AAwNP,SAAS3B,gCAAT,CACI3E,GADJ,EAEIY,MAFJ,EAGE;EACE,OAAOZ,GAAG,CAACsB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQ+C,MAAxB,EAAgC;IACnCvH,IAAI,EAAE,uCAD6B;IAEnCC,MAAM,EAAE;MACJ6F,WAAW,EAAE,uDADT;MAEJlB,MAAM,EAAE;QACJ1B,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACIqE,GAAG,EAAE,iBADT;UAEIpE,MAAM,EAAE,OAFZ;UAGIG,MAAM,EAAE,CACJ,iBADI,EAEJ,gBAFI,EAGJ,eAHI,EAIJ,cAJI,CAHZ;UASIC,QAAQ,EAAE,CACNC,MAAM,CAACC,WAAY,GAAE5C,MAAM,CAAC6C,GAAI,EAD1B,EAENF,MAAM,CAACC,WAAY,GAAE5C,MAAM,CAAC6C,GAAI,IAF1B;QATd,CADO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AAyBH"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import * as aws from "@pulumi/aws";
|
|
2
|
+
import { PulumiAppResource, PulumiAppResourceConstructor, PulumiAppRemoteResource } from "@webiny/pulumi";
|
|
3
|
+
export interface OpenSearchParams {
|
|
4
|
+
protect: boolean;
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* THIS MODULE IS CURRENTLY NOT USED!!
|
|
8
|
+
* At the time of writing, Pulumi will NOT generate a unique suffix for the OpenSearch domain name.
|
|
9
|
+
*/
|
|
10
|
+
export declare const OpenSearch: import("@webiny/pulumi").PulumiAppModuleDefinition<{
|
|
11
|
+
domain: PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain, any>> | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>;
|
|
12
|
+
domainPolicy: PulumiAppResource<typeof aws.opensearch.DomainPolicy> | undefined;
|
|
13
|
+
table: PulumiAppResource<typeof aws.dynamodb.Table>;
|
|
14
|
+
dynamoToElastic: {
|
|
15
|
+
role: PulumiAppResource<typeof aws.iam.Role>;
|
|
16
|
+
policy: PulumiAppResource<typeof aws.iam.Policy>;
|
|
17
|
+
lambda: PulumiAppResource<typeof aws.lambda.Function>;
|
|
18
|
+
eventSourceMapping: PulumiAppResource<typeof aws.lambda.EventSourceMapping>;
|
|
19
|
+
};
|
|
20
|
+
}, OpenSearchParams>;
|
|
@@ -0,0 +1,264 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
|
|
4
|
+
|
|
5
|
+
Object.defineProperty(exports, "__esModule", {
|
|
6
|
+
value: true
|
|
7
|
+
});
|
|
8
|
+
exports.OpenSearch = void 0;
|
|
9
|
+
|
|
10
|
+
var _path = _interopRequireDefault(require("path"));
|
|
11
|
+
|
|
12
|
+
var pulumi = _interopRequireWildcard(require("@pulumi/pulumi"));
|
|
13
|
+
|
|
14
|
+
var aws = _interopRequireWildcard(require("@pulumi/aws"));
|
|
15
|
+
|
|
16
|
+
var _pulumi2 = require("@webiny/pulumi");
|
|
17
|
+
|
|
18
|
+
var _awsUtils = require("../awsUtils");
|
|
19
|
+
|
|
20
|
+
var _CoreVpc = require("./CoreVpc");
|
|
21
|
+
|
|
22
|
+
function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "function") return null; var cacheBabelInterop = new WeakMap(); var cacheNodeInterop = new WeakMap(); return (_getRequireWildcardCache = function (nodeInterop) { return nodeInterop ? cacheNodeInterop : cacheBabelInterop; })(nodeInterop); }
|
|
23
|
+
|
|
24
|
+
function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
|
|
25
|
+
|
|
26
|
+
/**
|
|
27
|
+
* THIS MODULE IS CURRENTLY NOT USED!!
|
|
28
|
+
* At the time of writing, Pulumi will NOT generate a unique suffix for the OpenSearch domain name.
|
|
29
|
+
*/
|
|
30
|
+
const OpenSearch = (0, _pulumi2.createAppModule)({
|
|
31
|
+
name: "OpenSearch",
|
|
32
|
+
|
|
33
|
+
config(app, params) {
|
|
34
|
+
const domainName = "webiny-js";
|
|
35
|
+
const accountId = (0, _awsUtils.getAwsAccountId)(app);
|
|
36
|
+
const vpc = app.getModule(_CoreVpc.CoreVpc, {
|
|
37
|
+
optional: true
|
|
38
|
+
}); // This needs to be implemented in order to be able to use a shared OpenSearch cluster.
|
|
39
|
+
|
|
40
|
+
let domain;
|
|
41
|
+
let domainPolicy;
|
|
42
|
+
|
|
43
|
+
if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {
|
|
44
|
+
const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME); // This can be useful for testing purposes in ephemeral environments. More information here:
|
|
45
|
+
// https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments
|
|
46
|
+
|
|
47
|
+
domain = app.addRemoteResource(domainName, () => {
|
|
48
|
+
return aws.opensearch.getDomain({
|
|
49
|
+
domainName
|
|
50
|
+
}, {
|
|
51
|
+
async: true
|
|
52
|
+
});
|
|
53
|
+
});
|
|
54
|
+
} else {
|
|
55
|
+
// Regular OpenSearch deployment.
