@webiny/pulumi-aws 5.40.0-beta.5 → 5.40.0-beta.6

package/apps/api/ApiApwScheduler.js

@@ -30,7 +30,7 @@ const ApiApwScheduler = exports.ApiApwScheduler = (0, _pulumi2.createAppModule)(
       config: {
         description: `Enable us to schedule an action in publishing workflow at a particular datetime`,
         scheduleExpression: "cron(* * * * ? 2000)",
-        isEnabled: true
+        state: "ENABLED"
       }
     });
 

package/apps/api/ApiApwScheduler.js.map

@@ -1 +1 @@
-{"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_constants","_pulumi2","_common","_lambdaUtils","LAMBDA_NAME_PREFIX","CREATE_RULE_LAMBDA","EXECUTE_ACTION_LAMBDA","EVENT_RULE_NAME","EVENT_RULE_TARGET","ApiApwScheduler","exports","createAppModule","name","config","app","params","executeAction","createExecuteActionLambda","scheduleAction","createScheduleActionLambda","lambda","output","eventRule","addResource","cloudwatch","EventRule","description","scheduleExpression","isEnabled","Permission","action","function","arn","principal","statementId","eventTarget","EventTarget","rule","role","iam","Role","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","meta","isLambdaFunctionRole","policy","createExecuteActionLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaBasicExecutionRole","Function","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","core","getModule","CoreOutput","Policy","Sid","Resource","interpolate","primaryDynamodbTableArn","executeLambda","createScheduleActionLambdaPolicy","APW_SCHEDULER_EXECUTE_ACTION_HANDLER"],"sources":["ApiApwScheduler.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { CoreOutput } from \"../common\";\nimport { getCommonLambdaEnvVariables } from \"../lambdaUtils\";\n\ninterface ScheduleActionParams {\n    env: Record<string, any>;\n}\n\nconst LAMBDA_NAME_PREFIX = \"apw-scheduler\";\nconst CREATE_RULE_LAMBDA = `${LAMBDA_NAME_PREFIX}-schedule-action-lambda`;\nconst EXECUTE_ACTION_LAMBDA = `${LAMBDA_NAME_PREFIX}-execute-action-lambda`;\nconst EVENT_RULE_NAME = `${LAMBDA_NAME_PREFIX}-event-rule`;\nconst EVENT_RULE_TARGET = `${LAMBDA_NAME_PREFIX}-event-rule-target`;\n\nexport type ApiApwScheduler = PulumiAppModule<typeof ApiApwScheduler>;\n\nexport const ApiApwScheduler = createAppModule({\n    name: \"ApiApwScheduler\",\n    config(app: PulumiApp, params: ScheduleActionParams) {\n        const executeAction = createExecuteActionLambda(app, params);\n        const scheduleAction = createScheduleActionLambda(app, executeAction.lambda.output, params);\n\n        // Create event rule.\n        const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n            name: EVENT_RULE_NAME,\n            config: {\n                description: `Enable us to schedule an action in publishing workflow at a particular datetime`,\n                scheduleExpression: \"cron(* * * * ? 2000)\",\n                isEnabled: true\n            }\n        });\n\n        // Add required permission to the target lambda.\n        app.addResource(aws.lambda.Permission, {\n            name: \"eventTargetPermission\",\n            config: {\n                action: \"lambda:InvokeFunction\",\n                function: scheduleAction.lambda.output.arn,\n                principal: \"events.amazonaws.com\",\n                statementId: \"allow-rule-invoke-\" + EVENT_RULE_NAME\n            }\n        });\n\n        // Add lambda as target to the event rule.\n        const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n            name: EVENT_RULE_TARGET,\n            config: {\n                rule: eventRule.output.name,\n                arn: scheduleAction.lambda.output.arn\n            }\n        });\n\n        return {\n            executeAction,\n            scheduleAction,\n            eventRule,\n            eventTarget\n        };\n    }\n});\n\nfunction createExecuteActionLambda(app: PulumiApp, params: ScheduleActionParams) {\n    const role = app.addResource(aws.iam.Role, {\n        name: `${EXECUTE_ACTION_LAMBDA}-role`,\n        config: {\n            assumeRolePolicy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Action: \"sts:AssumeRole\",\n                        Principal: {\n                            Service: \"lambda.amazonaws.com\"\n                        },\n                        Effect: \"Allow\"\n                    }\n                ]\n            }\n        },\n        meta: { isLambdaFunctionRole: true }\n    });\n\n    const policy = createExecuteActionLambdaPolicy(app);\n\n    app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${EXECUTE_ACTION_LAMBDA}-role-policy-attachment`,\n        config: {\n            role: role.output,\n            policyArn: policy.output.arn\n        }\n    });\n\n    app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${EXECUTE_ACTION_LAMBDA}-AWSLambdaBasicExecutionRole`,\n        config: {\n            role: role.output,\n            policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n        }\n    });\n\n    const lambda = app.addResource(aws.lambda.Function, {\n        name: EXECUTE_ACTION_LAMBDA,\n        config: {\n            role: role.output.arn,\n            runtime: LAMBDA_RUNTIME,\n            handler: \"handler.handler\",\n            timeout: 60,\n            memorySize: 128,\n            description: \"Handle execute action workflow in apw scheduler\",\n            code: new pulumi.asset.AssetArchive({\n                \".\": new pulumi.asset.FileArchive(\n                    path.join(app.paths.workspace, \"apw/executeAction/build\")\n                )\n            }),\n            environment: {\n                variables: getCommonLambdaEnvVariables().apply(value => ({\n                    ...value,\n                    ...params.env\n                }))\n            }\n        }\n    });\n\n    return {\n        role,\n        policy,\n        lambda\n    };\n}\n\nfunction createExecuteActionLambdaPolicy(app: PulumiApp) {\n    const core = app.getModule(CoreOutput);\n\n    return app.addResource(aws.iam.Policy, {\n        name: \"ApwSchedulerExecuteActionLambdaPolicy\",\n        config: {\n            description: \"This policy enables access to cloudwatch event and lambda invocation\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionLambda\",\n                        Effect: \"Allow\",\n                        Action: [\"lambda:InvokeFunction\"],\n                        Resource: [\"*\"]\n                    },\n                    {\n                        Sid: \"PermissionDynamoDB\",\n                        Effect: \"Allow\",\n                        Action: [\"dynamodb:Query\", \"dynamodb:GetItem\", \"dynamodb:DeleteItem\"],\n                        Resource: [\n                            pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n                            pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n                        ]\n                    }\n                ]\n            }\n        }\n    });\n}\n\nfunction createScheduleActionLambda(\n    app: PulumiApp,\n    executeLambda: pulumi.Output<aws.lambda.Function>,\n    params: ScheduleActionParams\n) {\n    const role = app.addResource(aws.iam.Role, {\n        name: `${CREATE_RULE_LAMBDA}-role`,\n        config: {\n            assumeRolePolicy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Action: \"sts:AssumeRole\",\n                        Principal: {\n                            Service: \"lambda.amazonaws.com\"\n                        },\n                        Effect: \"Allow\"\n                    }\n                ]\n            }\n        },\n        meta: { isLambdaFunctionRole: true }\n    });\n\n    const policy = createScheduleActionLambdaPolicy(app);\n\n    app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${CREATE_RULE_LAMBDA}-role-policy-attachment`,\n        config: {\n            role: role.output,\n            policyArn: policy.output.arn\n        }\n    });\n\n    app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${CREATE_RULE_LAMBDA}-AWSLambdaBasicExecutionRole`,\n        config: {\n            role: role.output,\n            policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n        }\n    });\n\n    const lambda = app.addResource(aws.lambda.Function, {\n        name: CREATE_RULE_LAMBDA,\n        config: {\n            role: role.output.arn,\n            runtime: LAMBDA_RUNTIME,\n            handler: \"handler.handler\",\n            timeout: 60,\n            memorySize: 128,\n            description: \"Handle schedule action workflow in apw scheduler\",\n            code: new pulumi.asset.AssetArchive({\n                \".\": new pulumi.asset.FileArchive(\n                    path.join(app.paths.workspace, \"apw/scheduleAction/build\")\n                )\n            }),\n            environment: {\n                variables: getCommonLambdaEnvVariables().apply(value => ({\n                    ...value,\n                    ...params.env,\n                    APW_SCHEDULER_EXECUTE_ACTION_HANDLER: executeLambda.arn\n                    // RULE_NAME: this.eventRule.name.apply(name => name),\n                    // RULE_TARGET_ID: this.eventTarget.targetId.apply(id => id)\n                }))\n            }\n        }\n    });\n\n    return {\n        role,\n        policy,\n        lambda\n    };\n}\n\nfunction createScheduleActionLambdaPolicy(app: PulumiApp) {\n    const core = app.getModule(CoreOutput);\n\n    return app.addResource(aws.iam.Policy, {\n        name: \"ApwSchedulerScheduleActionLambdaPolicy\",\n        config: {\n            description: \"This policy enables access to cloudwatch event and lambda invocation\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionLambda\",\n                        Effect: \"Allow\",\n                        Action: [\"lambda:InvokeFunction\"],\n                        Resource: [\"*\"]\n                    },\n                    {\n                        Sid: \"PermissionDynamoDB\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"dynamodb:PutItem\",\n                            \"dynamodb:Query\",\n                            \"dynamodb:GetItem\",\n                            \"dynamodb:UpdateItem\",\n                            \"dynamodb:DeleteItem\"\n                        ],\n                        Resource: [\n                            pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n                            pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n                        ]\n                    },\n                    {\n                        Sid: \"PermissionEvents\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"events:DeleteRule\",\n                            \"events:PutTargets\",\n                            \"events:PutRule\",\n                            \"events:ListRules\",\n                            \"events:RemoveTargets\",\n                            \"events:ListTargetsByRule\"\n                        ],\n                        Resource: [\"*\"]\n                    }\n                ]\n            }\n        }\n    });\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AACA,IAAAO,YAAA,GAAAP,OAAA;AAMA,MAAMQ,kBAAkB,GAAG,eAAe;AAC1C,MAAMC,kBAAkB,GAAI,GAAED,kBAAmB,yBAAwB;AACzE,MAAME,qBAAqB,GAAI,GAAEF,kBAAmB,wBAAuB;AAC3E,MAAMG,eAAe,GAAI,GAAEH,kBAAmB,aAAY;AAC1D,MAAMI,iBAAiB,GAAI,GAAEJ,kBAAmB,oBAAmB;AAI5D,MAAMK,eAAe,GAAAC,OAAA,CAAAD,eAAA,GAAG,IAAAE,wBAAe,EAAC;EAC3CC,IAAI,EAAE,iBAAiB;EACvBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,MAAMC,aAAa,GAAGC,yBAAyB,CAACH,GAAG,EAAEC,MAAM,CAAC;IAC5D,MAAMG,cAAc,GAAGC,0BAA0B,CAACL,GAAG,EAAEE,aAAa,CAACI,MAAM,CAACC,MAAM,EAAEN,MAAM,CAAC;;IAE3F;IACA,MAAMO,SAAS,GAAGR,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACyB,UAAU,CAACC,SAAS,EAAE;MACxDb,IAAI,EAAEL,eAAe;MACrBM,MAAM,EAAE;QACJa,WAAW,EAAG,iFAAgF;QAC9FC,kBAAkB,EAAE,sBAAsB;QAC1CC,SAAS,EAAE;MACf;IACJ,CAAC,CAAC;;IAEF;IACAd,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACS,UAAU,EAAE;MACnCjB,IAAI,EAAE,uBAAuB;MAC7BC,MAAM,EAAE;QACJiB,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAEb,cAAc,CAACE,MAAM,CAACC,MAAM,CAACW,GAAG;QAC1CC,SAAS,EAAE,sBAAsB;QACjCC,WAAW,EAAE,oBAAoB,GAAG3B;MACxC;IACJ,CAAC,CAAC;;IAEF;IACA,MAAM4B,WAAW,GAAGrB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACyB,UAAU,CAACY,WAAW,EAAE;MAC5DxB,IAAI,EAAEJ,iBAAiB;MACvBK,MAAM,EAAE;QACJwB,IAAI,EAAEf,SAAS,CAACD,MAAM,CAACT,IAAI;QAC3BoB,GAAG,EAAEd,cAAc,CAACE,MAAM,CAACC,MAAM,CAACW;MACtC;IACJ,CAAC,CAAC;IAEF,OAAO;MACHhB,aAAa;MACbE,cAAc;MACdI,SAAS;MACTa;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASlB,yBAAyBA,CAACH,GAAc,EAAEC,MAA4B,EAAE;EAC7E,MAAMuB,IAAI,GAAGxB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACC,IAAI,EAAE;IACvC5B,IAAI,EAAG,GAAEN,qBAAsB,OAAM;IACrCO,MAAM,EAAE;MACJ4B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBAAgB;UACxBC,SAAS,EAAE;YACPC,OAAO,EAAE;UACb,CAAC;UACDC,MAAM,EAAE;QACZ,CAAC;MAET;IACJ,CAAC;IACDC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAK;EACvC,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGC,+BAA+B,CAACrC,GAAG,CAAC;EAEnDA,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAG,GAAEN,qBAAsB,yBAAwB;IACvDO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEH,MAAM,CAAC7B,MAAM,CAACW;IAC7B;EACJ,CAAC,CAAC;EAEFlB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAG,GAAEN,qBAAsB,8BAA6B;IAC5DO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEtD,GAAG,CAACwC,GAAG,CAACe,aAAa,CAACC;IACrC;EACJ,CAAC,CAAC;EAEF,MAAMnC,MAAM,GAAGN,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACoC,QAAQ,EAAE;IAChD5C,IAAI,EAAEN,qBAAqB;IAC3BO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM,CAACW,GAAG;MACrByB,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfnC,WAAW,EAAE,iDAAiD;MAC9DoC,IAAI,EAAE,IAAIjE,MAAM,CAACkE,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAInE,MAAM,CAACkE,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACrD,GAAG,CAACsD,KAAK,CAACC,SAAS,EAAE,yBAAyB,CAC5D;