@webiny/pulumi-aws 5.37.2 → 5.37.3-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/apps/tenantRouter.js +3 -3
- package/apps/tenantRouter.js.map +1 -1
- package/enterprise/createApiPulumiApp.js +4 -1
- package/enterprise/createApiPulumiApp.js.map +1 -1
- package/enterprise/createCorePulumiApp.js +4 -1
- package/enterprise/createCorePulumiApp.js.map +1 -1
- package/enterprise/createWebsitePulumiApp.js +4 -1
- package/enterprise/createWebsitePulumiApp.js.map +1 -1
- package/package.json +8 -8
package/apps/tenantRouter.js
CHANGED
|
@@ -61,9 +61,6 @@ function applyTenantRouter(app, cloudfront) {
|
|
|
61
61
|
Effect: "Allow"
|
|
62
62
|
}]
|
|
63
63
|
}
|
|
64
|
-
},
|
|
65
|
-
meta: {
|
|
66
|
-
isLambdaFunctionRole: true
|
|
67
64
|
}
|
|
68
65
|
});
|
|
69
66
|
const awsUsEast1 = new aws.Provider("us-east-1", {
|
|
@@ -92,6 +89,9 @@ function applyTenantRouter(app, cloudfront) {
|
|
|
92
89
|
opts: {
|
|
93
90
|
provider: awsUsEast1,
|
|
94
91
|
retainOnDelete: true
|
|
92
|
+
},
|
|
93
|
+
meta: {
|
|
94
|
+
canUseVpc: false
|
|
95
95
|
}
|
|
96
96
|
});
|
|
97
97
|
cloudfront.config.defaultCacheBehavior(value => {
|
package/apps/tenantRouter.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_fs","require","pulumi","_interopRequireWildcard","aws","_common","createFunctionArchive","dynamoDbTable","region","handler","readFileSync","__dirname","source","replace","asset","AssetArchive","StringAsset","PREFIX","applyTenantRouter","app","cloudfront","String","process","env","AWS_REGION","core","getModule","CoreOutput","primaryDynamodbTableName","inlinePolicies","all","getCallerIdentity","apply","identity","name","policy","JSON","stringify","Version","Statement","Sid","Effect","Action","Resource","accountId","role","addResource","iam","Role","config","managedPolicyArns","ManagedPolicies","AWSLambdaBasicExecutionRole","assumeRolePolicy","Principal","Principals","LambdaPrincipal","EdgeLambdaPrincipal","
|
|
1
|
+
{"version":3,"names":["_fs","require","pulumi","_interopRequireWildcard","aws","_common","createFunctionArchive","dynamoDbTable","region","handler","readFileSync","__dirname","source","replace","asset","AssetArchive","StringAsset","PREFIX","applyTenantRouter","app","cloudfront","String","process","env","AWS_REGION","core","getModule","CoreOutput","primaryDynamodbTableName","inlinePolicies","all","getCallerIdentity","apply","identity","name","policy","JSON","stringify","Version","Statement","Sid","Effect","Action","Resource","accountId","role","addResource","iam","Role","config","managedPolicyArns","ManagedPolicies","AWSLambdaBasicExecutionRole","assumeRolePolicy","Principal","Principals","LambdaPrincipal","EdgeLambdaPrincipal","awsUsEast1","Provider","originLambda","lambda","Function","publish","runtime","output","arn","timeout","memorySize","code","opts","provider","retainOnDelete","meta","canUseVpc","defaultCacheBehavior","value","_value$forwardedValue","_value$forwardedValue2","_value$forwardedValue3","_objectSpread2","default","forwardedValues","queryString","cookies","forward","headers","lambdaFunctionAssociations","eventType","includeBody","lambdaArn","qualifiedArn"],"sources":["tenantRouter.ts"],"sourcesContent":["import { readFileSync } from \"fs\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { PulumiApp, PulumiAppResource } from \"@webiny/pulumi\";\nimport { CoreOutput } from \"./common\";\n\ninterface Params {\n region: string;\n dynamoDbTable: string;\n}\n\nfunction createFunctionArchive({ dynamoDbTable, region }: Params) {\n const handler = readFileSync(\n __dirname + \"/../components/tenantRouter/functions/origin/request.js\",\n \"utf-8\"\n );\n\n const source = handler\n .replace(\"{DB_TABLE_NAME}\", dynamoDbTable)\n .replace(\"{DB_TABLE_REGION}\", region);\n\n return new pulumi.asset.AssetArchive({\n \"index.js\": new pulumi.asset.StringAsset(source)\n });\n}\n\nconst PREFIX = \"website-router\";\n\nexport function applyTenantRouter(\n app: PulumiApp,\n cloudfront: PulumiAppResource<typeof aws.cloudfront.Distribution>\n) {\n const region = String(process.env.AWS_REGION);\n\n // Get Core app output\n const core = app.getModule(CoreOutput);\n\n // `primaryDynamodbTableName` is a string, hence the type cast here.\n const dynamoDbTable = core.primaryDynamodbTableName;\n\n // Because of JSON.stringify, we need to resolve promises upfront.\n const inlinePolicies = pulumi\n .all([aws.getCallerIdentity({}), dynamoDbTable])\n .apply(([identity, dynamoDbTable]) => [\n {\n name: \"tenant-router-policy\",\n policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\"dynamodb:GetItem\", \"dynamodb:Query\"],\n Resource: [\n `arn:aws:dynamodb:${region}:${identity.accountId}:table/${dynamoDbTable}`,\n `arn:aws:dynamodb:${region}:${identity.accountId}:table/${dynamoDbTable}/*`\n ]\n }\n ]\n })\n }\n ]);\n\n const role = app.addResource(aws.iam.Role, {\n name: `${PREFIX}-role`,\n config: {\n inlinePolicies,\n managedPolicyArns: [aws.iam.ManagedPolicies.AWSLambdaBasicExecutionRole],\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: aws.iam.Principals.LambdaPrincipal,\n Effect: \"Allow\"\n },\n {\n Action: \"sts:AssumeRole\",\n Principal: aws.iam.Principals.EdgeLambdaPrincipal,\n Effect: \"Allow\"\n }\n ]\n }\n }\n });\n\n const awsUsEast1 = new aws.Provider(\"us-east-1\", { region: \"us-east-1\" });\n\n const originLambda = app.addResource(aws.lambda.Function, {\n name: `${PREFIX}-origin-request`,\n config: {\n publish: true,\n runtime: \"nodejs14.x\",\n handler: \"index.handler\",\n role: role.output.arn,\n timeout: 5,\n memorySize: 128,\n code: dynamoDbTable.apply(dynamoDbTable => {\n return createFunctionArchive({\n region,\n dynamoDbTable\n });\n })\n },\n // With the `retainOnDelete` option set to `true`, the Lambda function will not be deleted when\n // the environment is destroyed. Users need to delete the function manually. We decided to use\n // this option here because it enables us to avoid annoying AWS Lambda function replication\n // errors upon destroying the stack (see https://github.com/pulumi/pulumi-aws/issues/2178).\n opts: { provider: awsUsEast1, retainOnDelete: true },\n meta: {\n canUseVpc: false\n }\n });\n\n cloudfront.config.defaultCacheBehavior(value => {\n return {\n ...value,\n // We need to forward the `Host` header so the Lambda@Edge knows what custom domain was requested.\n forwardedValues: {\n ...value.forwardedValues,\n queryString: value.forwardedValues?.queryString || false,\n cookies: value.forwardedValues?.cookies || { forward: \"none\" },\n headers: [...(value.forwardedValues?.headers || []), \"Host\"]\n },\n lambdaFunctionAssociations: [\n ...(value.lambdaFunctionAssociations || []),\n {\n eventType: \"origin-request\",\n includeBody: false,\n lambdaArn: originLambda.output.qualifiedArn\n }\n ]\n };\n });\n\n return { originLambda };\n}\n"],"mappings":";;;;;;;;;AAAA,IAAAA,GAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AAEA,IAAAI,OAAA,GAAAJ,OAAA;AAOA,SAASK,qBAAqBA,CAAC;EAAEC,aAAa;EAAEC;AAAe,CAAC,EAAE;EAC9D,MAAMC,OAAO,GAAG,IAAAC,gBAAY,EACxBC,SAAS,GAAG,yDAAyD,EACrE,OACJ,CAAC;EAED,MAAMC,MAAM,GAAGH,OAAO,CACjBI,OAAO,CAAC,iBAAiB,EAAEN,aAAa,CAAC,CACzCM,OAAO,CAAC,mBAAmB,EAAEL,MAAM,CAAC;EAEzC,OAAO,IAAIN,MAAM,CAACY,KAAK,CAACC,YAAY,CAAC;IACjC,UAAU,EAAE,IAAIb,MAAM,CAACY,KAAK,CAACE,WAAW,CAACJ,MAAM;EACnD,CAAC,CAAC;AACN;AAEA,MAAMK,MAAM,GAAG,gBAAgB;AAExB,SAASC,iBAAiBA,CAC7BC,GAAc,EACdC,UAAiE,EACnE;EACE,MAAMZ,MAAM,GAAGa,MAAM,CAACC,OAAO,CAACC,GAAG,CAACC,UAAU,CAAC;;EAE7C;EACA,MAAMC,IAAI,GAAGN,GAAG,CAACO,SAAS,CAACC,kBAAU,CAAC;;EAEtC;EACA,MAAMpB,aAAa,GAAGkB,IAAI,CAACG,wBAAwB;;EAEnD;EACA,MAAMC,cAAc,GAAG3B,MAAM,CACxB4B,GAAG,CAAC,CAAC1B,GAAG,CAAC2B,iBAAiB,CAAC,CAAC,CAAC,CAAC,EAAExB,aAAa,CAAC,CAAC,CAC/CyB,KAAK,CAAC,CAAC,CAACC,QAAQ,EAAE1B,aAAa,CAAC,KAAK,CAClC;IACI2B,IAAI,EAAE,sBAAsB;IAC5BC,MAAM,EAAEC,IAAI,CAACC,SAAS,CAAC;MACnBC,OAAO,EAAE,YAAY;MACrBC,SAAS,EAAE,CACP;QACIC,GAAG,EAAE,uBAAuB;QAC5BC,MAAM,EAAE,OAAO;QACfC,MAAM,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,CAAC;QAC9CC,QAAQ,EAAE,CACL,oBAAmBnC,MAAO,IAAGyB,QAAQ,CAACW,SAAU,UAASrC,aAAc,EAAC,EACxE,oBAAmBC,MAAO,IAAGyB,QAAQ,CAACW,SAAU,UAASrC,aAAc,IAAG;MAEnF,CAAC;IAET,CAAC;EACL,CAAC,CACJ,CAAC;EAEN,MAAMsC,IAAI,GAAG1B,GAAG,CAAC2B,WAAW,CAAC1C,GAAG,CAAC2C,GAAG,CAACC,IAAI,EAAE;IACvCd,IAAI,EAAG,GAAEjB,MAAO,OAAM;IACtBgC,MAAM,EAAE;MACJpB,cAAc;MACdqB,iBAAiB,EAAE,CAAC9C,GAAG,CAAC2C,GAAG,CAACI,eAAe,CAACC,2BAA2B,CAAC;MACxEC,gBAAgB,EAAE;QACdf,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIG,MAAM,EAAE,gBAAgB;UACxBY,SAAS,EAAElD,GAAG,CAAC2C,GAAG,CAACQ,UAAU,CAACC,eAAe;UAC7Cf,MAAM,EAAE;QACZ,CAAC,EACD;UACIC,MAAM,EAAE,gBAAgB;UACxBY,SAAS,EAAElD,GAAG,CAAC2C,GAAG,CAACQ,UAAU,CAACE,mBAAmB;UACjDhB,MAAM,EAAE;QACZ,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMiB,UAAU,GAAG,IAAItD,GAAG,CAACuD,QAAQ,CAAC,WAAW,EAAE;IAAEnD,MAAM,EAAE;EAAY,CAAC,CAAC;EAEzE,MAAMoD,YAAY,GAAGzC,GAAG,CAAC2B,WAAW,CAAC1C,GAAG,CAACyD,MAAM,CAACC,QAAQ,EAAE;IACtD5B,IAAI,EAAG,GAAEjB,MAAO,iBAAgB;IAChCgC,MAAM,EAAE;MACJc,OAAO,EAAE,IAAI;MACbC,OAAO,EAAE,YAAY;MACrBvD,OAAO,EAAE,eAAe;MACxBoC,IAAI,EAAEA,IAAI,CAACoB,MAAM,CAACC,GAAG;MACrBC,OAAO,EAAE,CAAC;MACVC,UAAU,EAAE,GAAG;MACfC,IAAI,EAAE9D,aAAa,CAACyB,KAAK,CAACzB,aAAa,IAAI;QACvC,OAAOD,qBAAqB,CAAC;UACzBE,MAAM;UACND;QACJ,CAAC,CAAC;MACN,CAAC;IACL,CAAC;IACD;IACA;IACA;IACA;IACA+D,IAAI,EAAE;MAAEC,QAAQ,EAAEb,UAAU;MAAEc,cAAc,EAAE;IAAK,CAAC;IACpDC,IAAI,EAAE;MACFC,SAAS,EAAE;IACf;EACJ,CAAC,CAAC;EAEFtD,UAAU,CAAC6B,MAAM,CAAC0B,oBAAoB,CAACC,KAAK,IAAI;IAAA,IAAAC,qBAAA,EAAAC,sBAAA,EAAAC,sBAAA;IAC5C,WAAAC,cAAA,CAAAC,OAAA,MAAAD,cAAA,CAAAC,OAAA,MACOL,KAAK;MACR;MACAM,eAAe,MAAAF,cAAA,CAAAC,OAAA,MAAAD,cAAA,CAAAC,OAAA,MACRL,KAAK,CAACM,eAAe;QACxBC,WAAW,EAAE,EAAAN,qBAAA,GAAAD,KAAK,CAACM,eAAe,cAAAL,qBAAA,uBAArBA,qBAAA,CAAuBM,WAAW,KAAI,KAAK;QACxDC,OAAO,EAAE,EAAAN,sBAAA,GAAAF,KAAK,CAACM,eAAe,cAAAJ,sBAAA,uBAArBA,sBAAA,CAAuBM,OAAO,KAAI;UAAEC,OAAO,EAAE;QAAO,CAAC;QAC9DC,OAAO,EAAE,CAAC,IAAI,EAAAP,sBAAA,GAAAH,KAAK,CAACM,eAAe,cAAAH,sBAAA,uBAArBA,sBAAA,CAAuBO,OAAO,KAAI,EAAE,CAAC,EAAE,MAAM;MAAC,EAC/D;MACDC,0BAA0B,EAAE,CACxB,IAAIX,KAAK,CAACW,0BAA0B,IAAI,EAAE,CAAC,EAC3C;QACIC,SAAS,EAAE,gBAAgB;QAC3BC,WAAW,EAAE,KAAK;QAClBC,SAAS,EAAE9B,YAAY,CAACK,MAAM,CAAC0B;MACnC,CAAC;IACJ;EAET,CAAC,CAAC;EAEF,OAAO;IAAE/B;EAAa,CAAC;AAC3B"}
|
|
@@ -48,7 +48,10 @@ function createApiPulumiApp(projectAppParams = {}) {
|
|
|
48
48
|
}
|
|
49
49
|
onResource(resource => {
|
|
50
50
|
if ((0, _pulumi.isResourceOfType)(resource, aws.lambda.Function)) {
|
|
51
|
-
resource.
