@webiny/pulumi-aws 5.34.5-beta.1 → 5.34.6-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/apps/api/ApiApwScheduler.js +6 -0
  2. package/apps/api/ApiApwScheduler.js.map +1 -1
  3. package/apps/awsUtils.d.ts +1 -1
  4. package/apps/core/CoreElasticSearch.js +3 -0
  5. package/apps/core/CoreElasticSearch.js.map +1 -1
  6. package/apps/core/CoreVpc.d.ts +4 -0
  7. package/apps/core/CoreVpc.js +6 -1
  8. package/apps/core/CoreVpc.js.map +1 -1
  9. package/apps/core/createCorePulumiApp.d.ts +4 -0
  10. package/apps/lambdaUtils.js +3 -0
  11. package/apps/lambdaUtils.js.map +1 -1
  12. package/enterprise/createAdminPulumiApp.d.ts +1 -0
  13. package/enterprise/createAdminPulumiApp.js +25 -0
  14. package/enterprise/createAdminPulumiApp.js.map +1 -0
  15. package/enterprise/createApiPulumiApp.d.ts +61 -0
  16. package/enterprise/createApiPulumiApp.js +72 -0
  17. package/enterprise/createApiPulumiApp.js.map +1 -0
  18. package/enterprise/createCorePulumiApp.d.ts +42 -0
  19. package/enterprise/createCorePulumiApp.js +145 -0
  20. package/enterprise/createCorePulumiApp.js.map +1 -0
  21. package/enterprise/createWebsitePulumiApp.d.ts +56 -0
  22. package/enterprise/createWebsitePulumiApp.js +72 -0
  23. package/enterprise/createWebsitePulumiApp.js.map +1 -0
  24. package/enterprise/index.d.ts +4 -0
  25. package/enterprise/index.js +57 -0
  26. package/enterprise/index.js.map +1 -0
  27. package/package.json +8 -8
package/apps/api/ApiApwScheduler.js CHANGED
@@ -86,6 +86,9 @@ function createExecuteActionLambda(app, params) {
86
86
  Effect: "Allow"
87
87
  }]
88
88
  }
89
+ },
90
+ meta: {
91
+ isLambdaFunctionRole: true
89
92
  }
90
93
  });
91
94
  const policy = createExecuteActionLambdaPolicy(app);
@@ -165,6 +168,9 @@ function createScheduleActionLambda(app, executeLambda, params) {
165
168
  Effect: "Allow"
166
169
  }]
167
170
  }
171
+ },
172
+ meta: {
173
+ isLambdaFunctionRole: true
168
174
  }
169
175
  });
170
176
  const policy = createScheduleActionLambdaPolicy(app);
package/apps/api/ApiApwScheduler.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["LAMBDA_NAME_PREFIX","CREATE_RULE_LAMBDA","EXECUTE_ACTION_LAMBDA","EVENT_RULE_NAME","EVENT_RULE_TARGET","ApiApwScheduler","createAppModule","name","config","app","params","executeAction","createExecuteActionLambda","scheduleAction","createScheduleActionLambda","lambda","output","eventRule","addResource","aws","cloudwatch","EventRule","description","scheduleExpression","isEnabled","Permission","action","function","arn","principal","statementId","eventTarget","EventTarget","rule","role","iam","Role","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","policy","createExecuteActionLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaBasicExecutionRole","Function","runtime","handler","timeout","memorySize","code","pulumi","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","core","getModule","CoreOutput","Policy","Sid","Resource","interpolate","primaryDynamodbTableArn","executeLambda","createScheduleActionLambdaPolicy","APW_SCHEDULER_EXECUTE_ACTION_HANDLER"],"sources":["ApiApwScheduler.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { CoreOutput } from \"../common\";\nimport { getCommonLambdaEnvVariables } from \"../lambdaUtils\";\n\ninterface ScheduleActionParams {\n env: Record<string, any>;\n}\n\nconst LAMBDA_NAME_PREFIX = \"apw-scheduler\";\nconst CREATE_RULE_LAMBDA = `${LAMBDA_NAME_PREFIX}-schedule-action-lambda`;\nconst EXECUTE_ACTION_LAMBDA = `${LAMBDA_NAME_PREFIX}-execute-action-lambda`;\nconst EVENT_RULE_NAME = `${LAMBDA_NAME_PREFIX}-event-rule`;\nconst EVENT_RULE_TARGET = `${LAMBDA_NAME_PREFIX}-event-rule-target`;\n\nexport type ApiApwScheduler = PulumiAppModule<typeof ApiApwScheduler>;\n\nexport const ApiApwScheduler = createAppModule({\n name: \"ApiApwScheduler\",\n config(app: PulumiApp, params: ScheduleActionParams) {\n const executeAction = createExecuteActionLambda(app, params);\n const scheduleAction = createScheduleActionLambda(app, executeAction.lambda.output, params);\n\n // Create event rule.\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: EVENT_RULE_NAME,\n config: {\n description: `Enable us to schedule an action in publishing workflow at a particular datetime`,\n scheduleExpression: \"cron(* * * * ? 2000)\",\n isEnabled: true\n }\n });\n\n // Add required permission to the target lambda.\n app.addResource(aws.lambda.Permission, {\n name: \"eventTargetPermission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: scheduleAction.lambda.output.arn,\n principal: \"events.amazonaws.com\",\n statementId: \"allow-rule-invoke-\" + EVENT_RULE_NAME\n }\n });\n\n // Add lambda as target to the event rule.\n const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n name: EVENT_RULE_TARGET,\n config: {\n rule: eventRule.output.name,\n arn: scheduleAction.lambda.output.arn\n }\n });\n\n return {\n executeAction,\n scheduleAction,\n eventRule,\n eventTarget\n };\n }\n});\n\nfunction createExecuteActionLambda(app: PulumiApp, params: ScheduleActionParams) {\n const role = app.addResource(aws.iam.Role, {\n name: `${EXECUTE_ACTION_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n }\n });\n\n const policy = createExecuteActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: EXECUTE_ACTION_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 128,\n description: \"Handle execute action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/executeAction/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createExecuteActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerExecuteActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"*\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\"dynamodb:Query\", \"dynamodb:GetItem\", \"dynamodb:DeleteItem\"],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n\nfunction createScheduleActionLambda(\n app: PulumiApp,\n executeLambda: pulumi.Output<aws.lambda.Function>,\n params: ScheduleActionParams\n) {\n const role = app.addResource(aws.iam.Role, {\n name: `${CREATE_RULE_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n }\n });\n\n const policy = createScheduleActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: CREATE_RULE_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 128,\n description: \"Handle schedule action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/scheduleAction/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n APW_SCHEDULER_EXECUTE_ACTION_HANDLER: executeLambda.arn\n // RULE_NAME: this.eventRule.name.apply(name => name),\n // RULE_TARGET_ID: this.eventTarget.targetId.apply(id => id)\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createScheduleActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerScheduleActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"*\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:GetItem\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:DeleteItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n ]\n },\n {\n Sid: \"PermissionEvents\",\n Effect: \"Allow\",\n Action: [\n \"events:DeleteRule\",\n \"events:PutTargets\",\n \"events:PutRule\",\n \"events:ListRules\",\n \"events:RemoveTargets\",\n \"events:ListTargetsByRule\"\n ],\n Resource: [\"*\"]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;;;;;;AAAA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAMA,MAAMA,kBAAkB,GAAG,eAA3B;AACA,MAAMC,kBAAkB,GAAI,GAAED,kBAAmB,yBAAjD;AACA,MAAME,qBAAqB,GAAI,GAAEF,kBAAmB,wBAApD;AACA,MAAMG,eAAe,GAAI,GAAEH,kBAAmB,aAA9C;AACA,MAAMI,iBAAiB,GAAI,GAAEJ,kBAAmB,oBAAhD;AAIO,MAAMK,eAAe,GAAG,IAAAC,wBAAA,EAAgB;EAC3CC,IAAI,EAAE,iBADqC;;EAE3CC,MAAM,CAACC,GAAD,EAAiBC,MAAjB,EAA+C;IACjD,MAAMC,aAAa,GAAGC,yBAAyB,CAACH,GAAD,EAAMC,MAAN,CAA/C;IACA,MAAMG,cAAc,GAAGC,0BAA0B,CAACL,GAAD,EAAME,aAAa,CAACI,MAAd,CAAqBC,MAA3B,EAAmCN,MAAnC,CAAjD,CAFiD,CAIjD;;IACA,MAAMO,SAAS,GAAGR,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACC,UAAJ,CAAeC,SAA/B,EAA0C;MACxDd,IAAI,EAAEJ,eADkD;MAExDK,MAAM,EAAE;QACJc,WAAW,EAAG,iFADV;QAEJC,kBAAkB,EAAE,sBAFhB;QAGJC,SAAS,EAAE;MAHP;IAFgD,CAA1C,CAAlB,CALiD,CAcjD;;IACAf,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACJ,MAAJ,CAAWU,UAA3B,EAAuC;MACnClB,IAAI,EAAE,uBAD6B;MAEnCC,MAAM,EAAE;QACJkB,MAAM,EAAE,uBADJ;QAEJC,QAAQ,EAAEd,cAAc,CAACE,MAAf,CAAsBC,MAAtB,CAA6BY,GAFnC;QAGJC,SAAS,EAAE,sBAHP;QAIJC,WAAW,EAAE,uBAAuB3B;MAJhC;IAF2B,CAAvC,EAfiD,CAyBjD;;IACA,MAAM4B,WAAW,GAAGtB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACC,UAAJ,CAAeY,WAA/B,EAA4C;MAC5DzB,IAAI,EAAEH,iBADsD;MAE5DI,MAAM,EAAE;QACJyB,IAAI,EAAEhB,SAAS,CAACD,MAAV,CAAiBT,IADnB;QAEJqB,GAAG,EAAEf,cAAc,CAACE,MAAf,CAAsBC,MAAtB,CAA6BY;MAF9B;IAFoD,CAA5C,CAApB;IAQA,OAAO;MACHjB,aADG;MAEHE,cAFG;MAGHI,SAHG;MAIHc;IAJG,CAAP;EAMH;;AA1C0C,CAAhB,CAAxB;;;AA6CP,SAASnB,yBAAT,CAAmCH,GAAnC,EAAmDC,MAAnD,EAAiF;EAC7E,MAAMwB,IAAI,GAAGzB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQC,IAAxB,EAA8B;IACvC7B,IAAI,EAAG,GAAEL,qBAAsB,OADQ;IAEvCM,MAAM,EAAE;MACJ6B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YADK;QAEdC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBADZ;UAEIC,SAAS,EAAE;YACPC,OAAO,EAAE;UADF,CAFf;UAKIC,MAAM,EAAE;QALZ,CADO;MAFG;IADd;EAF+B,CAA9B,CAAb;EAkBA,MAAMC,MAAM,GAAGC,+BAA+B,CAACpC,GAAD,CAA9C;EAEAA,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQW,oBAAxB,EAA8C;IAC1CvC,IAAI,EAAG,GAAEL,qBAAsB,yBADW;IAE1CM,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJ+B,SAAS,EAAEH,MAAM,CAAC5B,MAAP,CAAcY;IAFrB;EAFkC,CAA9C;EAQAnB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQW,oBAAxB,EAA8C;IAC1CvC,IAAI,EAAG,GAAEL,qBAAsB,8BADW;IAE1CM,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJ+B,SAAS,EAAE5B,GAAG,CAACgB,GAAJ,CAAQa,aAAR,CAAsBC;IAF7B;EAFkC,CAA9C;EAQA,MAAMlC,MAAM,GAAGN,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACJ,MAAJ,CAAWmC,QAA3B,EAAqC;IAChD3C,IAAI,EAAEL,qBAD0C;IAEhDM,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MAAL,CAAYY,GADd;MAEJuB,OAAO,EAAE,YAFL;MAGJC,OAAO,EAAE,iBAHL;MAIJC,OAAO,EAAE,EAJL;MAKJC,UAAU,EAAE,GALR;MAMJhC,WAAW,EAAE,iDANT;MAOJiC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;QAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUpD,GAAG,CAACqD,KAAJ,CAAUC,SAApB,EAA+B,yBAA/B,CADC;MAD2B,CAA9B,CAPF;MAYJC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAAA,IAA8BC,KAA9B,CAAoCC,KAAK,gEAC7CA,KAD6C,GAE7C1D,MAAM,CAAC2D,GAFsC,CAAzC;MADF;IAZT;EAFwC,CAArC,CAAf;EAuBA,OAAO;IACHnC,IADG;IAEHU,MAFG;IAGH7B;EAHG,CAAP;AAKH;;AAED,SAAS8B,+BAAT,CAAyCpC,GAAzC,EAAyD;EACrD,MAAM6D,IAAI,GAAG7D,GAAG,CAAC8D,SAAJ,CAAcC,kBAAd,CAAb;EAEA,OAAO/D,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQsC,MAAxB,EAAgC;IACnClE,IAAI,EAAE,uCAD6B;IAEnCC,MAAM,EAAE;MACJc,WAAW,EAAE,sEADT;MAEJsB,MAAM,EAAE;QACJN,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACImC,GAAG,EAAE,kBADT;UAEI/B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CAAC,uBAAD,CAHZ;UAIImC,QAAQ,EAAE,CAAC,GAAD;QAJd,CADO,EAOP;UACID,GAAG,EAAE,oBADT;UAEI/B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CAAC,gBAAD,EAAmB,kBAAnB,EAAuC,qBAAvC,CAHZ;UAIImC,QAAQ,EAAE,CACNnB,MAAM,CAACoB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,EAD5C,EAENrB,MAAM,CAACoB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,IAF5C;QAJd,CAPO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AA0BH;;AAED,SAAS/D,0BAAT,CACIL,GADJ,EAEIqE,aAFJ,EAGIpE,MAHJ,EAIE;EACE,MAAMwB,IAAI,GAAGzB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQC,IAAxB,EAA8B;IACvC7B,IAAI,EAAG,GAAEN,kBAAmB,OADW;IAEvCO,MAAM,EAAE;MACJ6B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YADK;QAEdC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBADZ;UAEIC,SAAS,EAAE;YACPC,OAAO,EAAE;UADF,CAFf;UAKIC,MAAM,EAAE;QALZ,CADO;MAFG;IADd;EAF+B,CAA9B,CAAb;EAkBA,MAAMC,MAAM,GAAGmC,gCAAgC,CAACtE,GAAD,CAA/C;EAEAA,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQW,oBAAxB,EAA8C;IAC1CvC,IAAI,EAAG,GAAEN,kBAAmB,yBADc;IAE1CO,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJ+B,SAAS,EAAEH,MAAM,CAAC5B,MAAP,CAAcY;IAFrB;EAFkC,CAA9C;EAQAnB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQW,oBAAxB,EAA8C;IAC1CvC,IAAI,EAAG,GAAEN,kBAAmB,8BADc;IAE1CO,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJ+B,SAAS,EAAE5B,GAAG,CAACgB,GAAJ,CAAQa,aAAR,CAAsBC;IAF7B;EAFkC,CAA9C;EAQA,MAAMlC,MAAM,GAAGN,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACJ,MAAJ,CAAWmC,QAA3B,EAAqC;IAChD3C,IAAI,EAAEN,kBAD0C;IAEhDO,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MAAL,CAAYY,GADd;MAEJuB,OAAO,EAAE,YAFL;MAGJC,OAAO,EAAE,iBAHL;MAIJC,OAAO,EAAE,EAJL;MAKJC,UAAU,EAAE,GALR;MAMJhC,WAAW,EAAE,kDANT;MAOJiC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;QAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUpD,GAAG,CAACqD,KAAJ,CAAUC,SAApB,EAA+B,0BAA/B,CADC;MAD2B,CAA9B,CAPF;MAYJC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAAA,IAA8BC,KAA9B,CAAoCC,KAAK,4FAC7CA,KAD6C,GAE7C1D,MAAM,CAAC2D,GAFsC;UAGhDW,oCAAoC,EAAEF,aAAa,CAAClD,GAHJ,CAIhD;UACA;;QALgD,EAAzC;MADF;IAZT;EAFwC,CAArC,CAAf;EA0BA,OAAO;IACHM,IADG;IAEHU,MAFG;IAGH7B;EAHG,CAAP;AAKH;;AAED,SAASgE,gCAAT,CAA0CtE,GAA1C,EAA0D;EACtD,MAAM6D,IAAI,GAAG7D,GAAG,CAAC8D,SAAJ,CAAcC,kBAAd,CAAb;EAEA,OAAO/D,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQsC,MAAxB,EAAgC;IACnClE,IAAI,EAAE,wCAD6B;IAEnCC,MAAM,EAAE;MACJc,WAAW,EAAE,sEADT;MAEJsB,MAAM,EAAE;QACJN,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACImC,GAAG,EAAE,kBADT;UAEI/B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CAAC,uBAAD,CAHZ;UAIImC,QAAQ,EAAE,CAAC,GAAD;QAJd,CADO,EAOP;UACID,GAAG,EAAE,oBADT;UAEI/B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CACJ,kBADI,EAEJ,gBAFI,EAGJ,kBAHI,EAIJ,qBAJI,EAKJ,qBALI,CAHZ;UAUImC,QAAQ,EAAE,CACNnB,MAAM,CAACoB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,EAD5C,EAENrB,MAAM,CAACoB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,IAF5C;QAVd,CAPO,EAsBP;UACIH,GAAG,EAAE,kBADT;UAEI/B,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CACJ,mBADI,EAEJ,mBAFI,EAGJ,gBAHI,EAIJ,kBAJI,EAKJ,sBALI,EAMJ,0BANI,CAHZ;UAWImC,QAAQ,EAAE,CAAC,GAAD;QAXd,CAtBO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AA6CH"}