|
|
56
|
+
domain = app.addResource(aws.opensearch.Domain, {
|
|
57
|
+
name: domainName,
|
|
58
|
+
config: {
|
|
59
|
+
domainName,
|
|
60
|
+
engineVersion: "OpenSearch_1.2",
|
|
61
|
+
clusterConfig: {
|
|
62
|
+
instanceType: "t3.medium.search",
|
|
63
|
+
instanceCount: 2,
|
|
64
|
+
zoneAwarenessEnabled: true,
|
|
65
|
+
zoneAwarenessConfig: {
|
|
66
|
+
availabilityZoneCount: 2
|
|
67
|
+
}
|
|
68
|
+
},
|
|
69
|
+
vpcOptions: vpc ? {
|
|
70
|
+
subnetIds: vpc.subnets.private.map(s => s.output.id),
|
|
71
|
+
securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]
|
|
72
|
+
} : undefined,
|
|
73
|
+
ebsOptions: {
|
|
74
|
+
ebsEnabled: true,
|
|
75
|
+
volumeSize: 10,
|
|
76
|
+
volumeType: "gp2"
|
|
77
|
+
},
|
|
78
|
+
advancedOptions: {
|
|
79
|
+
"rest.action.multi.allow_explicit_index": "true"
|
|
80
|
+
},
|
|
81
|
+
snapshotOptions: {
|
|
82
|
+
automatedSnapshotStartHour: 23
|
|
83
|
+
}
|
|
84
|
+
},
|
|
85
|
+
opts: {
|
|
86
|
+
protect: params.protect
|
|
87
|
+
}
|
|
88
|
+
});
|
|
89
|
+
/**
|
|
90
|
+
* Domain policy defines who can access your Elasticsearch Domain.
|
|
91
|
+
* For details on Elasticsearch security, read the official documentation:
|
|
92
|
+
* https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/security.html
|
|
93
|
+
*/
|
|
94
|
+
|
|
95
|
+
domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {
|
|
96
|
+
name: `${domainName}-policy`,
|
|
97
|
+
config: {
|
|
98
|
+
domainName: domain.output.domainName,
|
|
99
|
+
accessPolicies: pulumi.interpolate`{
|
|
100
|
+
"Version": "2012-10-17",
|
|
101
|
+
"Statement": [
|
|
102
|
+
{
|
|
103
|
+
"Effect": "Allow",
|
|
104
|
+
"Principal": {
|
|
105
|
+
"AWS": "${accountId}"
|
|
106
|
+
},
|
|
107
|
+
"Action": "es:*",
|
|
108
|
+
"Resource": "${domain.output.arn}/*"
|
|
109
|
+
}
|
|
110
|
+
]
|
|
111
|
+
}`
|
|
112
|
+
},
|
|
113
|
+
opts: {
|
|
114
|
+
protect: params.protect
|
|
115
|
+
}
|
|
116
|
+
});
|
|
117
|
+
}
|
|
118
|
+
/**
|
|
119
|
+
* Create a table for Elasticsearch records. All ES records are stored in this table to dramatically improve
|
|
120
|
+
* performance and stability on write operations (especially massive data imports). This table also serves as a backup and
|
|
121
|
+
* a single source of truth for your Elasticsearch domain. Streaming is enabled on this table, and it will
|
|
122
|
+
* allow asynchronous synchronization of data with Elasticsearch domain.
|
|
123
|
+
*/
|
|
124
|
+
|
|
125
|
+
|
|
126
|
+
const table = app.addResource(aws.dynamodb.Table, {
|
|
127
|
+
name: "webiny-es",
|
|
128
|
+
config: {
|
|
129
|
+
attributes: [{
|
|
130
|
+
name: "PK",
|
|
131
|
+
type: "S"
|
|
132
|
+
}, {
|
|
133
|
+
name: "SK",
|
|
134
|
+
type: "S"
|
|
135
|
+
}],
|
|
136
|
+
streamEnabled: true,
|
|
137
|
+
streamViewType: "NEW_AND_OLD_IMAGES",
|
|
138
|
+
billingMode: "PAY_PER_REQUEST",
|
|
139
|
+
hashKey: "PK",
|
|
140
|
+
rangeKey: "SK"
|
|
141
|
+
},
|
|
142
|
+
opts: {
|
|
143
|
+
protect: params.protect
|
|
144
|
+
}
|
|
145
|
+
});
|
|
146
|
+
const roleName = "dynamo-to-elastic-lambda-role";
|
|
147
|
+
const role = app.addResource(aws.iam.Role, {
|
|
148
|
+
name: roleName,
|
|
149
|
+
config: {
|
|
150
|
+
assumeRolePolicy: {
|
|
151
|
+
Version: "2012-10-17",
|
|
152
|
+
Statement: [{
|
|
153
|
+
Action: "sts:AssumeRole",
|
|
154
|
+
Principal: {
|
|
155
|
+
Service: "lambda.amazonaws.com"
|
|
156
|
+
},
|
|
157
|
+
Effect: "Allow"
|
|
158
|
+
}]
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
});
|
|
162
|
+
const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);
|
|
163
|
+
app.addResource(aws.iam.RolePolicyAttachment, {
|
|
164
|
+
name: `${roleName}-DynamoDbToElasticLambdaPolicy`,
|
|
165
|
+
config: {
|
|
166
|
+
role: role.output,
|
|
167
|
+
policyArn: policy.output.arn
|
|
168
|
+
}
|
|
169
|
+
});
|
|
170
|
+
app.addResource(aws.iam.RolePolicyAttachment, {
|
|
171
|
+
name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,
|
|
172
|
+
config: {
|
|
173
|
+
role: role.output,
|
|
174
|
+
policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole
|
|
175
|
+
}
|
|
176
|
+
});
|
|
177
|
+
app.addResource(aws.iam.RolePolicyAttachment, {
|
|
178
|
+
name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,
|
|
179
|
+
config: {
|
|
180
|
+
role: role.output,
|
|
181
|
+
policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole
|
|
182
|
+
}
|
|
183
|
+
});
|
|
184
|
+
/**
|
|
185
|
+
* This Lambda will process the stream events from DynamoDB table that contains Elasticsearch items.