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAG3D,MAAM,CAAC4D;QACd,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHrC,IAAI;IACJY,MAAM;IACN9B;EACJ,CAAC;AACL;AAEA,SAAS+B,+BAA+BA,CAACrC,GAAc,EAAE;EACrD,MAAM8D,IAAI,GAAG9D,GAAG,CAAC+D,SAAS,CAACC,kBAAU,CAAC;EAEtC,OAAOhE,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACwC,MAAM,EAAE;IACnCnE,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJa,WAAW,EAAE,sEAAsE;MACnFwB,MAAM,EAAE;QACJR,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIqC,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,uBAAuB,CAAC;UACjCqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC,EACD;UACID,GAAG,EAAE,oBAAoB;UACzBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,qBAAqB,CAAC;UACrEqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAY,GAAEN,IAAI,CAACO,uBAAwB,EAAC,EACnDtF,MAAM,CAACqF,WAAY,GAAEN,IAAI,CAACO,uBAAwB,IAAG;QAE7D,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN;AAEA,SAAShE,0BAA0BA,CAC/BL,GAAc,EACdsE,aAAiD,EACjDrE,MAA4B,EAC9B;EACE,MAAMuB,IAAI,GAAGxB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACC,IAAI,EAAE;IACvC5B,IAAI,EAAG,GAAEP,kBAAmB,OAAM;IAClCQ,MAAM,EAAE;MACJ4B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBAAgB;UACxBC,SAAS,EAAE;YACPC,OAAO,EAAE;UACb,CAAC;UACDC,MAAM,EAAE;QACZ,CAAC;MAET;IACJ,CAAC;IACDC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAK;EACvC,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGmC,gCAAgC,CAACvE,GAAG,CAAC;EAEpDA,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAG,GAAEP,kBAAmB,yBAAwB;IACpDQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEH,MAAM,CAAC7B,MAAM,CAACW;IAC7B;EACJ,CAAC,CAAC;EAEFlB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAG,GAAEP,kBAAmB,8BAA6B;IACzDQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEtD,GAAG,CAACwC,GAAG,CAACe,aAAa,CAACC;IACrC;EACJ,CAAC,CAAC;EAEF,MAAMnC,MAAM,GAAGN,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACoC,QAAQ,EAAE;IAChD5C,IAAI,EAAEP,kBAAkB;IACxBQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM,CAACW,GAAG;MACrByB,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfnC,WAAW,EAAE,kDAAkD;MAC/DoC,IAAI,EAAE,IAAIjE,MAAM,CAACkE,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAInE,MAAM,CAACkE,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACrD,GAAG,CAACsD,KAAK,CAACC,SAAS,EAAE,0BAA0B,CAC7D;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAG3D,MAAM,CAAC4D,GAAG;UACbW,oCAAoC,EAAEF,aAAa,CAACpD;UACpD;UACA;QACJ,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHM,IAAI;IACJY,MAAM;IACN9B;EACJ,CAAC;AACL;AAEA,SAASiE,gCAAgCA,CAACvE,GAAc,EAAE;EACtD,MAAM8D,IAAI,GAAG9D,GAAG,CAAC+D,SAAS,CAACC,kBAAU,CAAC;EAEtC,OAAOhE,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACwC,MAAM,EAAE;IACnCnE,IAAI,EAAE,wCAAwC;IAC9CC,MAAM,EAAE;MACJa,WAAW,EAAE,sEAAsE;MACnFwB,MAAM,EAAE;QACJR,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIqC,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,uBAAuB,CAAC;UACjCqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC,EACD;UACID,GAAG,EAAE,oBAAoB;UACzBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,CACxB;UACDqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAY,GAAEN,IAAI,CAACO,uBAAwB,EAAC,EACnDtF,MAAM,CAACqF,WAAY,GAAEN,IAAI,CAACO,uBAAwB,IAAG;QAE7D,CAAC,EACD;UACIH,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,0BAA0B,CAC7B;UACDqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
+{"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_constants","_pulumi2","_common","_lambdaUtils","LAMBDA_NAME_PREFIX","CREATE_RULE_LAMBDA","EXECUTE_ACTION_LAMBDA","EVENT_RULE_NAME","EVENT_RULE_TARGET","ApiApwScheduler","exports","createAppModule","name","config","app","params","executeAction","createExecuteActionLambda","scheduleAction","createScheduleActionLambda","lambda","output","eventRule","addResource","cloudwatch","EventRule","description","scheduleExpression","state","Permission","action","function","arn","principal","statementId","eventTarget","EventTarget","rule","role","iam","Role","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","meta","isLambdaFunctionRole","policy","createExecuteActionLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaBasicExecutionRole","Function","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","core","getModule","CoreOutput","Policy","Sid","Resource","interpolate","primaryDynamodbTableArn","executeLambda","createScheduleActionLambdaPolicy","APW_SCHEDULER_EXECUTE_ACTION_HANDLER"],"sources":["ApiApwScheduler.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { CoreOutput } from \"../common\";\nimport { getCommonLambdaEnvVariables } from \"../lambdaUtils\";\n\ninterface ScheduleActionParams {\n    env: Record<string, any>;\n}\n\nconst LAMBDA_NAME_PREFIX = \"apw-scheduler\";\nconst CREATE_RULE_LAMBDA = `${LAMBDA_NAME_PREFIX}-schedule-action-lambda`;\nconst EXECUTE_ACTION_LAMBDA = `${LAMBDA_NAME_PREFIX}-execute-action-lambda`;\nconst EVENT_RULE_NAME = `${LAMBDA_NAME_PREFIX}-event-rule`;\nconst EVENT_RULE_TARGET = `${LAMBDA_NAME_PREFIX}-event-rule-target`;\n\nexport type ApiApwScheduler = PulumiAppModule<typeof ApiApwScheduler>;\n\nexport const ApiApwScheduler = createAppModule({\n    name: \"ApiApwScheduler\",\n    config(app: PulumiApp, params: ScheduleActionParams) {\n        const executeAction = createExecuteActionLambda(app, params);\n        const scheduleAction = createScheduleActionLambda(app, executeAction.lambda.output, params);\n\n        // Create event rule.\n        const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n            name: EVENT_RULE_NAME,\n            config: {\n                description: `Enable us to schedule an action in publishing workflow at a particular datetime`,\n                scheduleExpression: \"cron(* * * * ? 2000)\",\n                state: \"ENABLED\"\n            }\n        });\n\n        // Add required permission to the target lambda.\n        app.addResource(aws.lambda.Permission, {\n            name: \"eventTargetPermission\",\n            config: {\n                action: \"lambda:InvokeFunction\",\n                function: scheduleAction.lambda.output.arn,\n                principal: \"events.amazonaws.com\",\n                statementId: \"allow-rule-invoke-\" + EVENT_RULE_NAME\n            }\n        });\n\n        // Add lambda as target to the event rule.\n        const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n            name: EVENT_RULE_TARGET,\n            config: {\n                rule: eventRule.output.name,\n                arn: scheduleAction.lambda.output.arn\n            }\n        });\n\n        return {\n            executeAction,\n            scheduleAction,\n            eventRule,\n            eventTarget\n        };\n    }\n});\n\nfunction createExecuteActionLambda(app: PulumiApp, params: ScheduleActionParams) {\n    const role = app.addResource(aws.iam.Role, {\n        name: `${EXECUTE_ACTION_LAMBDA}-role`,\n        config: {\n            assumeRolePolicy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Action: \"sts:AssumeRole\",\n                        Principal: {\n                            Service: \"lambda.amazonaws.com\"\n                        },\n                        Effect: \"Allow\"\n                    }\n                ]\n            }\n        },\n        meta: { isLambdaFunctionRole: true }\n    });\n\n    const policy = createExecuteActionLambdaPolicy(app);\n\n    app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${EXECUTE_ACTION_LAMBDA}-role-policy-attachment`,\n        config: {\n            role: role.output,\n            policyArn: policy.output.arn\n        }\n    });\n\n    app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${EXECUTE_ACTION_LAMBDA}-AWSLambdaBasicExecutionRole`,\n        config: {\n            role: role.output,\n            policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n        }\n    });\n\n    const lambda = app.addResource(aws.lambda.Function, {\n        name: EXECUTE_ACTION_LAMBDA,\n        config: {\n            role: role.output.arn,\n            runtime: LAMBDA_RUNTIME,\n            handler: \"handler.handler\",\n            timeout: 60,\n            memorySize: 128,\n            description: \"Handle execute action workflow in apw scheduler\",\n            code: new pulumi.asset.AssetArchive({\n                \".\": new pulumi.asset.FileArchive(\n                    path.join(app.paths.workspace, \"apw/executeAction/build\")\n                )\n            }),\n            environment: {\n                variables: getCommonLambdaEnvVariables().apply(value => ({\n                    ...value,\n                    ...params.env\n                }))\n            }\n        }\n    });\n\n    return {\n        role,\n        policy,\n        lambda\n    };\n}\n\nfunction createExecuteActionLambdaPolicy(app: PulumiApp) {\n    const core = app.getModule(CoreOutput);\n\n    return app.addResource(aws.iam.Policy, {\n        name: \"ApwSchedulerExecuteActionLambdaPolicy\",\n        config: {\n            description: \"This policy enables access to cloudwatch event and lambda invocation\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionLambda\",\n                        Effect: \"Allow\",\n                        Action: [\"lambda:InvokeFunction\"],\n                        Resource: [\"*\"]\n                    },\n                    {\n                        Sid: \"PermissionDynamoDB\",\n                        Effect: \"Allow\",\n                        Action: [\"dynamodb:Query\", \"dynamodb:GetItem\", \"dynamodb:DeleteItem\"],\n                        Resource: [\n                            pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n                            pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n                        ]\n                    }\n                ]\n            }\n        }\n    });\n}\n\nfunction createScheduleActionLambda(\n    app: PulumiApp,\n    executeLambda: pulumi.Output<aws.lambda.Function>,\n    params: ScheduleActionParams\n) {\n    const role = app.addResource(aws.iam.Role, {\n        name: `${CREATE_RULE_LAMBDA}-role`,\n        config: {\n            assumeRolePolicy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Action: \"sts:AssumeRole\",\n                        Principal: {\n                            Service: \"lambda.amazonaws.com\"\n                        },\n                        Effect: \"Allow\"\n                    }\n                ]\n            }\n        },\n        meta: { isLambdaFunctionRole: true }\n    });\n\n    const policy = createScheduleActionLambdaPolicy(app);\n\n    app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${CREATE_RULE_LAMBDA}-role-policy-attachment`,\n        config: {\n            role: role.output,\n            policyArn: policy.output.arn\n        }\n    });\n\n    app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${CREATE_RULE_LAMBDA}-AWSLambdaBasicExecutionRole`,\n        config: {\n            role: role.output,\n            policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n        }\n    });\n\n    const lambda = app.addResource(aws.lambda.Function, {\n        name: CREATE_RULE_LAMBDA,\n        config: {\n            role: role.output.arn,\n            runtime: LAMBDA_RUNTIME,\n            handler: \"handler.handler\",\n            timeout: 60,\n            memorySize: 128,\n            description: \"Handle schedule action workflow in apw scheduler\",\n            code: new pulumi.asset.AssetArchive({\n                \".\": new pulumi.asset.FileArchive(\n                    path.join(app.paths.workspace, \"apw/scheduleAction/build\")\n                )\n            }),\n            environment: {\n                variables: getCommonLambdaEnvVariables().apply(value => ({\n                    ...value,\n                    ...params.env,\n                    APW_SCHEDULER_EXECUTE_ACTION_HANDLER: executeLambda.arn\n                    // RULE_NAME: this.eventRule.name.apply(name => name),\n                    // RULE_TARGET_ID: this.eventTarget.targetId.apply(id => id)\n                }))\n            }\n        }\n    });\n\n    return {\n        role,\n        policy,\n        lambda\n    };\n}\n\nfunction createScheduleActionLambdaPolicy(app: PulumiApp) {\n    const core = app.getModule(CoreOutput);\n\n    return app.addResource(aws.iam.Policy, {\n        name: \"ApwSchedulerScheduleActionLambdaPolicy\",\n        config: {\n            description: \"This policy enables access to cloudwatch event and lambda invocation\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionLambda\",\n                        Effect: \"Allow\",\n                        Action: [\"lambda:InvokeFunction\"],\n                        Resource: [\"*\"]\n                    },\n                    {\n                        Sid: \"PermissionDynamoDB\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"dynamodb:PutItem\",\n                            \"dynamodb:Query\",\n                            \"dynamodb:GetItem\",\n                            \"dynamodb:UpdateItem\",\n                            \"dynamodb:DeleteItem\"\n                        ],\n                        Resource: [\n                            pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n                            pulumi.interpolate`${core.primaryDynamodbTableArn}/*`\n                        ]\n                    },\n                    {\n                        Sid: \"PermissionEvents\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"events:DeleteRule\",\n                            \"events:PutTargets\",\n                            \"events:PutRule\",\n                            \"events:ListRules\",\n                            \"events:RemoveTargets\",\n                            \"events:ListTargetsByRule\"\n                        ],\n                        Resource: [\"*\"]\n                    }\n                ]\n            }\n        }\n    });\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AACA,IAAAO,YAAA,GAAAP,OAAA;AAMA,MAAMQ,kBAAkB,GAAG,eAAe;AAC1C,MAAMC,kBAAkB,GAAI,GAAED,kBAAmB,yBAAwB;AACzE,MAAME,qBAAqB,GAAI,GAAEF,kBAAmB,wBAAuB;AAC3E,MAAMG,eAAe,GAAI,GAAEH,kBAAmB,aAAY;AAC1D,MAAMI,iBAAiB,GAAI,GAAEJ,kBAAmB,oBAAmB;AAI5D,MAAMK,eAAe,GAAAC,OAAA,CAAAD,eAAA,GAAG,IAAAE,wBAAe,EAAC;EAC3CC,IAAI,EAAE,iBAAiB;EACvBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,MAAMC,aAAa,GAAGC,yBAAyB,CAACH,GAAG,EAAEC,MAAM,CAAC;IAC5D,MAAMG,cAAc,GAAGC,0BAA0B,CAACL,GAAG,EAAEE,aAAa,CAACI,MAAM,CAACC,MAAM,EAAEN,MAAM,CAAC;;IAE3F;IACA,MAAMO,SAAS,GAAGR,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACyB,UAAU,CAACC,SAAS,EAAE;MACxDb,IAAI,EAAEL,eAAe;MACrBM,MAAM,EAAE;QACJa,WAAW,EAAG,iFAAgF;QAC9FC,kBAAkB,EAAE,sBAAsB;QAC1CC,KAAK,EAAE;MACX;IACJ,CAAC,CAAC;;IAEF;IACAd,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACS,UAAU,EAAE;MACnCjB,IAAI,EAAE,uBAAuB;MAC7BC,MAAM,EAAE;QACJiB,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAEb,cAAc,CAACE,MAAM,CAACC,MAAM,CAACW,GAAG;QAC1CC,SAAS,EAAE,sBAAsB;QACjCC,WAAW,EAAE,oBAAoB,GAAG3B;MACxC;IACJ,CAAC,CAAC;;IAEF;IACA,MAAM4B,WAAW,GAAGrB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACyB,UAAU,CAACY,WAAW,EAAE;MAC5DxB,IAAI,EAAEJ,iBAAiB;MACvBK,MAAM,EAAE;QACJwB,IAAI,EAAEf,SAAS,CAACD,MAAM,CAACT,IAAI;QAC3BoB,GAAG,EAAEd,cAAc,CAACE,MAAM,CAACC,MAAM,CAACW;MACtC;IACJ,CAAC,CAAC;IAEF,OAAO;MACHhB,aAAa;MACbE,cAAc;MACdI,SAAS;MACTa;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASlB,yBAAyBA,CAACH,GAAc,EAAEC,MAA4B,EAAE;EAC7E,MAAMuB,IAAI,GAAGxB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACC,IAAI,EAAE;IACvC5B,IAAI,EAAG,GAAEN,qBAAsB,OAAM;IACrCO,MAAM,EAAE;MACJ4B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBAAgB;UACxBC,SAAS,EAAE;YACPC,OAAO,EAAE;UACb,CAAC;UACDC,MAAM,EAAE;QACZ,CAAC;MAET;IACJ,CAAC;IACDC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAK;EACvC,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGC,+BAA+B,CAACrC,GAAG,CAAC;EAEnDA,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAG,GAAEN,qBAAsB,yBAAwB;IACvDO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEH,MAAM,CAAC7B,MAAM,CAACW;IAC7B;EACJ,CAAC,CAAC;EAEFlB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAG,GAAEN,qBAAsB,8BAA6B;IAC5DO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEtD,GAAG,CAACwC,GAAG,CAACe,aAAa,CAACC;IACrC;EACJ,CAAC,CAAC;EAEF,MAAMnC,MAAM,GAAGN,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACoC,QAAQ,EAAE;IAChD5C,IAAI,EAAEN,qBAAqB;IAC3BO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM,CAACW,GAAG;MACrByB,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfnC,WAAW,EAAE,iDAAiD;MAC9DoC,IAAI,EAAE,IAAIjE,MAAM,CAACkE,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAInE,MAAM,CAACkE,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACrD,GAAG,CAACsD,KAAK,CAACC,SAAS,EAAE,yBAAyB,CAC5D;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAG3D,MAAM,CAAC4D;QACd,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHrC,IAAI;IACJY,MAAM;IACN9B;EACJ,CAAC;AACL;AAEA,SAAS+B,+BAA+BA,CAACrC,GAAc,EAAE;EACrD,MAAM8D,IAAI,GAAG9D,GAAG,CAAC+D,SAAS,CAACC,kBAAU,CAAC;EAEtC,OAAOhE,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACwC,MAAM,EAAE;IACnCnE,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJa,WAAW,EAAE,sEAAsE;MACnFwB,MAAM,EAAE;QACJR,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIqC,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,uBAAuB,CAAC;UACjCqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC,EACD;UACID,GAAG,EAAE,oBAAoB;UACzBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,qBAAqB,CAAC;UACrEqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAY,GAAEN,IAAI,CAACO,uBAAwB,EAAC,EACnDtF,MAAM,CAACqF,WAAY,GAAEN,IAAI,CAACO,uBAAwB,IAAG;QAE7D,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN;AAEA,SAAShE,0BAA0BA,CAC/BL,GAAc,EACdsE,aAAiD,EACjDrE,MAA4B,EAC9B;EACE,MAAMuB,IAAI,GAAGxB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACC,IAAI,EAAE;IACvC5B,IAAI,EAAG,GAAEP,kBAAmB,OAAM;IAClCQ,MAAM,EAAE;MACJ4B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBAAgB;UACxBC,SAAS,EAAE;YACPC,OAAO,EAAE;UACb,CAAC;UACDC,MAAM,EAAE;QACZ,CAAC;MAET;IACJ,CAAC;IACDC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAK;EACvC,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGmC,gCAAgC,CAACvE,GAAG,CAAC;EAEpDA,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAG,GAAEP,kBAAmB,yBAAwB;IACpDQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEH,MAAM,CAAC7B,MAAM,CAACW;IAC7B;EACJ,CAAC,CAAC;EAEFlB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAG,GAAEP,kBAAmB,8BAA6B;IACzDQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEtD,GAAG,CAACwC,GAAG,CAACe,aAAa,CAACC;IACrC;EACJ,CAAC,CAAC;EAEF,MAAMnC,MAAM,GAAGN,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACoC,QAAQ,EAAE;IAChD5C,IAAI,EAAEP,kBAAkB;IACxBQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM,CAACW,GAAG;MACrByB,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfnC,WAAW,EAAE,kDAAkD;MAC/DoC,IAAI,EAAE,IAAIjE,MAAM,CAACkE,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAInE,MAAM,CAACkE,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACrD,GAAG,CAACsD,KAAK,CAACC,SAAS,EAAE,0BAA0B,CAC7D;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAG3D,MAAM,CAAC4D,GAAG;UACbW,oCAAoC,EAAEF,aAAa,CAACpD;UACpD;UACA;QACJ,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHM,IAAI;IACJY,MAAM;IACN9B;EACJ,CAAC;AACL;AAEA,SAASiE,gCAAgCA,CAACvE,GAAc,EAAE;EACtD,MAAM8D,IAAI,GAAG9D,GAAG,CAAC+D,SAAS,CAACC,kBAAU,CAAC;EAEtC,OAAOhE,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACwC,MAAM,EAAE;IACnCnE,IAAI,EAAE,wCAAwC;IAC9CC,MAAM,EAAE;MACJa,WAAW,EAAE,sEAAsE;MACnFwB,MAAM,EAAE;QACJR,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIqC,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,uBAAuB,CAAC;UACjCqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC,EACD;UACID,GAAG,EAAE,oBAAoB;UACzBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,CACxB;UACDqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAY,GAAEN,IAAI,CAACO,uBAAwB,EAAC,EACnDtF,MAAM,CAACqF,WAAY,GAAEN,IAAI,CAACO,uBAAwB,IAAG;QAE7D,CAAC,EACD;UACIH,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,0BAA0B,CAC7B;UACDqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}

package/apps/core/CoreElasticSearch.js

@@ -211,8 +211,8 @@ const ElasticSearch = exports.ElasticSearch = (0, _pulumi2.createAppModule)({
         role: role.output.arn,
         runtime: _constants.LAMBDA_RUNTIME,
         handler: "handler.handler",
-        timeout: 600,
-        memorySize: 512,
+        timeout: 900,
+        memorySize: 1024,
         environment: {
           variables: {
             DEBUG: String(process.env.DEBUG),
@@ -236,7 +236,7 @@ const ElasticSearch = exports.ElasticSearch = (0, _pulumi2.createAppModule)({
         functionName: lambda.output.arn,
         startingPosition: "LATEST",
         maximumRetryAttempts: 3,
-        batchSize: 200,
+        batchSize: 50,
         maximumBatchingWindowInSeconds: 1
       }
     });
@@ -244,7 +244,8 @@ const ElasticSearch = exports.ElasticSearch = (0, _pulumi2.createAppModule)({
       elasticsearchDomainArn: domain.output.arn,
       elasticsearchDomainEndpoint: domain.output.endpoint,
       elasticsearchDynamodbTableArn: table.output.arn,
-      elasticsearchDynamodbTableName: table.output.name
+      elasticsearchDynamodbTableName: table.output.name,
+      elasticsearchDynamoToElasticLambdaName: lambda.output.name
     });
     return {
       domain,
@@ -269,7 +270,7 @@ function getDynamoDbToElasticLambdaPolicy(app, domain) {
         Statement: [{
           Sid: "PermissionForES",
           Effect: "Allow",
-          Action: ["es:ESHttpDelete", "es:ESHttpPatch", "es:ESHttpPost", "es:ESHttpPut"],
+          Action: ["es:ESHttpGet", "es:ESHttpDelete", "es:ESHttpPatch", "es:ESHttpPost", "es:ESHttpPut"],
           Resource: [pulumi.interpolate`${domain.arn}`, pulumi.interpolate`${domain.arn}/*`]
         }]
       }

package/apps/core/CoreElasticSearch.js.map

@@ -1 +1 @@
-{"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_pulumi2","_awsUtils","_CoreVpc","_constants","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","ElasticSearch","exports","createAppModule","name","config","app","params","domainName","accountId","getAwsAccountId","productionEnvironments","create","DEFAULT_PROD_ENV_NAMES","isProduction","includes","run","env","vpc","getModule","CoreVpc","optional","domain","domainPolicy","process","AWS_ELASTIC_SEARCH_DOMAIN_NAME","String","addRemoteResource","elasticsearch","getDomain","async","addResource","Domain","elasticsearchVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","DomainPolicy","accessPolicies","Version","Statement","Effect","Principal","AWS","Action","Resource","interpolate","arn","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","environment","variables","DEBUG","ELASTIC_SEARCH_ENDPOINT","endpoint","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","elasticsearchDomainArn","elasticsearchDomainEndpoint","elasticsearchDynamodbTableArn","elasticsearchDynamodbTableName","dynamoToElastic","Policy","Sid"],"sources":["CoreElasticSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport {\n    createAppModule,\n    PulumiApp,\n    PulumiAppResource,\n    PulumiAppResourceConstructor,\n    PulumiAppRemoteResource\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { CoreVpc } from \"./CoreVpc\";\nimport { DEFAULT_PROD_ENV_NAMES, LAMBDA_RUNTIME } from \"~/constants\";\n\nexport interface ElasticSearchParams {\n    protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n    return {\n        instanceType: \"t3.small.elasticsearch\"\n    };\n}\n\nfunction getProdClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n    return {\n        // For production deployments, we create 2 instances and configure multi-AZ.\n        instanceType: \"t3.medium.elasticsearch\",\n        instanceCount: 2,\n        zoneAwarenessEnabled: true,\n        zoneAwarenessConfig: {\n            availabilityZoneCount: 2\n        }\n    };\n}\n\nexport const ElasticSearch = createAppModule({\n    name: \"ElasticSearch\",\n    config(app, params: ElasticSearchParams) {\n        const domainName = \"webiny-js\";\n        const accountId = getAwsAccountId(app);\n\n        const productionEnvironments =\n            app.params.create.productionEnvironments || DEFAULT_PROD_ENV_NAMES;\n        const isProduction = productionEnvironments.includes(app.params.run.env);\n\n        const vpc = app.getModule(CoreVpc, { optional: true });\n\n        // This needs to be implemented in order to be able to use a shared ElasticSearch cluster.\n        let domain:\n            | PulumiAppResource<PulumiAppResourceConstructor<aws.elasticsearch.Domain>>\n            | PulumiAppRemoteResource<aws.elasticsearch.GetDomainResult>;\n\n        let domainPolicy;\n\n        if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {\n            const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME);\n            // This can be useful for testing purposes in ephemeral environments. More information here:\n            // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n            domain = app.addRemoteResource(domainName, () => {\n                return aws.elasticsearch.getDomain({ domainName }, { async: true });\n            });\n        } else {\n            // Regular ElasticSearch deployment.\n            domain = app.addResource(aws.elasticsearch.Domain, {\n                name: domainName,\n                config: {\n                    elasticsearchVersion: \"7.10\",\n                    clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n                    vpcOptions: vpc\n                        ? {\n                              subnetIds: vpc.subnets.private.map(s => s.output.id),\n                              securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                          }\n                        : undefined,\n                    ebsOptions: {\n                        ebsEnabled: true,\n                        volumeSize: 10,\n                        volumeType: \"gp2\"\n                    },\n                    advancedOptions: {\n                        \"rest.action.multi.allow_explicit_index\": \"true\"\n                    },\n                    snapshotOptions: {\n                        automatedSnapshotStartHour: 23\n                    }\n                },\n                opts: { protect: params.protect }\n            });\n\n            /**\n             * Domain policy defines who can access your Elasticsearch Domain.\n             * For details on Elasticsearch security, read the official documentation:\n             * https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/security.html\n             */\n            domainPolicy = app.addResource(aws.elasticsearch.DomainPolicy, {\n                name: `${domainName}-policy`,\n                config: {\n                    domainName: domain.output.domainName,\n                    accessPolicies: {\n                        Version: \"2012-10-17\",\n                        Statement: [\n                            /**\n                             * Allow requests signed with current account\n                             */\n                            {\n                                Effect: \"Allow\",\n                                Principal: {\n                                    AWS: accountId\n                                },\n                                Action: \"es:*\",\n                                Resource: pulumi.interpolate`${domain.output.arn}/*`\n                            }\n                        ]\n                    }\n                },\n                opts: { protect: params.protect }\n            });\n        }\n\n        /**\n         * Create a table for Elasticsearch records. All ES records are stored in this table to dramatically improve\n         * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n         * a single source of truth for your Elasticsearch domain. Streaming is enabled on this table, and it will\n         * allow asynchronous synchronization of data with Elasticsearch domain.