1
+ {"version":3,"names":["LAMBDA_NAME_PREFIX","CREATE_RULE_LAMBDA","EXECUTE_ACTION_LAMBDA","EVENT_RULE_NAME","EVENT_RULE_TARGET","ApiApwScheduler","createAppModule","name","config","app","params","executeAction","createExecuteActionLambda","scheduleAction","createScheduleActionLambda","lambda","output","eventRule","addResource","aws","cloudwatch","EventRule","description","scheduleExpression","isEnabled","Permission","action","function","arn","principal","statementId","eventTarget","EventTarget","rule","role","iam","Role","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","meta","isLambdaFunctionRole","policy","createExecuteActionLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaBasicExecutionRole","Function","runtime","handler","timeout","memorySize","code","pulumi","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","core","getModule","CoreOutput","Policy","Sid","Resource","interpolate","primaryDynamodbTableArn","executeLambda","createScheduleActionLambdaPolicy","APW_SCHEDULER_EXECUTE_ACTION_HANDLER"],"sources":["ApiApwScheduler.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { CoreOutput } from \"../common\";\nimport { getCommonLambdaEnvVariables } from \"../lambdaUtils\";\n\ninterface ScheduleActionParams {\n env: Record<string, any>;\n}\n\nconst LAMBDA_NAME_PREFIX = \"apw-scheduler\";\nconst CREATE_RULE_LAMBDA = `${LAMBDA_NAME_PREFIX}-schedule-action-lambda`;\nconst EXECUTE_ACTION_LAMBDA = `${LAMBDA_NAME_PREFIX}-execute-action-lambda`;\nconst EVENT_RULE_NAME = `${LAMBDA_NAME_PREFIX}-event-rule`;\nconst EVENT_RULE_TARGET = `${LAMBDA_NAME_PREFIX}-event-rule-target`;\n\nexport type ApiApwScheduler = PulumiAppModule<typeof ApiApwScheduler>;\n\nexport const ApiApwScheduler = createAppModule({\n name: \"ApiApwScheduler\",\n config(app: PulumiApp, params: ScheduleActionParams) {\n const executeAction = createExecuteActionLambda(app, params);\n const scheduleAction = createScheduleActionLambda(app, executeAction.lambda.output, params);\n\n // Create event rule.\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: EVENT_RULE_NAME,\n config: {\n description: `Enable us to schedule an action in publishing workflow at a particular datetime`,\n scheduleExpression: \"cron(* * * * ? 2000)\",\n isEnabled: true\n }\n });\n\n // Add required permission to the target lambda.\n app.addResource(aws.lambda.Permission, {\n name: \"eventTargetPermission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: scheduleAction.lambda.output.arn,\n principal: \"events.amazonaws.com\",\n statementId: \"allow-rule-invoke-\" + EVENT_RULE_NAME\n }\n });\n\n // Add lambda as target to the event rule.\n const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n name: EVENT_RULE_TARGET,\n config: {\n rule: eventRule.output.name,\n arn: scheduleAction.lambda.output.arn\n }\n });\n\n return {\n executeAction,\n scheduleAction,\n eventRule,\n eventTarget\n };\n }\n});\n\nfunction createExecuteActionLambda(app: PulumiApp, params: ScheduleActionParams) {\n const role = app.addResource(aws.iam.Role, {\n name: `${EXECUTE_ACTION_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = createExecuteActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: EXECUTE_ACTION_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 128,\n description: \"Handle execute action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/executeAction/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createExecuteActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerExecuteActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"*\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\"dynamodb:Query\", \"dynamodb:GetItem\", \"dynamodb:DeleteItem\"],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n\nfunction createScheduleActionLambda(\n app: PulumiApp,\n executeLambda: pulumi.Output<aws.lambda.Function>,\n params: ScheduleActionParams\n) {\n const role = app.addResource(aws.iam.Role, {\n name: `${CREATE_RULE_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = createScheduleActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: CREATE_RULE_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 128,\n description: \"Handle schedule action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/scheduleAction/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n APW_SCHEDULER_EXECUTE_ACTION_HANDLER: executeLambda.arn\n // RULE_NAME: this.eventRule.name.apply(name => name),\n // RULE_TARGET_ID: this.eventTarget.targetId.apply(id => id)\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createScheduleActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerScheduleActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"*\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:GetItem\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:DeleteItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n ]\n },\n {\n Sid: \"PermissionEvents\",\n Effect: \"Allow\",\n Action: [\n \"events:DeleteRule\",\n \"events:PutTargets\",\n \"events:PutRule\",\n \"events:ListRules\",\n \"events:RemoveTargets\",\n \"events:ListTargetsByRule\"\n ],\n Resource: [\"*\"]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;;;;;;AAAA;;AACA;;AACA;;AACA;;AACA;;AACA;;AAMA,MAAMA,kBAAkB,GAAG,eAA3B;AACA,MAAMC,kBAAkB,GAAI,GAAED,kBAAmB,yBAAjD;AACA,MAAME,qBAAqB,GAAI,GAAEF,kBAAmB,wBAApD;AACA,MAAMG,eAAe,GAAI,GAAEH,kBAAmB,aAA9C;AACA,MAAMI,iBAAiB,GAAI,GAAEJ,kBAAmB,oBAAhD;AAIO,MAAMK,eAAe,GAAG,IAAAC,wBAAA,EAAgB;EAC3CC,IAAI,EAAE,iBADqC;;EAE3CC,MAAM,CAACC,GAAD,EAAiBC,MAAjB,EAA+C;IACjD,MAAMC,aAAa,GAAGC,yBAAyB,CAACH,GAAD,EAAMC,MAAN,CAA/C;IACA,MAAMG,cAAc,GAAGC,0BAA0B,CAACL,GAAD,EAAME,aAAa,CAACI,MAAd,CAAqBC,MAA3B,EAAmCN,MAAnC,CAAjD,CAFiD,CAIjD;;IACA,MAAMO,SAAS,GAAGR,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACC,UAAJ,CAAeC,SAA/B,EAA0C;MACxDd,IAAI,EAAEJ,eADkD;MAExDK,MAAM,EAAE;QACJc,WAAW,EAAG,iFADV;QAEJC,kBAAkB,EAAE,sBAFhB;QAGJC,SAAS,EAAE;MAHP;IAFgD,CAA1C,CAAlB,CALiD,CAcjD;;IACAf,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACJ,MAAJ,CAAWU,UAA3B,EAAuC;MACnClB,IAAI,EAAE,uBAD6B;MAEnCC,MAAM,EAAE;QACJkB,MAAM,EAAE,uBADJ;QAEJC,QAAQ,EAAEd,cAAc,CAACE,MAAf,CAAsBC,MAAtB,CAA6BY,GAFnC;QAGJC,SAAS,EAAE,sBAHP;QAIJC,WAAW,EAAE,uBAAuB3B;MAJhC;IAF2B,CAAvC,EAfiD,CAyBjD;;IACA,MAAM4B,WAAW,GAAGtB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACC,UAAJ,CAAeY,WAA/B,EAA4C;MAC5DzB,IAAI,EAAEH,iBADsD;MAE5DI,MAAM,EAAE;QACJyB,IAAI,EAAEhB,SAAS,CAACD,MAAV,CAAiBT,IADnB;QAEJqB,GAAG,EAAEf,cAAc,CAACE,MAAf,CAAsBC,MAAtB,CAA6BY;MAF9B;IAFoD,CAA5C,CAApB;IAQA,OAAO;MACHjB,aADG;MAEHE,cAFG;MAGHI,SAHG;MAIHc;IAJG,CAAP;EAMH;;AA1C0C,CAAhB,CAAxB;;;AA6CP,SAASnB,yBAAT,CAAmCH,GAAnC,EAAmDC,MAAnD,EAAiF;EAC7E,MAAMwB,IAAI,GAAGzB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQC,IAAxB,EAA8B;IACvC7B,IAAI,EAAG,GAAEL,qBAAsB,OADQ;IAEvCM,MAAM,EAAE;MACJ6B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YADK;QAEdC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBADZ;UAEIC,SAAS,EAAE;YACPC,OAAO,EAAE;UADF,CAFf;UAKIC,MAAM,EAAE;QALZ,CADO;MAFG;IADd,CAF+B;IAgBvCC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAxB;EAhBiC,CAA9B,CAAb;EAmBA,MAAMC,MAAM,GAAGC,+BAA+B,CAACtC,GAAD,CAA9C;EAEAA,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQa,oBAAxB,EAA8C;IAC1CzC,IAAI,EAAG,GAAEL,qBAAsB,yBADW;IAE1CM,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJiC,SAAS,EAAEH,MAAM,CAAC9B,MAAP,CAAcY;IAFrB;EAFkC,CAA9C;EAQAnB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQa,oBAAxB,EAA8C;IAC1CzC,IAAI,EAAG,GAAEL,qBAAsB,8BADW;IAE1CM,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJiC,SAAS,EAAE9B,GAAG,CAACgB,GAAJ,CAAQe,aAAR,CAAsBC;IAF7B;EAFkC,CAA9C;EAQA,MAAMpC,MAAM,GAAGN,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACJ,MAAJ,CAAWqC,QAA3B,EAAqC;IAChD7C,IAAI,EAAEL,qBAD0C;IAEhDM,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MAAL,CAAYY,GADd;MAEJyB,OAAO,EAAE,YAFL;MAGJC,OAAO,EAAE,iBAHL;MAIJC,OAAO,EAAE,EAJL;MAKJC,UAAU,EAAE,GALR;MAMJlC,WAAW,EAAE,iDANT;MAOJmC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;QAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUtD,GAAG,CAACuD,KAAJ,CAAUC,SAApB,EAA+B,yBAA/B,CADC;MAD2B,CAA9B,CAPF;MAYJC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAAA,IAA8BC,KAA9B,CAAoCC,KAAK,gEAC7CA,KAD6C,GAE7C5D,MAAM,CAAC6D,GAFsC,CAAzC;MADF;IAZT;EAFwC,CAArC,CAAf;EAuBA,OAAO;IACHrC,IADG;IAEHY,MAFG;IAGH/B;EAHG,CAAP;AAKH;;AAED,SAASgC,+BAAT,CAAyCtC,GAAzC,EAAyD;EACrD,MAAM+D,IAAI,GAAG/D,GAAG,CAACgE,SAAJ,CAAcC,kBAAd,CAAb;EAEA,OAAOjE,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQwC,MAAxB,EAAgC;IACnCpE,IAAI,EAAE,uCAD6B;IAEnCC,MAAM,EAAE;MACJc,WAAW,EAAE,sEADT;MAEJwB,MAAM,EAAE;QACJR,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACIqC,GAAG,EAAE,kBADT;UAEIjC,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CAAC,uBAAD,CAHZ;UAIIqC,QAAQ,EAAE,CAAC,GAAD;QAJd,CADO,EAOP;UACID,GAAG,EAAE,oBADT;UAEIjC,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CAAC,gBAAD,EAAmB,kBAAnB,EAAuC,qBAAvC,CAHZ;UAIIqC,QAAQ,EAAE,CACNnB,MAAM,CAACoB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,EAD5C,EAENrB,MAAM,CAACoB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,IAF5C;QAJd,CAPO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AA0BH;;AAED,SAASjE,0BAAT,CACIL,GADJ,EAEIuE,aAFJ,EAGItE,MAHJ,EAIE;EACE,MAAMwB,IAAI,GAAGzB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQC,IAAxB,EAA8B;IACvC7B,IAAI,EAAG,GAAEN,kBAAmB,OADW;IAEvCO,MAAM,EAAE;MACJ6B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YADK;QAEdC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBADZ;UAEIC,SAAS,EAAE;YACPC,OAAO,EAAE;UADF,CAFf;UAKIC,MAAM,EAAE;QALZ,CADO;MAFG;IADd,CAF+B;IAgBvCC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAxB;EAhBiC,CAA9B,CAAb;EAmBA,MAAMC,MAAM,GAAGmC,gCAAgC,CAACxE,GAAD,CAA/C;EAEAA,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQa,oBAAxB,EAA8C;IAC1CzC,IAAI,EAAG,GAAEN,kBAAmB,yBADc;IAE1CO,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJiC,SAAS,EAAEH,MAAM,CAAC9B,MAAP,CAAcY;IAFrB;EAFkC,CAA9C;EAQAnB,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQa,oBAAxB,EAA8C;IAC1CzC,IAAI,EAAG,GAAEN,kBAAmB,8BADc;IAE1CO,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MADP;MAEJiC,SAAS,EAAE9B,GAAG,CAACgB,GAAJ,CAAQe,aAAR,CAAsBC;IAF7B;EAFkC,CAA9C;EAQA,MAAMpC,MAAM,GAAGN,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACJ,MAAJ,CAAWqC,QAA3B,EAAqC;IAChD7C,IAAI,EAAEN,kBAD0C;IAEhDO,MAAM,EAAE;MACJ0B,IAAI,EAAEA,IAAI,CAAClB,MAAL,CAAYY,GADd;MAEJyB,OAAO,EAAE,YAFL;MAGJC,OAAO,EAAE,iBAHL;MAIJC,OAAO,EAAE,EAJL;MAKJC,UAAU,EAAE,GALR;MAMJlC,WAAW,EAAE,kDANT;MAOJmC,IAAI,EAAE,IAAIC,MAAM,CAACC,KAAP,CAAaC,YAAjB,CAA8B;QAChC,KAAK,IAAIF,MAAM,CAACC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUtD,GAAG,CAACuD,KAAJ,CAAUC,SAApB,EAA+B,0BAA/B,CADC;MAD2B,CAA9B,CAPF;MAYJC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAAA,IAA8BC,KAA9B,CAAoCC,KAAK,4FAC7CA,KAD6C,GAE7C5D,MAAM,CAAC6D,GAFsC;UAGhDW,oCAAoC,EAAEF,aAAa,CAACpD,GAHJ,CAIhD;UACA;;QALgD,EAAzC;MADF;IAZT;EAFwC,CAArC,CAAf;EA0BA,OAAO;IACHM,IADG;IAEHY,MAFG;IAGH/B;EAHG,CAAP;AAKH;;AAED,SAASkE,gCAAT,CAA0CxE,GAA1C,EAA0D;EACtD,MAAM+D,IAAI,GAAG/D,GAAG,CAACgE,SAAJ,CAAcC,kBAAd,CAAb;EAEA,OAAOjE,GAAG,CAACS,WAAJ,CAAgBC,GAAG,CAACgB,GAAJ,CAAQwC,MAAxB,EAAgC;IACnCpE,IAAI,EAAE,wCAD6B;IAEnCC,MAAM,EAAE;MACJc,WAAW,EAAE,sEADT;MAEJwB,MAAM,EAAE;QACJR,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACIqC,GAAG,EAAE,kBADT;UAEIjC,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CAAC,uBAAD,CAHZ;UAIIqC,QAAQ,EAAE,CAAC,GAAD;QAJd,CADO,EAOP;UACID,GAAG,EAAE,oBADT;UAEIjC,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CACJ,kBADI,EAEJ,gBAFI,EAGJ,kBAHI,EAIJ,qBAJI,EAKJ,qBALI,CAHZ;UAUIqC,QAAQ,EAAE,CACNnB,MAAM,CAACoB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,EAD5C,EAENrB,MAAM,CAACoB,WAAY,GAAEN,IAAI,CAACO,uBAAwB,IAF5C;QAVd,CAPO,EAsBP;UACIH,GAAG,EAAE,kBADT;UAEIjC,MAAM,EAAE,OAFZ;UAGIH,MAAM,EAAE,CACJ,mBADI,EAEJ,mBAFI,EAGJ,gBAHI,EAIJ,kBAJI,EAKJ,sBALI,EAMJ,0BANI,CAHZ;UAWIqC,QAAQ,EAAE,CAAC,GAAD;QAXd,CAtBO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AA6CH"}
package/apps/awsUtils.d.ts CHANGED
@@ -1,3 +1,3 @@
1
1
  import { PulumiApp } from "@webiny/pulumi";
2
2
  export declare function getAwsAccountId(app: PulumiApp): import("@pulumi/pulumi").Output<string>;
3
- export declare function getAwsRegion(app: PulumiApp): import("@pulumi/pulumi").Output<"af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-2" | "ap-southeast-1" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-south-1" | "me-south-1" | "sa-east-1" | "us-gov-east-1" | "us-gov-west-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2">;
3
+ export declare function getAwsRegion(app: PulumiApp): import("@pulumi/pulumi").Output<"us-east-1" | "af-south-1" | "ap-east-1" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ap-south-1" | "ap-southeast-2" | "ap-southeast-1" | "ca-central-1" | "cn-north-1" | "cn-northwest-1" | "eu-central-1" | "eu-north-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-south-1" | "me-south-1" | "sa-east-1" | "us-gov-east-1" | "us-gov-west-1" | "us-east-2" | "us-west-1" | "us-west-2">;
package/apps/core/CoreElasticSearch.js CHANGED
@@ -165,6 +165,9 @@ const ElasticSearch = (0, _pulumi2.createAppModule)({
165
165
  Effect: "Allow"
166
166
  }]
167
167
  }
168
+ },
169
+ meta: {
170
+ isLambdaFunctionRole: true
168
171
  }
169
172
  });
170
173
  const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);