|
|
51
|
+
const canUseVpc = resource.meta.canUseVpc !== false;
|
|
52
|
+
if (canUseVpc) {
|
|
53
|
+
resource.config.vpcConfig(useExistingVpc.lambdaFunctionsVpcConfig);
|
|
54
|
+
}
|
|
52
55
|
}
|
|
53
56
|
if ((0, _pulumi.isResourceOfType)(resource, aws.iam.Role)) {
|
|
54
57
|
if (resource.meta.isLambdaFunctionRole) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["aws","_interopRequireWildcard","require","_createApiPulumiApp","_pulumi","createApiPulumiApp","projectAppParams","baseCreateApiPulumiApp","_objectSpread2","default","vpc","getParam","usingAdvancedVpcParams","useExistingVpc","Boolean","pulumi","args","_projectAppParams$pul2","_projectAppParams$pul","call","onResource","addResource","lambdaFunctionsVpcConfig","Error","resource","isResourceOfType","lambda","Function","config","vpcConfig","iam","Role","
|
|
1
|
+
{"version":3,"names":["aws","_interopRequireWildcard","require","_createApiPulumiApp","_pulumi","createApiPulumiApp","projectAppParams","baseCreateApiPulumiApp","_objectSpread2","default","vpc","getParam","usingAdvancedVpcParams","useExistingVpc","Boolean","pulumi","args","_projectAppParams$pul2","_projectAppParams$pul","call","onResource","addResource","lambdaFunctionsVpcConfig","Error","resource","isResourceOfType","lambda","Function","canUseVpc","meta","config","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","name","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole"],"sources":["createApiPulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport {\n createApiPulumiApp as baseCreateApiPulumiApp,\n CreateApiPulumiAppParams as BaseCreateApiPulumiAppParams\n} from \"~/apps/api/createApiPulumiApp\";\nimport { isResourceOfType, PulumiAppParam } from \"@webiny/pulumi\";\n\nexport type ApiPulumiApp = ReturnType<typeof createApiPulumiApp>;\n\nexport type ApiPulumiAppAdvancedVpcParams = Partial<{\n useExistingVpc: {\n lambdaFunctionsVpcConfig: aws.types.input.lambda.FunctionVpcConfig;\n };\n}>;\n\nexport interface CreateApiPulumiAppParams extends Omit<BaseCreateApiPulumiAppParams, \"vpc\"> {\n vpc?: PulumiAppParam<boolean | ApiPulumiAppAdvancedVpcParams>;\n}\n\nexport function createApiPulumiApp(projectAppParams: CreateApiPulumiAppParams = {}) {\n return baseCreateApiPulumiApp({\n ...projectAppParams,\n // If using existing VPC, we ensure `vpc` param is set to `false`.\n vpc: ({ getParam }) => {\n const vpc = getParam(projectAppParams.vpc);\n const usingAdvancedVpcParams = vpc && typeof vpc !== \"boolean\";\n return usingAdvancedVpcParams && vpc.useExistingVpc ? false : Boolean(vpc);\n },\n pulumi(...args) {\n const [{ getParam }] = args;\n const vpc = getParam(projectAppParams.vpc);\n const usingAdvancedVpcParams = vpc && typeof vpc !== \"boolean\";\n\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return projectAppParams.pulumi?.(...args);\n }\n\n const [{ onResource, addResource }] = args;\n const { useExistingVpc } = vpc;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n }\n\n return projectAppParams.pulumi?.(...args);\n }\n });\n}\n"],"mappings":";;;;;;;;;AAAA,IAAAA,GAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,mBAAA,GAAAD,OAAA;AAIA,IAAAE,OAAA,GAAAF,OAAA;AAcO,SAASG,kBAAkBA,CAACC,gBAA0C,GAAG,CAAC,CAAC,EAAE;EAChF,OAAO,IAAAC,sCAAsB,MAAAC,cAAA,CAAAC,OAAA,MAAAD,cAAA,CAAAC,OAAA,MACtBH,gBAAgB;IACnB;IACAI,GAAG,EAAEA,CAAC;MAAEC;IAAS,CAAC,KAAK;MACnB,MAAMD,GAAG,GAAGC,QAAQ,CAACL,gBAAgB,CAACI,GAAG,CAAC;MAC1C,MAAME,sBAAsB,GAAGF,GAAG,IAAI,OAAOA,GAAG,KAAK,SAAS;MAC9D,OAAOE,sBAAsB,IAAIF,GAAG,CAACG,cAAc,GAAG,KAAK,GAAGC,OAAO,CAACJ,GAAG,CAAC;IAC9E,CAAC;IACDK,MAAMA,CAAC,GAAGC,IAAI,EAAE;MAAA,IAAAC,sBAAA;MACZ,MAAM,CAAC;QAAEN;MAAS,CAAC,CAAC,GAAGK,IAAI;MAC3B,MAAMN,GAAG,GAAGC,QAAQ,CAACL,gBAAgB,CAACI,GAAG,CAAC;MAC1C,MAAME,sBAAsB,GAAGF,GAAG,IAAI,OAAOA,GAAG,KAAK,SAAS;;MAE9D;MACA,IAAI,CAACE,sBAAsB,EAAE;QAAA,IAAAM,qBAAA;QACzB,QAAAA,qBAAA,GAAOZ,gBAAgB,CAACS,MAAM,cAAAG,qBAAA,uBAAvBA,qBAAA,CAAAC,IAAA,CAAAb,gBAAgB,EAAU,GAAGU,IAAI,CAAC;MAC7C;MAEA,MAAM,CAAC;QAAEI,UAAU;QAAEC;MAAY,CAAC,CAAC,GAAGL,IAAI;MAC1C,MAAM;QAAEH;MAAe,CAAC,GAAGH,GAAG;;MAE9B;MACA,IAAIG,cAAc,EAAE;QAChB,IAAI,CAACA,cAAc,CAACS,wBAAwB,EAAE;UAC1C,MAAM,IAAIC,KAAK,CACX,6GACJ,CAAC;QACL;QAEAH,UAAU,CAACI,QAAQ,IAAI;UACnB,IAAI,IAAAC,wBAAgB,EAACD,QAAQ,EAAExB,GAAG,CAAC0B,MAAM,CAACC,QAAQ,CAAC,EAAE;YACjD,MAAMC,SAAS,GAAGJ,QAAQ,CAACK,IAAI,CAACD,SAAS,KAAK,KAAK;YACnD,IAAIA,SAAS,EAAE;cACXJ,QAAQ,CAACM,MAAM,CAACC,SAAS,CAAClB,cAAc,CAAES,wBAAwB,CAAC;YACvE;UACJ;UAEA,IAAI,IAAAG,wBAAgB,EAACD,QAAQ,EAAExB,GAAG,CAACgC,GAAG,CAACC,IAAI,CAAC,EAAE;YAC1C,IAAIT,QAAQ,CAACK,IAAI,CAACK,oBAAoB,EAAE;cACpCb,WAAW,CAACrB,GAAG,CAACgC,GAAG,CAACG,oBAAoB,EAAE;gBACtCC,IAAI,EAAG,GAAEZ,QAAQ,CAACY,IAAK,4BAA2B;gBAClDN,MAAM,EAAE;kBACJO,IAAI,EAAEb,QAAQ,CAACc,MAAM,CAACF,IAAI;kBAC1BG,SAAS,EAAEvC,GAAG,CAACgC,GAAG,CAACQ,aAAa,CAACC;gBACrC;cACJ,CAAC,CAAC;YACN;UACJ;QACJ,CAAC,CAAC;MACN;MAEA,QAAAxB,sBAAA,GAAOX,gBAAgB,CAACS,MAAM,cAAAE,sBAAA,uBAAvBA,sBAAA,CAAAE,IAAA,CAAAb,gBAAgB,EAAU,GAAGU,IAAI,CAAC;IAC7C;EAAC,EACJ,CAAC;AACN"}
|
|
@@ -67,7 +67,10 @@ function createCorePulumiApp(projectAppParams = {}) {
|
|
|
67
67
|
}
|
|
68
68
|
onResource(resource => {
|
|
69
69
|
if ((0, _pulumi2.isResourceOfType)(resource, aws.lambda.Function)) {
|
|
70
|
-
resource.