|
|
186
|
+
* Elasticsearch can't take large amount of individual writes in a short period of time, so this way
|
|
187
|
+
* we store data for Elasticsearch in a DynamoDB table, and asynchronously insert it into Elasticsearch
|
|
188
|
+
* using batching.
|
|
189
|
+
*/
|
|
190
|
+
|
|
191
|
+
const lambda = app.addResource(aws.lambda.Function, {
|
|
192
|
+
name: "dynamo-to-elastic",
|
|
193
|
+
config: {
|
|
194
|
+
role: role.output.arn,
|
|
195
|
+
runtime: "nodejs14.x",
|
|
196
|
+
handler: "handler.handler",
|
|
197
|
+
timeout: 600,
|
|
198
|
+
memorySize: 512,
|
|
199
|
+
environment: {
|
|
200
|
+
variables: {
|
|
201
|
+
DEBUG: String(process.env.DEBUG),
|
|
202
|
+
ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint
|
|
203
|
+
}
|
|
204
|
+
},
|
|
205
|
+
description: "Process DynamoDB Stream.",
|
|
206
|
+
code: new pulumi.asset.AssetArchive({
|
|
207
|
+
".": new pulumi.asset.FileArchive(_path.default.join(app.paths.workspace, "dynamoToElastic/build"))
|
|
208
|
+
}),
|
|
209
|
+
vpcConfig: vpc ? {
|
|
210
|
+
subnetIds: vpc.subnets.private.map(s => s.output.id),
|
|
211
|
+
securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]
|
|
212
|
+
} : undefined
|
|
213
|
+
}
|
|
214
|
+
});
|
|
215
|
+
const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {
|
|
216
|
+
name: "dynamo-to-elastic",
|
|
217
|
+
config: {
|
|
218
|
+
eventSourceArn: table.output.streamArn,
|
|
219
|
+
functionName: lambda.output.arn,
|
|
220
|
+
startingPosition: "LATEST",
|
|
221
|
+
maximumRetryAttempts: 3,
|
|
222
|
+
batchSize: 1000,
|
|
223
|
+
maximumBatchingWindowInSeconds: 1
|
|
224
|
+
}
|
|
225
|
+
});
|
|
226
|
+
app.addOutputs({
|
|
227
|
+
elasticsearchDomainArn: domain.output.arn,
|
|
228
|
+
elasticsearchDomainEndpoint: domain.output.endpoint,
|
|
229
|
+
elasticsearchDynamodbTableArn: table.output.arn,
|
|
230
|
+
elasticsearchDynamodbTableName: table.output.name
|
|
231
|
+
});
|
|
232
|
+
return {
|
|
233
|
+
domain,
|
|
234
|
+
domainPolicy,
|
|
235
|
+
table,
|
|
236
|
+
dynamoToElastic: {
|
|
237
|
+
role,
|
|
238
|
+
policy,
|
|
239
|
+
lambda,
|
|
240
|
+
eventSourceMapping
|
|
241
|
+
}
|
|
242
|
+
};
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
});
|
|
246
|
+
exports.OpenSearch = OpenSearch;
|
|
247
|
+
|
|
248
|
+
function getDynamoDbToElasticLambdaPolicy(app, domain) {
|
|
249
|
+
return app.addResource(aws.iam.Policy, {
|
|
250
|
+
name: "DynamoDbToElasticLambdaPolicy-updated",
|
|
251
|
+
config: {
|
|
252
|
+
description: "This policy enables access to ES and Dynamodb streams",
|
|
253
|
+
policy: {
|
|
254
|
+
Version: "2012-10-17",
|
|
255
|
+
Statement: [{
|
|
256
|
+
Sid: "PermissionForES",
|
|
257
|
+
Effect: "Allow",
|
|
258
|
+
Action: ["es:ESHttpDelete", "es:ESHttpPatch", "es:ESHttpPost", "es:ESHttpPut"],
|
|
259
|
+
Resource: [pulumi.interpolate`${domain.arn}`, pulumi.interpolate`${domain.arn}/*`]
|
|
260
|
+
}]
|
|
261
|
+
}
|
|
262
|
+
}
|
|
263
|
+
});
|
|
264
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"names":["OpenSearch","createAppModule","name","config","app","params","domainName","accountId","getAwsAccountId","vpc","getModule","CoreVpc","optional","domain","domainPolicy","process","env","AWS_ELASTIC_SEARCH_DOMAIN_NAME","String","addRemoteResource","aws","opensearch","getDomain","async","addResource","Domain","engineVersion","clusterConfig","instanceType","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","DomainPolicy","accessPolicies","pulumi","interpolate","arn","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","roleName","role","iam","Role","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","handler","timeout","memorySize","environment","variables","DEBUG","ELASTIC_SEARCH_ENDPOINT","endpoint","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","elasticsearchDomainArn","elasticsearchDomainEndpoint","elasticsearchDynamodbTableArn","elasticsearchDynamodbTableName","dynamoToElastic","Policy","Sid","Resource"],"sources":["CoreOpenSearch.