package/apps/core/CoreElasticSearch.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","ElasticSearch","createAppModule","name","config","app","params","domainName","accountId","getAwsAccountId","productionEnvironments","create","isProduction","includes","run","env","vpc","getModule","CoreVpc","optional","domain","domainPolicy","process","AWS_ELASTIC_SEARCH_DOMAIN_NAME","String","addRemoteResource","aws","elasticsearch","getDomain","async","addResource","Domain","elasticsearchVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","DomainPolicy","accessPolicies","Version","Statement","Effect","Principal","AWS","Action","Resource","pulumi","interpolate","arn","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","roleName","role","iam","Role","assumeRolePolicy","Service","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","handler","timeout","memorySize","environment","variables","DEBUG","ELASTIC_SEARCH_ENDPOINT","endpoint","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","elasticsearchDomainArn","elasticsearchDomainEndpoint","elasticsearchDynamodbTableArn","elasticsearchDynamodbTableName","dynamoToElastic","Policy","Sid"],"sources":["CoreElasticSearch.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport {\n createAppModule,\n PulumiApp,\n PulumiAppResource,\n PulumiAppResourceConstructor,\n PulumiAppRemoteResource\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { CoreVpc } from \"./CoreVpc\";\n\nexport interface ElasticSearchParams {\n protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n return {\n instanceType: \"t3.small.elasticsearch\"\n };\n}\n\nfunction getProdClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n return {\n // For production deployments, we create 2 instances and configure multi-AZ.\n instanceType: \"t3.medium.elasticsearch\",\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 2\n }\n };\n}\n\nexport const ElasticSearch = createAppModule({\n name: \"ElasticSearch\",\n config(app, params: ElasticSearchParams) {\n const domainName = \"webiny-js\";\n const accountId = getAwsAccountId(app);\n\n const productionEnvironments = app.params.create.productionEnvironments || [\"prod\"];\n const isProduction = productionEnvironments.includes(app.params.run.env);\n\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n // This needs to be implemented in order to be able to use a shared ElasticSearch cluster.\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.elasticsearch.Domain>>\n | PulumiAppRemoteResource<aws.elasticsearch.GetDomainResult>;\n\n let domainPolicy;\n\n if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {\n const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME);\n // This can be useful for testing purposes in ephemeral environments. More information here:\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(domainName, () => {\n return aws.elasticsearch.getDomain({ domainName }, { async: true });\n });\n } else {\n // Regular ElasticSearch deployment.\n domain = app.addResource(aws.elasticsearch.Domain, {\n name: domainName,\n config: {\n elasticsearchVersion: \"7.10\",\n clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n /**\n * Domain policy defines who can access your Elasticsearch Domain.\n * For details on Elasticsearch security, read the official documentation:\n * https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/security.html\n */\n domainPolicy = app.addResource(aws.elasticsearch.DomainPolicy, {\n name: `${domainName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: {\n Version: \"2012-10-17\",\n Statement: [\n /**\n * Allow requests signed with current account\n */\n {\n Effect: \"Allow\",\n Principal: {\n AWS: accountId\n },\n Action: \"es:*\",\n Resource: pulumi.interpolate`${domain.output.arn}/*`\n }\n ]\n }\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for Elasticsearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your Elasticsearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with Elasticsearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\"\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n if (vpc) {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n } else {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n }\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains Elasticsearch items.\n * Elasticsearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for Elasticsearch in a DynamoDB table, and asynchronously insert it into Elasticsearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 600,\n memorySize: 512,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 1000,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n elasticsearchDomainArn: domain.output.arn,\n elasticsearchDomainEndpoint: domain.output.endpoint,\n elasticsearchDynamodbTableArn: table.output.arn,\n elasticsearchDynamodbTableName: table.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n app: PulumiApp,\n domain: pulumi.Output<aws.elasticsearch.Domain | aws.elasticsearch.GetDomainResult>\n) {\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\"\n ],\n Resource: [\n pulumi.interpolate`${domain.arn}`,\n pulumi.interpolate`${domain.arn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AACA;;AAQA;;AACA;;AAMA,SAASA,mBAAT,GAAkF;EAC9E,OAAO;IACHC,YAAY,EAAE;EADX,CAAP;AAGH;;AAED,SAASC,oBAAT,GAAmF;EAC/E,OAAO;IACH;IACAD,YAAY,EAAE,yBAFX;IAGHE,aAAa,EAAE,CAHZ;IAIHC,oBAAoB,EAAE,IAJnB;IAKHC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IADN;EALlB,CAAP;AASH;;AAEM,MAAMC,aAAa,GAAG,IAAAC,wBAAA,EAAgB;EACzCC,IAAI,EAAE,eADmC;;EAEzCC,MAAM,CAACC,GAAD,EAAMC,MAAN,EAAmC;IACrC,MAAMC,UAAU,GAAG,WAAnB;IACA,MAAMC,SAAS,GAAG,IAAAC,yBAAA,EAAgBJ,GAAhB,CAAlB;IAEA,MAAMK,sBAAsB,GAAGL,GAAG,CAACC,MAAJ,CAAWK,MAAX,CAAkBD,sBAAlB,IAA4C,CAAC,MAAD,CAA3E;IACA,MAAME,YAAY,GAAGF,sBAAsB,CAACG,QAAvB,CAAgCR,GAAG,CAACC,MAAJ,CAAWQ,GAAX,CAAeC,GAA/C,CAArB;IAEA,MAAMC,GAAG,GAAGX,GAAG,CAACY,SAAJ,CAAcC,gBAAd,EAAuB;MAAEC,QAAQ,EAAE;IAAZ,CAAvB,CAAZ,CAPqC,CASrC;;IACA,IAAIC,MAAJ;IAIA,IAAIC,YAAJ;;IAEA,IAAIC,OAAO,CAACP,GAAR,CAAYQ,8BAAhB,EAAgD;MAC5C,MAAMhB,UAAU,GAAGiB,MAAM,CAACF,OAAO,CAACP,GAAR,CAAYQ,8BAAb,CAAzB,CAD4C,CAE5C;MACA;;MACAH,MAAM,GAAGf,GAAG,CAACoB,iBAAJ,CAAsBlB,UAAtB,EAAkC,MAAM;QAC7C,OAAOmB,GAAG,CAACC,aAAJ,CAAkBC,SAAlB,CAA4B;UAAErB;QAAF,CAA5B,EAA4C;UAAEsB,KAAK,EAAE;QAAT,CAA5C,CAAP;MACH,CAFQ,CAAT;IAGH,CAPD,MAOO;MACH;MACAT,MAAM,GAAGf,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACC,aAAJ,CAAkBI,MAAlC,EAA0C;QAC/C5B,IAAI,EAAEI,UADyC;QAE/CH,MAAM,EAAE;UACJ4B,oBAAoB,EAAE,MADlB;UAEJC,aAAa,EAAErB,YAAY,GAAGhB,oBAAoB,EAAvB,GAA4BF,mBAAmB,EAFtE;UAGJwC,UAAU,EAAElB,GAAG,GACT;YACImB,SAAS,EAAEnB,GAAG,CAACoB,OAAJ,CAAYC,OAAZ,CAAoBC,GAApB,CAAwBC,CAAC,IAAIA,CAAC,CAACC,MAAF,CAASC,EAAtC,CADf;YAEIC,gBAAgB,EAAE,CAAC1B,GAAG,CAACA,GAAJ,CAAQwB,MAAR,CAAeG,sBAAhB;UAFtB,CADS,GAKTC,SARF;UASJC,UAAU,EAAE;YACRC,UAAU,EAAE,IADJ;YAERC,UAAU,EAAE,EAFJ;YAGRC,UAAU,EAAE;UAHJ,CATR;UAcJC,eAAe,EAAE;YACb,0CAA0C;UAD7B,CAdb;UAiBJC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UADf;QAjBb,CAFuC;QAuB/CC,IAAI,EAAE;UAAEC,OAAO,EAAE/C,MAAM,CAAC+C;QAAlB;MAvByC,CAA1C,CAAT;MA0BA;AACZ;AACA;AACA;AACA;;MACYhC,YAAY,GAAGhB,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACC,aAAJ,CAAkB2B,YAAlC,EAAgD;QAC3DnD,IAAI,EAAG,GAAEI,UAAW,SADuC;QAE3DH,MAAM,EAAE;UACJG,UAAU,EAAEa,MAAM,CAACoB,MAAP,CAAcjC,UADtB;UAEJgD,cAAc,EAAE;YACZC,OAAO,EAAE,YADG;YAEZC,SAAS,EAAE;YACP;AAC5B;AACA;YAC4B;cACIC,MAAM,EAAE,OADZ;cAEIC,SAAS,EAAE;gBACPC,GAAG,EAAEpD;cADE,CAFf;cAKIqD,MAAM,EAAE,MALZ;cAMIC,QAAQ,EAAEC,MAAM,CAACC,WAAY,GAAE5C,MAAM,CAACoB,MAAP,CAAcyB,GAAI;YANrD,CAJO;UAFC;QAFZ,CAFmD;QAqB3Db,IAAI,EAAE;UAAEC,OAAO,EAAE/C,MAAM,CAAC+C;QAAlB;MArBqD,CAAhD,CAAf;IAuBH;IAED;AACR;AACA;AACA;AACA;AACA;;;IACQ,MAAMa,KAAK,GAAG7D,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACyC,QAAJ,CAAaC,KAA7B,EAAoC;MAC9CjE,IAAI,EAAE,WADwC;MAE9CC,MAAM,EAAE;QACJiE,UAAU,EAAE,CACR;UAAElE,IAAI,EAAE,IAAR;UAAcmE,IAAI,EAAE;QAApB,CADQ,EAER;UAAEnE,IAAI,EAAE,IAAR;UAAcmE,IAAI,EAAE;QAApB,CAFQ,CADR;QAKJC,aAAa,EAAE,IALX;QAMJC,cAAc,EAAE,oBANZ;QAOJC,WAAW,EAAE,iBAPT;QAQJC,OAAO,EAAE,IARL;QASJC,QAAQ,EAAE;MATN,CAFsC;MAa9CvB,IAAI,EAAE;QAAEC,OAAO,EAAE/C,MAAM,CAAC+C;MAAlB;IAbwC,CAApC,CAAd;IAgBA,MAAMuB,QAAQ,GAAG,+BAAjB;IAEA,MAAMC,IAAI,GAAGxE,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQC,IAAxB,EAA8B;MACvC5E,IAAI,EAAEyE,QADiC;MAEvCxE,MAAM,EAAE;QACJ4E,gBAAgB,EAAE;UACdxB,OAAO,EAAE,YADK;UAEdC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBADZ;YAEIF,SAAS,EAAE;cACPsB,OAAO,EAAE;YADF,CAFf;YAKIvB,MAAM,EAAE;UALZ,CADO;QAFG;MADd;IAF+B,CAA9B,CAAb;IAkBA,MAAMwB,MAAM,GAAGC,gCAAgC,CAAC9E,GAAD,EAAMe,MAAM,CAACoB,MAAb,CAA/C;IAEAnC,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQM,oBAAxB,EAA8C;MAC1CjF,IAAI,EAAG,GAAEyE,QAAS,gCADwB;MAE1CxE,MAAM,EAAE;QACJyE,IAAI,EAAEA,IAAI,CAACrC,MADP;QAEJ6C,SAAS,EAAEH,MAAM,CAAC1C,MAAP,CAAcyB;MAFrB;IAFkC,CAA9C,EA7HqC,CAqIrC;;IACA,IAAIjD,GAAJ,EAAS;MACLX,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQM,oBAAxB,EAA8C;QAC1CjF,IAAI,EAAG,GAAEyE,QAAS,kCADwB;QAE1CxE,MAAM,EAAE;UACJyE,IAAI,EAAEA,IAAI,CAACrC,MADP;UAEJ6C,SAAS,EAAE3D,GAAG,CAACoD,GAAJ,CAAQQ,aAAR,CAAsBC;QAF7B;MAFkC,CAA9C;IAOH,CARD,MAQO;MACHlF,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQM,oBAAxB,EAA8C;QAC1CjF,IAAI,EAAG,GAAEyE,QAAS,8BADwB;QAE1CxE,MAAM,EAAE;UACJyE,IAAI,EAAEA,IAAI,CAACrC,MADP;UAEJ6C,SAAS,EAAE3D,GAAG,CAACoD,GAAJ,CAAQQ,aAAR,CAAsBE;QAF7B;MAFkC,CAA9C;IAOH;;IAEDnF,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQM,oBAAxB,EAA8C;MAC1CjF,IAAI,EAAG,GAAEyE,QAAS,iCADwB;MAE1CxE,MAAM,EAAE;QACJyE,IAAI,EAAEA,IAAI,CAACrC,MADP;QAEJ6C,SAAS,EAAE3D,GAAG,CAACoD,GAAJ,CAAQQ,aAAR,CAAsBG;MAF7B;IAFkC,CAA9C;IAQA;AACR;AACA;AACA;AACA;AACA;;IACQ,MAAMC,MAAM,GAAGrF,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACgE,MAAJ,CAAWC,QAA3B,EAAqC;MAChDxF,IAAI,EAAE,mBAD0C;MAEhDC,MAAM,EAAE;QACJyE,IAAI,EAAEA,IAAI,CAACrC,MAAL,CAAYyB,GADd;QAEJ2B,OAAO,EAAE,YAFL;QAGJC,OAAO,EAAE,iBAHL;QAIJC,OAAO,EAAE,GAJL;QAKJC,UAAU,EAAE,GALR;QAMJC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE1E,MAAM,CAACF,OAAO,CAACP,GAAR,CAAYmF,KAAb,CADN;YAEPC,uBAAuB,EAAE/E,MAAM,CAACoB,MAAP,CAAc4D;UAFhC;QADF,CANT;QAYJC,WAAW,EAAE,0BAZT;QAaJC,IAAI,EAAE,IAAIvC,MAAM,CAACwC,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAIzC,MAAM,CAACwC,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUtG,GAAG,CAACuG,KAAJ,CAAUC,SAApB,EAA+B,uBAA/B,CADC;QAD2B,CAA9B,CAbF;QAkBJC,SAAS,EAAE9F,GAAG,GACR;UACImB,SAAS,EAAEnB,GAAG,CAACoB,OAAJ,CAAYC,OAAZ,CAAoBC,GAApB,CAAwBC,CAAC,IAAIA,CAAC,CAACC,MAAF,CAASC,EAAtC,CADf;UAEIC,gBAAgB,EAAE,CAAC1B,GAAG,CAACA,GAAJ,CAAQwB,MAAR,CAAeG,sBAAhB;QAFtB,CADQ,GAKRC;MAvBF;IAFwC,CAArC,CAAf;IA6BA,MAAMmE,kBAAkB,GAAG1G,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACgE,MAAJ,CAAWsB,kBAA3B,EAA+C;MACtE7G,IAAI,EAAE,mBADgE;MAEtEC,MAAM,EAAE;QACJ6G,cAAc,EAAE/C,KAAK,CAAC1B,MAAN,CAAa0E,SADzB;QAEJC,YAAY,EAAEzB,MAAM,CAAClD,MAAP,CAAcyB,GAFxB;QAGJmD,gBAAgB,EAAE,QAHd;QAIJC,oBAAoB,EAAE,CAJlB;QAKJC,SAAS,EAAE,IALP;QAMJC,8BAA8B,EAAE;MAN5B;IAF8D,CAA/C,CAA3B;IAYAlH,GAAG,CAACmH,UAAJ,CAAe;MACXC,sBAAsB,EAAErG,MAAM,CAACoB,MAAP,CAAcyB,GAD3B;MAEXyD,2BAA2B,EAAEtG,MAAM,CAACoB,MAAP,CAAc4D,QAFhC;MAGXuB,6BAA6B,EAAEzD,KAAK,CAAC1B,MAAN,CAAayB,GAHjC;MAIX2D,8BAA8B,EAAE1D,KAAK,CAAC1B,MAAN,CAAarC;IAJlC,CAAf;IAOA,OAAO;MACHiB,MADG;MAEHC,YAFG;MAGH6C,KAHG;MAIH2D,eAAe,EAAE;QACbhD,IADa;QAEbK,MAFa;QAGbQ,MAHa;QAIbqB;MAJa;IAJd,CAAP;EAWH;;AAnOwC,CAAhB,CAAtB;;;AAsOP,SAAS5B,gCAAT,CACI9E,GADJ,EAEIe,MAFJ,EAGE;EACE,OAAOf,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQgD,MAAxB,EAAgC;IACnC3H,IAAI,EAAE,uCAD6B;IAEnCC,MAAM,EAAE;MACJiG,WAAW,EAAE,uDADT;MAEJnB,MAAM,EAAE;QACJ1B,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACIsE,GAAG,EAAE,iBADT;UAEIrE,MAAM,EAAE,OAFZ;UAGIG,MAAM,EAAE,CACJ,iBADI,EAEJ,gBAFI,EAGJ,eAHI,EAIJ,cAJI,CAHZ;UASIC,QAAQ,EAAE,CACNC,MAAM,CAACC,WAAY,GAAE5C,MAAM,CAAC6C,GAAI,EAD1B,EAENF,MAAM,CAACC,WAAY,GAAE5C,MAAM,CAAC6C,GAAI,IAF1B;QATd,CADO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AAyBH"}
1