\n         */\n        const table = app.addResource(aws.dynamodb.Table, {\n            name: \"webiny-es\",\n            config: {\n                attributes: [\n                    { name: \"PK\", type: \"S\" },\n                    { name: \"SK\", type: \"S\" }\n                ],\n                streamEnabled: true,\n                streamViewType: \"NEW_AND_OLD_IMAGES\",\n                billingMode: \"PAY_PER_REQUEST\",\n                hashKey: \"PK\",\n                rangeKey: \"SK\"\n            },\n            opts: { protect: params.protect }\n        });\n\n        const roleName = \"dynamo-to-elastic-lambda-role\";\n\n        const role = app.addResource(aws.iam.Role, {\n            name: roleName,\n            config: {\n                assumeRolePolicy: {\n                    Version: \"2012-10-17\",\n                    Statement: [\n                        {\n                            Action: \"sts:AssumeRole\",\n                            Principal: {\n                                Service: \"lambda.amazonaws.com\"\n                            },\n                            Effect: \"Allow\"\n                        }\n                    ]\n                }\n            },\n            meta: { isLambdaFunctionRole: true }\n        });\n\n        const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n            config: {\n                role: role.output,\n                policyArn: policy.output.arn\n            }\n        });\n\n        // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n        if (vpc) {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n                }\n            });\n        } else {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaBasicExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n                }\n            });\n        }\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n            config: {\n                role: role.output,\n                policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n            }\n        });\n\n        /**\n         * This Lambda will process the stream events from DynamoDB table that contains Elasticsearch items.\n         * Elasticsearch can't take large amount of individual writes in a short period of time, so this way\n         * we store data for Elasticsearch in a DynamoDB table, and asynchronously insert it into Elasticsearch\n         * using batching.\n         */\n        const lambda = app.addResource(aws.lambda.Function, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                role: role.output.arn,\n                runtime: LAMBDA_RUNTIME,\n                handler: \"handler.handler\",\n                timeout: 600,\n                memorySize: 512,\n                environment: {\n                    variables: {\n                        DEBUG: String(process.env.DEBUG),\n                        ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint\n                    }\n                },\n                description: \"Process DynamoDB Stream.\",\n                code: new pulumi.asset.AssetArchive({\n                    \".\": new pulumi.asset.FileArchive(\n                        path.join(app.paths.workspace, \"dynamoToElastic/build\")\n                    )\n                }),\n                vpcConfig: vpc\n                    ? {\n                          subnetIds: vpc.subnets.private.map(s => s.output.id),\n                          securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                      }\n                    : undefined\n            }\n        });\n\n        const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                eventSourceArn: table.output.streamArn,\n                functionName: lambda.output.arn,\n                startingPosition: \"LATEST\",\n                maximumRetryAttempts: 3,\n                batchSize: 200,\n                maximumBatchingWindowInSeconds: 1\n            }\n        });\n\n        app.addOutputs({\n            elasticsearchDomainArn: domain.output.arn,\n            elasticsearchDomainEndpoint: domain.output.endpoint,\n            elasticsearchDynamodbTableArn: table.output.arn,\n            elasticsearchDynamodbTableName: table.output.name\n        });\n\n        return {\n            domain,\n            domainPolicy,\n            table,\n            dynamoToElastic: {\n                role,\n                policy,\n                lambda,\n                eventSourceMapping\n            }\n        };\n    }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n    app: PulumiApp,\n    domain: pulumi.Output<aws.elasticsearch.Domain | aws.elasticsearch.GetDomainResult>\n) {\n    return app.addResource(aws.iam.Policy, {\n        name: \"DynamoDbToElasticLambdaPolicy-updated\",\n        config: {\n            description: \"This policy enables access to ES and Dynamodb streams\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForES\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"es:ESHttpDelete\",\n                            \"es:ESHttpPatch\",\n                            \"es:ESHttpPost\",\n                            \"es:ESHttpPut\"\n                        ],\n                        Resource: [\n                            pulumi.interpolate`${domain.arn}`,\n                            pulumi.interpolate`${domain.arn}/*`\n                        ]\n                    }\n                ]\n            }\n        }\n    });\n}\n"],"mappings":";;;;;;;;AAKA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,QAAA,GAAAJ,OAAA;AAQA,IAAAK,SAAA,GAAAL,OAAA;AACA,IAAAM,QAAA,GAAAN,OAAA;AACA,IAAAO,UAAA,GAAAP,OAAA;AAlBA;AACA;AACA;AACA;AACA;;AAoBA,SAASQ,mBAAmBA,CAAA,EAAsD;EAC9E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAsD;EAC/E,OAAO;IACH;IACAD,YAAY,EAAE,yBAAyB;IACvCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEO,MAAMC,aAAa,GAAAC,OAAA,CAAAD,aAAA,GAAG,IAAAE,wBAAe,EAAC;EACzCC,IAAI,EAAE,eAAe;EACrBC,MAAMA,CAACC,GAAG,EAAEC,MAA2B,EAAE;IACrC,MAAMC,UAAU,GAAG,WAAW;IAC9B,MAAMC,SAAS,GAAG,IAAAC,yBAAe,EAACJ,GAAG,CAAC;IAEtC,MAAMK,sBAAsB,GACxBL,GAAG,CAACC,MAAM,CAACK,MAAM,CAACD,sBAAsB,IAAIE,iCAAsB;IACtE,MAAMC,YAAY,GAAGH,sBAAsB,CAACI,QAAQ,CAACT,GAAG,CAACC,MAAM,CAACS,GAAG,CAACC,GAAG,CAAC;IAExE,MAAMC,GAAG,GAAGZ,GAAG,CAACa,SAAS,CAACC,gBAAO,EAAE;MAAEC,QAAQ,EAAE;IAAK,CAAC,CAAC;;IAEtD;IACA,IAAIC,MAE4D;IAEhE,IAAIC,YAAY;IAEhB,IAAIC,OAAO,CAACP,GAAG,CAACQ,8BAA8B,EAAE;MAC5C,MAAMjB,UAAU,GAAGkB,MAAM,CAACF,OAAO,CAACP,GAAG,CAACQ,8BAA8B,CAAC;MACrE;MACA;MACAH,MAAM,GAAGhB,GAAG,CAACqB,iBAAiB,CAACnB,UAAU,EAAE,MAAM;QAC7C,OAAOnB,GAAG,CAACuC,aAAa,CAACC,SAAS,CAAC;UAAErB;QAAW,CAAC,EAAE;UAAEsB,KAAK,EAAE;QAAK,CAAC,CAAC;MACvE,CAAC,CAAC;IACN,CAAC,MAAM;MACH;MACAR,MAAM,GAAGhB,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACuC,aAAa,CAACI,MAAM,EAAE;QAC/C5B,IAAI,EAAEI,UAAU;QAChBH,MAAM,EAAE;UACJ4B,oBAAoB,EAAE,MAAM;UAC5BC,aAAa,EAAEpB,YAAY,GAAGlB,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5EyC,UAAU,EAAEjB,GAAG,GACT;YACIkB,SAAS,EAAElB,GAAG,CAACmB,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAACzB,GAAG,CAACA,GAAG,CAACuB,MAAM,CAACG,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAE/C,MAAM,CAAC+C;QAAQ;MACpC,CAAC,CAAC;;MAEF;AACZ;AACA;AACA;AACA;MACY/B,YAAY,GAAGjB,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACuC,aAAa,CAAC2B,YAAY,EAAE;QAC3DnD,IAAI,EAAG,GAAEI,UAAW,SAAQ;QAC5BH,MAAM,EAAE;UACJG,UAAU,EAAEc,MAAM,CAACmB,MAAM,CAACjC,UAAU;UACpCgD,cAAc,EAAE;YACZC,OAAO,EAAE,YAAY;YACrBC,SAAS,EAAE;YACP;AAC5B;AACA;YAC4B;cACIC,MAAM,EAAE,OAAO;cACfC,SAAS,EAAE;gBACPC,GAAG,EAAEpD;cACT,CAAC;cACDqD,MAAM,EAAE,MAAM;cACdC,QAAQ,EAAE5E,MAAM,CAAC6E,WAAY,GAAE1C,MAAM,CAACmB,MAAM,CAACwB,GAAI;YACrD,CAAC;UAET;QACJ,CAAC;QACDZ,IAAI,EAAE;UAAEC,OAAO,EAAE/C,MAAM,CAAC+C;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMY,KAAK,GAAG5D,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAAC8E,QAAQ,CAACC,KAAK,EAAE;MAC9ChE,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJgE,UAAU,EAAE,CACR;UAAEjE,IAAI,EAAE,IAAI;UAAEkE,IAAI,EAAE;QAAI,CAAC,EACzB;UAAElE,IAAI,EAAE,IAAI;UAAEkE,IAAI,EAAE;QAAI,CAAC,CAC5B;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE;MACd,CAAC;MACDtB,IAAI,EAAE;QAAEC,OAAO,EAAE/C,MAAM,CAAC+C;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAMsB,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAGvE,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACyF,GAAG,CAACC,IAAI,EAAE;MACvC3E,IAAI,EAAEwE,QAAQ;MACdvE,MAAM,EAAE;QACJ2E,gBAAgB,EAAE;UACdvB,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACPqB,OAAO,EAAE;YACb,CAAC;YACDtB,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACDuB,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAAC/E,GAAG,EAAEgB,MAAM,CAACmB,MAAM,CAAC;IAEnEnC,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACyF,GAAG,CAACQ,oBAAoB,EAAE;MAC1ClF,IAAI,EAAG,GAAEwE,QAAS,gCAA+B;MACjDvE,MAAM,EAAE;QACJwE,IAAI,EAAEA,IAAI,CAACpC,MAAM;QACjB8C,SAAS,EAAEH,MAAM,CAAC3C,MAAM,CAACwB;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAI/C,GAAG,EAAE;MACLZ,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACyF,GAAG,CAACQ,oBAAoB,EAAE;QAC1ClF,IAAI,EAAG,GAAEwE,QAAS,kCAAiC;QACnDvE,MAAM,EAAE;UACJwE,IAAI,EAAEA,IAAI,CAACpC,MAAM;UACjB8C,SAAS,EAAElG,GAAG,CAACyF,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHnF,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACyF,GAAG,CAACQ,oBAAoB,EAAE;QAC1ClF,IAAI,EAAG,GAAEwE,QAAS,8BAA6B;QAC/CvE,MAAM,EAAE;UACJwE,IAAI,EAAEA,IAAI,CAACpC,MAAM;UACjB8C,SAAS,EAAElG,GAAG,CAACyF,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEApF,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACyF,GAAG,CAACQ,oBAAoB,EAAE;MAC1ClF,IAAI,EAAG,GAAEwE,QAAS,iCAAgC;MAClDvE,MAAM,EAAE;QACJwE,IAAI,EAAEA,IAAI,CAACpC,MAAM;QACjB8C,SAAS,EAAElG,GAAG,CAACyF,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAGtF,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACuG,MAAM,CAACC,QAAQ,EAAE;MAChDzF,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJwE,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwB,GAAG;QACrB6B,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,GAAG;QACfC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE3E,MAAM,CAACF,OAAO,CAACP,GAAG,CAACoF,KAAK,CAAC;YAChCC,uBAAuB,EAAEhF,MAAM,CAACmB,MAAM,CAAC8D;UAC3C;QACJ,CAAC;QACDC,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAItH,MAAM,CAACuH,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIxH,MAAM,CAACuH,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACxG,GAAG,CAACyG,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAE/F,GAAG,GACR;UACIkB,SAAS,EAAElB,GAAG,CAACmB,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAACzB,GAAG,CAACA,GAAG,CAACuB,MAAM,CAACG,sBAAsB;QAC5D,CAAC,GACDC;MACV;IACJ,CAAC,CAAC;IAEF,MAAMqE,kBAAkB,GAAG5G,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACuG,MAAM,CAACuB,kBAAkB,EAAE;MACtE/G,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJ+G,cAAc,EAAElD,KAAK,CAACzB,MAAM,CAAC4E,SAAS;QACtCC,YAAY,EAAE1B,MAAM,CAACnD,MAAM,CAACwB,GAAG;QAC/BsD,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,GAAG;QACdC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFpH,GAAG,CAACqH,UAAU,CAAC;MACXC,sBAAsB,EAAEtG,MAAM,CAACmB,MAAM,CAACwB,GAAG;MACzC4D,2BAA2B,EAAEvG,MAAM,CAACmB,MAAM,CAAC8D,QAAQ;MACnDuB,6BAA6B,EAAE5D,KAAK,CAACzB,MAAM,CAACwB,GAAG;MAC/C8D,8BAA8B,EAAE7D,KAAK,CAACzB,MAAM,CAACrC;IACjD,CAAC,CAAC;IAEF,OAAO;MACHkB,MAAM;MACNC,YAAY;MACZ2C,KAAK;MACL8D,eAAe,EAAE;QACbnD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNsB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS7B,gCAAgCA,CACrC/E,GAAc,EACdgB,MAAmF,EACrF;EACE,OAAOhB,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACyF,GAAG,CAACmD,MAAM,EAAE;IACnC7H,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJmG,WAAW,EAAE,uDAAuD;MACpEpB,MAAM,EAAE;QACJ3B,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIwE,GAAG,EAAE,iBAAiB;UACtBvE,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,CACjB;UACDC,QAAQ,EAAE,CACN5E,MAAM,CAAC6E,WAAY,GAAE1C,MAAM,CAAC2C,GAAI,EAAC,EACjC9E,MAAM,CAAC6E,WAAY,GAAE1C,MAAM,CAAC2C,GAAI,IAAG;QAE3C,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