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport {\n createAppModule,\n PulumiApp,\n PulumiAppResource,\n PulumiAppResourceConstructor,\n PulumiAppRemoteResource\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { CoreVpc } from \"./CoreVpc\";\n\nexport interface OpenSearchParams {\n protect: boolean;\n}\n\n/**\n * THIS MODULE IS CURRENTLY NOT USED!!\n * At the time of writing, Pulumi will NOT generate a unique suffix for the OpenSearch domain name.\n */\n\nexport const OpenSearch = createAppModule({\n name: \"OpenSearch\",\n config(app, params: OpenSearchParams) {\n const domainName = \"webiny-js\";\n const accountId = getAwsAccountId(app);\n\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n // This needs to be implemented in order to be able to use a shared OpenSearch cluster.\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain>>\n | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>;\n\n let domainPolicy;\n\n if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {\n const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME);\n // This can be useful for testing purposes in ephemeral environments. More information here:\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(domainName, () => {\n return aws.opensearch.getDomain({ domainName }, { async: true });\n });\n } else {\n // Regular OpenSearch deployment.\n domain = app.addResource(aws.opensearch.Domain, {\n name: domainName,\n config: {\n domainName,\n engineVersion: \"OpenSearch_1.2\",\n clusterConfig: {\n instanceType: \"t3.medium.search\",\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 2\n }\n },\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n /**\n * Domain policy defines who can access your Elasticsearch Domain.\n * For details on Elasticsearch security, read the official documentation:\n * https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/security.html\n */\n domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {\n name: `${domainName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"${accountId}\"\n },\n \"Action\": \"es:*\",\n \"Resource\": \"${domain.output.arn}/*\"\n }\n ]\n }`\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for Elasticsearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your Elasticsearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with Elasticsearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\"\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains Elasticsearch items.\n * Elasticsearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for Elasticsearch in a DynamoDB table, and asynchronously insert it into Elasticsearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 600,\n memorySize: 512,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 1000,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n elasticsearchDomainArn: domain.output.arn,\n elasticsearchDomainEndpoint: domain.output.endpoint,\n elasticsearchDynamodbTableArn: table.output.arn,\n elasticsearchDynamodbTableName: table.