+ {"version":3,"names":["getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","ElasticSearch","createAppModule","name","config","app","params","domainName","accountId","getAwsAccountId","productionEnvironments","create","isProduction","includes","run","env","vpc","getModule","CoreVpc","optional","domain","domainPolicy","process","AWS_ELASTIC_SEARCH_DOMAIN_NAME","String","addRemoteResource","aws","elasticsearch","getDomain","async","addResource","Domain","elasticsearchVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","DomainPolicy","accessPolicies","Version","Statement","Effect","Principal","AWS","Action","Resource","pulumi","interpolate","arn","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","handler","timeout","memorySize","environment","variables","DEBUG","ELASTIC_SEARCH_ENDPOINT","endpoint","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","elasticsearchDomainArn","elasticsearchDomainEndpoint","elasticsearchDynamodbTableArn","elasticsearchDynamodbTableName","dynamoToElastic","Policy","Sid"],"sources":["CoreElasticSearch.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport {\n createAppModule,\n PulumiApp,\n PulumiAppResource,\n PulumiAppResourceConstructor,\n PulumiAppRemoteResource\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { CoreVpc } from \"./CoreVpc\";\n\nexport interface ElasticSearchParams {\n protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n return {\n instanceType: \"t3.small.elasticsearch\"\n };\n}\n\nfunction getProdClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n return {\n // For production deployments, we create 2 instances and configure multi-AZ.\n instanceType: \"t3.medium.elasticsearch\",\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 2\n }\n };\n}\n\nexport const ElasticSearch = createAppModule({\n name: \"ElasticSearch\",\n config(app, params: ElasticSearchParams) {\n const domainName = \"webiny-js\";\n const accountId = getAwsAccountId(app);\n\n const productionEnvironments = app.params.create.productionEnvironments || [\"prod\"];\n const isProduction = productionEnvironments.includes(app.params.run.env);\n\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n // This needs to be implemented in order to be able to use a shared ElasticSearch cluster.\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.elasticsearch.Domain>>\n | PulumiAppRemoteResource<aws.elasticsearch.GetDomainResult>;\n\n let domainPolicy;\n\n if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {\n const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME);\n // This can be useful for testing purposes in ephemeral environments. More information here:\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(domainName, () => {\n return aws.elasticsearch.getDomain({ domainName }, { async: true });\n });\n } else {\n // Regular ElasticSearch deployment.\n domain = app.addResource(aws.elasticsearch.Domain, {\n name: domainName,\n config: {\n elasticsearchVersion: \"7.10\",\n clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n /**\n * Domain policy defines who can access your Elasticsearch Domain.\n * For details on Elasticsearch security, read the official documentation:\n * https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/security.html\n */\n domainPolicy = app.addResource(aws.elasticsearch.DomainPolicy, {\n name: `${domainName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: {\n Version: \"2012-10-17\",\n Statement: [\n /**\n * Allow requests signed with current account\n */\n {\n Effect: \"Allow\",\n Principal: {\n AWS: accountId\n },\n Action: \"es:*\",\n Resource: pulumi.interpolate`${domain.output.arn}/*`\n }\n ]\n }\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for Elasticsearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your Elasticsearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with Elasticsearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\"\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n if (vpc) {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n } else {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n }\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains Elasticsearch items.\n * Elasticsearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for Elasticsearch in a DynamoDB table, and asynchronously insert it into Elasticsearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: \"nodejs14.x\",\n handler: \"handler.handler\",\n timeout: 600,\n memorySize: 512,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 1000,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n elasticsearchDomainArn: domain.output.arn,\n elasticsearchDomainEndpoint: domain.output.endpoint,\n elasticsearchDynamodbTableArn: table.output.arn,\n elasticsearchDynamodbTableName: table.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n app: PulumiApp,\n domain: pulumi.Output<aws.elasticsearch.Domain | aws.elasticsearch.GetDomainResult>\n) {\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\"\n ],\n Resource: [\n pulumi.interpolate`${domain.arn}`,\n pulumi.interpolate`${domain.arn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;;;;AAAA;;AACA;;AACA;;AACA;;AAQA;;AACA;;AAMA,SAASA,mBAAT,GAAkF;EAC9E,OAAO;IACHC,YAAY,EAAE;EADX,CAAP;AAGH;;AAED,SAASC,oBAAT,GAAmF;EAC/E,OAAO;IACH;IACAD,YAAY,EAAE,yBAFX;IAGHE,aAAa,EAAE,CAHZ;IAIHC,oBAAoB,EAAE,IAJnB;IAKHC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IADN;EALlB,CAAP;AASH;;AAEM,MAAMC,aAAa,GAAG,IAAAC,wBAAA,EAAgB;EACzCC,IAAI,EAAE,eADmC;;EAEzCC,MAAM,CAACC,GAAD,EAAMC,MAAN,EAAmC;IACrC,MAAMC,UAAU,GAAG,WAAnB;IACA,MAAMC,SAAS,GAAG,IAAAC,yBAAA,EAAgBJ,GAAhB,CAAlB;IAEA,MAAMK,sBAAsB,GAAGL,GAAG,CAACC,MAAJ,CAAWK,MAAX,CAAkBD,sBAAlB,IAA4C,CAAC,MAAD,CAA3E;IACA,MAAME,YAAY,GAAGF,sBAAsB,CAACG,QAAvB,CAAgCR,GAAG,CAACC,MAAJ,CAAWQ,GAAX,CAAeC,GAA/C,CAArB;IAEA,MAAMC,GAAG,GAAGX,GAAG,CAACY,SAAJ,CAAcC,gBAAd,EAAuB;MAAEC,QAAQ,EAAE;IAAZ,CAAvB,CAAZ,CAPqC,CASrC;;IACA,IAAIC,MAAJ;IAIA,IAAIC,YAAJ;;IAEA,IAAIC,OAAO,CAACP,GAAR,CAAYQ,8BAAhB,EAAgD;MAC5C,MAAMhB,UAAU,GAAGiB,MAAM,CAACF,OAAO,CAACP,GAAR,CAAYQ,8BAAb,CAAzB,CAD4C,CAE5C;MACA;;MACAH,MAAM,GAAGf,GAAG,CAACoB,iBAAJ,CAAsBlB,UAAtB,EAAkC,MAAM;QAC7C,OAAOmB,GAAG,CAACC,aAAJ,CAAkBC,SAAlB,CAA4B;UAAErB;QAAF,CAA5B,EAA4C;UAAEsB,KAAK,EAAE;QAAT,CAA5C,CAAP;MACH,CAFQ,CAAT;IAGH,CAPD,MAOO;MACH;MACAT,MAAM,GAAGf,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACC,aAAJ,CAAkBI,MAAlC,EAA0C;QAC/C5B,IAAI,EAAEI,UADyC;QAE/CH,MAAM,EAAE;UACJ4B,oBAAoB,EAAE,MADlB;UAEJC,aAAa,EAAErB,YAAY,GAAGhB,oBAAoB,EAAvB,GAA4BF,mBAAmB,EAFtE;UAGJwC,UAAU,EAAElB,GAAG,GACT;YACImB,SAAS,EAAEnB,GAAG,CAACoB,OAAJ,CAAYC,OAAZ,CAAoBC,GAApB,CAAwBC,CAAC,IAAIA,CAAC,CAACC,MAAF,CAASC,EAAtC,CADf;YAEIC,gBAAgB,EAAE,CAAC1B,GAAG,CAACA,GAAJ,CAAQwB,MAAR,CAAeG,sBAAhB;UAFtB,CADS,GAKTC,SARF;UASJC,UAAU,EAAE;YACRC,UAAU,EAAE,IADJ;YAERC,UAAU,EAAE,EAFJ;YAGRC,UAAU,EAAE;UAHJ,CATR;UAcJC,eAAe,EAAE;YACb,0CAA0C;UAD7B,CAdb;UAiBJC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UADf;QAjBb,CAFuC;QAuB/CC,IAAI,EAAE;UAAEC,OAAO,EAAE/C,MAAM,CAAC+C;QAAlB;MAvByC,CAA1C,CAAT;MA0BA;AACZ;AACA;AACA;AACA;;MACYhC,YAAY,GAAGhB,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACC,aAAJ,CAAkB2B,YAAlC,EAAgD;QAC3DnD,IAAI,EAAG,GAAEI,UAAW,SADuC;QAE3DH,MAAM,EAAE;UACJG,UAAU,EAAEa,MAAM,CAACoB,MAAP,CAAcjC,UADtB;UAEJgD,cAAc,EAAE;YACZC,OAAO,EAAE,YADG;YAEZC,SAAS,EAAE;YACP;AAC5B;AACA;YAC4B;cACIC,MAAM,EAAE,OADZ;cAEIC,SAAS,EAAE;gBACPC,GAAG,EAAEpD;cADE,CAFf;cAKIqD,MAAM,EAAE,MALZ;cAMIC,QAAQ,EAAEC,MAAM,CAACC,WAAY,GAAE5C,MAAM,CAACoB,MAAP,CAAcyB,GAAI;YANrD,CAJO;UAFC;QAFZ,CAFmD;QAqB3Db,IAAI,EAAE;UAAEC,OAAO,EAAE/C,MAAM,CAAC+C;QAAlB;MArBqD,CAAhD,CAAf;IAuBH;IAED;AACR;AACA;AACA;AACA;AACA;;;IACQ,MAAMa,KAAK,GAAG7D,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACyC,QAAJ,CAAaC,KAA7B,EAAoC;MAC9CjE,IAAI,EAAE,WADwC;MAE9CC,MAAM,EAAE;QACJiE,UAAU,EAAE,CACR;UAAElE,IAAI,EAAE,IAAR;UAAcmE,IAAI,EAAE;QAApB,CADQ,EAER;UAAEnE,IAAI,EAAE,IAAR;UAAcmE,IAAI,EAAE;QAApB,CAFQ,CADR;QAKJC,aAAa,EAAE,IALX;QAMJC,cAAc,EAAE,oBANZ;QAOJC,WAAW,EAAE,iBAPT;QAQJC,OAAO,EAAE,IARL;QASJC,QAAQ,EAAE;MATN,CAFsC;MAa9CvB,IAAI,EAAE;QAAEC,OAAO,EAAE/C,MAAM,CAAC+C;MAAlB;IAbwC,CAApC,CAAd;IAgBA,MAAMuB,QAAQ,GAAG,+BAAjB;IAEA,MAAMC,IAAI,GAAGxE,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQC,IAAxB,EAA8B;MACvC5E,IAAI,EAAEyE,QADiC;MAEvCxE,MAAM,EAAE;QACJ4E,gBAAgB,EAAE;UACdxB,OAAO,EAAE,YADK;UAEdC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBADZ;YAEIF,SAAS,EAAE;cACPsB,OAAO,EAAE;YADF,CAFf;YAKIvB,MAAM,EAAE;UALZ,CADO;QAFG;MADd,CAF+B;MAgBvCwB,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAxB;IAhBiC,CAA9B,CAAb;IAmBA,MAAMC,MAAM,GAAGC,gCAAgC,CAAChF,GAAD,EAAMe,MAAM,CAACoB,MAAb,CAA/C;IAEAnC,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQQ,oBAAxB,EAA8C;MAC1CnF,IAAI,EAAG,GAAEyE,QAAS,gCADwB;MAE1CxE,MAAM,EAAE;QACJyE,IAAI,EAAEA,IAAI,CAACrC,MADP;QAEJ+C,SAAS,EAAEH,MAAM,CAAC5C,MAAP,CAAcyB;MAFrB;IAFkC,CAA9C,EA9HqC,CAsIrC;;IACA,IAAIjD,GAAJ,EAAS;MACLX,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQQ,oBAAxB,EAA8C;QAC1CnF,IAAI,EAAG,GAAEyE,QAAS,kCADwB;QAE1CxE,MAAM,EAAE;UACJyE,IAAI,EAAEA,IAAI,CAACrC,MADP;UAEJ+C,SAAS,EAAE7D,GAAG,CAACoD,GAAJ,CAAQU,aAAR,CAAsBC;QAF7B;MAFkC,CAA9C;IAOH,CARD,MAQO;MACHpF,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQQ,oBAAxB,EAA8C;QAC1CnF,IAAI,EAAG,GAAEyE,QAAS,8BADwB;QAE1CxE,MAAM,EAAE;UACJyE,IAAI,EAAEA,IAAI,CAACrC,MADP;UAEJ+C,SAAS,EAAE7D,GAAG,CAACoD,GAAJ,CAAQU,aAAR,CAAsBE;QAF7B;MAFkC,CAA9C;IAOH;;IAEDrF,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQQ,oBAAxB,EAA8C;MAC1CnF,IAAI,EAAG,GAAEyE,QAAS,iCADwB;MAE1CxE,MAAM,EAAE;QACJyE,IAAI,EAAEA,IAAI,CAACrC,MADP;QAEJ+C,SAAS,EAAE7D,GAAG,CAACoD,GAAJ,CAAQU,aAAR,CAAsBG;MAF7B;IAFkC,CAA9C;IAQA;AACR;AACA;AACA;AACA;AACA;;IACQ,MAAMC,MAAM,GAAGvF,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACkE,MAAJ,CAAWC,QAA3B,EAAqC;MAChD1F,IAAI,EAAE,mBAD0C;MAEhDC,MAAM,EAAE;QACJyE,IAAI,EAAEA,IAAI,CAACrC,MAAL,CAAYyB,GADd;QAEJ6B,OAAO,EAAE,YAFL;QAGJC,OAAO,EAAE,iBAHL;QAIJC,OAAO,EAAE,GAJL;QAKJC,UAAU,EAAE,GALR;QAMJC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE5E,MAAM,CAACF,OAAO,CAACP,GAAR,CAAYqF,KAAb,CADN;YAEPC,uBAAuB,EAAEjF,MAAM,CAACoB,MAAP,CAAc8D;UAFhC;QADF,CANT;QAYJC,WAAW,EAAE,0BAZT;QAaJC,IAAI,EAAE,IAAIzC,MAAM,CAAC0C,KAAP,CAAaC,YAAjB,CAA8B;UAChC,KAAK,IAAI3C,MAAM,CAAC0C,KAAP,CAAaE,WAAjB,CACDC,aAAA,CAAKC,IAAL,CAAUxG,GAAG,CAACyG,KAAJ,CAAUC,SAApB,EAA+B,uBAA/B,CADC;QAD2B,CAA9B,CAbF;QAkBJC,SAAS,EAAEhG,GAAG,GACR;UACImB,SAAS,EAAEnB,GAAG,CAACoB,OAAJ,CAAYC,OAAZ,CAAoBC,GAApB,CAAwBC,CAAC,IAAIA,CAAC,CAACC,MAAF,CAASC,EAAtC,CADf;UAEIC,gBAAgB,EAAE,CAAC1B,GAAG,CAACA,GAAJ,CAAQwB,MAAR,CAAeG,sBAAhB;QAFtB,CADQ,GAKRC;MAvBF;IAFwC,CAArC,CAAf;IA6BA,MAAMqE,kBAAkB,GAAG5G,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACkE,MAAJ,CAAWsB,kBAA3B,EAA+C;MACtE/G,IAAI,EAAE,mBADgE;MAEtEC,MAAM,EAAE;QACJ+G,cAAc,EAAEjD,KAAK,CAAC1B,MAAN,CAAa4E,SADzB;QAEJC,YAAY,EAAEzB,MAAM,CAACpD,MAAP,CAAcyB,GAFxB;QAGJqD,gBAAgB,EAAE,QAHd;QAIJC,oBAAoB,EAAE,CAJlB;QAKJC,SAAS,EAAE,IALP;QAMJC,8BAA8B,EAAE;MAN5B;IAF8D,CAA/C,CAA3B;IAYApH,GAAG,CAACqH,UAAJ,CAAe;MACXC,sBAAsB,EAAEvG,MAAM,CAACoB,MAAP,CAAcyB,GAD3B;MAEX2D,2BAA2B,EAAExG,MAAM,CAACoB,MAAP,CAAc8D,QAFhC;MAGXuB,6BAA6B,EAAE3D,KAAK,CAAC1B,MAAN,CAAayB,GAHjC;MAIX6D,8BAA8B,EAAE5D,KAAK,CAAC1B,MAAN,CAAarC;IAJlC,CAAf;IAOA,OAAO;MACHiB,MADG;MAEHC,YAFG;MAGH6C,KAHG;MAIH6D,eAAe,EAAE;QACblD,IADa;QAEbO,MAFa;QAGbQ,MAHa;QAIbqB;MAJa;IAJd,CAAP;EAWH;;AApOwC,CAAhB,CAAtB;;;AAuOP,SAAS5B,gCAAT,CACIhF,GADJ,EAEIe,MAFJ,EAGE;EACE,OAAOf,GAAG,CAACyB,WAAJ,CAAgBJ,GAAG,CAACoD,GAAJ,CAAQkD,MAAxB,EAAgC;IACnC7H,IAAI,EAAE,uCAD6B;IAEnCC,MAAM,EAAE;MACJmG,WAAW,EAAE,uDADT;MAEJnB,MAAM,EAAE;QACJ5B,OAAO,EAAE,YADL;QAEJC,SAAS,EAAE,CACP;UACIwE,GAAG,EAAE,iBADT;UAEIvE,MAAM,EAAE,OAFZ;UAGIG,MAAM,EAAE,CACJ,iBADI,EAEJ,gBAFI,EAGJ,eAHI,EAIJ,cAJI,CAHZ;UASIC,QAAQ,EAAE,CACNC,MAAM,CAACC,WAAY,GAAE5C,MAAM,CAAC6C,GAAI,EAD1B,EAENF,MAAM,CAACC,WAAY,GAAE5C,MAAM,CAAC6C,GAAI,IAF1B;QATd,CADO;MAFP;IAFJ;EAF2B,CAAhC,CAAP;AAyBH"}
package/apps/core/CoreVpc.d.ts CHANGED
@@ -6,4 +6,8 @@ export declare const CoreVpc: import("@webiny/pulumi").PulumiAppModuleDefinition
6
6
  public: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/subnet").Subnet>[];
7
7
  private: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/subnet").Subnet>[];
8
8
  };
9
+ routeTables: {
10
+ privateSubnets: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/routeTable").RouteTable>;
11
+ publicSubnets: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/routeTable").RouteTable>;
12
+ };
9
13
  }, void>;
package/apps/core/CoreVpc.js CHANGED
@@ -128,6 +128,10 @@ const CoreVpc = (0, _pulumi.createAppModule)({
128
128
  public: [publicSubnet],
129
129
  private: [privateSubnet1, privateSubnet2]
130
130
  };
131
+ const routeTables = {
132
+ privateSubnets: privateSubnetRouteTable,
133
+ publicSubnets: publicSubnetRouteTable
134
+ };
131
135
  app.addOutputs({
132
136
  vpcPublicSubnetIds: subnets.public.map(subNet => subNet.output.id),
133
137
  vpcPrivateSubnetIds: subnets.private.map(subNet => subNet.output.id),
@@ -135,7 +139,8 @@ const CoreVpc = (0, _pulumi.createAppModule)({
135
139
  });
136
140
  return {
137
141
  vpc,
138
- subnets
142
+ subnets,
143
+ routeTables
139
144
  };
140
145
  }
141
146
 
package/apps/core/CoreVpc.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["CoreVpc","createAppModule","name","config","app","vpc","addResource","aws","ec2","Vpc","cidrBlock","publicSubnet","Subnet","vpcId","output","id","tags","Name","availabilityZones","addHandler","getAvailabilityZones","state","privateSubnet1","availabilityZone","apply","zone","names","privateSubnet2","internetGateway","InternetGateway","elasticIpAllocation","Eip","natGateway","NatGateway","allocationId","subnetId","publicSubnetRouteTable","RouteTable","routes","gatewayId","privateSubnetRouteTable","natGatewayId","RouteTableAssociation","routeTableId","subnets","public","private","addOutputs","vpcPublicSubnetIds","map","subNet","vpcPrivateSubnetIds","vpcSecurityGroupIds","defaultSecurityGroupId"],"sources":["CoreVpc.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type CoreVpc = PulumiAppModule<typeof CoreVpc>;\n\nexport const CoreVpc = createAppModule({\n name: \"CoreVpc\",\n config(app) {\n // Create VPC.\n const vpc = app.addResource(aws.ec2.Vpc, {\n name: \"webiny\",\n config: {\n cidrBlock: \"10.0.0.0/16\"\n }\n });\n\n // Create one public and two private subnets.\n const publicSubnet = app.addResource(aws.ec2.Subnet, {\n name: \"public\",\n config: {\n vpcId: vpc.output.id,\n cidrBlock: \"10.0.0.0/24\",\n tags: { Name: \"public-subnet\" }\n }\n });\n\n const availabilityZones = app.addHandler(() => {\n return aws.getAvailabilityZones({\n state: \"available\"\n });\n });\n\n const privateSubnet1 = app.addResource(aws.ec2.Subnet, {\n name: \"private-subnet-1\",\n config: {\n vpcId: vpc.output.id,\n cidrBlock: \"10.0.1.0/24\",\n availabilityZone: availabilityZones.apply(zone => zone.names[0]),\n tags: { Name: \"private-subnet-1\" }\n }\n });\n\n const privateSubnet2 = app.addResource(aws.ec2.Subnet, {\n name: \"private-subnet-2\",\n config: {\n vpcId: vpc.output.id,\n cidrBlock: \"10.0.2.0/24\",\n availabilityZone: availabilityZones.apply(zone => zone.names[1]),\n tags: { Name: \"private-subnet-2\" }\n }\n });\n\n // Create Internet gateway.\n const internetGateway = app.addResource(aws.ec2.InternetGateway, {\n name: \"internet-gateway\",\n config: {\n vpcId: vpc.output.id\n }\n });\n\n // Create NAT gateway.\n const elasticIpAllocation = app.addResource(aws.ec2.Eip, {\n name: \"nat-gateway-elastic-ip\",\n config: {\n vpc: true\n }\n });\n\n const natGateway = app.addResource(aws.ec2.NatGateway, {\n name: \"nat-gateway\",\n config: {\n allocationId: elasticIpAllocation.output.id,\n subnetId: publicSubnet.output.id\n }\n });\n\n // Create a route table for both subnets.\n const publicSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {\n name: \"public\",\n config: {\n vpcId: vpc.output.id,\n routes: [\n {\n cidrBlock: \"0.0.0.0/0\",\n gatewayId: internetGateway.output.id\n }\n ]\n }\n });\n\n const privateSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {\n name: \"private\",\n config: {\n vpcId: vpc.output.id,\n routes: [\n {\n cidrBlock: \"0.0.0.0/0\",\n natGatewayId: natGateway.output.id\n }\n ]\n }\n });\n\n // Create route table associations - links between subnets and route tables.\n app.addResource(aws.ec2.RouteTableAssociation, {\n name: \"public-subnet-route-table-association\",\n config: {\n subnetId: publicSubnet.output.id,\n routeTableId: publicSubnetRouteTable.output.id\n }\n });\n\n app.addResource(aws.ec2.RouteTableAssociation, {\n name: \"private-subnet-1-route-table-association\",\n config: {\n subnetId: privateSubnet1.output.id,\n routeTableId: privateSubnetRouteTable.output.id\n }\n });\n\n app.addResource(aws.ec2.RouteTableAssociation, {\n name: \"private-subnet-2-route-table-association\",\n config: {\n subnetId: privateSubnet2.output.id,\n routeTableId: privateSubnetRouteTable.output.id\n }\n });\n\n const subnets = {\n public: [publicSubnet],\n private: [privateSubnet1, privateSubnet2]\n };\n\n app.addOutputs({\n vpcPublicSubnetIds: subnets.public.map(subNet => subNet.output.id),\n vpcPrivateSubnetIds: subnets.private.map(subNet => subNet.output.id),\n vpcSecurityGroupIds: [vpc.output.defaultSecurityGroupId]\n });\n\n return {\n vpc,\n subnets\n };\n }\n});\n"],"mappings":";;;;;;;;;AAAA;;AACA;;AAIO,MAAMA,OAAO,GAAG,IAAAC,uBAAA,EAAgB;EACnCC,IAAI,EAAE,SAD6B;;EAEnCC,MAAM,CAACC,GAAD,EAAM;IACR;IACA,MAAMC,GAAG,GAAGD,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQC,GAAxB,EAA6B;MACrCP,IAAI,EAAE,QAD+B;MAErCC,MAAM,EAAE;QACJO,SAAS,EAAE;MADP;IAF6B,CAA7B,CAAZ,CAFQ,CASR;;IACA,MAAMC,YAAY,GAAGP,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQI,MAAxB,EAAgC;MACjDV,IAAI,EAAE,QAD2C;MAEjDC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJL,SAAS,EAAE,aAFP;QAGJM,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAR;MAHF;IAFyC,CAAhC,CAArB;IASA,MAAMC,iBAAiB,GAAGd,GAAG,CAACe,UAAJ,CAAe,MAAM;MAC3C,OAAOZ,GAAG,CAACa,oBAAJ,CAAyB;QAC5BC,KAAK,EAAE;MADqB,CAAzB,CAAP;IAGH,CAJyB,CAA1B;IAMA,MAAMC,cAAc,GAAGlB,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQI,MAAxB,EAAgC;MACnDV,IAAI,EAAE,kBAD6C;MAEnDC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJL,SAAS,EAAE,aAFP;QAGJa,gBAAgB,EAAEL,iBAAiB,CAACM,KAAlB,CAAwBC,IAAI,IAAIA,IAAI,CAACC,KAAL,CAAW,CAAX,CAAhC,CAHd;QAIJV,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAR;MAJF;IAF2C,CAAhC,CAAvB;IAUA,MAAMU,cAAc,GAAGvB,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQI,MAAxB,EAAgC;MACnDV,IAAI,EAAE,kBAD6C;MAEnDC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJL,SAAS,EAAE,aAFP;QAGJa,gBAAgB,EAAEL,iBAAiB,CAACM,KAAlB,CAAwBC,IAAI,IAAIA,IAAI,CAACC,KAAL,CAAW,CAAX,CAAhC,CAHd;QAIJV,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAR;MAJF;IAF2C,CAAhC,CAAvB,CAnCQ,CA6CR;;IACA,MAAMW,eAAe,GAAGxB,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQqB,eAAxB,EAAyC;MAC7D3B,IAAI,EAAE,kBADuD;MAE7DC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC;MADd;IAFqD,CAAzC,CAAxB,CA9CQ,CAqDR;;IACA,MAAMe,mBAAmB,GAAG1B,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQuB,GAAxB,EAA6B;MACrD7B,IAAI,EAAE,wBAD+C;MAErDC,MAAM,EAAE;QACJE,GAAG,EAAE;MADD;IAF6C,CAA7B,CAA5B;IAOA,MAAM2B,UAAU,GAAG5B,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQyB,UAAxB,EAAoC;MACnD/B,IAAI,EAAE,aAD6C;MAEnDC,MAAM,EAAE;QACJ+B,YAAY,EAAEJ,mBAAmB,CAAChB,MAApB,CAA2BC,EADrC;QAEJoB,QAAQ,EAAExB,YAAY,CAACG,MAAb,CAAoBC;MAF1B;IAF2C,CAApC,CAAnB,CA7DQ,CAqER;;IACA,MAAMqB,sBAAsB,GAAGhC,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQ6B,UAAxB,EAAoC;MAC/DnC,IAAI,EAAE,QADyD;MAE/DC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJuB,MAAM,EAAE,CACJ;UACI5B,SAAS,EAAE,WADf;UAEI6B,SAAS,EAAEX,eAAe,CAACd,MAAhB,CAAuBC;QAFtC,CADI;MAFJ;IAFuD,CAApC,CAA/B;IAaA,MAAMyB,uBAAuB,GAAGpC,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQ6B,UAAxB,EAAoC;MAChEnC,IAAI,EAAE,SAD0D;MAEhEC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJuB,MAAM,EAAE,CACJ;UACI5B,SAAS,EAAE,WADf;UAEI+B,YAAY,EAAET,UAAU,CAAClB,MAAX,CAAkBC;QAFpC,CADI;MAFJ;IAFwD,CAApC,CAAhC,CAnFQ,CAgGR;;IACAX,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQkC,qBAAxB,EAA+C;MAC3CxC,IAAI,EAAE,uCADqC;MAE3CC,MAAM,EAAE;QACJgC,QAAQ,EAAExB,YAAY,CAACG,MAAb,CAAoBC,EAD1B;QAEJ4B,YAAY,EAAEP,sBAAsB,CAACtB,MAAvB,CAA8BC;MAFxC;IAFmC,CAA/C;IAQAX,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQkC,qBAAxB,EAA+C;MAC3CxC,IAAI,EAAE,0CADqC;MAE3CC,MAAM,EAAE;QACJgC,QAAQ,EAAEb,cAAc,CAACR,MAAf,CAAsBC,EAD5B;QAEJ4B,YAAY,EAAEH,uBAAuB,CAAC1B,MAAxB,CAA+BC;MAFzC;IAFmC,CAA/C;IAQAX,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQkC,qBAAxB,EAA+C;MAC3CxC,IAAI,EAAE,0CADqC;MAE3CC,MAAM,EAAE;QACJgC,QAAQ,EAAER,cAAc,CAACb,MAAf,CAAsBC,EAD5B;QAEJ4B,YAAY,EAAEH,uBAAuB,CAAC1B,MAAxB,CAA+BC;MAFzC;IAFmC,CAA/C;IAQA,MAAM6B,OAAO,GAAG;MACZC,MAAM,EAAE,CAAClC,YAAD,CADI;MAEZmC,OAAO,EAAE,CAACxB,cAAD,EAAiBK,cAAjB;IAFG,CAAhB;IAKAvB,GAAG,CAAC2C,UAAJ,CAAe;MACXC,kBAAkB,EAAEJ,OAAO,CAACC,MAAR,CAAeI,GAAf,CAAmBC,MAAM,IAAIA,MAAM,CAACpC,MAAP,CAAcC,EAA3C,CADT;MAEXoC,mBAAmB,EAAEP,OAAO,CAACE,OAAR,CAAgBG,GAAhB,CAAoBC,MAAM,IAAIA,MAAM,CAACpC,MAAP,CAAcC,EAA5C,CAFV;MAGXqC,mBAAmB,EAAE,CAAC/C,GAAG,CAACS,MAAJ,CAAWuC,sBAAZ;IAHV,CAAf;IAMA,OAAO;MACHhD,GADG;MAEHuC;IAFG,CAAP;EAIH;;AA1IkC,CAAhB,CAAhB"}
1
+ {"version":3,"names":["CoreVpc","createAppModule","name","config","app","vpc","addResource","aws","ec2","Vpc","cidrBlock","publicSubnet","Subnet","vpcId","output","id","tags","Name","availabilityZones","addHandler","getAvailabilityZones","state","privateSubnet1","availabilityZone","apply","zone","names","privateSubnet2","internetGateway","InternetGateway","elasticIpAllocation","Eip","natGateway","NatGateway","allocationId","subnetId","publicSubnetRouteTable","RouteTable","routes","gatewayId","privateSubnetRouteTable","natGatewayId","RouteTableAssociation","routeTableId","subnets","public","private","routeTables","privateSubnets","publicSubnets","addOutputs","vpcPublicSubnetIds","map","subNet","vpcPrivateSubnetIds","vpcSecurityGroupIds","defaultSecurityGroupId"],"sources":["CoreVpc.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport { createAppModule, PulumiAppModule } from \"@webiny/pulumi\";\n\nexport type CoreVpc = PulumiAppModule<typeof CoreVpc>;\n\nexport const CoreVpc = createAppModule({\n name: \"CoreVpc\",\n config(app) {\n // Create VPC.\n const vpc = app.addResource(aws.ec2.Vpc, {\n name: \"webiny\",\n config: {\n cidrBlock: \"10.0.0.0/16\"\n }\n });\n\n // Create one public and two private subnets.\n const publicSubnet = app.addResource(aws.ec2.Subnet, {\n name: \"public\",\n config: {\n vpcId: vpc.output.id,\n cidrBlock: \"10.0.0.0/24\",\n tags: { Name: \"public-subnet\" }\n }\n });\n\n const availabilityZones = app.addHandler(() => {\n return aws.getAvailabilityZones({\n state: \"available\"\n });\n });\n\n const privateSubnet1 = app.addResource(aws.ec2.Subnet, {\n name: \"private-subnet-1\",\n config: {\n vpcId: vpc.output.id,\n cidrBlock: \"10.0.1.0/24\",\n availabilityZone: availabilityZones.apply(zone => zone.names[0]),\n tags: { Name: \"private-subnet-1\" }\n }\n });\n\n const privateSubnet2 = app.addResource(aws.ec2.Subnet, {\n name: \"private-subnet-2\",\n config: {\n vpcId: vpc.output.id,\n cidrBlock: \"10.0.2.0/24\",\n availabilityZone: availabilityZones.apply(zone => zone.names[1]),\n tags: { Name: \"private-subnet-2\" }\n }\n });\n\n // Create Internet gateway.\n const internetGateway = app.addResource(aws.ec2.InternetGateway, {\n name: \"internet-gateway\",\n config: {\n vpcId: vpc.output.id\n }\n });\n\n // Create NAT gateway.\n const elasticIpAllocation = app.addResource(aws.ec2.Eip, {\n name: \"nat-gateway-elastic-ip\",\n config: {\n vpc: true\n }\n });\n\n const natGateway = app.addResource(aws.ec2.NatGateway, {\n name: \"nat-gateway\",\n config: {\n allocationId: elasticIpAllocation.output.id,\n subnetId: publicSubnet.output.id\n }\n });\n\n // Create a route table for both subnets.\n const publicSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {\n name: \"public\",\n config: {\n vpcId: vpc.output.id,\n routes: [\n {\n cidrBlock: \"0.0.0.0/0\",\n gatewayId: internetGateway.output.id\n }\n ]\n }\n });\n\n const privateSubnetRouteTable = app.addResource(aws.ec2.RouteTable, {\n name: \"private\",\n config: {\n vpcId: vpc.output.id,\n routes: [\n {\n cidrBlock: \"0.0.0.0/0\",\n natGatewayId: natGateway.output.id\n }\n ]\n }\n });\n\n // Create route table associations - links between subnets and route tables.\n app.addResource(aws.ec2.RouteTableAssociation, {\n name: \"public-subnet-route-table-association\",\n config: {\n subnetId: publicSubnet.output.id,\n routeTableId: publicSubnetRouteTable.output.id\n }\n });\n\n app.addResource(aws.ec2.RouteTableAssociation, {\n name: \"private-subnet-1-route-table-association\",\n config: {\n subnetId: privateSubnet1.output.id,\n routeTableId: privateSubnetRouteTable.output.id\n }\n });\n\n app.addResource(aws.ec2.RouteTableAssociation, {\n name: \"private-subnet-2-route-table-association\",\n config: {\n subnetId: privateSubnet2.output.id,\n routeTableId: privateSubnetRouteTable.output.id\n }\n });\n\n const subnets = {\n public: [publicSubnet],\n private: [privateSubnet1, privateSubnet2]\n };\n\n const routeTables = {\n privateSubnets: privateSubnetRouteTable,\n publicSubnets: publicSubnetRouteTable\n };\n\n app.addOutputs({\n vpcPublicSubnetIds: subnets.public.map(subNet => subNet.output.id),\n vpcPrivateSubnetIds: subnets.private.map(subNet => subNet.output.id),\n vpcSecurityGroupIds: [vpc.output.defaultSecurityGroupId]\n });\n\n return {\n vpc,\n subnets,\n routeTables\n };\n }\n});\n"],"mappings":";;;;;;;;;AAAA;;AACA;;AAIO,MAAMA,OAAO,GAAG,IAAAC,uBAAA,EAAgB;EACnCC,IAAI,EAAE,SAD6B;;EAEnCC,MAAM,CAACC,GAAD,EAAM;IACR;IACA,MAAMC,GAAG,GAAGD,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQC,GAAxB,EAA6B;MACrCP,IAAI,EAAE,QAD+B;MAErCC,MAAM,EAAE;QACJO,SAAS,EAAE;MADP;IAF6B,CAA7B,CAAZ,CAFQ,CASR;;IACA,MAAMC,YAAY,GAAGP,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQI,MAAxB,EAAgC;MACjDV,IAAI,EAAE,QAD2C;MAEjDC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJL,SAAS,EAAE,aAFP;QAGJM,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAR;MAHF;IAFyC,CAAhC,CAArB;IASA,MAAMC,iBAAiB,GAAGd,GAAG,CAACe,UAAJ,CAAe,MAAM;MAC3C,OAAOZ,GAAG,CAACa,oBAAJ,CAAyB;QAC5BC,KAAK,EAAE;MADqB,CAAzB,CAAP;IAGH,CAJyB,CAA1B;IAMA,MAAMC,cAAc,GAAGlB,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQI,MAAxB,EAAgC;MACnDV,IAAI,EAAE,kBAD6C;MAEnDC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJL,SAAS,EAAE,aAFP;QAGJa,gBAAgB,EAAEL,iBAAiB,CAACM,KAAlB,CAAwBC,IAAI,IAAIA,IAAI,CAACC,KAAL,CAAW,CAAX,CAAhC,CAHd;QAIJV,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAR;MAJF;IAF2C,CAAhC,CAAvB;IAUA,MAAMU,cAAc,GAAGvB,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQI,MAAxB,EAAgC;MACnDV,IAAI,EAAE,kBAD6C;MAEnDC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJL,SAAS,EAAE,aAFP;QAGJa,gBAAgB,EAAEL,iBAAiB,CAACM,KAAlB,CAAwBC,IAAI,IAAIA,IAAI,CAACC,KAAL,CAAW,CAAX,CAAhC,CAHd;QAIJV,IAAI,EAAE;UAAEC,IAAI,EAAE;QAAR;MAJF;IAF2C,CAAhC,CAAvB,CAnCQ,CA6CR;;IACA,MAAMW,eAAe,GAAGxB,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQqB,eAAxB,EAAyC;MAC7D3B,IAAI,EAAE,kBADuD;MAE7DC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC;MADd;IAFqD,CAAzC,CAAxB,CA9CQ,CAqDR;;IACA,MAAMe,mBAAmB,GAAG1B,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQuB,GAAxB,EAA6B;MACrD7B,IAAI,EAAE,wBAD+C;MAErDC,MAAM,EAAE;QACJE,GAAG,EAAE;MADD;IAF6C,CAA7B,CAA5B;IAOA,MAAM2B,UAAU,GAAG5B,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQyB,UAAxB,EAAoC;MACnD/B,IAAI,EAAE,aAD6C;MAEnDC,MAAM,EAAE;QACJ+B,YAAY,EAAEJ,mBAAmB,CAAChB,MAApB,CAA2BC,EADrC;QAEJoB,QAAQ,EAAExB,YAAY,CAACG,MAAb,CAAoBC;MAF1B;IAF2C,CAApC,CAAnB,CA7DQ,CAqER;;IACA,MAAMqB,sBAAsB,GAAGhC,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQ6B,UAAxB,EAAoC;MAC/DnC,IAAI,EAAE,QADyD;MAE/DC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJuB,MAAM,EAAE,CACJ;UACI5B,SAAS,EAAE,WADf;UAEI6B,SAAS,EAAEX,eAAe,CAACd,MAAhB,CAAuBC;QAFtC,CADI;MAFJ;IAFuD,CAApC,CAA/B;IAaA,MAAMyB,uBAAuB,GAAGpC,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQ6B,UAAxB,EAAoC;MAChEnC,IAAI,EAAE,SAD0D;MAEhEC,MAAM,EAAE;QACJU,KAAK,EAAER,GAAG,CAACS,MAAJ,CAAWC,EADd;QAEJuB,MAAM,EAAE,CACJ;UACI5B,SAAS,EAAE,WADf;UAEI+B,YAAY,EAAET,UAAU,CAAClB,MAAX,CAAkBC;QAFpC,CADI;MAFJ;IAFwD,CAApC,CAAhC,CAnFQ,CAgGR;;IACAX,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQkC,qBAAxB,EAA+C;MAC3CxC,IAAI,EAAE,uCADqC;MAE3CC,MAAM,EAAE;QACJgC,QAAQ,EAAExB,YAAY,CAACG,MAAb,CAAoBC,EAD1B;QAEJ4B,YAAY,EAAEP,sBAAsB,CAACtB,MAAvB,CAA8BC;MAFxC;IAFmC,CAA/C;IAQAX,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQkC,qBAAxB,EAA+C;MAC3CxC,IAAI,EAAE,0CADqC;MAE3CC,MAAM,EAAE;QACJgC,QAAQ,EAAEb,cAAc,CAACR,MAAf,CAAsBC,EAD5B;QAEJ4B,YAAY,EAAEH,uBAAuB,CAAC1B,MAAxB,CAA+BC;MAFzC;IAFmC,CAA/C;IAQAX,GAAG,CAACE,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQkC,qBAAxB,EAA+C;MAC3CxC,IAAI,EAAE,0CADqC;MAE3CC,MAAM,EAAE;QACJgC,QAAQ,EAAER,cAAc,CAACb,MAAf,CAAsBC,EAD5B;QAEJ4B,YAAY,EAAEH,uBAAuB,CAAC1B,MAAxB,CAA+BC;MAFzC;IAFmC,CAA/C;IAQA,MAAM6B,OAAO,GAAG;MACZC,MAAM,EAAE,CAAClC,YAAD,CADI;MAEZmC,OAAO,EAAE,CAACxB,cAAD,EAAiBK,cAAjB;IAFG,CAAhB;IAKA,MAAMoB,WAAW,GAAG;MAChBC,cAAc,EAAER,uBADA;MAEhBS,aAAa,EAAEb;IAFC,CAApB;IAKAhC,GAAG,CAAC8C,UAAJ,CAAe;MACXC,kBAAkB,EAAEP,OAAO,CAACC,MAAR,CAAeO,GAAf,CAAmBC,MAAM,IAAIA,MAAM,CAACvC,MAAP,CAAcC,EAA3C,CADT;MAEXuC,mBAAmB,EAAEV,OAAO,CAACE,OAAR,CAAgBM,GAAhB,CAAoBC,MAAM,IAAIA,MAAM,CAACvC,MAAP,CAAcC,EAA5C,CAFV;MAGXwC,mBAAmB,EAAE,CAAClD,GAAG,CAACS,MAAJ,CAAW0C,sBAAZ;IAHV,CAAf;IAMA,OAAO;MACHnD,GADG;MAEHuC,OAFG;MAGHG;IAHG,CAAP;EAKH;;AAhJkC,CAAhB,CAAhB"}