+{"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_pulumi2","_awsUtils","_CoreVpc","_constants","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","ElasticSearch","exports","createAppModule","name","config","app","params","domainName","accountId","getAwsAccountId","productionEnvironments","create","DEFAULT_PROD_ENV_NAMES","isProduction","includes","run","env","vpc","getModule","CoreVpc","optional","domain","domainPolicy","process","AWS_ELASTIC_SEARCH_DOMAIN_NAME","String","addRemoteResource","elasticsearch","getDomain","async","addResource","Domain","elasticsearchVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","DomainPolicy","accessPolicies","Version","Statement","Effect","Principal","AWS","Action","Resource","interpolate","arn","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","environment","variables","DEBUG","ELASTIC_SEARCH_ENDPOINT","endpoint","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","elasticsearchDomainArn","elasticsearchDomainEndpoint","elasticsearchDynamodbTableArn","elasticsearchDynamodbTableName","elasticsearchDynamoToElasticLambdaName","dynamoToElastic","Policy","Sid"],"sources":["CoreElasticSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport {\n    createAppModule,\n    PulumiApp,\n    PulumiAppResource,\n    PulumiAppResourceConstructor,\n    PulumiAppRemoteResource\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { CoreVpc } from \"./CoreVpc\";\nimport { DEFAULT_PROD_ENV_NAMES, LAMBDA_RUNTIME } from \"~/constants\";\n\nexport interface ElasticSearchParams {\n    protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n    return {\n        instanceType: \"t3.small.elasticsearch\"\n    };\n}\n\nfunction getProdClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n    return {\n        // For production deployments, we create 2 instances and configure multi-AZ.\n        instanceType: \"t3.medium.elasticsearch\",\n        instanceCount: 2,\n        zoneAwarenessEnabled: true,\n        zoneAwarenessConfig: {\n            availabilityZoneCount: 2\n        }\n    };\n}\n\nexport const ElasticSearch = createAppModule({\n    name: \"ElasticSearch\",\n    config(app, params: ElasticSearchParams) {\n        const domainName = \"webiny-js\";\n        const accountId = getAwsAccountId(app);\n\n        const productionEnvironments =\n            app.params.create.productionEnvironments || DEFAULT_PROD_ENV_NAMES;\n        const isProduction = productionEnvironments.includes(app.params.run.env);\n\n        const vpc = app.getModule(CoreVpc, { optional: true });\n\n        // This needs to be implemented in order to be able to use a shared ElasticSearch cluster.\n        let domain:\n            | PulumiAppResource<PulumiAppResourceConstructor<aws.elasticsearch.Domain>>\n            | PulumiAppRemoteResource<aws.elasticsearch.GetDomainResult>;\n\n        let domainPolicy;\n\n        if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {\n            const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME);\n            // This can be useful for testing purposes in ephemeral environments. More information here:\n            // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n            domain = app.addRemoteResource(domainName, () => {\n                return aws.elasticsearch.getDomain({ domainName }, { async: true });\n            });\n        } else {\n            // Regular ElasticSearch deployment.\n            domain = app.addResource(aws.elasticsearch.Domain, {\n                name: domainName,\n                config: {\n                    elasticsearchVersion: \"7.10\",\n                    clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n                    vpcOptions: vpc\n                        ? {\n                              subnetIds: vpc.subnets.private.map(s => s.output.id),\n                              securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                          }\n                        : undefined,\n                    ebsOptions: {\n                        ebsEnabled: true,\n                        volumeSize: 10,\n                        volumeType: \"gp2\"\n                    },\n                    advancedOptions: {\n                        \"rest.action.multi.allow_explicit_index\": \"true\"\n                    },\n                    snapshotOptions: {\n                        automatedSnapshotStartHour: 23\n                    }\n                },\n                opts: { protect: params.protect }\n            });\n\n            /**\n             * Domain policy defines who can access your Elasticsearch Domain.\n             * For details on Elasticsearch security, read the official documentation:\n             * https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/security.html\n             */\n            domainPolicy = app.addResource(aws.elasticsearch.DomainPolicy, {\n                name: `${domainName}-policy`,\n                config: {\n                    domainName: domain.output.domainName,\n                    accessPolicies: {\n                        Version: \"2012-10-17\",\n                        Statement: [\n                            /**\n                             * Allow requests signed with current account\n                             */\n                            {\n                                Effect: \"Allow\",\n                                Principal: {\n                                    AWS: accountId\n                                },\n                                Action: \"es:*\",\n                                Resource: pulumi.interpolate`${domain.output.arn}/*`\n                            }\n                        ]\n                    }\n                },\n                opts: { protect: params.protect }\n            });\n        }\n\n        /**\n         * Create a table for Elasticsearch records. All ES records are stored in this table to dramatically improve\n         * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n         * a single source of truth for your Elasticsearch domain. Streaming is enabled on this table, and it will\n         * allow asynchronous synchronization of data with Elasticsearch domain.\n         */\n        const table = app.addResource(aws.dynamodb.Table, {\n            name: \"webiny-es\",\n            config: {\n                attributes: [\n                    { name: \"PK\", type: \"S\" },\n                    { name: \"SK\", type: \"S\" }\n                ],\n                streamEnabled: true,\n                streamViewType: \"NEW_AND_OLD_IMAGES\",\n                billingMode: \"PAY_PER_REQUEST\",\n                hashKey: \"PK\",\n                rangeKey: \"SK\"\n            },\n            opts: { protect: params.protect }\n        });\n\n        const roleName = \"dynamo-to-elastic-lambda-role\";\n\n        const role = app.addResource(aws.iam.Role, {\n            name: roleName,\n            config: {\n                assumeRolePolicy: {\n                    Version: \"2012-10-17\",\n                    Statement: [\n                        {\n                            Action: \"sts:AssumeRole\",\n                            Principal: {\n                                Service: \"lambda.amazonaws.com\"\n                            },\n                            Effect: \"Allow\"\n                        }\n                    ]\n                }\n            },\n            meta: { isLambdaFunctionRole: true }\n        });\n\n        const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n            config: {\n                role: role.output,\n                policyArn: policy.output.arn\n            }\n        });\n\n        // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n        if (vpc) {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n                }\n            });\n        } else {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaBasicExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n                }\n            });\n        }\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n            config: {\n                role: role.output,\n                policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n            }\n        });\n\n        /**\n         * This Lambda will process the stream events from DynamoDB table that contains Elasticsearch items.\n         * Elasticsearch can't take large amount of individual writes in a short period of time, so this way\n         * we store data for Elasticsearch in a DynamoDB table, and asynchronously insert it into Elasticsearch\n         * using batching.\n         */\n        const lambda = app.addResource(aws.lambda.Function, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                role: role.output.arn,\n                runtime: LAMBDA_RUNTIME,\n                handler: \"handler.handler\",\n                timeout: 900,\n                memorySize: 1024,\n                environment: {\n                    variables: {\n                        DEBUG: String(process.env.DEBUG),\n                        ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint\n                    }\n                },\n                description: \"Process DynamoDB Stream.\",\n                code: new pulumi.asset.AssetArchive({\n                    \".\": new pulumi.asset.FileArchive(\n                        path.join(app.paths.workspace, \"dynamoToElastic/build\")\n                    )\n                }),\n                vpcConfig: vpc\n                    ? {\n                          subnetIds: vpc.subnets.private.map(s => s.output.id),\n                          securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                      }\n                    : undefined\n            }\n        });\n\n        const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                eventSourceArn: table.output.streamArn,\n                functionName: lambda.output.arn,\n                startingPosition: \"LATEST\",\n                maximumRetryAttempts: 3,\n                batchSize: 50,\n                maximumBatchingWindowInSeconds: 1\n            }\n        });\n\n        app.addOutputs({\n            elasticsearchDomainArn: domain.output.arn,\n            elasticsearchDomainEndpoint: domain.output.endpoint,\n            elasticsearchDynamodbTableArn: table.output.arn,\n            elasticsearchDynamodbTableName: table.output.name,\n            elasticsearchDynamoToElasticLambdaName: lambda.output.name\n        });\n\n        return {\n            domain,\n            domainPolicy,\n            table,\n            dynamoToElastic: {\n                role,\n                policy,\n                lambda,\n                eventSourceMapping\n            }\n        };\n    }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n    app: PulumiApp,\n    domain: pulumi.Output<aws.elasticsearch.Domain | aws.elasticsearch.GetDomainResult>\n) {\n    return app.addResource(aws.iam.Policy, {\n        name: \"DynamoDbToElasticLambdaPolicy-updated\",\n        config: {\n            description: \"This policy enables access to ES and Dynamodb streams\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForES\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"es:ESHttpGet\",\n                            \"es:ESHttpDelete\",\n                            \"es:ESHttpPatch\",\n                            \"es:ESHttpPost\",\n                            \"es:ESHttpPut\"\n                        ],\n                        Resource: [\n                            pulumi.interpolate`${domain.arn}`,\n                            pulumi.interpolate`${domain.arn}/*`\n                        ]\n                    }\n                ]\n            }\n        }\n    });\n}\n"],"mappings":";;;;;;;;AAKA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,QAAA,GAAAJ,OAAA;AAQA,IAAAK,SAAA,GAAAL,OAAA;AACA,IAAAM,QAAA,GAAAN,OAAA;AACA,IAAAO,UAAA,GAAAP,OAAA;AAlBA;AACA;AACA;AACA;AACA;;AAoBA,SAASQ,mBAAmBA,CAAA,EAAsD;EAC9E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAsD;EAC/E,OAAO;IACH;IACAD,YAAY,EAAE,yBAAyB;IACvCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEO,MAAMC,aAAa,GAAAC,OAAA,CAAAD,aAAA,GAAG,IAAAE,wBAAe,EAAC;EACzCC,IAAI,EAAE,eAAe;EACrBC,MAAMA,CAACC,GAAG,EAAEC,MAA2B,EAAE;IACrC,MAAMC,UAAU,GAAG,WAAW;IAC9B,MAAMC,SAAS,GAAG,IAAAC,yBAAe,EAACJ,GAAG,CAAC;IAEtC,MAAMK,sBAAsB,GACxBL,GAAG,CAACC,MAAM,CAACK,MAAM,CAACD,sBAAsB,IAAIE,iCAAsB;IACtE,MAAMC,YAAY,GAAGH,sBAAsB,CAACI,QAAQ,CAACT,GAAG,CAACC,MAAM,CAACS,GAAG,CAACC,GAAG,CAAC;IAExE,MAAMC,GAAG,GAAGZ,GAAG,CAACa,SAAS,CAACC,gBAAO,EAAE;MAAEC,QAAQ,EAAE;IAAK,CAAC,CAAC;;IAEtD;IACA,IAAIC,MAE4D;IAEhE,IAAIC,YAAY;IAEhB,IAAIC,OAAO,CAACP,GAAG,CAACQ,8BAA8B,EAAE;MAC5C,MAAMjB,UAAU,GAAGkB,MAAM,CAACF,OAAO,CAACP,GAAG,CAACQ,8BAA8B,CAAC;MACrE;MACA;MACAH,MAAM,GAAGhB,GAAG,CAACqB,iBAAiB,CAACnB,UAAU,EAAE,MAAM;QAC7C,OAAOnB,GAAG,CAACuC,aAAa,CAACC,SAAS,CAAC;UAAErB;QAAW,CAAC,EAAE;UAAEsB,KAAK,EAAE;QAAK,CAAC,CAAC;MACvE,CAAC,CAAC;IACN,CAAC,MAAM;MACH;MACAR,MAAM,GAAGhB,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACuC,aAAa,CAACI,MAAM,EAAE;QAC/C5B,IAAI,EAAEI,UAAU;QAChBH,MAAM,EAAE;UACJ4B,oBAAoB,EAAE,MAAM;UAC5BC,aAAa,EAAEpB,YAAY,GAAGlB,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5EyC,UAAU,EAAEjB,GAAG,GACT;YACIkB,SAAS,EAAElB,GAAG,CAACmB,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAACzB,GAAG,CAACA,GAAG,CAACuB,MAAM,CAACG,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAE/C,MAAM,CAAC+C;QAAQ;MACpC,CAAC,CAAC;;MAEF;AACZ;AACA;AACA;AACA;MACY/B,YAAY,GAAGjB,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACuC,aAAa,CAAC2B,YAAY,EAAE;QAC3DnD,IAAI,EAAG,GAAEI,UAAW,SAAQ;QAC5BH,MAAM,EAAE;UACJG,UAAU,EAAEc,MAAM,CAACmB,MAAM,CAACjC,UAAU;UACpCgD,cAAc,EAAE;YACZC,OAAO,EAAE,YAAY;YACrBC,SAAS,EAAE;YACP;AAC5B;AACA;YAC4B;cACIC,MAAM,EAAE,OAAO;cACfC,SAAS,EAAE;gBACPC,GAAG,EAAEpD;cACT,CAAC;cACDqD,MAAM,EAAE,MAAM;cACdC,QAAQ,EAAE5E,MAAM,CAAC6E,WAAY,GAAE1C,MAAM,CAACmB,MAAM,CAACwB,GAAI;YACrD,CAAC;UAET;QACJ,CAAC;QACDZ,IAAI,EAAE;UAAEC,OAAO,EAAE/C,MAAM,CAAC+C;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMY,KAAK,GAAG5D,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAAC8E,QAAQ,CAACC,KAAK,EAAE;MAC9ChE,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJgE,UAAU,EAAE,CACR;UAAEjE,IAAI,EAAE,IAAI;UAAEkE,IAAI,EAAE;QAAI,CAAC,EACzB;UAAElE,IAAI,EAAE,IAAI;UAAEkE,IAAI,EAAE;QAAI,CAAC,CAC5B;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE;MACd,CAAC;MACDtB,IAAI,EAAE;QAAEC,OAAO,EAAE/C,MAAM,CAAC+C;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAMsB,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAGvE,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACyF,GAAG,CAACC,IAAI,EAAE;MACvC3E,IAAI,EAAEwE,QAAQ;MACdvE,MAAM,EAAE;QACJ2E,gBAAgB,EAAE;UACdvB,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACPqB,OAAO,EAAE;YACb,CAAC;YACDtB,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACDuB,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAAC/E,GAAG,EAAEgB,MAAM,CAACmB,MAAM,CAAC;IAEnEnC,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACyF,GAAG,CAACQ,oBAAoB,EAAE;MAC1ClF,IAAI,EAAG,GAAEwE,QAAS,gCAA+B;MACjDvE,MAAM,EAAE;QACJwE,IAAI,EAAEA,IAAI,CAACpC,MAAM;QACjB8C,SAAS,EAAEH,MAAM,CAAC3C,MAAM,CAACwB;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAI/C,GAAG,EAAE;MACLZ,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACyF,GAAG,CAACQ,oBAAoB,EAAE;QAC1ClF,IAAI,EAAG,GAAEwE,QAAS,kCAAiC;QACnDvE,MAAM,EAAE;UACJwE,IAAI,EAAEA,IAAI,CAACpC,MAAM;UACjB8C,SAAS,EAAElG,GAAG,CAACyF,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHnF,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACyF,GAAG,CAACQ,oBAAoB,EAAE;QAC1ClF,IAAI,EAAG,GAAEwE,QAAS,8BAA6B;QAC/CvE,MAAM,EAAE;UACJwE,IAAI,EAAEA,IAAI,CAACpC,MAAM;UACjB8C,SAAS,EAAElG,GAAG,CAACyF,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEApF,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACyF,GAAG,CAACQ,oBAAoB,EAAE;MAC1ClF,IAAI,EAAG,GAAEwE,QAAS,iCAAgC;MAClDvE,MAAM,EAAE;QACJwE,IAAI,EAAEA,IAAI,CAACpC,MAAM;QACjB8C,SAAS,EAAElG,GAAG,CAACyF,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAGtF,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACuG,MAAM,CAACC,QAAQ,EAAE;MAChDzF,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJwE,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwB,GAAG;QACrB6B,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE3E,MAAM,CAACF,OAAO,CAACP,GAAG,CAACoF,KAAK,CAAC;YAChCC,uBAAuB,EAAEhF,MAAM,CAACmB,MAAM,CAAC8D;UAC3C;QACJ,CAAC;QACDC,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAItH,MAAM,CAACuH,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIxH,MAAM,CAACuH,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACxG,GAAG,CAACyG,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAE/F,GAAG,GACR;UACIkB,SAAS,EAAElB,GAAG,CAACmB,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAACzB,GAAG,CAACA,GAAG,CAACuB,MAAM,CAACG,sBAAsB;QAC5D,CAAC,GACDC;MACV;IACJ,CAAC,CAAC;IAEF,MAAMqE,kBAAkB,GAAG5G,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACuG,MAAM,CAACuB,kBAAkB,EAAE;MACtE/G,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJ+G,cAAc,EAAElD,KAAK,CAACzB,MAAM,CAAC4E,SAAS;QACtCC,YAAY,EAAE1B,MAAM,CAACnD,MAAM,CAACwB,GAAG;QAC/BsD,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,EAAE;QACbC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFpH,GAAG,CAACqH,UAAU,CAAC;MACXC,sBAAsB,EAAEtG,MAAM,CAACmB,MAAM,CAACwB,GAAG;MACzC4D,2BAA2B,EAAEvG,MAAM,CAACmB,MAAM,CAAC8D,QAAQ;MACnDuB,6BAA6B,EAAE5D,KAAK,CAACzB,MAAM,CAACwB,GAAG;MAC/C8D,8BAA8B,EAAE7D,KAAK,CAACzB,MAAM,CAACrC,IAAI;MACjD4H,sCAAsC,EAAEpC,MAAM,CAACnD,MAAM,CAACrC;IAC1D,CAAC,CAAC;IAEF,OAAO;MACHkB,MAAM;MACNC,YAAY;MACZ2C,KAAK;MACL+D,eAAe,EAAE;QACbpD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNsB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS7B,gCAAgCA,CACrC/E,GAAc,EACdgB,MAAmF,EACrF;EACE,OAAOhB,GAAG,CAACyB,WAAW,CAAC1C,GAAG,CAACyF,GAAG,CAACoD,MAAM,EAAE;IACnC9H,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJmG,WAAW,EAAE,uDAAuD;MACpEpB,MAAM,EAAE;QACJ3B,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIyE,GAAG,EAAE,iBAAiB;UACtBxE,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,CACjB;UACDC,QAAQ,EAAE,CACN5E,MAAM,CAAC6E,WAAY,GAAE1C,MAAM,CAAC2C,GAAI,EAAC,EACjC9E,MAAM,CAAC6E,WAAY,GAAE1C,MAAM,CAAC2C,GAAI,IAAG;QAE3C,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}

package/apps/core/CoreOpenSearch.js

@@ -222,8 +222,8 @@ const OpenSearch = exports.OpenSearch = (0, _pulumi2.createAppModule)({
         role: role.output.arn,
         runtime: _constants.LAMBDA_RUNTIME,
         handler: "handler.handler",
-        timeout: 600,
-        memorySize: 512,
+        timeout: 900,
+        memorySize: 1024,
         environment: {
           variables: {
             DEBUG: String(process.env.DEBUG),
@@ -247,7 +247,7 @@ const OpenSearch = exports.OpenSearch = (0, _pulumi2.createAppModule)({
         functionName: lambda.output.arn,
         startingPosition: "LATEST",
         maximumRetryAttempts: 3,
-        batchSize: 200,
+        batchSize: 50,
         maximumBatchingWindowInSeconds: 1
       }
     });
@@ -280,7 +280,7 @@ function getDynamoDbToElasticLambdaPolicy(app, domain) {
         Statement: [{
           Sid: "PermissionForES",
           Effect: "Allow",
-          Action: ["es:ESHttpDelete", "es:ESHttpPatch", "es:ESHttpPost", "es:ESHttpPut"],
+          Action: ["es:ESHttpGet", "es:ESHttpDelete", "es:ESHttpPatch", "es:ESHttpPost", "es:ESHttpPut"],
           Resource: [pulumi.interpolate`${domain.arn}`, pulumi.interpolate`${domain.arn}/*`]
         }]
       }

package/apps/core/CoreOpenSearch.js.map

@@ -1 +1 @@
-{"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","random","_pulumi2","_awsUtils","_CoreVpc","_constants","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","OS_ENGINE_VERSION","OpenSearch","exports","createAppModule","name","config","app","params","productionEnvironments","create","DEFAULT_PROD_ENV_NAMES","isProduction","includes","run","env","vpc","getModule","CoreVpc","optional","domain","domainPolicy","process","AWS_ELASTIC_SEARCH_DOMAIN_NAME","domainName","String","addRemoteResource","opensearch","getDomain","async","randomId","RandomId","byteLength","namePrefix","getParam","pulumiResourceNamePrefix","domainLogicalName","domainPhysicalName","hex","apply","slice","addResource","Domain","engineVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","accountId","getAwsAccountId","DomainPolicy","accessPolicies","all","arn","domainArn","JSON","stringify","Version","Statement","Effect","Principal","AWS","Action","Resource","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","environment","variables","DEBUG","ELASTIC_SEARCH_ENDPOINT","endpoint","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","elasticsearchDomainArn","elasticsearchDomainEndpoint","elasticsearchDynamodbTableArn","elasticsearchDynamodbTableName","dynamoToElastic","Policy","Sid","interpolate"],"sources":["CoreOpenSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as random from \"@pulumi/random\";\nimport {\n    createAppModule,\n    PulumiApp,\n    PulumiAppResource,\n    PulumiAppResourceConstructor,\n    PulumiAppRemoteResource\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { CoreVpc } from \"./CoreVpc\";\nimport { DEFAULT_PROD_ENV_NAMES, LAMBDA_RUNTIME } from \"~/constants\";\n\nexport interface OpenSearchParams {\n    protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n    return {\n        instanceType: \"t3.small.search\"\n    };\n}\n\nfunction getProdClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n    return {\n        // For production deployments, we create 2 instances and configure multi-AZ.\n        instanceType: \"t3.medium.search\",\n        instanceCount: 2,\n        zoneAwarenessEnabled: true,\n        zoneAwarenessConfig: {\n            availabilityZoneCount: 2\n        }\n    };\n}\n\nconst OS_ENGINE_VERSION = \"OpenSearch_2.11\";\n\nexport const OpenSearch = createAppModule({\n    name: \"OpenSearch\",\n    config(app, params: OpenSearchParams) {\n        const productionEnvironments =\n            app.params.create.productionEnvironments || DEFAULT_PROD_ENV_NAMES;\n        const isProduction = productionEnvironments.includes(app.params.run.env);\n\n        const vpc = app.getModule(CoreVpc, { optional: true });\n\n        // This needs to be implemented in order to be able to use a shared OpenSearch cluster.\n        let domain:\n            | PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain>>\n            | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>;\n\n        let domainPolicy;\n\n        if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {\n            const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME);\n            // This can be useful for testing purposes in ephemeral environments. More information here:\n            // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n            domain = app.addRemoteResource(domainName, () => {\n                return aws.opensearch.getDomain({ domainName }, { async: true });\n            });\n        } else {\n            const randomId = new random.RandomId(\"osDomainRandomId\", { byteLength: 8 });\n            const namePrefix = app.getParam(app.params.create.pulumiResourceNamePrefix) || \"\";\n\n            const domainLogicalName = \"webiny-js\";\n            const domainPhysicalName = randomId.hex.apply((hex: string) => {\n                return `${namePrefix}${domainLogicalName}-${hex.slice(-7)}`;\n            });\n\n            domain = app.addResource(aws.opensearch.Domain, {\n                name: domainLogicalName,\n                config: {\n                    domainName: domainPhysicalName,\n                    engineVersion: OS_ENGINE_VERSION,\n                    clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n                    vpcOptions: vpc\n                        ? {\n                              subnetIds: vpc.subnets.private.map(s => s.output.id),\n                              securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                          }\n                        : undefined,\n                    ebsOptions: {\n                        ebsEnabled: true,\n                        volumeSize: 10,\n                        volumeType: \"gp2\"\n                    },\n                    advancedOptions: {\n                        \"rest.action.multi.allow_explicit_index\": \"true\"\n                    },\n                    snapshotOptions: {\n                        automatedSnapshotStartHour: 23\n                    }\n                },\n                opts: { protect: params.protect }\n            });\n\n            /**\n             * Domain policy defines who can access your OpenSearch Domain.\n             * For details on OpenSearch security, read the official documentation:\n             * https://docs.aws.amazon.com/openSearch-service/latest/developerguide/security.html\n             */\n            const accountId = getAwsAccountId(app);\n\n            domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {\n                name: `${domainLogicalName}-policy`,\n                config: {\n                    domainName: domain.output.domainName,\n                    accessPolicies: pulumi\n                        .all([accountId, domain.output.arn])\n                        .apply(([accountId, domainArn]) => {\n                            return JSON.stringify({\n                                Version: \"2012-10-17\",\n                                Statement: [\n                                    /**\n                                     * Allow requests signed with current account\n                                     */\n                                    {\n                                        Effect: \"Allow\",\n                                        Principal: {\n                                            AWS: accountId\n                                        },\n                                        Action: \"es:*\",\n                                        Resource: `${domainArn}/*`\n                                    }\n                                ]\n                            });\n                        })\n                },\n                opts: { protect: params.protect }\n            });\n        }\n\n        /**\n         * Create a table for OpenSearch records. All ES records are stored in this table to dramatically improve\n         * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n         * a single source of truth for your OpenSearch domain. Streaming is enabled on this table, and it will\n         * allow asynchronous synchronization of data with OpenSearch domain.\n         */\n        const table = app.addResource(aws.dynamodb.Table, {\n            name: \"webiny-es\",\n            config: {\n                attributes: [\n                    { name: \"PK\", type: \"S\" },\n                    { name: \"SK\", type: \"S\" }\n                ],\n                streamEnabled: true,\n                streamViewType: \"NEW_AND_OLD_IMAGES\",\n                billingMode: \"PAY_PER_REQUEST\",\n                hashKey: \"PK\",\n                rangeKey: \"SK\"\n            },\n            opts: { protect: params.protect }\n        });\n\n        const roleName = \"dynamo-to-elastic-lambda-role\";\n\n        const role = app.addResource(aws.iam.Role, {\n            name: roleName,\n            config: {\n                assumeRolePolicy: {\n                    Version: \"2012-10-17\",\n                    Statement: [\n                        {\n                            Action: \"sts:AssumeRole\",\n                            Principal: {\n                                Service: \"lambda.amazonaws.com\"\n                            },\n                            Effect: \"Allow\"\n                        }\n                    ]\n                }\n            },\n            meta: { isLambdaFunctionRole: true }\n        });\n\n        const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n            config: {\n                role: role.output,\n                policyArn: policy.output.arn\n            }\n        });\n\n        // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n        if (vpc) {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n                }\n            });\n        } else {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaBasicExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n                }\n            });\n        }\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n            config: {\n                role: role.output,\n                policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n            }\n        });\n\n        /**\n         * This Lambda will process the stream events from DynamoDB table that contains OpenSearch items.\n         * OpenSearch can't take large amount of individual writes in a short period of time, so this way\n         * we store data for OpenSearch in a DynamoDB table, and asynchronously insert it into OpenSearch\n         * using batching.\n         */\n        const lambda = app.addResource(aws.lambda.Function, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                role: role.output.arn,\n                runtime: LAMBDA_RUNTIME,\n                handler: \"handler.handler\",\n                timeout: 600,\n                memorySize: 512,\n                environment: {\n                    variables: {\n                        DEBUG: String(process.env.DEBUG),\n                        ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint\n                    }\n                },\n                description: \"Process DynamoDB Stream.