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n app: PulumiApp,\n domain: pulumi.Output<aws.opensearch.Domain | aws.opensearch.GetDomainResult>\n) {\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\"\n ],\n Resource: [\n pulumi.interpolate`${domain.arn}`,\n pulumi.interpolate`${domain.arn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;;AAAA;;AACA;;AACA;;AACA;;AAQA;;AACA;;;;;;AAMA;AACA;AACA;AACA;AAEO,MAAMA,UAAU,GAAG,IAAAC,wBAAA,EAAgB;EACtCC,IAAI,EAAE,YADgC;;EAEtCC,MAAM,CAACC,GAAD,EAAMC,MAAN,EAAgC;IAClC,MAAMC,UAAU,GAAG,WAAnB;IACA,MAAMC,SAAS,GAAG,IAAAC,yBAAA,EAAgBJ,GAAhB,CAAlB;IAEA,MAAMK,GAAG,GAAGL,GAAG,CAACM,SAAJ,CAAcC,gBAAd,EAAuB;MAAEC,QAAQ,EAAE;IAAZ,CAAvB,CAAZ,CAJkC,CAMlC;;IACA,IAAIC,MAAJ;IAIA,IAAIC,YAAJ;;IAEA,IAAIC,OAAO,CAACC,GAAR,CAAYC,8BAAhB,EAAgD;MAC5C,MAAMX,UAAU,GAAGY,MAAM,CAACH,OAAO,CAACC,GAAR,CAAYC,8BAAb,CAAzB,CAD4C,CAE5C;MACA;;MACAJ,MAAM,GAAGT,GAAG,CAACe,iBAAJ,CAAsBb,UAAtB,EAAkC,MAAM;QAC7C,OAAOc,GAAG,CAACC,UAAJ,CAAeC,SAAf,CAAyB;UAAEhB;QAAF,CAAzB,EAAyC;UAAEiB,KAAK,EAAE;QAAT,CAAzC,CAAP;MACH,CAFQ,CAAT;IAGH,CAPD,MAOO;MACH;MACAV,MAAM,GAAGT,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACC,UAAJ,CAAeI,MAA/B,EAAuC;QAC5CvB,IAAI,EAAEI,UADsC;QAE5CH,MAAM,EAAE;UACJG,UADI;UAEJoB,aAAa,EAAE,gBAFX;UAGJC,aAAa,EAAE;YACXC,YAAY,EAAE,kBADH;YAEXC,aAAa,EAAE,CAFJ;YAGXC,oBAAoB,EAAE,IAHX;YAIXC,mBAAmB,EAAE;cACjBC,qBAAqB,EAAE;YADN;UAJV,CAHX;UAWJC,UAAU,EAAExB,GAAG,GACT;YACIyB,SAAS,EAAEzB,GAAG,CAAC0B,OAAJ,CAAYC,OAAZ,CAAoBC,GAApB,CAAwBC,CAAC,IAAIA,CAAC,CAACC,MAAF,CAASC,EAAtC,CADf;YAEIC,gBAAgB,EAAE,CAAChC,GAAG,CAACA,GAAJ,CAAQ8B,MAAR,CAAeG,sBAAhB;UAFtB,CADS,GAKTC,SAhBF;UAiBJC,UAAU,EAAE;YACRC,UAAU,EAAE,IADJ;YAERC,UAAU,EAAE,EAFJ;YAGRC,UAAU,EAAE;UAHJ,CAjBR;UAsBJC,eAAe,EAAE;YACb,0CAA0C;UAD7B,CAtBb;UAyBJC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UADf;QAzBb,CAFoC;QA+B5CC,IAAI,EAAE;UAAEC,OAAO,EAAE/C,MAAM,CAAC+C;QAAlB;MA/BsC,CAAvC,CAAT;MAkCA;AACZ;AACA;AACA;AACA;;MACYtC,YAAY,GAAGV,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACC,UAAJ,CAAegC,YAA/B,EAA6C;QACxDnD,IAAI,EAAG,GAAEI,UAAW,SADoC;QAExDH,MAAM,EAAE;UACJG,UAAU,EAAEO,MAAM,CAAC0B,MAAP,CAAcjC,UADtB;UAEJgD,cAAc,EAAEC,MAAM,CAACC,WAAY;AACvD;AACA;AACA;AACA;AACA;AACA,8CAA8CjD,SAAU;AACxD;AACA;AACA,+CAA+CM,MAAM,CAAC0B,MAAP,CAAckB,GAAI;AACjE;AACA;AACA;QAdwB,CAFgD;QAkBxDN,IAAI,EAAE;UAAEC,OAAO,EAAE/C,MAAM,CAAC+C;QAAlB;MAlBkD,CAA7C,CAAf;IAoBH;IAED;AACR;AACA;AACA;AACA;AACA;;;IACQ,MAAMM,KAAK,GAAGtD,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACuC,QAAJ,CAAaC,KAA7B,EAAoC;MAC9C1D,IAAI,EAAE,WADwC;MAE9CC,MAAM,EAAE;QACJ0D,UAAU,EAAE,CACR;UAAE3D,IAAI,EAAE,IAAR;UAAc4D,IAAI,EAAE;QAApB,CADQ,EAER;UAAE5D,IAAI,EAAE,IAAR;UAAc4D,IAAI,EAAE;QAApB,CAFQ,CADR;QAKJC,aAAa,EAAE,IALX;QAMJC,cAAc,EAAE,oBANZ;QAOJC,WAAW,EAAE,iBAPT;QAQJC,OAAO,EAAE,IARL;QASJC,QAAQ,EAAE;MATN,CAFsC;MAa9ChB,IAAI,EAAE;QAAEC,OAAO,EAAE/C,MAAM,CAAC+C;MAAlB;IAbwC,CAApC,CAAd;IAgBA,MAAMgB,QAAQ,GAAG,+BAAjB;IAEA,MAAMC,IAAI,GAAGjE,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACkD,GAAJ,CAAQC,IAAxB,EAA8B;MACvCrE,IAAI,EAAEkE,QADiC;MAEvCjE,MAAM,EAAE;QACJqE,gBAAgB,EAAE;UACdC,OAAO,EAAE,YADK;UAEdC,SAAS,EAAE,CACP;YACIC,MAAM,EAAE,gBADZ;YAEIC,SAAS,EAAE;cACPC,OAAO,EAAE;YADF,CAFf;YAKIC,MAAM,EAAE;UALZ,CADO;QAFG;MADd;IAF+B,CAA9B,CAAb;IAkBA,MAAMC,MAAM,GAAGC,gCAAgC,CAAC5E,GAAD,EAAMS,MAAM,CAAC0B,MAAb,CAA/C;IAEAnC,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACkD,GAAJ,CAAQW,oBAAxB,EAA8C;MAC1C/E,IAAI,EAAG,GAAEkE,QAAS,gCADwB;MAE1CjE,MAAM,EAAE;QACJkE,IAAI,EAAEA,IAAI,CAAC9B,MADP;QAEJ2C,SAAS,EAAEH,MAAM,CAACxC,MAAP,CAAckB;MAFrB;IAFkC,CAA9C;IAQArD,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACkD,GAAJ,CAAQW,oBAAxB,EAA8C;MAC1C/E,IAAI,EAAG,GAAEkE,QAAS,kCADwB;MAE1CjE,MAAM,EAAE;QACJkE,IAAI,EAAEA,IAAI,CAAC9B,MADP;QAEJ2C,SAAS,EAAE9D,GAAG,CAACkD,GAAJ,CAAQa,aAAR,CAAsBC;MAF7B;IAFkC,CAA9C;IAQAhF,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACkD,GAAJ,CAAQW,oBAAxB,EAA8C;MAC1C/E,IAAI,EAAG,GAAEkE,QAAS,iCADwB;MAE1CjE,MAAM,EAAE;QACJkE,IAAI,EAAEA,IAAI,CAAC9B,MADP;QAEJ2C,SAAS,EAAE9D,GAAG,CAACkD,GAAJ,CAAQa,aAAR,CAAsBE;MAF7B;IAFkC,CAA9C;IAQA;AACR;AACA;AACA;AACA;AACA;;IACQ,MAAMC,MAAM,GAAGlF,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACkE,MAAJ,CAAWC,QAA3B,EAAqC;MAChDrF,IAAI,EAAE,mBAD0C;MAEhDC,MAAM,EAAE;QACJkE,IAAI,EAAEA,