|
|
70
|
+
const canUseVpc = resource.meta.canUseVpc !== false;
|
|
71
|
+
if (canUseVpc) {
|
|
72
|
+
resource.config.vpcConfig(useExistingVpc.lambdaFunctionsVpcConfig);
|
|
73
|
+
}
|
|
71
74
|
}
|
|
72
75
|
if ((0, _pulumi2.isResourceOfType)(resource, aws.iam.Role)) {
|
|
73
76
|
if (resource.meta.isLambdaFunctionRole) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["aws","_interopRequireWildcard","require","pulumi","_createCorePulumiApp","_pulumi2","_awsUtils","createCorePulumiApp","projectAppParams","baseCreateCorePulumiApp","_objectSpread2","default","vpc","getParam","usingAdvancedVpcParams","useExistingVpc","Boolean","args","_projectAppParams$pul3","app","_projectAppParams$pul","call","resources","addResource","onResource","useVpcEndpoints","_projectAppParams$pul2","Error","elasticSearch","elasticSearchDomainVpcConfig","resource","isResourceOfType","elasticsearch","Domain","config","vpcOptions","lambdaFunctionsVpcConfig","lambda","Function","vpcConfig","iam","Role","meta","isLambdaFunctionRole","RolePolicyAttachment","name","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","region","getAwsRegion","ec2","Vpc","enableDnsSupport","enableDnsHostnames","subnets","routeTables","VpcEndpoint","vpcId","id","serviceName","interpolate","routeTableIds","privateSubnets","vpcEndpointType","privateDnsEnabled","securityGroupIds","defaultSecurityGroupId","subnetIds","private","map","subNet"],"sources":["createCorePulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport {\n createCorePulumiApp as baseCreateCorePulumiApp,\n CreateCorePulumiAppParams as BaseCreateCorePulumiAppParams\n} from \"~/apps/core/createCorePulumiApp\";\nimport { isResourceOfType, PulumiAppParam } from \"@webiny/pulumi\";\nimport { getAwsRegion } from \"~/apps/awsUtils\";\n\nexport type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;\n\nexport type CorePulumiAppAdvancedVpcParams = Partial<{\n useVpcEndpoints: boolean;\n useExistingVpc: {\n elasticSearchDomainVpcConfig?: aws.types.input.elasticsearch.DomainVpcOptions;\n lambdaFunctionsVpcConfig: aws.types.input.lambda.FunctionVpcConfig;\n };\n}>;\n\nexport interface CreateCorePulumiAppParams extends Omit<BaseCreateCorePulumiAppParams, \"vpc\"> {\n vpc?: PulumiAppParam<boolean | CorePulumiAppAdvancedVpcParams>;\n}\n\nexport function createCorePulumiApp(projectAppParams: CreateCorePulumiAppParams = {}) {\n return baseCreateCorePulumiApp({\n ...projectAppParams,\n // If using existing VPC, we ensure `vpc` param is set to `false`.\n vpc: ({ getParam }) => {\n const vpc = getParam(projectAppParams.vpc);\n const usingAdvancedVpcParams = vpc && typeof vpc !== \"boolean\";\n return usingAdvancedVpcParams && vpc.useExistingVpc ? false : Boolean(vpc);\n },\n pulumi(...args) {\n const [app] = args;\n const { getParam } = app;\n const vpc = getParam(projectAppParams.vpc);\n const usingAdvancedVpcParams = vpc && typeof vpc !== \"boolean\";\n\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return projectAppParams.pulumi?.(...args);\n }\n\n const [{ resources, addResource, onResource }] = args;\n const { useExistingVpc, useVpcEndpoints } = vpc;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (\"useVpcEndpoints\" in vpc) {\n throw new Error(\n \"Cannot specify `useVpcEndpoints` parameter when using an existing VPC. The VPC endpoints configurations should be already defined within the existing VPC.\"\n );\n }\n\n if (projectAppParams.elasticSearch) {\n if (!useExistingVpc.elasticSearchDomainVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `elasticSearchDomainVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.elasticsearch.Domain)) {\n resource.config.vpcOptions(\n useExistingVpc!.elasticSearchDomainVpcConfig\n );\n }\n });\n }\n\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n\n return projectAppParams.pulumi?.(...args);\n }\n\n // 2. Now we deal with \"non-existing VPC\" setup.\n if (useVpcEndpoints) {\n const region = getAwsRegion(app);\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.ec2.Vpc)) {\n resource.config.enableDnsSupport(true);\n resource.config.enableDnsHostnames(true);\n }\n });\n\n const { vpc, subnets, routeTables } = resources.vpc!;\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-s3-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.s3`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-dynamodb-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.dynamodb`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-sqs-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.sqs`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-events-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.events`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n }\n\n return projectAppParams.pulumi?.