\",\n                code: new pulumi.asset.AssetArchive({\n                    \".\": new pulumi.asset.FileArchive(\n                        path.join(app.paths.workspace, \"dynamoToElastic/build\")\n                    )\n                }),\n                vpcConfig: vpc\n                    ? {\n                          subnetIds: vpc.subnets.private.map(s => s.output.id),\n                          securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                      }\n                    : undefined\n            }\n        });\n\n        const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                eventSourceArn: table.output.streamArn,\n                functionName: lambda.output.arn,\n                startingPosition: \"LATEST\",\n                maximumRetryAttempts: 3,\n                batchSize: 200,\n                maximumBatchingWindowInSeconds: 1\n            }\n        });\n\n        app.addOutputs({\n            elasticsearchDomainArn: domain.output.arn,\n            elasticsearchDomainEndpoint: domain.output.endpoint,\n            elasticsearchDynamodbTableArn: table.output.arn,\n            elasticsearchDynamodbTableName: table.output.name\n        });\n\n        return {\n            domain,\n            domainPolicy,\n            table,\n            dynamoToElastic: {\n                role,\n                policy,\n                lambda,\n                eventSourceMapping\n            }\n        };\n    }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n    app: PulumiApp,\n    domain: pulumi.Output<aws.opensearch.Domain | aws.opensearch.GetDomainResult>\n) {\n    return app.addResource(aws.iam.Policy, {\n        name: \"DynamoDbToElasticLambdaPolicy-updated\",\n        config: {\n            description: \"This policy enables access to ES and Dynamodb streams\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForES\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"es:ESHttpDelete\",\n                            \"es:ESHttpPatch\",\n                            \"es:ESHttpPost\",\n                            \"es:ESHttpPut\"\n                        ],\n                        Resource: [\n                            pulumi.interpolate`${domain.arn}`,\n                            pulumi.interpolate`${domain.arn}/*`\n                        ]\n                    }\n                ]\n            }\n        }\n    });\n}\n"],"mappings":";;;;;;;;AAKA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,MAAA,GAAAF,uBAAA,CAAAF,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AAQA,IAAAM,SAAA,GAAAN,OAAA;AACA,IAAAO,QAAA,GAAAP,OAAA;AACA,IAAAQ,UAAA,GAAAR,OAAA;AAnBA;AACA;AACA;AACA;AACA;;AAqBA,SAASS,mBAAmBA,CAAA,EAAmD;EAC3E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAmD;EAC5E,OAAO;IACH;IACAD,YAAY,EAAE,kBAAkB;IAChCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEA,MAAMC,iBAAiB,GAAG,iBAAiB;AAEpC,MAAMC,UAAU,GAAAC,OAAA,CAAAD,UAAA,GAAG,IAAAE,wBAAe,EAAC;EACtCC,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAG,EAAEC,MAAwB,EAAE;IAClC,MAAMC,sBAAsB,GACxBF,GAAG,CAACC,MAAM,CAACE,MAAM,CAACD,sBAAsB,IAAIE,iCAAsB;IACtE,MAAMC,YAAY,GAAGH,sBAAsB,CAACI,QAAQ,CAACN,GAAG,CAACC,MAAM,CAACM,GAAG,CAACC,GAAG,CAAC;IAExE,MAAMC,GAAG,GAAGT,GAAG,CAACU,SAAS,CAACC,gBAAO,EAAE;MAAEC,QAAQ,EAAE;IAAK,CAAC,CAAC;;IAEtD;IACA,IAAIC,MAEyD;IAE7D,IAAIC,YAAY;IAEhB,IAAIC,OAAO,CAACP,GAAG,CAACQ,8BAA8B,EAAE;MAC5C,MAAMC,UAAU,GAAGC,MAAM,CAACH,OAAO,CAACP,GAAG,CAACQ,8BAA8B,CAAC;MACrE;MACA;MACAH,MAAM,GAAGb,GAAG,CAACmB,iBAAiB,CAACF,UAAU,EAAE,MAAM;QAC7C,OAAOpC,GAAG,CAACuC,UAAU,CAACC,SAAS,CAAC;UAAEJ;QAAW,CAAC,EAAE;UAAEK,KAAK,EAAE;QAAK,CAAC,CAAC;MACpE,CAAC,CAAC;IACN,CAAC,MAAM;MACH,MAAMC,QAAQ,GAAG,IAAIzC,MAAM,CAAC0C,QAAQ,CAAC,kBAAkB,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAC3E,MAAMC,UAAU,GAAG1B,GAAG,CAAC2B,QAAQ,CAAC3B,GAAG,CAACC,MAAM,CAACE,MAAM,CAACyB,wBAAwB,CAAC,IAAI,EAAE;MAEjF,MAAMC,iBAAiB,GAAG,WAAW;MACrC,MAAMC,kBAAkB,GAAGP,QAAQ,CAACQ,GAAG,CAACC,KAAK,CAAED,GAAW,IAAK;QAC3D,OAAQ,GAAEL,UAAW,GAAEG,iBAAkB,IAAGE,GAAG,CAACE,KAAK,CAAC,CAAC,CAAC,CAAE,EAAC;MAC/D,CAAC,CAAC;MAEFpB,MAAM,GAAGb,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACuC,UAAU,CAACe,MAAM,EAAE;QAC5CrC,IAAI,EAAE+B,iBAAiB;QACvB9B,MAAM,EAAE;UACJkB,UAAU,EAAEa,kBAAkB;UAC9BM,aAAa,EAAE1C,iBAAiB;UAChC2C,aAAa,EAAEhC,YAAY,GAAGhB,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5EmD,UAAU,EAAE7B,GAAG,GACT;YACI8B,SAAS,EAAE9B,GAAG,CAAC+B,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAACrC,GAAG,CAACA,GAAG,CAACmC,MAAM,CAACG,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAExD,MAAM,CAACwD;QAAQ;MACpC,CAAC,CAAC;;MAEF;AACZ;AACA;AACA;AACA;MACY,MAAMC,SAAS,GAAG,IAAAC,yBAAe,EAAC3D,GAAG,CAAC;MAEtCc,YAAY,GAAGd,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACuC,UAAU,CAACwC,YAAY,EAAE;QACxD9D,IAAI,EAAG,GAAE+B,iBAAkB,SAAQ;QACnC9B,MAAM,EAAE;UACJkB,UAAU,EAAEJ,MAAM,CAAC+B,MAAM,CAAC3B,UAAU;UACpC4C,cAAc,EAAElF,MAAM,CACjBmF,GAAG,CAAC,CAACJ,SAAS,EAAE7C,MAAM,CAAC+B,MAAM,CAACmB,GAAG,CAAC,CAAC,CACnC/B,KAAK,CAAC,CAAC,CAAC0B,SAAS,EAAEM,SAAS,CAAC,KAAK;YAC/B,OAAOC,IAAI,CAACC,SAAS,CAAC;cAClBC,OAAO,EAAE,YAAY;cACrBC,SAAS,EAAE;cACP;AACpC;AACA;cACoC;gBACIC,MAAM,EAAE,OAAO;gBACfC,SAAS,EAAE;kBACPC,GAAG,EAAEb;gBACT,CAAC;gBACDc,MAAM,EAAE,MAAM;gBACdC,QAAQ,EAAG,GAAET,SAAU;cAC3B,CAAC;YAET,CAAC,CAAC;UACN,CAAC;QACT,CAAC;QACDR,IAAI,EAAE;UAAEC,OAAO,EAAExD,MAAM,CAACwD;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMiB,KAAK,GAAG1E,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAAC8F,QAAQ,CAACC,KAAK,EAAE;MAC9C9E,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJ8E,UAAU,EAAE,CACR;UAAE/E,IAAI,EAAE,IAAI;UAAEgF,IAAI,EAAE;QAAI,CAAC,EACzB;UAAEhF,IAAI,EAAE,IAAI;UAAEgF,IAAI,EAAE;QAAI,CAAC,CAC5B;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE;MACd,CAAC;MACD3B,IAAI,EAAE;QAAEC,OAAO,EAAExD,MAAM,CAACwD;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAM2B,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAGrF,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACyG,GAAG,CAACC,IAAI,EAAE;MACvCzF,IAAI,EAAEsF,QAAQ;MACdrF,MAAM,EAAE;QACJyF,gBAAgB,EAAE;UACdrB,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACPmB,OAAO,EAAE;YACb,CAAC;YACDpB,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACDqB,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAAC7F,GAAG,EAAEa,MAAM,CAAC+B,MAAM,CAAC;IAEnE5C,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACyG,GAAG,CAACQ,oBAAoB,EAAE;MAC1ChG,IAAI,EAAG,GAAEsF,QAAS,gCAA+B;MACjDrF,MAAM,EAAE;QACJsF,IAAI,EAAEA,IAAI,CAACzC,MAAM;QACjBmD,SAAS,EAAEH,MAAM,CAAChD,MAAM,CAACmB;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAItD,GAAG,EAAE;MACLT,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACyG,GAAG,CAACQ,oBAAoB,EAAE;QAC1ChG,IAAI,EAAG,GAAEsF,QAAS,kCAAiC;QACnDrF,MAAM,EAAE;UACJsF,IAAI,EAAEA,IAAI,CAACzC,MAAM;UACjBmD,SAAS,EAAElH,GAAG,CAACyG,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHjG,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACyG,GAAG,CAACQ,oBAAoB,EAAE;QAC1ChG,IAAI,EAAG,GAAEsF,QAAS,8BAA6B;QAC/CrF,MAAM,EAAE;UACJsF,IAAI,EAAEA,IAAI,CAACzC,MAAM;UACjBmD,SAAS,EAAElH,GAAG,CAACyG,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEAlG,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACyG,GAAG,CAACQ,oBAAoB,EAAE;MAC1ChG,IAAI,EAAG,GAAEsF,QAAS,iCAAgC;MAClDrF,MAAM,EAAE;QACJsF,IAAI,EAAEA,IAAI,CAACzC,MAAM;QACjBmD,SAAS,EAAElH,GAAG,CAACyG,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAGpG,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACuH,MAAM,CAACC,QAAQ,EAAE;MAChDvG,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJsF,IAAI,EAAEA,IAAI,CAACzC,MAAM,CAACmB,GAAG;QACrBuC,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,GAAG;QACfC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE3F,MAAM,CAACH,OAAO,CAACP,GAAG,CAACqG,KAAK,CAAC;YAChCC,uBAAuB,EAAEjG,MAAM,CAAC+B,MAAM,CAACmE;UAC3C;QACJ,CAAC;QACDC,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAItI,MAAM,CAACuI,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIxI,MAAM,CAACuI,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACtH,GAAG,CAACuH,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAEhH,GAAG,GACR;UACI8B,SAAS,EAAE9B,GAAG,CAAC+B,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAACrC,GAAG,CAACA,GAAG,CAACmC,MAAM,CAACG,sBAAsB;QAC5D,CAAC,GACDC;MACV;IACJ,CAAC,CAAC;IAEF,MAAM0E,kBAAkB,GAAG1H,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACuH,MAAM,CAACuB,kBAAkB,EAAE;MACtE7H,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJ6H,cAAc,EAAElD,KAAK,CAAC9B,MAAM,CAACiF,SAAS;QACtCC,YAAY,EAAE1B,MAAM,CAACxD,MAAM,CAACmB,GAAG;QAC/BgE,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,GAAG;QACdC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFlI,GAAG,CAACmI,UAAU,CAAC;MACXC,sBAAsB,EAAEvH,MAAM,CAAC+B,MAAM,CAACmB,GAAG;MACzCsE,2BAA2B,EAAExH,MAAM,CAAC+B,MAAM,CAACmE,QAAQ;MACnDuB,6BAA6B,EAAE5D,KAAK,CAAC9B,MAAM,CAACmB,GAAG;MAC/CwE,8BAA8B,EAAE7D,KAAK,CAAC9B,MAAM,CAAC9C;IACjD,CAAC,CAAC;IAEF,OAAO;MACHe,MAAM;MACNC,YAAY;MACZ4D,KAAK;MACL8D,eAAe,EAAE;QACbnD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNsB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS7B,gCAAgCA,CACrC7F,GAAc,EACda,MAA6E,EAC/E;EACE,OAAOb,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACyG,GAAG,CAACmD,MAAM,EAAE;IACnC3I,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJiH,WAAW,EAAE,uDAAuD;MACpEpB,MAAM,EAAE;QACJzB,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIsE,GAAG,EAAE,iBAAiB;UACtBrE,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,CACjB;UACDC,QAAQ,EAAE,CACN9F,MAAM,CAACgK,WAAY,GAAE9H,MAAM,CAACkD,GAAI,EAAC,EACjCpF,MAAM,CAACgK,WAAY,GAAE9H,MAAM,CAACkD,GAAI,IAAG;QAE3C,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
+{"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","random","_pulumi2","_awsUtils","_CoreVpc","_constants","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","OS_ENGINE_VERSION","OpenSearch","exports","createAppModule","name","config","app","params","productionEnvironments","create","DEFAULT_PROD_ENV_NAMES","isProduction","includes","run","env","vpc","getModule","CoreVpc","optional","domain","domainPolicy","process","AWS_ELASTIC_SEARCH_DOMAIN_NAME","domainName","String","addRemoteResource","opensearch","getDomain","async","randomId","RandomId","byteLength","namePrefix","getParam","pulumiResourceNamePrefix","domainLogicalName","domainPhysicalName","hex","apply","slice","addResource","Domain","engineVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","accountId","getAwsAccountId","DomainPolicy","accessPolicies","all","arn","domainArn","JSON","stringify","Version","Statement","Effect","Principal","AWS","Action","Resource","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","environment","variables","DEBUG","ELASTIC_SEARCH_ENDPOINT","endpoint","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","elasticsearchDomainArn","elasticsearchDomainEndpoint","elasticsearchDynamodbTableArn","elasticsearchDynamodbTableName","dynamoToElastic","Policy","Sid","interpolate"],"sources":["CoreOpenSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as random from \"@pulumi/random\";\nimport {\n    createAppModule,\n    PulumiApp,\n    PulumiAppResource,\n    PulumiAppResourceConstructor,\n    PulumiAppRemoteResource\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { CoreVpc } from \"./CoreVpc\";\nimport { DEFAULT_PROD_ENV_NAMES, LAMBDA_RUNTIME } from \"~/constants\";\n\nexport interface OpenSearchParams {\n    protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n    return {\n        instanceType: \"t3.small.search\"\n    };\n}\n\nfunction getProdClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n    return {\n        // For production deployments, we create 2 instances and configure multi-AZ.\n        instanceType: \"t3.medium.search\",\n        instanceCount: 2,\n        zoneAwarenessEnabled: true,\n        zoneAwarenessConfig: {\n            availabilityZoneCount: 2\n        }\n    };\n}\n\nconst OS_ENGINE_VERSION = \"OpenSearch_2.11\";\n\nexport const OpenSearch = createAppModule({\n    name: \"OpenSearch\",\n    config(app, params: OpenSearchParams) {\n        const productionEnvironments =\n            app.params.create.productionEnvironments || DEFAULT_PROD_ENV_NAMES;\n        const isProduction = productionEnvironments.includes(app.params.run.env);\n\n        const vpc = app.getModule(CoreVpc, { optional: true });\n\n        // This needs to be implemented in order to be able to use a shared OpenSearch cluster.\n        let domain:\n            | PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain>>\n            | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>;\n\n        let domainPolicy;\n\n        if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {\n            const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME);\n            // This can be useful for testing purposes in ephemeral environments. More information here:\n            // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n            domain = app.addRemoteResource(domainName, () => {\n                return aws.opensearch.getDomain({ domainName }, { async: true });\n            });\n        } else {\n            const randomId = new random.RandomId(\"osDomainRandomId\", { byteLength: 8 });\n            const namePrefix = app.getParam(app.params.create.pulumiResourceNamePrefix) || \"\";\n\n            const domainLogicalName = \"webiny-js\";\n            const domainPhysicalName = randomId.hex.apply((hex: string) => {\n                return `${namePrefix}${domainLogicalName}-${hex.slice(-7)}`;\n            });\n\n            domain = app.addResource(aws.opensearch.Domain, {\n                name: domainLogicalName,\n                config: {\n                    domainName: domainPhysicalName,\n                    engineVersion: OS_ENGINE_VERSION,\n                    clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n                    vpcOptions: vpc\n                        ? {\n                              subnetIds: vpc.subnets.private.map(s => s.output.id),\n                              securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                          }\n                        : undefined,\n                    ebsOptions: {\n                        ebsEnabled: true,\n                        volumeSize: 10,\n                        volumeType: \"gp2\"\n                    },\n                    advancedOptions: {\n                        \"rest.action.multi.allow_explicit_index\": \"true\"\n                    },\n                    snapshotOptions: {\n                        automatedSnapshotStartHour: 23\n                    }\n                },\n                opts: { protect: params.protect }\n            });\n\n            /**\n             * Domain policy defines who can access your OpenSearch Domain.