IAAI,CAAC9B,MAAL,CAAYkB,GADd;QAEJ+B,OAAO,EAAE,YAFL;QAGJC,OAAO,EAAE,iBAHL;QAIJC,OAAO,EAAE,GAJL;QAKJC,UAAU,EAAE,GALR;QAMJC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE5E,MAAM,CAACH,OAAO,CAACC,GAAR,CAAY8E,KAAb,CADN;YAEPC,uBAAuB,EAAElF,MAAM,CAAC0B,MAAP,CAAcyD;UAFhC;QADF,CANT;QAYJC,WAAW,EAAE,0BAZT;QAaJC,IAAI,EAAE,IAAI3C,MAAM,CAAC4C,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAI7C,MAAM,CAAC4C,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUnG,GAAG,CAACoG,KAAJ,CAAUC,SAApB,EAA+B,uBAA/B,CADC;QAD2B,CAA9B,CAbF;QAkBJC,SAAS,EAAEjG,GAAG,GACR;UACIyB,SAAS,EAAEzB,GAAG,CAAC0B,OAAJ,CAAYC,OAAZ,CAAoBC,GAApB,CAAwBC,CAAC,IAAIA,CAAC,CAACC,MAAF,CAASC,EAAtC,CADf;UAEIC,gBAAgB,EAAE,CAAChC,GAAG,CAACA,GAAJ,CAAQ8B,MAAR,CAAeG,sBAAhB;QAFtB,CADQ,GAKRC;MAvBF;IAFwC,CAArC,CAAf;IA6BA,MAAMgE,kBAAkB,GAAGvG,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACkE,MAAJ,CAAWsB,kBAA3B,EAA+C;MACtE1G,IAAI,EAAE,mBADgE;MAEtEC,MAAM,EAAE;QACJ0G,cAAc,EAAEnD,KAAK,CAACnB,MAAN,CAAauE,SADzB;QAEJC,YAAY,EAAEzB,MAAM,CAAC/C,MAAP,CAAckB,GAFxB;QAGJuD,gBAAgB,EAAE,QAHd;QAIJC,oBAAoB,EAAE,CAJlB;QAKJC,SAAS,EAAE,IALP;QAMJC,8BAA8B,EAAE;MAN5B;IAF8D,CAA/C,CAA3B;IAYA/G,GAAG,CAACgH,UAAJ,CAAe;MACXC,sBAAsB,EAAExG,MAAM,CAAC0B,MAAP,CAAckB,GAD3B;MAEX6D,2BAA2B,EAAEzG,MAAM,CAAC0B,MAAP,CAAcyD,QAFhC;MAGXuB,6BAA6B,EAAE7D,KAAK,CAACnB,MAAN,CAAakB,GAHjC;MAIX+D,8BAA8B,EAAE9D,KAAK,CAACnB,MAAN,CAAarC;IAJlC,CAAf;IAOA,OAAO;MACHW,MADG;MAEHC,YAFG;MAGH4C,KAHG;MAIH+D,eAAe,EAAE;QACbpD,IADa;QAEbU,MAFa;QAGbO,MAHa;QAIbqB;MAJa;IAJd,CAAP;EAWH;;AA1NqC,CAAhB,CAAnB;;;AA6NP,SAAS3B,gCAAT,CACI5E,GADJ,EAEIS,MAFJ,EAGE;EACE,OAAOT,GAAG,CAACoB,WAAJ,CAAgBJ,GAAG,CAACkD,GAAJ,CAAQoD,MAAxB,EAAgC;IACnCxH,IAAI,EAAE,uCAD6B;IAEnCC,MAAM,EAAE;MACJ8F,WAAW,EAAE,uDADT;MAEJlB,MAAM,EAAE;QACJN,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACIiD,GAAG,EAAE,iBADT;UAEI7C,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CACJ,iBADI,EAEJ,gBAFI,EAGJ,eAHI,EAIJ,cAJI,CAHZ;UASIiD,QAAQ,EAAE,CACNrE,MAAM,CAACC,WAAY,GAAE3C,MAAM,CAAC4C,GAAI,EAD1B,EAENF,MAAM,CAACC,WAAY,GAAE3C,MAAM,CAAC4C,GAAI,IAF1B;QATd,CADO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AAyBH"}
|
|
@@ -35,14 +35,15 @@ function createCorePulumiApp(projectAppParams = {}) {
|
|
|
35
35
|
path: "apps/core",
|
|
36
36
|
config: projectAppParams,
|
|
37
37
|
program: async app => {
|
|
38
|
-
const
|
|
38
|
+
const prod = app.params.run.env === "prod";
|
|
39
|
+
const protect = app.getParam(projectAppParams.protect) || prod;
|
|
39
40
|
const legacyConfig = app.getParam(projectAppParams.legacy) || {}; // Setup DynamoDB table
|
|
40
41
|
|
|
41
42
|
const dynamoDbTable = app.addModule(_CoreDynamo.CoreDynamo, {
|
|
42
43
|
protect
|
|
43
44
|
}); // Setup VPC
|
|
44
45
|
|
|
45
|
-
const vpcEnabled = app.getParam(projectAppParams === null || projectAppParams === void 0 ? void 0 : projectAppParams.vpc) ||
|
|
46
|
+
const vpcEnabled = app.getParam(projectAppParams === null || projectAppParams === void 0 ? void 0 : projectAppParams.vpc) || prod;
|
|
46
47
|
const vpc = vpcEnabled ? app.addModule(_CoreVpc.CoreVpc) : null; // Setup Cognito
|
|
47
48
|
|
|
48
49
|
const cognito = app.addModule(_CoreCognito.CoreCognito, {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["createCorePulumiApp","projectAppParams","createPulumiApp","name","path","config","program","app","
|
|
1
|
+