(...args);\n }\n });\n}\n"],"mappings":";;;;;;;;;AAAA,IAAAA,GAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAF,uBAAA,CAAAC,OAAA;AACA,IAAAE,oBAAA,GAAAF,OAAA;AAIA,IAAAG,QAAA,GAAAH,OAAA;AACA,IAAAI,SAAA,GAAAJ,OAAA;AAgBO,SAASK,mBAAmBA,CAACC,gBAA2C,GAAG,CAAC,CAAC,EAAE;EAClF,OAAO,IAAAC,wCAAuB,MAAAC,cAAA,CAAAC,OAAA,MAAAD,cAAA,CAAAC,OAAA,MACvBH,gBAAgB;IACnB;IACAI,GAAG,EAAEA,CAAC;MAAEC;IAAS,CAAC,KAAK;MACnB,MAAMD,GAAG,GAAGC,QAAQ,CAACL,gBAAgB,CAACI,GAAG,CAAC;MAC1C,MAAME,sBAAsB,GAAGF,GAAG,IAAI,OAAOA,GAAG,KAAK,SAAS;MAC9D,OAAOE,sBAAsB,IAAIF,GAAG,CAACG,cAAc,GAAG,KAAK,GAAGC,OAAO,CAACJ,GAAG,CAAC;IAC9E,CAAC;IACDT,MAAMA,CAAC,GAAGc,IAAI,EAAE;MAAA,IAAAC,sBAAA;MACZ,MAAM,CAACC,GAAG,CAAC,GAAGF,IAAI;MAClB,MAAM;QAAEJ;MAAS,CAAC,GAAGM,GAAG;MACxB,MAAMP,GAAG,GAAGC,QAAQ,CAACL,gBAAgB,CAACI,GAAG,CAAC;MAC1C,MAAME,sBAAsB,GAAGF,GAAG,IAAI,OAAOA,GAAG,KAAK,SAAS;;MAE9D;MACA,IAAI,CAACE,sBAAsB,EAAE;QAAA,IAAAM,qBAAA;QACzB,QAAAA,qBAAA,GAAOZ,gBAAgB,CAACL,MAAM,cAAAiB,qBAAA,uBAAvBA,qBAAA,CAAAC,IAAA,CAAAb,gBAAgB,EAAU,GAAGS,IAAI,CAAC;MAC7C;MAEA,MAAM,CAAC;QAAEK,SAAS;QAAEC,WAAW;QAAEC;MAAW,CAAC,CAAC,GAAGP,IAAI;MACrD,MAAM;QAAEF,cAAc;QAAEU;MAAgB,CAAC,GAAGb,GAAG;;MAE/C;MACA,IAAIG,cAAc,EAAE;QAAA,IAAAW,sBAAA;QAChB,IAAI,iBAAiB,IAAId,GAAG,EAAE;UAC1B,MAAM,IAAIe,KAAK,CACX,4JACJ,CAAC;QACL;QAEA,IAAInB,gBAAgB,CAACoB,aAAa,EAAE;UAChC,IAAI,CAACb,cAAc,CAACc,4BAA4B,EAAE;YAC9C,MAAM,IAAIF,KAAK,CACX,iHACJ,CAAC;UACL;UAEAH,UAAU,CAACM,QAAQ,IAAI;YACnB,IAAI,IAAAC,yBAAgB,EAACD,QAAQ,EAAE9B,GAAG,CAACgC,aAAa,CAACC,MAAM,CAAC,EAAE;cACtDH,QAAQ,CAACI,MAAM,CAACC,UAAU,CACtBpB,cAAc,CAAEc,4BACpB,CAAC;YACL;UACJ,CAAC,CAAC;QACN;QAEA,IAAI,CAACd,cAAc,CAACqB,wBAAwB,EAAE;UAC1C,MAAM,IAAIT,KAAK,CACX,6GACJ,CAAC;QACL;QAEAH,UAAU,CAACM,QAAQ,IAAI;UACnB,IAAI,IAAAC,yBAAgB,EAACD,QAAQ,EAAE9B,GAAG,CAACqC,MAAM,CAACC,QAAQ,CAAC,EAAE;YACjDR,QAAQ,CAACI,MAAM,CAACK,SAAS,CAACxB,cAAc,CAAEqB,wBAAwB,CAAC;UACvE;UAEA,IAAI,IAAAL,yBAAgB,EAACD,QAAQ,EAAE9B,GAAG,CAACwC,GAAG,CAACC,IAAI,CAAC,EAAE;YAC1C,IAAIX,QAAQ,CAACY,IAAI,CAACC,oBAAoB,EAAE;cACpCpB,WAAW,CAACvB,GAAG,CAACwC,GAAG,CAACI,oBAAoB,EAAE;gBACtCC,IAAI,EAAG,GAAEf,QAAQ,CAACe,IAAK,4BAA2B;gBAClDX,MAAM,EAAE;kBACJY,IAAI,EAAEhB,QAAQ,CAACiB,MAAM,CAACF,IAAI;kBAC1BG,SAAS,EAAEhD,GAAG,CAACwC,GAAG,CAACS,aAAa,CAACC;gBACrC;cACJ,CAAC,CAAC;YACN;UACJ;QACJ,CAAC,CAAC;QAEF,QAAAxB,sBAAA,GAAOlB,gBAAgB,CAACL,MAAM,cAAAuB,sBAAA,uBAAvBA,sBAAA,CAAAL,IAAA,CAAAb,gBAAgB,EAAU,GAAGS,IAAI,CAAC;MAC7C;;MAEA;MACA,IAAIQ,eAAe,EAAE;QACjB,MAAM0B,MAAM,GAAG,IAAAC,sBAAY,EAACjC,GAAG,CAAC;QAEhCK,UAAU,CAACM,QAAQ,IAAI;UACnB,IAAI,IAAAC,yBAAgB,EAACD,QAAQ,EAAE9B,GAAG,CAACqD,GAAG,CAACC,GAAG,CAAC,EAAE;YACzCxB,QAAQ,CAACI,MAAM,CAACqB,gBAAgB,CAAC,IAAI,CAAC;YACtCzB,QAAQ,CAACI,MAAM,CAACsB,kBAAkB,CAAC,IAAI,CAAC;UAC5C;QACJ,CAAC,CAAC;QAEF,MAAM;UAAE5C,GAAG;UAAE6C,OAAO;UAAEC;QAAY,CAAC,GAAGpC,SAAS,CAACV,GAAI;QACpDW,WAAW,CAACvB,GAAG,CAACqD,GAAG,CAACM,WAAW,EAAE;UAC7Bd,IAAI,EAAE,qBAAqB;UAC3BX,MAAM,EAAE;YACJ0B,KAAK,EAAEhD,GAAG,CAACmC,MAAM,CAACc,EAAE;YACpBC,WAAW,EAAE3D,MAAM,CAAC4D,WAAY,iBAAgBZ,MAAO,KAAI;YAC3Da,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;UACxD;QACJ,CAAC,CAAC;QAEFtC,WAAW,CAACvB,GAAG,CAACqD,GAAG,CAACM,WAAW,EAAE;UAC7Bd,IAAI,EAAE,2BAA2B;UACjCX,MAAM,EAAE;YACJ0B,KAAK,EAAEhD,GAAG,CAACmC,MAAM,CAACc,EAAE;YACpBC,WAAW,EAAE3D,MAAM,CAAC4D,WAAY,iBAAgBZ,MAAO,WAAU;YACjEa,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;UACxD;QACJ,CAAC,CAAC;QAEFtC,WAAW,CAACvB,GAAG,CAACqD,GAAG,CAACM,WAAW,EAAE;UAC7Bd,IAAI,EAAE,sBAAsB;UAC5BX,MAAM,EAAE;YACJ0B,KAAK,EAAEhD,GAAG,CAACmC,MAAM,CAACc,EAAE;YACpBC,WAAW,EAAE3D,MAAM,CAAC4D,WAAY,iBAAgBZ,MAAO,MAAK;YAC5De,eAAe,EAAE,WAAW;YAC5BC,iBAAiB,EAAE,IAAI;YACvBC,gBAAgB,EAAE,CAACxD,GAAG,CAACmC,MAAM,CAACsB,sBAAsB,CAAC;YACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;UAC7D;QACJ,CAAC,CAAC;QAEFtC,WAAW,CAACvB,GAAG,CAACqD,GAAG,CAACM,WAAW,EAAE;UAC7Bd,IAAI,EAAE,yBAAyB;UAC/BX,MAAM,EAAE;YACJ0B,KAAK,EAAEhD,GAAG,CAACmC,MAAM,CAACc,EAAE;YACpBC,WAAW,EAAE3D,MAAM,CAAC4D,WAAY,iBAAgBZ,MAAO,SAAQ;YAC/De,eAAe,EAAE,WAAW;YAC5BC,iBAAiB,EAAE,IAAI;YACvBC,gBAAgB,EAAE,CAACxD,GAAG,CAACmC,MAAM,CAACsB,sBAAsB,CAAC;YACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;UAC7D;QACJ,CAAC,CAAC;MACN;MAEA,QAAA3C,sBAAA,GAAOV,gBAAgB,CAACL,MAAM,cAAAe,sBAAA,uBAAvBA,sBAAA,CAAAG,IAAA,CAAAb,gBAAgB,EAAU,GAAGS,IAAI,CAAC;IAC7C;EAAC,EACJ,CAAC;AACN"}
|
|
1
|
+
{"version":3,"names":["aws","_interopRequireWildcard","require","pulumi","_createCorePulumiApp","_pulumi2","_awsUtils","createCorePulumiApp","projectAppParams","baseCreateCorePulumiApp","_objectSpread2","default","vpc","getParam","usingAdvancedVpcParams","useExistingVpc","Boolean","args","_projectAppParams$pul3","app","_projectAppParams$pul","call","resources","addResource","onResource","useVpcEndpoints","_projectAppParams$pul2","Error","elasticSearch","elasticSearchDomainVpcConfig","resource","isResourceOfType","elasticsearch","Domain","config","vpcOptions","lambdaFunctionsVpcConfig","lambda","Function","canUseVpc","meta","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","name","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","region","getAwsRegion","ec2","Vpc","enableDnsSupport","enableDnsHostnames","subnets","routeTables","VpcEndpoint","vpcId","id","serviceName","interpolate","routeTableIds","privateSubnets","vpcEndpointType","privateDnsEnabled","securityGroupIds","defaultSecurityGroupId","subnetIds","private","map","subNet"],"sources":["createCorePulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport {\n createCorePulumiApp as baseCreateCorePulumiApp,\n CreateCorePulumiAppParams as BaseCreateCorePulumiAppParams\n} from \"~/apps/core/createCorePulumiApp\";\nimport { isResourceOfType, PulumiAppParam } from \"@webiny/pulumi\";\nimport { getAwsRegion } from \"~/apps/awsUtils\";\n\nexport type CorePulumiApp = ReturnType<typeof createCorePulumiApp>;\n\nexport type CorePulumiAppAdvancedVpcParams = Partial<{\n useVpcEndpoints: boolean;\n useExistingVpc: {\n elasticSearchDomainVpcConfig?: aws.types.input.elasticsearch.DomainVpcOptions;\n lambdaFunctionsVpcConfig: aws.types.input.lambda.FunctionVpcConfig;\n };\n}>;\n\nexport interface CreateCorePulumiAppParams extends Omit<BaseCreateCorePulumiAppParams, \"vpc\"> {\n vpc?: PulumiAppParam<boolean | CorePulumiAppAdvancedVpcParams>;\n}\n\nexport function createCorePulumiApp(projectAppParams: CreateCorePulumiAppParams = {}) {\n return baseCreateCorePulumiApp({\n ...projectAppParams,\n // If using existing VPC, we ensure `vpc` param is set to `false`.\n vpc: ({ getParam }) => {\n const vpc = getParam(projectAppParams.vpc);\n const usingAdvancedVpcParams = vpc && typeof vpc !== \"boolean\";\n return usingAdvancedVpcParams && vpc.useExistingVpc ? false : Boolean(vpc);\n },\n pulumi(...args) {\n const [app] = args;\n const { getParam } = app;\n const vpc = getParam(projectAppParams.vpc);\n const usingAdvancedVpcParams = vpc && typeof vpc !== \"boolean\";\n\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return projectAppParams.pulumi?.(...args);\n }\n\n const [{ resources, addResource, onResource }] = args;\n const { useExistingVpc, useVpcEndpoints } = vpc;\n\n // 1. We first deal with \"existing VPC\" setup.\n if (useExistingVpc) {\n if (\"useVpcEndpoints\" in vpc) {\n throw new Error(\n \"Cannot specify `useVpcEndpoints` parameter when using an existing VPC. The VPC endpoints configurations should be already defined within the existing VPC.\"\n );\n }\n\n if (projectAppParams.elasticSearch) {\n if (!useExistingVpc.elasticSearchDomainVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `elasticSearchDomainVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.elasticsearch.Domain)) {\n resource.config.vpcOptions(\n useExistingVpc!.elasticSearchDomainVpcConfig\n );\n }\n });\n }\n\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n\n return projectAppParams.pulumi?.(...args);\n }\n\n // 2. Now we deal with \"non-existing VPC\" setup.\n if (useVpcEndpoints) {\n const region = getAwsRegion(app);\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.ec2.Vpc)) {\n resource.config.enableDnsSupport(true);\n resource.config.enableDnsHostnames(true);\n }\n });\n\n const { vpc, subnets, routeTables } = resources.vpc!;\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-s3-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.s3`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-dynamodb-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.dynamodb`,\n routeTableIds: [routeTables.privateSubnets.output.id]\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-sqs-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.sqs`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n\n addResource(aws.ec2.VpcEndpoint, {\n name: \"vpc-events-vpc-endpoint\",\n config: {\n vpcId: vpc.output.id,\n serviceName: pulumi.interpolate`com.amazonaws.${region}.events`,\n vpcEndpointType: \"Interface\",\n privateDnsEnabled: true,\n securityGroupIds: [vpc.output.defaultSecurityGroupId],\n subnetIds: subnets.private.map(subNet => subNet.output.id)\n }\n });\n }\n\n return projectAppParams.pulumi?.(...args);\n }\n });\n}\n"],"mappings":";;;;;;;;;AAAA,IAAAA,GAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAF,uBAAA,CAAAC,OAAA;AACA,IAAAE,oBAAA,GAAAF,OAAA;AAIA,IAAAG,QAAA,GAAAH,OAAA;AACA,IAAAI,SAAA,GAAAJ,OAAA;AAgBO,SAASK,mBAAmBA,CAACC,gBAA2C,GAAG,CAAC,CAAC,EAAE;EAClF,OAAO,IAAAC,wCAAuB,MAAAC,cAAA,CAAAC,OAAA,MAAAD,cAAA,CAAAC,OAAA,MACvBH,gBAAgB;IACnB;IACAI,GAAG,EAAEA,CAAC;MAAEC;IAAS,CAAC,KAAK;MACnB,MAAMD,GAAG,GAAGC,QAAQ,CAACL,gBAAgB,CAACI,GAAG,CAAC;MAC1C,MAAME,sBAAsB,GAAGF,GAAG,IAAI,OAAOA,GAAG,KAAK,SAAS;MAC9D,OAAOE,sBAAsB,IAAIF,GAAG,CAACG,cAAc,GAAG,KAAK,GAAGC,OAAO,CAACJ,GAAG,CAAC;IAC9E,CAAC;IACDT,MAAMA,CAAC,GAAGc,IAAI,EAAE;MAAA,IAAAC,sBAAA;MACZ,MAAM,CAACC,GAAG,CAAC,GAAGF,IAAI;MAClB,MAAM;QAAEJ;MAAS,CAAC,GAAGM,GAAG;MACxB,MAAMP,GAAG,GAAGC,QAAQ,CAACL,gBAAgB,CAACI,GAAG,CAAC;MAC1C,MAAME,sBAAsB,GAAGF,GAAG,IAAI,OAAOA,GAAG,KAAK,SAAS;;MAE9D;MACA,IAAI,CAACE,sBAAsB,EAAE;QAAA,IAAAM,qBAAA;QACzB,QAAAA,qBAAA,GAAOZ,gBAAgB,CAACL,MAAM,cAAAiB,qBAAA,uBAAvBA,qBAAA,CAAAC,IAAA,CAAAb,gBAAgB,EAAU,GAAGS,IAAI,CAAC;MAC7C;MAEA,MAAM,CAAC;QAAEK,SAAS;QAAEC,WAAW;QAAEC;MAAW,CAAC,CAAC,GAAGP,IAAI;MACrD,MAAM;QAAEF,cAAc;QAAEU;MAAgB,CAAC,GAAGb,GAAG;;MAE/C;MACA,IAAIG,cAAc,EAAE;QAAA,IAAAW,sBAAA;QAChB,IAAI,iBAAiB,IAAId,GAAG,EAAE;UAC1B,MAAM,IAAIe,KAAK,CACX,4JACJ,CAAC;QACL;QAEA,IAAInB,gBAAgB,CAACoB,aAAa,EAAE;UAChC,IAAI,CAACb,cAAc,CAACc,4BAA4B,EAAE;YAC9C,MAAM,IAAIF,KAAK,CACX,iHACJ,CAAC;UACL;UAEAH,UAAU,CAACM,QAAQ,IAAI;YACnB,IAAI,IAAAC,yBAAgB,EAACD,QAAQ,EAAE9B,GAAG,CAACgC,aAAa,CAACC,MAAM,CAAC,EAAE;cACtDH,QAAQ,CAACI,MAAM,CAACC,UAAU,CACtBpB,cAAc,CAAEc,4BACpB,CAAC;YACL;UACJ,CAAC,CAAC;QACN;QAEA,IAAI,CAACd,cAAc,CAACqB,wBAAwB,EAAE;UAC1C,MAAM,IAAIT,KAAK,CACX,6GACJ,CAAC;QACL;QAEAH,UAAU,CAACM,QAAQ,IAAI;UACnB,IAAI,IAAAC,yBAAgB,EAACD,QAAQ,EAAE9B,GAAG,CAACqC,MAAM,CAACC,QAAQ,CAAC,EAAE;YACjD,MAAMC,SAAS,GAAGT,QAAQ,CAACU,IAAI,CAACD,SAAS,KAAK,KAAK;YACnD,IAAIA,SAAS,EAAE;cACXT,QAAQ,CAACI,MAAM,CAACO,SAAS,CAAC1B,cAAc,CAAEqB,wBAAwB,CAAC;YACvE;UACJ;UAEA,IAAI,IAAAL,yBAAgB,EAACD,QAAQ,EAAE9B,GAAG,CAAC0C,GAAG,CAACC,IAAI,CAAC,EAAE;YAC1C,IAAIb,QAAQ,CAACU,IAAI,CAACI,oBAAoB,EAAE;cACpCrB,WAAW,CAACvB,GAAG,CAAC0C,GAAG,CAACG,oBAAoB,EAAE;gBACtCC,IAAI,EAAG,GAAEhB,QAAQ,CAACgB,IAAK,4BAA2B;gBAClDZ,MAAM,EAAE;kBACJa,IAAI,EAAEjB,QAAQ,CAACkB,MAAM,CAACF,IAAI;kBAC1BG,SAAS,EAAEjD,GAAG,CAAC0C,GAAG,CAACQ,aAAa,CAACC;gBACrC;cACJ,CAAC,CAAC;YACN;UACJ;QACJ,CAAC,CAAC;QAEF,QAAAzB,sBAAA,GAAOlB,gBAAgB,CAACL,MAAM,cAAAuB,sBAAA,uBAAvBA,sBAAA,CAAAL,IAAA,CAAAb,gBAAgB,EAAU,GAAGS,IAAI,CAAC;MAC7C;;MAEA;MACA,IAAIQ,eAAe,EAAE;QACjB,MAAM2B,MAAM,GAAG,IAAAC,sBAAY,EAAClC,GAAG,CAAC;QAEhCK,UAAU,CAACM,QAAQ,IAAI;UACnB,IAAI,IAAAC,yBAAgB,EAACD,QAAQ,EAAE9B,GAAG,CAACsD,GAAG,CAACC,GAAG,CAAC,EAAE;YACzCzB,QAAQ,CAACI,MAAM,CAACsB,gBAAgB,CAAC,IAAI,CAAC;YACtC1B,QAAQ,CAACI,MAAM,CAACuB,kBAAkB,CAAC,IAAI,CAAC;UAC5C;QACJ,CAAC,CAAC;QAEF,MAAM;UAAE7C,GAAG;UAAE8C,OAAO;UAAEC;QAAY,CAAC,GAAGrC,SAAS,CAACV,GAAI;QACpDW,WAAW,CAACvB,GAAG,CAACsD,GAAG,CAACM,WAAW,EAAE;UAC7Bd,IAAI,EAAE,qBAAqB;UAC3BZ,MAAM,EAAE;YACJ2B,KAAK,EAAEjD,GAAG,CAACoC,MAAM,CAACc,EAAE;YACpBC,WAAW,EAAE5D,MAAM,CAAC6D,WAAY,iBAAgBZ,MAAO,KAAI;YAC3Da,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;UACxD;QACJ,CAAC,CAAC;QAEFvC,WAAW,CAACvB,GAAG,CAACsD,GAAG,CAACM,WAAW,EAAE;UAC7Bd,IAAI,EAAE,2BAA2B;UACjCZ,MAAM,EAAE;YACJ2B,KAAK,EAAEjD,GAAG,CAACoC,MAAM,CAACc,EAAE;YACpBC,WAAW,EAAE5D,MAAM,CAAC6D,WAAY,iBAAgBZ,MAAO,WAAU;YACjEa,aAAa,EAAE,CAACN,WAAW,CAACO,cAAc,CAAClB,MAAM,CAACc,EAAE;UACxD;QACJ,CAAC,CAAC;QAEFvC,WAAW,CAACvB,GAAG,CAACsD,GAAG,CAACM,WAAW,EAAE;UAC7Bd,IAAI,EAAE,sBAAsB;UAC5BZ,MAAM,EAAE;YACJ2B,KAAK,EAAEjD,GAAG,CAACoC,MAAM,CAACc,EAAE;YACpBC,WAAW,EAAE5D,MAAM,CAAC6D,WAAY,iBAAgBZ,MAAO,MAAK;YAC5De,eAAe,EAAE,WAAW;YAC5BC,iBAAiB,EAAE,IAAI;YACvBC,gBAAgB,EAAE,CAACzD,GAAG,CAACoC,MAAM,CAACsB,sBAAsB,CAAC;YACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;UAC7D;QACJ,CAAC,CAAC;QAEFvC,WAAW,CAACvB,GAAG,CAACsD,GAAG,CAACM,WAAW,EAAE;UAC7Bd,IAAI,EAAE,yBAAyB;UAC/BZ,MAAM,EAAE;YACJ2B,KAAK,EAAEjD,GAAG,CAACoC,MAAM,CAACc,EAAE;YACpBC,WAAW,EAAE5D,MAAM,CAAC6D,WAAY,iBAAgBZ,MAAO,SAAQ;YAC/De,eAAe,EAAE,WAAW;YAC5BC,iBAAiB,EAAE,IAAI;YACvBC,gBAAgB,EAAE,CAACzD,GAAG,CAACoC,MAAM,CAACsB,sBAAsB,CAAC;YACrDC,SAAS,EAAEb,OAAO,CAACc,OAAO,CAACC,GAAG,CAACC,MAAM,IAAIA,MAAM,CAAC1B,MAAM,CAACc,EAAE;UAC7D;QACJ,CAAC,CAAC;MACN;MAEA,QAAA5C,sBAAA,GAAOV,gBAAgB,CAACL,MAAM,cAAAe,sBAAA,uBAAvBA,sBAAA,CAAAG,IAAA,CAAAb,gBAAgB,EAAU,GAAGS,IAAI,CAAC;IAC7C;EAAC,EACJ,CAAC;AACN"}
|
|
@@ -46,7 +46,10 @@ function createWebsitePulumiApp(projectAppParams = {}) {
|
|
|
46
46
|
}
|
|
47
47
|
onResource(resource => {
|
|
48
48
|
if ((0, _pulumi.isResourceOfType)(resource, aws.lambda.Function)) {
|
|
49
|
-
resource.
|
|
49
|
+
const canUseVpc = resource.meta.canUseVpc !== false;
|
|
50
|
+
if (canUseVpc) {
|
|
51
|
+
resource.config.vpcConfig(useExistingVpc.lambdaFunctionsVpcConfig);
|
|
52
|
+
}
|
|
50
53
|
}
|
|
51
54
|
if ((0, _pulumi.isResourceOfType)(resource, aws.iam.Role)) {
|
|
52
55
|
if (resource.meta.isLambdaFunctionRole) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["aws","_interopRequireWildcard","require","_createWebsitePulumiApp","_pulumi","createWebsitePulumiApp","projectAppParams","baseCreateWebsitePulumiApp","_objectSpread2","default","vpc","getParam","usingAdvancedVpcParams","useExistingVpc","Boolean","pulumi","args","_projectAppParams$pul2","_projectAppParams$pul","call","onResource","addResource","lambdaFunctionsVpcConfig","Error","resource","isResourceOfType","lambda","Function","config","vpcConfig","iam","Role","
|
|
1
|
+
{"version":3,"names":["aws","_interopRequireWildcard","require","_createWebsitePulumiApp","_pulumi","createWebsitePulumiApp","projectAppParams","baseCreateWebsitePulumiApp","_objectSpread2","default","vpc","getParam","usingAdvancedVpcParams","useExistingVpc","Boolean","pulumi","args","_projectAppParams$pul2","_projectAppParams$pul","call","onResource","addResource","lambdaFunctionsVpcConfig","Error","resource","isResourceOfType","lambda","Function","canUseVpc","meta","config","vpcConfig","iam","Role","isLambdaFunctionRole","RolePolicyAttachment","name","role","output","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole"],"sources":["createWebsitePulumiApp.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport {\n createWebsitePulumiApp as baseCreateWebsitePulumiApp,\n CreateWebsitePulumiAppParams as BaseCreateWebsitePulumiAppParams\n} from \"~/apps/website/createWebsitePulumiApp\";\nimport { isResourceOfType, PulumiAppParam } from \"@webiny/pulumi\";\n\nexport type WebsitePulumiApp = ReturnType<typeof createWebsitePulumiApp>;\n\nexport type WebsitePulumiAppAdvancedVpcParams = Partial<{\n useExistingVpc: {\n lambdaFunctionsVpcConfig: aws.types.input.lambda.FunctionVpcConfig;\n };\n}>;\n\nexport interface CreateWebsitePulumiAppParams\n extends Omit<BaseCreateWebsitePulumiAppParams, \"vpc\"> {\n vpc?: PulumiAppParam<boolean | WebsitePulumiAppAdvancedVpcParams>;\n}\n\nexport function createWebsitePulumiApp(projectAppParams: CreateWebsitePulumiAppParams = {}) {\n return baseCreateWebsitePulumiApp({\n ...projectAppParams,\n // If using existing VPC, we ensure `vpc` param is set to `false`.