package/apps/core/createCorePulumiApp.d.ts CHANGED
@@ -62,5 +62,9 @@ export declare function createCorePulumiApp(projectAppParams?: CreateCorePulumiA
62
62
  public: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/subnet").Subnet>[];
63
63
  private: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/subnet").Subnet>[];
64
64
  };
65
+ routeTables: {
66
+ privateSubnets: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/routeTable").RouteTable>;
67
+ publicSubnets: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/routeTable").RouteTable>;
68
+ };
65
69
  } | null;
66
70
  }>;
package/apps/lambdaUtils.js CHANGED
@@ -42,6 +42,9 @@ function createLambdaRole(app, params) {
42
42
  Effect: "Allow"
43
43
  }]
44
44
  }
45
+ },
46
+ meta: {
47
+ isLambdaFunctionRole: true
45
48
  }
46
49
  });
47
50
 
package/apps/lambdaUtils.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["createLambdaRole","app","params","role","addResource","aws","iam","Role","name","config","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","policy","RolePolicyAttachment","output","policyArn","arn","executionRole","vpc","getModule","VpcConfig","enabled","apply","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole"],"sources":["lambdaUtils.ts"],"sourcesContent":["import * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { PulumiApp } from \"@webiny/pulumi\";\nexport * from \"../utils/lambdaEnvVariables\";\n\nimport { VpcConfig } from \"./common\";\n\ninterface LambdaRoleParams {\n name: string;\n policy?: pulumi.Output<aws.iam.Policy>;\n executionRole?: pulumi.Input<string>;\n}\n\nexport function createLambdaRole(app: PulumiApp, params: LambdaRoleParams) {\n const role = app.addResource(aws.iam.Role, {\n name: params.name,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n }\n });\n\n if (params.policy) {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${params.name}-policy`,\n config: {\n role: role.output,\n policyArn: params.policy.arn\n }\n });\n }\n\n if (params.executionRole) {\n // If execution role is set, use it.\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${params.name}-execution-role`,\n config: {\n role: role.output,\n policyArn: params.executionRole\n }\n });\n }\n\n // Add default execution role.\n const vpc = app.getModule(VpcConfig);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${params.name}-default-execution-role`,\n config: {\n role: role.output,\n policyArn: vpc.enabled.apply(enabled =>\n enabled\n ? aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n : aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n )\n }\n });\n\n return role;\n}\n"],"mappings":";;;;;;;;;;;;AACA;;AAEA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AAEA;;AAQO,SAASA,gBAAT,CAA0BC,GAA1B,EAA0CC,MAA1C,EAAoE;EACvE,MAAMC,IAAI,GAAGF,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQC,IAAxB,EAA8B;IACvCC,IAAI,EAAEN,MAAM,CAACM,IAD0B;IAEvCC,MAAM,EAAE;MACJC,gBAAgB,EAAE;QACdC,OAAO,EAAE,YADK;QAEdC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBADZ;UAEIC,SAAS,EAAE;YACPC,OAAO,EAAE;UADF,CAFf;UAKIC,MAAM,EAAE;QALZ,CADO;MAFG;IADd;EAF+B,CAA9B,CAAb;;EAkBA,IAAId,MAAM,CAACe,MAAX,EAAmB;IACfhB,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQY,oBAAxB,EAA8C;MAC1CV,IAAI,EAAG,GAAEN,MAAM,CAACM,IAAK,SADqB;MAE1CC,MAAM,EAAE;QACJN,IAAI,EAAEA,IAAI,CAACgB,MADP;QAEJC,SAAS,EAAElB,MAAM,CAACe,MAAP,CAAcI;MAFrB;IAFkC,CAA9C;EAOH;;EAED,IAAInB,MAAM,CAACoB,aAAX,EAA0B;IACtB;IACArB,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQY,oBAAxB,EAA8C;MAC1CV,IAAI,EAAG,GAAEN,MAAM,CAACM,IAAK,iBADqB;MAE1CC,MAAM,EAAE;QACJN,IAAI,EAAEA,IAAI,CAACgB,MADP;QAEJC,SAAS,EAAElB,MAAM,CAACoB;MAFd;IAFkC,CAA9C;EAOH,CAtCsE,CAwCvE;;;EACA,MAAMC,GAAG,GAAGtB,GAAG,CAACuB,SAAJ,CAAcC,iBAAd,CAAZ;EAEAxB,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQY,oBAAxB,EAA8C;IAC1CV,IAAI,EAAG,GAAEN,MAAM,CAACM,IAAK,yBADqB;IAE1CC,MAAM,EAAE;MACJN,IAAI,EAAEA,IAAI,CAACgB,MADP;MAEJC,SAAS,EAAEG,GAAG,CAACG,OAAJ,CAAYC,KAAZ,CAAkBD,OAAO,IAChCA,OAAO,GACDrB,GAAG,CAACC,GAAJ,CAAQsB,aAAR,CAAsBC,+BADrB,GAEDxB,GAAG,CAACC,GAAJ,CAAQsB,aAAR,CAAsBE,2BAHrB;IAFP;EAFkC,CAA9C;EAYA,OAAO3B,IAAP;AACH"}
1
+ {"version":3,"names":["createLambdaRole","app","params","role","addResource","aws","iam","Role","name","config","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","meta","isLambdaFunctionRole","policy","RolePolicyAttachment","output","policyArn","arn","executionRole","vpc","getModule","VpcConfig","enabled","apply","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole"],"sources":["lambdaUtils.ts"],"sourcesContent":["import * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { PulumiApp } from \"@webiny/pulumi\";\n\nexport * from \"../utils/lambdaEnvVariables\";\n\nimport { VpcConfig } from \"./common\";\n\ninterface LambdaRoleParams {\n name: string;\n policy?: pulumi.Output<aws.iam.Policy>;\n executionRole?: pulumi.Input<string>;\n}\n\nexport function createLambdaRole(app: PulumiApp, params: LambdaRoleParams) {\n const role = app.addResource(aws.iam.Role, {\n name: params.name,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n if (params.policy) {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${params.name}-policy`,\n config: {\n role: role.output,\n policyArn: params.policy.arn\n }\n });\n }\n\n if (params.executionRole) {\n // If execution role is set, use it.\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${params.name}-execution-role`,\n config: {\n role: role.output,\n policyArn: params.executionRole\n }\n });\n }\n\n // Add default execution role.\n const vpc = app.getModule(VpcConfig);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${params.name}-default-execution-role`,\n config: {\n role: role.output,\n policyArn: vpc.enabled.apply(enabled =>\n enabled\n ? aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n : aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n )\n }\n });\n\n return role;\n}\n"],"mappings":";;;;;;;;;;;;AACA;;AAGA;;AAAA;EAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AAEA;;AAQO,SAASA,gBAAT,CAA0BC,GAA1B,EAA0CC,MAA1C,EAAoE;EACvE,MAAMC,IAAI,GAAGF,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQC,IAAxB,EAA8B;IACvCC,IAAI,EAAEN,MAAM,CAACM,IAD0B;IAEvCC,MAAM,EAAE;MACJC,gBAAgB,EAAE;QACdC,OAAO,EAAE,YADK;QAEdC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBADZ;UAEIC,SAAS,EAAE;YACPC,OAAO,EAAE;UADF,CAFf;UAKIC,MAAM,EAAE;QALZ,CADO;MAFG;IADd,CAF+B;IAgBvCC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAxB;EAhBiC,CAA9B,CAAb;;EAmBA,IAAIhB,MAAM,CAACiB,MAAX,EAAmB;IACflB,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQc,oBAAxB,EAA8C;MAC1CZ,IAAI,EAAG,GAAEN,MAAM,CAACM,IAAK,SADqB;MAE1CC,MAAM,EAAE;QACJN,IAAI,EAAEA,IAAI,CAACkB,MADP;QAEJC,SAAS,EAAEpB,MAAM,CAACiB,MAAP,CAAcI;MAFrB;IAFkC,CAA9C;EAOH;;EAED,IAAIrB,MAAM,CAACsB,aAAX,EAA0B;IACtB;IACAvB,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQc,oBAAxB,EAA8C;MAC1CZ,IAAI,EAAG,GAAEN,MAAM,CAACM,IAAK,iBADqB;MAE1CC,MAAM,EAAE;QACJN,IAAI,EAAEA,IAAI,CAACkB,MADP;QAEJC,SAAS,EAAEpB,MAAM,CAACsB;MAFd;IAFkC,CAA9C;EAOH,CAvCsE,CAyCvE;;;EACA,MAAMC,GAAG,GAAGxB,GAAG,CAACyB,SAAJ,CAAcC,iBAAd,CAAZ;EAEA1B,GAAG,CAACG,WAAJ,CAAgBC,GAAG,CAACC,GAAJ,CAAQc,oBAAxB,EAA8C;IAC1CZ,IAAI,EAAG,GAAEN,MAAM,CAACM,IAAK,yBADqB;IAE1CC,MAAM,EAAE;MACJN,IAAI,EAAEA,IAAI,CAACkB,MADP;MAEJC,SAAS,EAAEG,GAAG,CAACG,OAAJ,CAAYC,KAAZ,CAAkBD,OAAO,IAChCA,OAAO,GACDvB,GAAG,CAACC,GAAJ,CAAQwB,aAAR,CAAsBC,+BADrB,GAED1B,GAAG,CAACC,GAAJ,CAAQwB,aAAR,CAAsBE,2BAHrB;IAFP;EAFkC,CAA9C;EAYA,OAAO7B,IAAP;AACH"}
package/enterprise/createAdminPulumiApp.d.ts ADDED
@@ -0,0 +1 @@
1
+ export { createAdminPulumiApp, CreateAdminPulumiAppParams, AdminPulumiApp } from "../apps/admin/createAdminPulumiApp";
package/enterprise/createAdminPulumiApp.js ADDED
@@ -0,0 +1,25 @@
1
+ "use strict";
2
+
3
+ Object.defineProperty(exports, "__esModule", {
4
+ value: true
5
+ });
6
+ Object.defineProperty(exports, "AdminPulumiApp", {
7
+ enumerable: true,
8
+ get: function () {
9
+ return _createAdminPulumiApp.AdminPulumiApp;
10
+ }
11
+ });
12
+ Object.defineProperty(exports, "CreateAdminPulumiAppParams", {
13
+ enumerable: true,
14
+ get: function () {
15
+ return _createAdminPulumiApp.CreateAdminPulumiAppParams;
16
+ }
17
+ });
18
+ Object.defineProperty(exports, "createAdminPulumiApp", {
19
+ enumerable: true,
20
+ get: function () {
21
+ return _createAdminPulumiApp.createAdminPulumiApp;
22
+ }
23
+ });
24
+
25
+ var _createAdminPulumiApp = require("../apps/admin/createAdminPulumiApp");
package/enterprise/createAdminPulumiApp.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"names":[],"sources":["createAdminPulumiApp.ts"],"sourcesContent":["// For now, no special enterprise features are available for the Admin app.\n// We're simply reexporting everything from the base Admin Pulumi app.\nexport {\n createAdminPulumiApp,\n CreateAdminPulumiAppParams,\n AdminPulumiApp\n} from \"~/apps/admin/createAdminPulumiApp\";\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAEA"}
package/enterprise/createApiPulumiApp.d.ts ADDED
@@ -0,0 +1,61 @@
1
+ import * as aws from "@pulumi/aws";
2
+ import { CreateApiPulumiAppParams as BaseCreateApiPulumiAppParams } from "../apps/api/createApiPulumiApp";
3
+ export declare type ApiPulumiApp = ReturnType<typeof createApiPulumiApp>;
4
+ export declare type ApiPulumiAppAdvancedVpcParams = Partial<{
5
+ useExistingVpc: {
6
+ lambdaFunctionsVpcConfig: aws.types.input.lambda.FunctionVpcConfig;
7
+ };
8
+ }>;
9
+ export interface CreateApiPulumiAppParams extends Omit<BaseCreateApiPulumiAppParams, "vpc"> {
10
+ vpc?: boolean | ApiPulumiAppAdvancedVpcParams;
11
+ }
12
+ export declare function createApiPulumiApp(projectAppParams?: CreateApiPulumiAppParams): import("@webiny/pulumi").PulumiApp<{
13
+ fileManager: {
14
+ functions: {
15
+ transform: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
16
+ manage: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
17
+ download: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
18
+ };
19
+ bucketNotification: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketNotification").BucketNotification>;
20
+ };
21
+ graphql: {
22
+ role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
23
+ policy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/policy").Policy>;
24
+ functions: {
25
+ graphql: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
26
+ };
27
+ addRoute: (routeParams: import("..").AddRouteParams) => any;
28
+ };
29
+ headlessCms: {
30
+ role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
31
+ policy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/policy").Policy>;
32
+ functions: {
33
+ graphql: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
34
+ };
35
+ };
36
+ apiGateway: {
37
+ api: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/apigatewayv2/api").Api>;
38
+ stage: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/apigatewayv2/stage").Stage>;
39
+ routes: Record<string, {
40
+ integration: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/apigatewayv2/integration").Integration>;
41
+ route: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/apigatewayv2/route").Route>;
42
+ permission: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/permission").Permission>;
43
+ }>;
44
+ addRoute: (name: string, params: import("..").ApiRouteParams) => void;
45
+ };
46
+ cloudfront: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/distribution").Distribution>;
47
+ apwScheduler: {
48
+ executeAction: {
49
+ role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
50
+ policy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/policy").Policy>;
51
+ lambda: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
52
+ };
53
+ scheduleAction: {
54
+ role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
55
+ policy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/policy").Policy>;
56
+ lambda: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
57
+ };
58
+ eventRule: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventRule").EventRule>;
59
+ eventTarget: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventTarget").EventTarget>;
60
+ };
61
+ }> & import("../utils/lambdaEnvVariables").WithCommonLambdaEnvVariables;
package/enterprise/createApiPulumiApp.js ADDED
@@ -0,0 +1,72 @@
1
+ "use strict";
2
+
3
+ var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
4
+
5
+ var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault").default;
6
+
7
+ Object.defineProperty(exports, "__esModule", {
8
+ value: true
9
+ });
10
+ exports.createApiPulumiApp = createApiPulumiApp;
11
+
12
+ var _objectSpread2 = _interopRequireDefault(require("@babel/runtime/helpers/objectSpread2"));
13
+
14
+ var aws = _interopRequireWildcard(require("@pulumi/aws"));
15
+
16
+ var _createApiPulumiApp = require("../apps/api/createApiPulumiApp");
17
+
18
+ var _pulumi = require("@webiny/pulumi");
19
+
20
+ function createApiPulumiApp(projectAppParams = {}) {
21
+ const {
22
+ vpc,
23
+ pulumi
24
+ } = projectAppParams;
25
+ const usingAdvancedVpcParams = vpc && typeof vpc !== "boolean";
26
+ return (0, _createApiPulumiApp.createApiPulumiApp)((0, _objectSpread2.default)((0, _objectSpread2.default)({}, projectAppParams), {}, {
27
+ // If using existing VPC, we ensure `vpc` param is set to `false`.
28
+ vpc: usingAdvancedVpcParams && vpc.useExistingVpc ? false : Boolean(vpc),
29
+
30
+ pulumi(...args) {
31
+ // Not using advanced VPC params? Then immediately exit.
32
+ if (!usingAdvancedVpcParams) {
33
+ return pulumi === null || pulumi === void 0 ? void 0 : pulumi(...args);
34
+ }
35
+
36
+ const [{
37
+ onResource,
38
+ addResource
39
+ }] = args;
40
+ const {
41
+ useExistingVpc
42
+ } = vpc; // 1. We first deal with "existing VPC" setup.