{"version":3,"names":["createCorePulumiApp","projectAppParams","createPulumiApp","name","path","config","program","app","prod","params","run","env","protect","getParam","legacyConfig","legacy","dynamoDbTable","addModule","CoreDynamo","vpcEnabled","vpc","CoreVpc","cognito","CoreCognito","useEmailAsUsername","eventBus","CoreEventBus","fileManagerBucket","CoreFileManger","elasticSearch","ElasticSearch","addOutputs","fileManagerBucketId","output","id","primaryDynamodbTableArn","arn","primaryDynamodbTableName","primaryDynamodbTableHashKey","hashKey","primaryDynamodbTableRangeKey","rangeKey","cognitoUserPoolId","userPool","cognitoUserPoolArn","cognitoUserPoolPasswordPolicy","passwordPolicy","cognitoAppClientId","userPoolClient","eventBusArn","tagResources","WbyProjectName","String","process","WbyEnvironment","pulumi"],"sources":["createCorePulumiApp.ts"],"sourcesContent":["import { createPulumiApp, PulumiAppParam } from \"@webiny/pulumi\";\nimport { CoreCognito } from \"./CoreCognito\";\nimport { CoreDynamo } from \"./CoreDynamo\";\nimport { ElasticSearch } from \"./CoreElasticSearch\";\nimport { CoreEventBus } from \"./CoreEventBus\";\nimport { CoreFileManger } from \"./CoreFileManager\";\nimport { CoreVpc } from \"./CoreVpc\";\nimport { tagResources } from \"~/utils\";\n\nexport interface CreateCorePulumiAppParams {\n /**\n * Secures against deleting database by accident.\n * By default enabled in production environments.\n */\n protect?: PulumiAppParam<boolean>;\n\n /**\n * Enables ElasticSearch infrastructure.\n * Note that it requires also changes in application code.\n */\n elasticSearch?: PulumiAppParam<boolean>;\n\n /**\n * Enables VPC for the application.\n * By default enabled in production environments.\n */\n vpc?: PulumiAppParam<boolean>;\n\n /**\n * Additional settings for backwards compatibility.\n */\n legacy?: PulumiAppParam<CoreAppLegacyConfig>;\n\n /**\n * Provides a way to adjust existing Pulumi code (cloud infrastructure resources)\n * or add additional ones into the mix.\n */\n pulumi?: (app: ReturnType<typeof createCorePulumiApp>) => void | Promise<void>;\n}\n\nexport interface CoreAppLegacyConfig {\n useEmailAsUsername?: boolean;\n}\n\nexport function createCorePulumiApp(projectAppParams: CreateCorePulumiAppParams = {}) {\n return createPulumiApp({\n name: \"core\",\n path: \"apps/core\",\n config: projectAppParams,\n program: async app => {\n const prod = app.params.run.env === \"prod\";\n const protect = app.getParam(projectAppParams.protect) || prod;\n const legacyConfig = app.getParam(projectAppParams.legacy) || {};\n\n // Setup DynamoDB table\n const dynamoDbTable = app.addModule(CoreDynamo, { protect });\n\n // Setup VPC\n const vpcEnabled = app.getParam(projectAppParams?.vpc) || prod;\n const vpc = vpcEnabled ? app.addModule(CoreVpc) : null;\n\n // Setup Cognito\n const cognito = app.addModule(CoreCognito, {\n protect,\n useEmailAsUsername: legacyConfig.useEmailAsUsername ?? false\n });\n\n // Setup event bus\n const eventBus = app.addModule(CoreEventBus);\n\n // Setup file core bucket\n const fileManagerBucket = app.addModule(CoreFileManger, { protect });\n\n const elasticSearch = app.getParam(projectAppParams?.elasticSearch)\n ? app.addModule(ElasticSearch, { protect })\n : null;\n\n app.addOutputs({\n fileManagerBucketId: fileManagerBucket.output.id,\n primaryDynamodbTableArn: dynamoDbTable.output.arn,\n primaryDynamodbTableName: dynamoDbTable.output.name,\n primaryDynamodbTableHashKey: dynamoDbTable.output.hashKey,\n primaryDynamodbTableRangeKey: dynamoDbTable.output.rangeKey,\n cognitoUserPoolId: cognito.userPool.output.id,\n cognitoUserPoolArn: cognito.userPool.output.arn,\n cognitoUserPoolPasswordPolicy: cognito.userPool.output.passwordPolicy,\n cognitoAppClientId: cognito.userPoolClient.output.id,\n eventBusArn: eventBus.output.arn\n });\n\n tagResources({\n WbyProjectName: String(process.env[\"WEBINY_PROJECT_NAME\"]),\n WbyEnvironment: String(process.env[\"WEBINY_ENV\"])\n });\n\n if (projectAppParams.pulumi) {\n await projectAppParams.pulumi(app as ReturnType<typeof createCorePulumiApp>);\n }\n\n return {\n dynamoDbTable,\n vpc,\n ...cognito,\n fileManagerBucket,\n