\n vpc: ({ getParam }) => {\n const vpc = getParam(projectAppParams.vpc);\n const usingAdvancedVpcParams = vpc && typeof vpc !== \"boolean\";\n return usingAdvancedVpcParams && vpc.useExistingVpc ? false : Boolean(vpc);\n },\n pulumi(...args) {\n const [{ getParam }] = args;\n const vpc = getParam(projectAppParams.vpc);\n const usingAdvancedVpcParams = vpc && typeof vpc !== \"boolean\";\n\n // Not using advanced VPC params? Then immediately exit.\n if (!usingAdvancedVpcParams) {\n return projectAppParams.pulumi?.(...args);\n }\n\n const [{ onResource, addResource }] = args;\n const { useExistingVpc } = vpc;\n\n if (useExistingVpc) {\n if (!useExistingVpc.lambdaFunctionsVpcConfig) {\n throw new Error(\n \"Cannot specify `useExistingVpc` parameter because the `lambdaFunctionsVpcConfig` parameter wasn't provided.\"\n );\n }\n\n onResource(resource => {\n if (isResourceOfType(resource, aws.lambda.Function)) {\n const canUseVpc = resource.meta.canUseVpc !== false;\n if (canUseVpc) {\n resource.config.vpcConfig(useExistingVpc!.lambdaFunctionsVpcConfig);\n }\n }\n\n if (isResourceOfType(resource, aws.iam.Role)) {\n if (resource.meta.isLambdaFunctionRole) {\n addResource(aws.iam.RolePolicyAttachment, {\n name: `${resource.name}-vpc-access-execution-role`,\n config: {\n role: resource.output.name,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n }\n }\n });\n }\n\n return projectAppParams.pulumi?.(...args);\n }\n });\n}\n"],"mappings":";;;;;;;;;AAAA,IAAAA,GAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,uBAAA,GAAAD,OAAA;AAIA,IAAAE,OAAA,GAAAF,OAAA;AAeO,SAASG,sBAAsBA,CAACC,gBAA8C,GAAG,CAAC,CAAC,EAAE;EACxF,OAAO,IAAAC,8CAA0B,MAAAC,cAAA,CAAAC,OAAA,MAAAD,cAAA,CAAAC,OAAA,MAC1BH,gBAAgB;IACnB;IACAI,GAAG,EAAEA,CAAC;MAAEC;IAAS,CAAC,KAAK;MACnB,MAAMD,GAAG,GAAGC,QAAQ,CAACL,gBAAgB,CAACI,GAAG,CAAC;MAC1C,MAAME,sBAAsB,GAAGF,GAAG,IAAI,OAAOA,GAAG,KAAK,SAAS;MAC9D,OAAOE,sBAAsB,IAAIF,GAAG,CAACG,cAAc,GAAG,KAAK,GAAGC,OAAO,CAACJ,GAAG,CAAC;IAC9E,CAAC;IACDK,MAAMA,CAAC,GAAGC,IAAI,EAAE;MAAA,IAAAC,sBAAA;MACZ,MAAM,CAAC;QAAEN;MAAS,CAAC,CAAC,GAAGK,IAAI;MAC3B,MAAMN,GAAG,GAAGC,QAAQ,CAACL,gBAAgB,CAACI,GAAG,CAAC;MAC1C,MAAME,sBAAsB,GAAGF,GAAG,IAAI,OAAOA,GAAG,KAAK,SAAS;;MAE9D;MACA,IAAI,CAACE,sBAAsB,EAAE;QAAA,IAAAM,qBAAA;QACzB,QAAAA,qBAAA,GAAOZ,gBAAgB,CAACS,MAAM,cAAAG,qBAAA,uBAAvBA,qBAAA,CAAAC,IAAA,CAAAb,gBAAgB,EAAU,GAAGU,IAAI,CAAC;MAC7C;MAEA,MAAM,CAAC;QAAEI,UAAU;QAAEC;MAAY,CAAC,CAAC,GAAGL,IAAI;MAC1C,MAAM;QAAEH;MAAe,CAAC,GAAGH,GAAG;MAE9B,IAAIG,cAAc,EAAE;QAChB,IAAI,CAACA,cAAc,CAACS,wBAAwB,EAAE;UAC1C,MAAM,IAAIC,KAAK,CACX,6GACJ,CAAC;QACL;QAEAH,UAAU,CAACI,QAAQ,IAAI;UACnB,IAAI,IAAAC,wBAAgB,EAACD,QAAQ,EAAExB,GAAG,CAAC0B,MAAM,CAACC,QAAQ,CAAC,EAAE;YACjD,MAAMC,SAAS,GAAGJ,QAAQ,CAACK,IAAI,CAACD,SAAS,KAAK,KAAK;YACnD,IAAIA,SAAS,EAAE;cACXJ,QAAQ,CAACM,MAAM,CAACC,SAAS,CAAClB,cAAc,CAAES,wBAAwB,CAAC;YACvE;UACJ;UAEA,IAAI,IAAAG,wBAAgB,EAACD,QAAQ,EAAExB,GAAG,CAACgC,GAAG,CAACC,IAAI,CAAC,EAAE;YAC1C,IAAIT,QAAQ,CAACK,IAAI,CAACK,oBAAoB,EAAE;cACpCb,WAAW,CAACrB,GAAG,CAACgC,GAAG,CAACG,oBAAoB,EAAE;gBACtCC,IAAI,EAAG,GAAEZ,QAAQ,CAACY,IAAK,4BAA2B;gBAClDN,MAAM,EAAE;kBACJO,IAAI,EAAEb,QAAQ,CAACc,MAAM,CAACF,IAAI;kBAC1BG,SAAS,EAAEvC,GAAG,CAACgC,GAAG,CAACQ,aAAa,CAACC;gBACrC;cACJ,CAAC,CAAC;YACN;UACJ;QACJ,CAAC,CAAC;MACN;MAEA,QAAAxB,sBAAA,GAAOX,gBAAgB,CAACS,MAAM,cAAAE,sBAAA,uBAAvBA,sBAAA,CAAAE,IAAA,CAAAb,gBAAgB,EAAU,GAAGU,IAAI,CAAC;IAC7C;EAAC,EACJ,CAAC;AACN"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@webiny/pulumi-aws",
|
|
3
|
-
"version": "5.37.
|
|
3
|
+
"version": "5.37.3-beta.1",
|
|
4
4
|
"repository": {
|
|
5
5
|
"type": "git",
|
|
6
6
|
"url": "https://github.com/webiny/webiny-js.git"
|
|
@@ -15,8 +15,8 @@
|
|
|
15
15
|
"dependencies": {
|
|
16
16
|
"@pulumi/aws": "^5.8.0",
|
|
17
17
|
"@pulumi/pulumi": "^3.34.0",
|
|
18
|
-
"@webiny/cli-plugin-deploy-pulumi": "5.37.
|
|
19
|
-
"@webiny/pulumi": "5.37.
|
|
18
|
+
"@webiny/cli-plugin-deploy-pulumi": "5.37.3-beta.1",
|
|
19
|
+
"@webiny/pulumi": "5.37.3-beta.1",
|
|
20
20
|
"form-data": "4.0.0",
|
|
21
21
|
"node-fetch": "2.6.9"
|
|
22
22
|
},
|
|
@@ -26,10 +26,10 @@
|
|
|
26
26
|
"@babel/preset-env": "7.22.7",
|
|
27
27
|
"@babel/preset-typescript": "7.22.5",
|
|
28
28
|
"@babel/runtime": "7.22.6",
|
|
29
|
-
"@webiny/api-page-builder": "5.37.
|
|
30
|
-
"@webiny/aws-layers": "5.37.
|
|
31
|
-
"@webiny/cli": "5.37.
|
|
32
|
-
"@webiny/project-utils": "5.37.
|
|
29
|
+
"@webiny/api-page-builder": "5.37.3-beta.1",
|
|
30
|
+
"@webiny/aws-layers": "5.37.3-beta.1",
|
|
31
|
+
"@webiny/cli": "5.37.3-beta.1",
|
|
32
|
+
"@webiny/project-utils": "5.37.3-beta.1",
|
|
33
33
|
"chalk": "4.1.2",
|
|
34
34
|
"lodash": "4.17.21",
|
|
35
35
|
"mime": "2.6.0",
|
|
@@ -49,5 +49,5 @@
|
|
|
49
49
|
]
|
|
50
50
|
}
|
|
51
51
|
},
|
|
52
|
-
"gitHead": "
|
|
52
|
+
"gitHead": "59d377132f34c76cb198cd0f0eee211a56ca25b7"
|
|
53
53
|
}
|