43
+
44
+ if (useExistingVpc) {
45
+ if (!useExistingVpc.lambdaFunctionsVpcConfig) {
46
+ throw new Error("Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.");
47
+ }
48
+
49
+ onResource(resource => {
50
+ if ((0, _pulumi.isResourceOfType)(resource, aws.lambda.Function)) {
51
+ resource.config.vpcConfig(useExistingVpc.lambdaFunctionsVpcConfig);
52
+ }
53
+
54
+ if ((0, _pulumi.isResourceOfType)(resource, aws.iam.Role)) {
55
+ if (resource.meta.isLambdaFunctionRole) {
56
+ addResource(aws.iam.RolePolicyAttachment, {
57
+ name: `${resource.name}-vpc-access-execution-role`,
58
+ config: {
59
+ role: resource.output.name,
60
+ policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole
61
+ }
62
+ });
63
+ }
64
+ }
65
+ });
66
+ }
67
+
68
+ return pulumi === null || pulumi === void 0 ? void 0 : pulumi(...args);
69
+ }
70
+
71
+ }));
72
+ }
package/enterprise/createApiPulumiApp.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"names":["createApiPulumiApp","projectAppParams","vpc","pulumi","usingAdvancedVpcParams","baseCreateApiPulumiApp","useExistingVpc","Boolean","args","onResource","addResource","lambdaFunctionsVpcConfig","Error","resource","isResourceOfType","aws","lambda","Function","config","vpcConfig","iam","Role","meta","isLambdaFunctionRole","RolePolicyAttachment","name","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole"],"sources":["createApiPulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport {\n createApiPulumiApp as baseCreateApiPulumiApp,\n CreateApiPulumiAppParams as BaseCreateApiPulumiAppParams\n} from \"~/apps/api/createApiPulumiApp\";\nimport { isResourceOfType } from \"@webiny/pulumi\";\n\nexport type ApiPulumiApp = ReturnType<typeof createApiPulumiApp>;\n\nexport type ApiPulumiAppAdvancedVpcParams = Partial<{\n useExistingVpc: {\n lambdaFunctionsVpcConfig: aws.types.input.lambda.FunctionVpcConfig;\n };\n}>;\n\nexport interface CreateApiPulumiAppParams extends Omit<BaseCreateApiPulumiAppParams, \"vpc\"> {\n vpc?: boolean | ApiPulumiAppAdvancedVpcParams;\n}\n\nexport function createApiPulumiApp(projectAppParams: CreateApiPulumiAppParams = {}) {\n const { vpc, pulumi } = projectAppParams;\n const usingAdvancedVpcParams = vpc && typeof vpc !== \"boolean\";\n\n return baseCreateApiPulumiApp({\n ...projectAppParams,\n // If using existing VPC, we ensure `vpc` param is set to `false`.\n vpc: usingAdvancedVpcParams && vpc.useExistingVpc ? false : Boolean(vpc),\n pulumi(...args) {\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return pulumi?.(...args);\n }\n\n const [{ onResource, addResource }] = args;\n const { useExistingVpc } = vpc;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n }\n\n return pulumi?.(...args);\n }\n });\n}\n"],"mappings":";;;;;;;;;;;;;AAAA;;AACA;;AAIA;;AAcO,SAASA,kBAAT,CAA4BC,gBAA0C,GAAG,EAAzE,EAA6E;EAChF,MAAM;IAAEC,GAAF;IAAOC;EAAP,IAAkBF,gBAAxB;EACA,MAAMG,sBAAsB,GAAGF,GAAG,IAAI,OAAOA,GAAP,KAAe,SAArD;EAEA,OAAO,IAAAG,sCAAA,8DACAJ,gBADA;IAEH;IACAC,GAAG,EAAEE,sBAAsB,IAAIF,GAAG,CAACI,cAA9B,GAA+C,KAA/C,GAAuDC,OAAO,CAACL,GAAD,CAHhE;;IAIHC,MAAM,CAAC,GAAGK,IAAJ,EAAU;MACZ;MACA,IAAI,CAACJ,sBAAL,EAA6B;QACzB,OAAOD,MAAP,aAAOA,MAAP,uBAAOA,MAAM,CAAG,GAAGK,IAAN,CAAb;MACH;;MAED,MAAM,CAAC;QAAEC,UAAF;QAAcC;MAAd,CAAD,IAAgCF,IAAtC;MACA,MAAM;QAAEF;MAAF,IAAqBJ,GAA3B,CAPY,CASZ;;MACA,IAAII,cAAJ,EAAoB;QAChB,IAAI,CAACA,cAAc,CAACK,wBAApB,EAA8C;UAC1C,MAAM,IAAIC,KAAJ,CACF,6GADE,CAAN;QAGH;;QAEDH,UAAU,CAACI,QAAQ,IAAI;UACnB,IAAI,IAAAC,wBAAA,EAAiBD,QAAjB,EAA2BE,GAAG,CAACC,MAAJ,CAAWC,QAAtC,CAAJ,EAAqD;YACjDJ,QAAQ,CAACK,MAAT,CAAgBC,SAAhB,CAA0Bb,cAAc,CAAEK,wBAA1C;UACH;;UAED,IAAI,IAAAG,wBAAA,EAAiBD,QAAjB,EAA2BE,GAAG,CAACK,GAAJ,CAAQC,IAAnC,CAAJ,EAA8C;YAC1C,IAAIR,QAAQ,CAACS,IAAT,CAAcC,oBAAlB,EAAwC;cACpCb,WAAW,CAACK,GAAG,CAACK,GAAJ,CAAQI,oBAAT,EAA+B;gBACtCC,IAAI,EAAG,GAAEZ,QAAQ,CAACY,IAAK,4BADe;gBAEtCP,MAAM,EAAE;kBACJQ,IAAI,EAAEb,QAAQ,CAACc,MAAT,CAAgBF,IADlB;kBAEJG,SAAS,EAAEb,GAAG,CAACK,GAAJ,CAAQS,aAAR,CAAsBC;gBAF7B;cAF8B,CAA/B,CAAX;YAOH;UACJ;QACJ,CAhBS,CAAV;MAiBH;;MAED,OAAO3B,MAAP,aAAOA,MAAP,uBAAOA,MAAM,CAAG,GAAGK,IAAN,CAAb;IACH;;EAzCE,GAAP;AA2CH"}
package/enterprise/createCorePulumiApp.d.ts ADDED
@@ -0,0 +1,42 @@
1
+ import * as aws from "@pulumi/aws";
2
+ import { CreateCorePulumiAppParams as BaseCreateCorePulumiAppParams } from "../apps/core/createCorePulumiApp";
3
+ export declare type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;
4
+ export declare type CorePulumiAppAdvancedVpcParams = Partial<{
5
+ useVpcEndpoints: boolean;
6
+ useExistingVpc: {
7
+ elasticSearchDomainVpcConfig?: aws.types.input.elasticsearch.DomainVpcOptions;
8
+ lambdaFunctionsVpcConfig: aws.types.input.lambda.FunctionVpcConfig;
9
+ };
10
+ }>;
11
+ export interface CreateCorePulumiAppParams extends Omit<BaseCreateCorePulumiAppParams, "vpc"> {
12
+ vpc?: boolean | CorePulumiAppAdvancedVpcParams;
13
+ }
14
+ export declare function createCorePulumiApp(projectAppParams?: CreateCorePulumiAppParams): import("@webiny/pulumi").PulumiApp<{
15
+ fileManagerBucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
16
+ eventBus: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventBus").EventBus>;
17
+ elasticSearch: {
18
+ domain: import("@webiny/pulumi").PulumiAppResource<import("@webiny/pulumi").PulumiAppResourceConstructor<import("@pulumi/aws/elasticsearch/domain").Domain, any>> | import("@webiny/pulumi").PulumiAppRemoteResource<aws.elasticsearch.GetDomainResult>;
19
+ domainPolicy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/elasticsearch/domainPolicy").DomainPolicy> | undefined;
20
+ table: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/table").Table>;
21
+ dynamoToElastic: {
22
+ role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
23
+ policy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/policy").Policy>;
24
+ lambda: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
25
+ eventSourceMapping: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/eventSourceMapping").EventSourceMapping>;
26
+ };
27
+ } | null;
28
+ userPool: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cognito/userPool").UserPool>;
29
+ userPoolClient: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cognito/userPoolClient").UserPoolClient>;
30
+ dynamoDbTable: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/table").Table>;
31
+ vpc: {
32
+ vpc: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/vpc").Vpc>;
33
+ subnets: {
34
+ public: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/subnet").Subnet>[];
35
+ private: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/subnet").Subnet>[];
36
+ };
37
+ routeTables: {
38
+ privateSubnets: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/routeTable").RouteTable>;
39
+ publicSubnets: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/ec2/routeTable").RouteTable>;
40
+ };
41
+ } | null;
42
+ }>;
package/enterprise/createCorePulumiApp.js ADDED
@@ -0,0 +1,145 @@
1
+ "use strict";
2
+
3
+ var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
4
+
5
+ var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault").default;
6
+
7
+ Object.defineProperty(exports, "__esModule", {
8
+ value: true
9
+ });
10
+ exports.createCorePulumiApp = createCorePulumiApp;
11
+
12
+ var _objectSpread2 = _interopRequireDefault(require("@babel/runtime/helpers/objectSpread2"));
13
+
14
+ var aws = _interopRequireWildcard(require("@pulumi/aws"));
15
+
16
+ var _createCorePulumiApp = require("../apps/core/createCorePulumiApp");
17
+
18
+ var _pulumi = require("@webiny/pulumi");
19
+
20
+ function createCorePulumiApp(projectAppParams = {}) {
21
+ const {
22
+ vpc,
23
+ elasticSearch,
24
+ pulumi
25
+ } = projectAppParams;
26
+ const usingAdvancedVpcParams = vpc && typeof vpc !== "boolean";
27
+ return (0, _createCorePulumiApp.createCorePulumiApp)((0, _objectSpread2.default)((0, _objectSpread2.default)({}, projectAppParams), {}, {
28
+ // If using existing VPC, we ensure `vpc` param is set to `false`.
29
+ vpc: usingAdvancedVpcParams && vpc.useExistingVpc ? false : Boolean(vpc),
30
+
31
+ pulumi(...args) {
32
+ // Not using advanced VPC params? Then immediately exit.
33
+ if (!usingAdvancedVpcParams) {
34
+ return pulumi === null || pulumi === void 0 ? void 0 : pulumi(...args);
35
+ }
36
+
37
+ const [{
38
+ resources,
39
+ addResource,
40
+ onResource
41
+ }] = args;
42
+ const {
43
+ useExistingVpc,
44
+ useVpcEndpoints
45
+ } = vpc; // 1. We first deal with "existing VPC" setup.
46
+
47
+ if (useExistingVpc) {
48
+ if ("useVpcEndpoints" in vpc) {
49
+ throw new Error("Cannot specify `useVpcEndpoints` parameter when using an existing VPC. The VPC endpoints configurations should be already defined within the existing VPC.");
50
+ }
51
+
52
+ if (elasticSearch) {
53
+ if (!useExistingVpc.elasticSearchDomainVpcConfig) {
54
+ throw new Error("Cannot specify `useExistingVpc` parameter because the `elasticSearchDomainVpcConfig` parameter wasn't provided.");
55
+ }
56
+
57
+ onResource(resource => {
58
+ if ((0, _pulumi.isResourceOfType)(resource, aws.elasticsearch.Domain)) {
59
+ resource.config.vpcOptions(useExistingVpc.elasticSearchDomainVpcConfig);
60
+ }
61
+ });
62
+ }
63
+
64
+ if (!useExistingVpc.lambdaFunctionsVpcConfig) {
65
+ throw new Error("Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.");
66
+ }
67
+
68
+ onResource(resource => {
69
+ if ((0, _pulumi.isResourceOfType)(resource, aws.lambda.Function)) {
70
+ resource.config.vpcConfig(useExistingVpc.lambdaFunctionsVpcConfig);
71
+ }
72
+
73
+ if ((0, _pulumi.isResourceOfType)(resource, aws.iam.Role)) {
74
+ if (resource.meta.isLambdaFunctionRole) {
75
+ addResource(aws.iam.RolePolicyAttachment, {
76
+ name: `${resource.name}-vpc-access-execution-role`,
77
+ config: {
78
+ role: resource.output.name,
79
+ policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole
80
+ }
81
+ });
82
+ }
83
+ }
84
+ });
85
+ return pulumi === null || pulumi === void 0 ? void 0 : pulumi(...args);
86
+ } // 2. Now we deal with "non-existing VPC" setup.
87
+
88
+
89
+ if (useVpcEndpoints) {
90
+ onResource(resource => {
91
+ if ((0, _pulumi.isResourceOfType)(resource, aws.ec2.Vpc)) {
92
+ resource.config.enableDnsSupport(true);
93
+ resource.config.enableDnsHostnames(true);
94
+ }
95
+ });
96
+ const {
97
+ vpc,
98
+ subnets,
99
+ routeTables
100
+ } = resources.vpc;
101
+ addResource(aws.ec2.VpcEndpoint, {
102
+ name: "vpc-s3-vpc-endpoint",
103
+ config: {
104
+ vpcId: vpc.output.id,
105
+ serviceName: "com.amazonaws.eu-central-1.s3",
106
+ routeTableIds: [routeTables.privateSubnets.output.id]
107
+ }
108
+ });
109
+ addResource(aws.ec2.VpcEndpoint, {
110
+ name: "vpc-dynamodb-vpc-endpoint",
111
+ config: {
112
+ vpcId: vpc.output.id,
113
+ serviceName: "com.amazonaws.eu-central-1.dynamodb",
114
+ routeTableIds: [routeTables.privateSubnets.output.id]
115
+ }
116
+ });
117
+ addResource(aws.ec2.VpcEndpoint, {
118
+ name: "vpc-sqs-vpc-endpoint",
119
+ config: {
120
+ vpcId: vpc.output.id,
121
+ serviceName: "com.amazonaws.eu-central-1.sqs",
122
+ vpcEndpointType: "Interface",
123
+ privateDnsEnabled: true,
124
+ securityGroupIds: [vpc.output.defaultSecurityGroupId],
125
+ subnetIds: subnets.private.map(subNet => subNet.output.id)
126
+ }
127
+ });
128
+ addResource(aws.ec2.VpcEndpoint, {
129
+ name: "vpc-events-vpc-endpoint",
130
+ config: {
131
+ vpcId: vpc.output.id,
132
+ serviceName: "com.amazonaws.eu-central-1.events",
133
+ vpcEndpointType: "Interface",
134
+ privateDnsEnabled: true,
135
+ securityGroupIds: [vpc.output.defaultSecurityGroupId],
136
+ subnetIds: subnets.private.map(subNet => subNet.output.id)
137
+ }
138
+ });
139
+ }
140
+
141
+ return pulumi === null || pulumi === void 0 ? void 0 : pulumi(...args);
142
+ }
143
+
144
+ }));
145
+ }
package/enterprise/createCorePulumiApp.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"names":["createCorePulumiApp","projectAppParams","vpc","elasticSearch","pulumi","usingAdvancedVpcParams","baseCreateCorePulumiApp","useExistingVpc","Boolean","args","resources","addResource","onResource","useVpcEndpoints","Error","elasticSearchDomainVpcConfig","resource","isResourceOfType","aws","elasticsearch","Domain","config","vpcOptions","lambdaFunctionsVpcConfig","lambda","Function","vpcConfig","iam","Role","meta","isLambdaFunctionRole","RolePolicyAttachment","name","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","ec2","Vpc","enableDnsSupport","enableDnsHostnames","subnets","routeTables","VpcEndpoint","vpcId","id","serviceName","routeTableIds","privateSubnets","vpcEndpointType","privateDnsEnabled","securityGroupIds","defaultSecurityGroupId","subnetIds","private","map","subNet"],"sources":["createCorePulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport {\n createCorePulumiApp as baseCreateCorePulumiApp,\n CreateCorePulumiAppParams as BaseCreateCorePulumiAppParams\n} from \"~/apps/core/createCorePulumiApp\";\nimport { isResourceOfType } from \"@webiny/pulumi\";\n\nexport type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;\n\nexport type CorePulumiAppAdvancedVpcParams = Partial<{\n useVpcEndpoints: boolean;\n useExistingVpc: {\n elasticSearchDomainVpcConfig?: aws.types.input.elasticsearch.DomainVpcOptions;\n lambdaFunctionsVpcConfig: aws.types.input.lambda.FunctionVpcConfig;\n };\n}>;\n\nexport interface CreateCorePulumiAppParams extends Omit<BaseCreateCorePulumiAppParams, \"vpc\"> {\n vpc?: boolean | CorePulumiAppAdvancedVpcParams;\n}\n\nexport function createCorePulumiApp(projectAppParams: CreateCorePulumiAppParams = {}) {\n const { vpc, elasticSearch, pulumi } = projectAppParams;\n const usingAdvancedVpcParams = vpc && typeof vpc !== \"boolean\";\n\n return baseCreateCorePulumiApp({\n ...projectAppParams,\n // If using existing VPC, we ensure `vpc` param is set to `false`.\n vpc: usingAdvancedVpcParams && vpc.useExistingVpc ? false : Boolean(vpc),\n pulumi(...args) {\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return pulumi?.(...args);\n }\n\n const [{ resources, addResource, onResource }] = args;\n const { useExistingVpc, useVpcEndpoints } = vpc;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (\"useVpcEndpoints\" in vpc) {\n throw new Error(\n \"Cannot specify `useVpcEndpoints` parameter when using an existing VPC. The VPC endpoints configurations should be already defined within the existing VPC.\"\n );\n }\n\n if (elasticSearch) {\n if (!useExistingVpc.elasticSearchDomainVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `elasticSearchDomainVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.elasticsearch.Domain)) {\n resource.config.vpcOptions(\n useExistingVpc!.elasticSearchDomainVpcConfig\n );\n }\n });\n }\n\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n\n return pulumi?.(...args);\n }\n\n // 2. Now we deal with \"non-existing VPC\" setup.\n if (useVpcEndpoints) {\n onResource(resource => {\n if (isResourceOfType(resource, aws.ec2.Vpc)) {\n resource.config.enableDnsSupport(true);\n resource.config.enableDnsHostnames(true);\n }\n });\n\n const { vpc, subnets, routeTables } = resources.vpc!;\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-s3-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: \"com.amazonaws.eu-central-1.s3\",\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-dynamodb-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: \"com.amazonaws.eu-central-1.dynamodb\",\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-sqs-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: \"com.amazonaws.eu-central-1.sqs\",\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-events-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: \"com.amazonaws.eu-central-1.events\",\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n }\n\n return pulumi?.