eventBus,\n elasticSearch\n };\n }\n });\n}\n"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;;;;;AAqCO,SAASA,mBAAT,CAA6BC,gBAA2C,GAAG,EAA3E,EAA+E;EAClF,OAAO,IAAAC,uBAAA,EAAgB;IACnBC,IAAI,EAAE,MADa;IAEnBC,IAAI,EAAE,WAFa;IAGnBC,MAAM,EAAEJ,gBAHW;IAInBK,OAAO,EAAE,MAAMC,GAAN,IAAa;MAClB,MAAMC,IAAI,GAAGD,GAAG,CAACE,MAAJ,CAAWC,GAAX,CAAeC,GAAf,KAAuB,MAApC;MACA,MAAMC,OAAO,GAAGL,GAAG,CAACM,QAAJ,CAAaZ,gBAAgB,CAACW,OAA9B,KAA0CJ,IAA1D;MACA,MAAMM,YAAY,GAAGP,GAAG,CAACM,QAAJ,CAAaZ,gBAAgB,CAACc,MAA9B,KAAyC,EAA9D,CAHkB,CAKlB;;MACA,MAAMC,aAAa,GAAGT,GAAG,CAACU,SAAJ,CAAcC,sBAAd,EAA0B;QAAEN;MAAF,CAA1B,CAAtB,CANkB,CAQlB;;MACA,MAAMO,UAAU,GAAGZ,GAAG,CAACM,QAAJ,CAAaZ,gBAAb,aAAaA,gBAAb,uBAAaA,gBAAgB,CAAEmB,GAA/B,KAAuCZ,IAA1D;MACA,MAAMY,GAAG,GAAGD,UAAU,GAAGZ,GAAG,CAACU,SAAJ,CAAcI,gBAAd,CAAH,GAA4B,IAAlD,CAVkB,CAYlB;;MACA,MAAMC,OAAO,GAAGf,GAAG,CAACU,SAAJ,CAAcM,wBAAd,EAA2B;QACvCX,OADuC;QAEvCY,kBAAkB,EAAEV,YAAY,CAACU,kBAAb,IAAmC;MAFhB,CAA3B,CAAhB,CAbkB,CAkBlB;;MACA,MAAMC,QAAQ,GAAGlB,GAAG,CAACU,SAAJ,CAAcS,0BAAd,CAAjB,CAnBkB,CAqBlB;;MACA,MAAMC,iBAAiB,GAAGpB,GAAG,CAACU,SAAJ,CAAcW,+BAAd,EAA8B;QAAEhB;MAAF,CAA9B,CAA1B;MAEA,MAAMiB,aAAa,GAAGtB,GAAG,CAACM,QAAJ,CAAaZ,gBAAb,aAAaA,gBAAb,uBAAaA,gBAAgB,CAAE4B,aAA/B,IAChBtB,GAAG,CAACU,SAAJ,CAAca,gCAAd,EAA6B;QAAElB;MAAF,CAA7B,CADgB,GAEhB,IAFN;MAIAL,GAAG,CAACwB,UAAJ,CAAe;QACXC,mBAAmB,EAAEL,iBAAiB,CAACM,MAAlB,CAAyBC,EADnC;QAEXC,uBAAuB,EAAEnB,aAAa,CAACiB,MAAd,CAAqBG,GAFnC;QAGXC,wBAAwB,EAAErB,aAAa,CAACiB,MAAd,CAAqB9B,IAHpC;QAIXmC,2BAA2B,EAAEtB,aAAa,CAACiB,MAAd,CAAqBM,OAJvC;QAKXC,4BAA4B,EAAExB,aAAa,CAACiB,MAAd,CAAqBQ,QALxC;QAMXC,iBAAiB,EAAEpB,OAAO,CAACqB,QAAR,CAAiBV,MAAjB,CAAwBC,EANhC;QAOXU,kBAAkB,EAAEtB,OAAO,CAACqB,QAAR,CAAiBV,MAAjB,CAAwBG,GAPjC;QAQXS,6BAA6B,EAAEvB,OAAO,CAACqB,QAAR,CAAiBV,MAAjB,CAAwBa,cAR5C;QASXC,kBAAkB,EAAEzB,OAAO,CAAC0B,cAAR,CAAuBf,MAAvB,CAA8BC,EATvC;QAUXe,WAAW,EAAExB,QAAQ,CAACQ,MAAT,CAAgBG;MAVlB,CAAf;MAaA,IAAAc,mBAAA,EAAa;QACTC,cAAc,EAAEC,MAAM,CAACC,OAAO,CAAC1C,GAAR,CAAY,qBAAZ,CAAD,CADb;QAET2C,cAAc,EAAEF,MAAM,CAACC,OAAO,CAAC1C,GAAR,CAAY,YAAZ,CAAD;MAFb,CAAb;;MAKA,IAAIV,gBAAgB,CAACsD,MAArB,EAA6B;QACzB,MAAMtD,gBAAgB,CAACsD,MAAjB,CAAwBhD,GAAxB,CAAN;MACH;;MAED;QACIS,aADJ;QAEII;MAFJ,GAGOE,OAHP;QAIIK,iBAJJ;QAKIF,QALJ;QAMII;MANJ;IAQH;EA9DkB,CAAhB,CAAP;AAgEH"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@webiny/pulumi-aws",
|
|
3
|
-
"version": "5.29.0-beta.
|
|
3
|
+
"version": "5.29.0-beta.1",
|
|
4
4
|
"repository": {
|
|
5
5
|
"type": "git",
|
|
6
6
|
"url": "https://github.com/webiny/webiny-js.git"
|
|
@@ -15,8 +15,8 @@
|
|
|
15
15
|
"dependencies": {
|
|
16
16
|
"@pulumi/aws": "^5.8.0",
|
|
17
17
|
"@pulumi/pulumi": "^3.34.0",
|
|
18
|
-
"@webiny/cli-plugin-deploy-pulumi": "5.29.0-beta.
|
|
19
|
-
"@webiny/pulumi": "5.29.0-beta.
|
|
18
|
+
"@webiny/cli-plugin-deploy-pulumi": "5.29.0-beta.1",
|
|
19
|
+
"@webiny/pulumi": "5.29.0-beta.1"
|
|
20
20
|
},
|
|
21
21
|
"devDependencies": {
|
|
22
22
|
"@babel/cli": "^7.16.0",
|
|
@@ -24,10 +24,10 @@
|
|
|
24
24
|
"@babel/preset-env": "^7.16.4",
|
|
25
25
|
"@babel/preset-typescript": "^7.16.0",
|
|
26
26
|
"@babel/runtime": "^7.16.3",
|
|
27
|
-
"@webiny/api-page-builder": "^5.29.0-beta.
|
|
28
|
-
"@webiny/aws-layers": "^5.29.0-beta.
|
|
29
|
-
"@webiny/cli": "^5.29.0-beta.
|
|
30
|
-
"@webiny/project-utils": "^5.29.0-beta.
|
|
27
|
+
"@webiny/api-page-builder": "^5.29.0-beta.1",
|
|
28
|
+
"@webiny/aws-layers": "^5.29.0-beta.1",
|
|
29
|
+
"@webiny/cli": "^5.29.0-beta.1",
|
|
30
|
+
"@webiny/project-utils": "^5.29.0-beta.1",
|
|
31
31
|
"chalk": "^4.1.0",
|
|
32
32
|
"lodash": "^4.5.0",
|
|
33
33
|
"mime": "2.5.2",
|
|
@@ -47,5 +47,5 @@
|
|
|
47
47
|
]
|
|
48
48
|
}
|
|
49
49
|
},
|
|
50
|
-
"gitHead": "
|
|
50
|
+
"gitHead": "e4393aa7faa07c7a465ff320d8b4dc51f2f38315"
|
|
51
51
|
}
|