(...args);\n }\n });\n}\n"],"mappings":";;;;;;;;;;;;;AAAA;;AACA;;AAIA;;AAgBO,SAASA,mBAAT,CAA6BC,gBAA2C,GAAG,EAA3E,EAA+E;EAClF,MAAM;IAAEC,GAAF;IAAOC,aAAP;IAAsBC;EAAtB,IAAiCH,gBAAvC;EACA,MAAMI,sBAAsB,GAAGH,GAAG,IAAI,OAAOA,GAAP,KAAe,SAArD;EAEA,OAAO,IAAAI,wCAAA,8DACAL,gBADA;IAEH;IACAC,GAAG,EAAEG,sBAAsB,IAAIH,GAAG,CAACK,cAA9B,GAA+C,KAA/C,GAAuDC,OAAO,CAACN,GAAD,CAHhE;;IAIHE,MAAM,CAAC,GAAGK,IAAJ,EAAU;MACZ;MACA,IAAI,CAACJ,sBAAL,EAA6B;QACzB,OAAOD,MAAP,aAAOA,MAAP,uBAAOA,MAAM,CAAG,GAAGK,IAAN,CAAb;MACH;;MAED,MAAM,CAAC;QAAEC,SAAF;QAAaC,WAAb;QAA0BC;MAA1B,CAAD,IAA2CH,IAAjD;MACA,MAAM;QAAEF,cAAF;QAAkBM;MAAlB,IAAsCX,GAA5C,CAPY,CASZ;;MACA,IAAIK,cAAJ,EAAoB;QAChB,IAAI,qBAAqBL,GAAzB,EAA8B;UAC1B,MAAM,IAAIY,KAAJ,CACF,4JADE,CAAN;QAGH;;QAED,IAAIX,aAAJ,EAAmB;UACf,IAAI,CAACI,cAAc,CAACQ,4BAApB,EAAkD;YAC9C,MAAM,IAAID,KAAJ,CACF,iHADE,CAAN;UAGH;;UAEDF,UAAU,CAACI,QAAQ,IAAI;YACnB,IAAI,IAAAC,wBAAA,EAAiBD,QAAjB,EAA2BE,GAAG,CAACC,aAAJ,CAAkBC,MAA7C,CAAJ,EAA0D;cACtDJ,QAAQ,CAACK,MAAT,CAAgBC,UAAhB,CACIf,cAAc,CAAEQ,4BADpB;YAGH;UACJ,CANS,CAAV;QAOH;;QAED,IAAI,CAACR,cAAc,CAACgB,wBAApB,EAA8C;UAC1C,MAAM,IAAIT,KAAJ,CACF,6GADE,CAAN;QAGH;;QAEDF,UAAU,CAACI,QAAQ,IAAI;UACnB,IAAI,IAAAC,wBAAA,EAAiBD,QAAjB,EAA2BE,GAAG,CAACM,MAAJ,CAAWC,QAAtC,CAAJ,EAAqD;YACjDT,QAAQ,CAACK,MAAT,CAAgBK,SAAhB,CAA0BnB,cAAc,CAAEgB,wBAA1C;UACH;;UAED,IAAI,IAAAN,wBAAA,EAAiBD,QAAjB,EAA2BE,GAAG,CAACS,GAAJ,CAAQC,IAAnC,CAAJ,EAA8C;YAC1C,IAAIZ,QAAQ,CAACa,IAAT,CAAcC,oBAAlB,EAAwC;cACpCnB,WAAW,CAACO,GAAG,CAACS,GAAJ,CAAQI,oBAAT,EAA+B;gBACtCC,IAAI,EAAG,GAAEhB,QAAQ,CAACgB,IAAK,4BADe;gBAEtCX,MAAM,EAAE;kBACJY,IAAI,EAAEjB,QAAQ,CAACkB,MAAT,CAAgBF,IADlB;kBAEJG,SAAS,EAAEjB,GAAG,CAACS,GAAJ,CAAQS,aAAR,CAAsBC;gBAF7B;cAF8B,CAA/B,CAAX;YAOH;UACJ;QACJ,CAhBS,CAAV;QAkBA,OAAOjC,MAAP,aAAOA,MAAP,uBAAOA,MAAM,CAAG,GAAGK,IAAN,CAAb;MACH,CA1DW,CA4DZ;;;MACA,IAAII,eAAJ,EAAqB;QACjBD,UAAU,CAACI,QAAQ,IAAI;UACnB,IAAI,IAAAC,wBAAA,EAAiBD,QAAjB,EAA2BE,GAAG,CAACoB,GAAJ,CAAQC,GAAnC,CAAJ,EAA6C;YACzCvB,QAAQ,CAACK,MAAT,CAAgBmB,gBAAhB,CAAiC,IAAjC;YACAxB,QAAQ,CAACK,MAAT,CAAgBoB,kBAAhB,CAAmC,IAAnC;UACH;QACJ,CALS,CAAV;QAOA,MAAM;UAAEvC,GAAF;UAAOwC,OAAP;UAAgBC;QAAhB,IAAgCjC,SAAS,CAACR,GAAhD;QACAS,WAAW,CAACO,GAAG,CAACoB,GAAJ,CAAQM,WAAT,EAAsB;UAC7BZ,IAAI,EAAE,qBADuB;UAE7BX,MAAM,EAAE;YACJwB,KAAK,EAAE3C,GAAG,CAACgC,MAAJ,CAAWY,EADd;YAEJC,WAAW,EAAE,+BAFT;YAGJC,aAAa,EAAE,CAACL,WAAW,CAACM,cAAZ,CAA2Bf,MAA3B,CAAkCY,EAAnC;UAHX;QAFqB,CAAtB,CAAX;QASAnC,WAAW,CAACO,GAAG,CAACoB,GAAJ,CAAQM,WAAT,EAAsB;UAC7BZ,IAAI,EAAE,2BADuB;UAE7BX,MAAM,EAAE;YACJwB,KAAK,EAAE3C,GAAG,CAACgC,MAAJ,CAAWY,EADd;YAEJC,WAAW,EAAE,qCAFT;YAGJC,aAAa,EAAE,CAACL,WAAW,CAACM,cAAZ,CAA2Bf,MAA3B,CAAkCY,EAAnC;UAHX;QAFqB,CAAtB,CAAX;QASAnC,WAAW,CAACO,GAAG,CAACoB,GAAJ,CAAQM,WAAT,EAAsB;UAC7BZ,IAAI,EAAE,sBADuB;UAE7BX,MAAM,EAAE;YACJwB,KAAK,EAAE3C,GAAG,CAACgC,MAAJ,CAAWY,EADd;YAEJC,WAAW,EAAE,gCAFT;YAGJG,eAAe,EAAE,WAHb;YAIJC,iBAAiB,EAAE,IAJf;YAKJC,gBAAgB,EAAE,CAAClD,GAAG,CAACgC,MAAJ,CAAWmB,sBAAZ,CALd;YAMJC,SAAS,EAAEZ,OAAO,CAACa,OAAR,CAAgBC,GAAhB,CAAoBC,MAAM,IAAIA,MAAM,CAACvB,MAAP,CAAcY,EAA5C;UANP;QAFqB,CAAtB,CAAX;QAYAnC,WAAW,CAACO,GAAG,CAACoB,GAAJ,CAAQM,WAAT,EAAsB;UAC7BZ,IAAI,EAAE,yBADuB;UAE7BX,MAAM,EAAE;YACJwB,KAAK,EAAE3C,GAAG,CAACgC,MAAJ,CAAWY,EADd;YAEJC,WAAW,EAAE,mCAFT;YAGJG,eAAe,EAAE,WAHb;YAIJC,iBAAiB,EAAE,IAJf;YAKJC,gBAAgB,EAAE,CAAClD,GAAG,CAACgC,MAAJ,CAAWmB,sBAAZ,CALd;YAMJC,SAAS,EAAEZ,OAAO,CAACa,OAAR,CAAgBC,GAAhB,CAAoBC,MAAM,IAAIA,MAAM,CAACvB,MAAP,CAAcY,EAA5C;UANP;QAFqB,CAAtB,CAAX;MAWH;;MAED,OAAO1C,MAAP,aAAOA,MAAP,uBAAOA,MAAM,CAAG,GAAGK,IAAN,CAAb;IACH;;EAtHE,GAAP;AAwHH"}
package/enterprise/createWebsitePulumiApp.d.ts ADDED
@@ -0,0 +1,56 @@
1
+ import * as aws from "@pulumi/aws";
2
+ import { CreateWebsitePulumiAppParams as BaseCreateWebsitePulumiAppParams } from "../apps/website/createWebsitePulumiApp";
3
+ export declare type WebsitePulumiApp = ReturnType<typeof createWebsitePulumiApp>;
4
+ export declare type WebsitePulumiAppAdvancedVpcParams = Partial<{
5
+ useExistingVpc: {
6
+ lambdaFunctionsVpcConfig: aws.types.input.lambda.FunctionVpcConfig;
7
+ };
8
+ }>;
9
+ export interface CreateWebsitePulumiAppParams extends Omit<BaseCreateWebsitePulumiAppParams, "vpc"> {
10
+ vpc?: boolean | WebsitePulumiAppAdvancedVpcParams;
11
+ }
12
+ export declare function createWebsitePulumiApp(projectAppParams?: CreateWebsitePulumiAppParams): import("@webiny/pulumi").PulumiApp<{
13
+ prerendering: {
14
+ subscriber: {
15
+ policy: import("@pulumi/pulumi").Output<import("@pulumi/aws/iam/policy").Policy>;
16
+ role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
17
+ lambda: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
18
+ eventRule: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventRule").EventRule>;
19
+ eventPermission: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/permission").Permission>;
20
+ eventTarget: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventTarget").EventTarget>;
21
+ };
22
+ renderer: {
23
+ policy: import("@pulumi/pulumi").Output<import("@pulumi/aws/iam/policy").Policy>;
24
+ role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
25
+ lambda: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
26
+ eventSourceMapping: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/eventSourceMapping").EventSourceMapping>;
27
+ };
28
+ flush: {
29
+ policy: import("@pulumi/pulumi").Output<import("@pulumi/aws/iam/policy").Policy>;
30
+ role: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/role").Role>;
31
+ lambda: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/function").Function>;
32
+ eventRule: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventRule").EventRule>;
33
+ eventPermission: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/lambda/permission").Permission>;
34
+ eventTarget: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudwatch/eventTarget").EventTarget>;
35
+ };
36
+ settings: {
37
+ tableItem: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/tableItem").TableItem>;
38
+ };
39
+ };
40
+ app: {
41
+ cloudfront: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/distribution").Distribution>;
42
+ bucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
43
+ originIdentity: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/originAccessIdentity").OriginAccessIdentity>;
44
+ origin: aws.types.input.cloudfront.DistributionOrigin;
45
+ bucketPublicAccessBlock: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPublicAccessBlock").BucketPublicAccessBlock>;
46
+ bucketPolicy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPolicy").BucketPolicy>;
47
+ };
48
+ delivery: {
49
+ cloudfront: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/distribution").Distribution>;
50
+ bucket: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucket").Bucket>;
51
+ originIdentity: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/cloudfront/originAccessIdentity").OriginAccessIdentity>;
52
+ origin: aws.types.input.cloudfront.DistributionOrigin;
53
+ bucketPublicAccessBlock: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPublicAccessBlock").BucketPublicAccessBlock>;
54
+ bucketPolicy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/s3/bucketPolicy").BucketPolicy>;
55
+ };
56
+ }> & import("../utils/lambdaEnvVariables").WithCommonLambdaEnvVariables;
package/enterprise/createWebsitePulumiApp.js ADDED
@@ -0,0 +1,72 @@
1
+ "use strict";
2
+
3
+ var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
4
+
5
+ var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault").default;
6
+
7
+ Object.defineProperty(exports, "__esModule", {
8
+ value: true
9
+ });
10
+ exports.createWebsitePulumiApp = createWebsitePulumiApp;
11
+
12
+ var _objectSpread2 = _interopRequireDefault(require("@babel/runtime/helpers/objectSpread2"));
13
+
14
+ var aws = _interopRequireWildcard(require("@pulumi/aws"));
15
+
16
+ var _createWebsitePulumiApp = require("../apps/website/createWebsitePulumiApp");
17
+
18
+ var _pulumi = require("@webiny/pulumi");
19
+
20
+ function createWebsitePulumiApp(projectAppParams = {}) {
21
+ const {
22
+ vpc,
23
+ pulumi
24
+ } = projectAppParams;
25
+ const usingAdvancedVpcParams = vpc && typeof vpc !== "boolean";
26
+ return (0, _createWebsitePulumiApp.createWebsitePulumiApp)((0, _objectSpread2.default)((0, _objectSpread2.default)({}, projectAppParams), {}, {
27
+ // If using existing VPC, we ensure `vpc` param is set to `false`.
28
+ vpc: usingAdvancedVpcParams && vpc.useExistingVpc ? false : Boolean(vpc),
29
+
30
+ pulumi(...args) {
31
+ // Not using advanced VPC params? Then immediately exit.
32
+ if (!usingAdvancedVpcParams) {
33
+ return pulumi === null || pulumi === void 0 ? void 0 : pulumi(...args);
34
+ }
35
+
36
+ const [{
37
+ onResource,
38
+ addResource
39
+ }] = args;
40
+ const {
41
+ useExistingVpc
42
+ } = vpc; // 1. We first deal with "existing VPC" setup.
43
+
44
+ if (useExistingVpc) {
45
+ if (!useExistingVpc.lambdaFunctionsVpcConfig) {
46
+ throw new Error("Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.");
47
+ }
48
+
49
+ onResource(resource => {
50
+ if ((0, _pulumi.isResourceOfType)(resource, aws.lambda.Function)) {
51
+ resource.config.vpcConfig(useExistingVpc.lambdaFunctionsVpcConfig);
52
+ }
53
+
54
+ if ((0, _pulumi.isResourceOfType)(resource, aws.iam.Role)) {
55
+ if (resource.meta.isLambdaFunctionRole) {
56
+ addResource(aws.iam.RolePolicyAttachment, {
57
+ name: `${resource.name}-vpc-access-execution-role`,
58
+ config: {
59
+ role: resource.output.name,
60
+ policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole
61
+ }
62
+ });
63
+ }
64
+ }
65
+ });
66
+ }
67
+
68
+ return pulumi === null || pulumi === void 0 ? void 0 : pulumi(...args);
69
+ }
70
+
71
+ }));
72
+ }
package/enterprise/createWebsitePulumiApp.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"names":["createWebsitePulumiApp","projectAppParams","vpc","pulumi","usingAdvancedVpcParams","baseCreateWebsitePulumiApp","useExistingVpc","Boolean","args","onResource","addResource","lambdaFunctionsVpcConfig","Error","resource","isResourceOfType","aws","lambda","Function","config","vpcConfig","iam","Role","meta","isLambdaFunctionRole","RolePolicyAttachment","name","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole"],"sources":["createWebsitePulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport {\n createWebsitePulumiApp as baseCreateWebsitePulumiApp,\n CreateWebsitePulumiAppParams as BaseCreateWebsitePulumiAppParams\n} from \"~/apps/website/createWebsitePulumiApp\";\nimport { isResourceOfType } from \"@webiny/pulumi\";\n\nexport type WebsitePulumiApp = ReturnType<typeof createWebsitePulumiApp>;\n\nexport type WebsitePulumiAppAdvancedVpcParams = Partial<{\n useExistingVpc: {\n lambdaFunctionsVpcConfig: aws.types.input.lambda.FunctionVpcConfig;\n };\n}>;\n\nexport interface CreateWebsitePulumiAppParams\n extends Omit<BaseCreateWebsitePulumiAppParams, \"vpc\"> {\n vpc?: boolean | WebsitePulumiAppAdvancedVpcParams;\n}\n\nexport function createWebsitePulumiApp(projectAppParams: CreateWebsitePulumiAppParams = {}) {\n const { vpc, pulumi } = projectAppParams;\n const usingAdvancedVpcParams = vpc && typeof vpc !== \"boolean\";\n\n return baseCreateWebsitePulumiApp({\n ...projectAppParams,\n // If using existing VPC, we ensure `vpc` param is set to `false`.\n vpc: usingAdvancedVpcParams && vpc.useExistingVpc ? false : Boolean(vpc),\n pulumi(...args) {\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return pulumi?.(...args);\n }\n\n const [{ onResource, addResource }] = args;\n const { useExistingVpc } = vpc;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n }\n\n return pulumi?.(...args);\n }\n });\n}\n"],"mappings":";;;;;;;;;;;;;AAAA;;AACA;;AAIA;;AAeO,SAASA,sBAAT,CAAgCC,gBAA8C,GAAG,EAAjF,EAAqF;EACxF,MAAM;IAAEC,GAAF;IAAOC;EAAP,IAAkBF,gBAAxB;EACA,MAAMG,sBAAsB,GAAGF,GAAG,IAAI,OAAOA,GAAP,KAAe,SAArD;EAEA,OAAO,IAAAG,8CAAA,8DACAJ,gBADA;IAEH;IACAC,GAAG,EAAEE,sBAAsB,IAAIF,GAAG,CAACI,cAA9B,GAA+C,KAA/C,GAAuDC,OAAO,CAACL,GAAD,CAHhE;;IAIHC,MAAM,CAAC,GAAGK,IAAJ,EAAU;MACZ;MACA,IAAI,CAACJ,sBAAL,EAA6B;QACzB,OAAOD,MAAP,aAAOA,MAAP,uBAAOA,MAAM,CAAG,GAAGK,IAAN,CAAb;MACH;;MAED,MAAM,CAAC;QAAEC,UAAF;QAAcC;MAAd,CAAD,IAAgCF,IAAtC;MACA,MAAM;QAAEF;MAAF,IAAqBJ,GAA3B,CAPY,CASZ;;MACA,IAAII,cAAJ,EAAoB;QAChB,IAAI,CAACA,cAAc,CAACK,wBAApB,EAA8C;UAC1C,MAAM,IAAIC,KAAJ,CACF,6GADE,CAAN;QAGH;;QAEDH,UAAU,CAACI,QAAQ,IAAI;UACnB,IAAI,IAAAC,wBAAA,EAAiBD,QAAjB,EAA2BE,GAAG,CAACC,MAAJ,CAAWC,QAAtC,CAAJ,EAAqD;YACjDJ,QAAQ,CAACK,MAAT,CAAgBC,SAAhB,CAA0Bb,cAAc,CAAEK,wBAA1C;UACH;;UAED,IAAI,IAAAG,wBAAA,EAAiBD,QAAjB,EAA2BE,GAAG,CAACK,GAAJ,CAAQC,IAAnC,CAAJ,EAA8C;YAC1C,IAAIR,QAAQ,CAACS,IAAT,CAAcC,oBAAlB,EAAwC;cACpCb,WAAW,CAACK,GAAG,CAACK,GAAJ,CAAQI,oBAAT,EAA+B;gBACtCC,IAAI,EAAG,GAAEZ,QAAQ,CAACY,IAAK,4BADe;gBAEtCP,MAAM,EAAE;kBACJQ,IAAI,EAAEb,QAAQ,CAACc,MAAT,CAAgBF,IADlB;kBAEJG,SAAS,EAAEb,GAAG,CAACK,GAAJ,CAAQS,aAAR,CAAsBC;gBAF7B;cAF8B,CAA/B,CAAX;YAOH;UACJ;QACJ,CAhBS,CAAV;MAiBH;;MAED,OAAO3B,MAAP,aAAOA,MAAP,uBAAOA,MAAM,CAAG,GAAGK,IAAN,CAAb;IACH;;EAzCE,GAAP;AA2CH"}
package/enterprise/index.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ export * from "./createCorePulumiApp";
2
+ export * from "./createApiPulumiApp";
3
+ export * from "./createAdminPulumiApp";
4
+ export * from "./createWebsitePulumiApp";
package/enterprise/index.js ADDED
@@ -0,0 +1,57 @@
1
+ "use strict";
2
+
3
+ Object.defineProperty(exports, "__esModule", {
4
+ value: true
5
+ });
6
+
7
+ var _createCorePulumiApp = require("./createCorePulumiApp");
8
+
9
+ Object.keys(_createCorePulumiApp).forEach(function (key) {
10
+ if (key === "default" || key === "__esModule") return;
11
+ if (key in exports && exports[key] === _createCorePulumiApp[key]) return;
12
+ Object.defineProperty(exports, key, {
13
+ enumerable: true,
14
+ get: function () {
15
+ return _createCorePulumiApp[key];
16
+ }
17
+ });
18
+ });
19
+
20
+ var _createApiPulumiApp = require("./createApiPulumiApp");
21
+
22
+ Object.keys(_createApiPulumiApp).forEach(function (key) {
23
+ if (key === "default" || key === "__esModule") return;
24
+ if (key in exports && exports[key] === _createApiPulumiApp[key]) return;
25
+ Object.defineProperty(exports, key, {
26
+ enumerable: true,
27
+ get: function () {
28
+ return _createApiPulumiApp[key];
29
+ }
30
+ });
31
+ });
32
+
33
+ var _createAdminPulumiApp = require("./createAdminPulumiApp");
34
+
35
+ Object.keys(_createAdminPulumiApp).forEach(function (key) {
36
+ if (key === "default" || key === "__esModule") return;
37
+ if (key in exports && exports[key] === _createAdminPulumiApp[key]) return;
38
+ Object.defineProperty(exports, key, {
39
+ enumerable: true,
40
+ get: function () {
41
+ return _createAdminPulumiApp[key];
42
+ }
43
+ });
44
+ });
45
+
46
+ var _createWebsitePulumiApp = require("./createWebsitePulumiApp");
47
+
48
+ Object.keys(_createWebsitePulumiApp).forEach(function (key) {
49
+ if (key === "default" || key === "__esModule") return;
50
+ if (key in exports && exports[key] === _createWebsitePulumiApp[key]) return;
51
+ Object.defineProperty(exports, key, {
52
+ enumerable: true,
53
+ get: function () {
54
+ return _createWebsitePulumiApp[key];
55
+ }
56
+ });
57
+ });
package/enterprise/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"names":[],"sources":["index.ts"],"sourcesContent":["export * from \"./createCorePulumiApp\";\nexport * from \"./createApiPulumiApp\";\nexport * from \"./createAdminPulumiApp\";\nexport * from \"./createWebsitePulumiApp\";\n"],"mappings":";;;;;;AAAA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA;;AACA;;AAAA;EAAA;EAAA;EAAA;IAAA;IAAA;MAAA;IAAA;EAAA;AAAA"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@webiny/pulumi-aws",
3
- "version": "5.34.5-beta.1",
3
+ "version": "5.34.6-beta.0",
4
4
  "repository": {
5
5
  "type": "git",
6
6
  "url": "https://github.com/webiny/webiny-js.git"
@@ -15,8 +15,8 @@
15
15
  "dependencies": {
16
16
  "@pulumi/aws": "^5.8.0",
17
17
  "@pulumi/pulumi": "^3.34.0",
18
- "@webiny/cli-plugin-deploy-pulumi": "5.34.5-beta.1",
19
- "@webiny/pulumi": "5.34.5-beta.1",
18
+ "@webiny/cli-plugin-deploy-pulumi": "5.34.6-beta.0",
19
+ "@webiny/pulumi": "5.34.6-beta.0",
20
20
  "form-data": "4.0.0",
21
21
  "node-fetch": "2.6.7"
22
22
  },
@@ -26,10 +26,10 @@
26
26
  "@babel/preset-env": "^7.19.4",
27
27
  "@babel/preset-typescript": "^7.18.6",
28
28
  "@babel/runtime": "^7.19.0",
29
- "@webiny/api-page-builder": "^5.34.5-beta.1",
30
- "@webiny/aws-layers": "^5.34.5-beta.1",
31
- "@webiny/cli": "^5.34.5-beta.1",
32
- "@webiny/project-utils": "^5.34.5-beta.1",
29
+ "@webiny/api-page-builder": "^5.34.6-beta.0",
30
+ "@webiny/aws-layers": "^5.34.6-beta.0",
31
+ "@webiny/cli": "^5.34.6-beta.0",
32
+ "@webiny/project-utils": "^5.34.6-beta.0",
33
33
  "chalk": "^4.1.0",
34
34
  "lodash": "^4.5.0",
35
35
  "mime": "2.5.2",
@@ -49,5 +49,5 @@
49
49
  ]
50
50
  }
51
51
  },
52
- "gitHead": "718b33de80a986137bd489a3464d0e1194466502"
52
+ "gitHead": "143093ae7993a5c0284d84a1ec12656bcc425515"
53
53
  }