\n             * For details on OpenSearch security, read the official documentation:\n             * https://docs.aws.amazon.com/openSearch-service/latest/developerguide/security.html\n             */\n            const accountId = getAwsAccountId(app);\n\n            domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {\n                name: `${domainLogicalName}-policy`,\n                config: {\n                    domainName: domain.output.domainName,\n                    accessPolicies: pulumi\n                        .all([accountId, domain.output.arn])\n                        .apply(([accountId, domainArn]) => {\n                            return JSON.stringify({\n                                Version: \"2012-10-17\",\n                                Statement: [\n                                    /**\n                                     * Allow requests signed with current account\n                                     */\n                                    {\n                                        Effect: \"Allow\",\n                                        Principal: {\n                                            AWS: accountId\n                                        },\n                                        Action: \"es:*\",\n                                        Resource: `${domainArn}/*`\n                                    }\n                                ]\n                            });\n                        })\n                },\n                opts: { protect: params.protect }\n            });\n        }\n\n        /**\n         * Create a table for OpenSearch records. All ES records are stored in this table to dramatically improve\n         * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n         * a single source of truth for your OpenSearch domain. Streaming is enabled on this table, and it will\n         * allow asynchronous synchronization of data with OpenSearch domain.\n         */\n        const table = app.addResource(aws.dynamodb.Table, {\n            name: \"webiny-es\",\n            config: {\n                attributes: [\n                    { name: \"PK\", type: \"S\" },\n                    { name: \"SK\", type: \"S\" }\n                ],\n                streamEnabled: true,\n                streamViewType: \"NEW_AND_OLD_IMAGES\",\n                billingMode: \"PAY_PER_REQUEST\",\n                hashKey: \"PK\",\n                rangeKey: \"SK\"\n            },\n            opts: { protect: params.protect }\n        });\n\n        const roleName = \"dynamo-to-elastic-lambda-role\";\n\n        const role = app.addResource(aws.iam.Role, {\n            name: roleName,\n            config: {\n                assumeRolePolicy: {\n                    Version: \"2012-10-17\",\n                    Statement: [\n                        {\n                            Action: \"sts:AssumeRole\",\n                            Principal: {\n                                Service: \"lambda.amazonaws.com\"\n                            },\n                            Effect: \"Allow\"\n                        }\n                    ]\n                }\n            },\n            meta: { isLambdaFunctionRole: true }\n        });\n\n        const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n            config: {\n                role: role.output,\n                policyArn: policy.output.arn\n            }\n        });\n\n        // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n        if (vpc) {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n                }\n            });\n        } else {\n            app.addResource(aws.iam.RolePolicyAttachment, {\n                name: `${roleName}-AWSLambdaBasicExecutionRole`,\n                config: {\n                    role: role.output,\n                    policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n                }\n            });\n        }\n\n        app.addResource(aws.iam.RolePolicyAttachment, {\n            name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n            config: {\n                role: role.output,\n                policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n            }\n        });\n\n        /**\n         * This Lambda will process the stream events from DynamoDB table that contains OpenSearch items.\n         * OpenSearch can't take large amount of individual writes in a short period of time, so this way\n         * we store data for OpenSearch in a DynamoDB table, and asynchronously insert it into OpenSearch\n         * using batching.\n         */\n        const lambda = app.addResource(aws.lambda.Function, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                role: role.output.arn,\n                runtime: LAMBDA_RUNTIME,\n                handler: \"handler.handler\",\n                timeout: 900,\n                memorySize: 1024,\n                environment: {\n                    variables: {\n                        DEBUG: String(process.env.DEBUG),\n                        ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint\n                    }\n                },\n                description: \"Process DynamoDB Stream.\",\n                code: new pulumi.asset.AssetArchive({\n                    \".\": new pulumi.asset.FileArchive(\n                        path.join(app.paths.workspace, \"dynamoToElastic/build\")\n                    )\n                }),\n                vpcConfig: vpc\n                    ? {\n                          subnetIds: vpc.subnets.private.map(s => s.output.id),\n                          securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n                      }\n                    : undefined\n            }\n        });\n\n        const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n            name: \"dynamo-to-elastic\",\n            config: {\n                eventSourceArn: table.output.streamArn,\n                functionName: lambda.output.arn,\n                startingPosition: \"LATEST\",\n                maximumRetryAttempts: 3,\n                batchSize: 50,\n                maximumBatchingWindowInSeconds: 1\n            }\n        });\n\n        app.addOutputs({\n            elasticsearchDomainArn: domain.output.arn,\n            elasticsearchDomainEndpoint: domain.output.endpoint,\n            elasticsearchDynamodbTableArn: table.output.arn,\n            elasticsearchDynamodbTableName: table.output.name\n        });\n\n        return {\n            domain,\n            domainPolicy,\n            table,\n            dynamoToElastic: {\n                role,\n                policy,\n                lambda,\n                eventSourceMapping\n            }\n        };\n    }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n    app: PulumiApp,\n    domain: pulumi.Output<aws.opensearch.Domain | aws.opensearch.GetDomainResult>\n) {\n    return app.addResource(aws.iam.Policy, {\n        name: \"DynamoDbToElasticLambdaPolicy-updated\",\n        config: {\n            description: \"This policy enables access to ES and Dynamodb streams\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForES\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"es:ESHttpGet\",\n                            \"es:ESHttpDelete\",\n                            \"es:ESHttpPatch\",\n                            \"es:ESHttpPost\",\n                            \"es:ESHttpPut\"\n                        ],\n                        Resource: [\n                            pulumi.interpolate`${domain.arn}`,\n                            pulumi.interpolate`${domain.arn}/*`\n                        ]\n                    }\n                ]\n            }\n        }\n    });\n}\n"],"mappings":";;;;;;;;AAKA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,MAAA,GAAAF,uBAAA,CAAAF,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AAQA,IAAAM,SAAA,GAAAN,OAAA;AACA,IAAAO,QAAA,GAAAP,OAAA;AACA,IAAAQ,UAAA,GAAAR,OAAA;AAnBA;AACA;AACA;AACA;AACA;;AAqBA,SAASS,mBAAmBA,CAAA,EAAmD;EAC3E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAmD;EAC5E,OAAO;IACH;IACAD,YAAY,EAAE,kBAAkB;IAChCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEA,MAAMC,iBAAiB,GAAG,iBAAiB;AAEpC,MAAMC,UAAU,GAAAC,OAAA,CAAAD,UAAA,GAAG,IAAAE,wBAAe,EAAC;EACtCC,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAG,EAAEC,MAAwB,EAAE;IAClC,MAAMC,sBAAsB,GACxBF,GAAG,CAACC,MAAM,CAACE,MAAM,CAACD,sBAAsB,IAAIE,iCAAsB;IACtE,MAAMC,YAAY,GAAGH,sBAAsB,CAACI,QAAQ,CAACN,GAAG,CAACC,MAAM,CAACM,GAAG,CAACC,GAAG,CAAC;IAExE,MAAMC,GAAG,GAAGT,GAAG,CAACU,SAAS,CAACC,gBAAO,EAAE;MAAEC,QAAQ,EAAE;IAAK,CAAC,CAAC;;IAEtD;IACA,IAAIC,MAEyD;IAE7D,IAAIC,YAAY;IAEhB,IAAIC,OAAO,CAACP,GAAG,CAACQ,8BAA8B,EAAE;MAC5C,MAAMC,UAAU,GAAGC,MAAM,CAACH,OAAO,CAACP,GAAG,CAACQ,8BAA8B,CAAC;MACrE;MACA;MACAH,MAAM,GAAGb,GAAG,CAACmB,iBAAiB,CAACF,UAAU,EAAE,MAAM;QAC7C,OAAOpC,GAAG,CAACuC,UAAU,CAACC,SAAS,CAAC;UAAEJ;QAAW,CAAC,EAAE;UAAEK,KAAK,EAAE;QAAK,CAAC,CAAC;MACpE,CAAC,CAAC;IACN,CAAC,MAAM;MACH,MAAMC,QAAQ,GAAG,IAAIzC,MAAM,CAAC0C,QAAQ,CAAC,kBAAkB,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAC3E,MAAMC,UAAU,GAAG1B,GAAG,CAAC2B,QAAQ,CAAC3B,GAAG,CAACC,MAAM,CAACE,MAAM,CAACyB,wBAAwB,CAAC,IAAI,EAAE;MAEjF,MAAMC,iBAAiB,GAAG,WAAW;MACrC,MAAMC,kBAAkB,GAAGP,QAAQ,CAACQ,GAAG,CAACC,KAAK,CAAED,GAAW,IAAK;QAC3D,OAAQ,GAAEL,UAAW,GAAEG,iBAAkB,IAAGE,GAAG,CAACE,KAAK,CAAC,CAAC,CAAC,CAAE,EAAC;MAC/D,CAAC,CAAC;MAEFpB,MAAM,GAAGb,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACuC,UAAU,CAACe,MAAM,EAAE;QAC5CrC,IAAI,EAAE+B,iBAAiB;QACvB9B,MAAM,EAAE;UACJkB,UAAU,EAAEa,kBAAkB;UAC9BM,aAAa,EAAE1C,iBAAiB;UAChC2C,aAAa,EAAEhC,YAAY,GAAGhB,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5EmD,UAAU,EAAE7B,GAAG,GACT;YACI8B,SAAS,EAAE9B,GAAG,CAAC+B,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAACrC,GAAG,CAACA,GAAG,CAACmC,MAAM,CAACG,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAExD,MAAM,CAACwD;QAAQ;MACpC,CAAC,CAAC;;MAEF;AACZ;AACA;AACA;AACA;MACY,MAAMC,SAAS,GAAG,IAAAC,yBAAe,EAAC3D,GAAG,CAAC;MAEtCc,YAAY,GAAGd,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACuC,UAAU,CAACwC,YAAY,EAAE;QACxD9D,IAAI,EAAG,GAAE+B,iBAAkB,SAAQ;QACnC9B,MAAM,EAAE;UACJkB,UAAU,EAAEJ,MAAM,CAAC+B,MAAM,CAAC3B,UAAU;UACpC4C,cAAc,EAAElF,MAAM,CACjBmF,GAAG,CAAC,CAACJ,SAAS,EAAE7C,MAAM,CAAC+B,MAAM,CAACmB,GAAG,CAAC,CAAC,CACnC/B,KAAK,CAAC,CAAC,CAAC0B,SAAS,EAAEM,SAAS,CAAC,KAAK;YAC/B,OAAOC,IAAI,CAACC,SAAS,CAAC;cAClBC,OAAO,EAAE,YAAY;cACrBC,SAAS,EAAE;cACP;AACpC;AACA;cACoC;gBACIC,MAAM,EAAE,OAAO;gBACfC,SAAS,EAAE;kBACPC,GAAG,EAAEb;gBACT,CAAC;gBACDc,MAAM,EAAE,MAAM;gBACdC,QAAQ,EAAG,GAAET,SAAU;cAC3B,CAAC;YAET,CAAC,CAAC;UACN,CAAC;QACT,CAAC;QACDR,IAAI,EAAE;UAAEC,OAAO,EAAExD,MAAM,CAACwD;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMiB,KAAK,GAAG1E,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAAC8F,QAAQ,CAACC,KAAK,EAAE;MAC9C9E,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJ8E,UAAU,EAAE,CACR;UAAE/E,IAAI,EAAE,IAAI;UAAEgF,IAAI,EAAE;QAAI,CAAC,EACzB;UAAEhF,IAAI,EAAE,IAAI;UAAEgF,IAAI,EAAE;QAAI,CAAC,CAC5B;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE;MACd,CAAC;MACD3B,IAAI,EAAE;QAAEC,OAAO,EAAExD,MAAM,CAACwD;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAM2B,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAGrF,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACyG,GAAG,CAACC,IAAI,EAAE;MACvCzF,IAAI,EAAEsF,QAAQ;MACdrF,MAAM,EAAE;QACJyF,gBAAgB,EAAE;UACdrB,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACPmB,OAAO,EAAE;YACb,CAAC;YACDpB,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACDqB,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAAC7F,GAAG,EAAEa,MAAM,CAAC+B,MAAM,CAAC;IAEnE5C,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACyG,GAAG,CAACQ,oBAAoB,EAAE;MAC1ChG,IAAI,EAAG,GAAEsF,QAAS,gCAA+B;MACjDrF,MAAM,EAAE;QACJsF,IAAI,EAAEA,IAAI,CAACzC,MAAM;QACjBmD,SAAS,EAAEH,MAAM,CAAChD,MAAM,CAACmB;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAItD,GAAG,EAAE;MACLT,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACyG,GAAG,CAACQ,oBAAoB,EAAE;QAC1ChG,IAAI,EAAG,GAAEsF,QAAS,kCAAiC;QACnDrF,MAAM,EAAE;UACJsF,IAAI,EAAEA,IAAI,CAACzC,MAAM;UACjBmD,SAAS,EAAElH,GAAG,CAACyG,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHjG,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACyG,GAAG,CAACQ,oBAAoB,EAAE;QAC1ChG,IAAI,EAAG,GAAEsF,QAAS,8BAA6B;QAC/CrF,MAAM,EAAE;UACJsF,IAAI,EAAEA,IAAI,CAACzC,MAAM;UACjBmD,SAAS,EAAElH,GAAG,CAACyG,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEAlG,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACyG,GAAG,CAACQ,oBAAoB,EAAE;MAC1ChG,IAAI,EAAG,GAAEsF,QAAS,iCAAgC;MAClDrF,MAAM,EAAE;QACJsF,IAAI,EAAEA,IAAI,CAACzC,MAAM;QACjBmD,SAAS,EAAElH,GAAG,CAACyG,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAGpG,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACuH,MAAM,CAACC,QAAQ,EAAE;MAChDvG,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJsF,IAAI,EAAEA,IAAI,CAACzC,MAAM,CAACmB,GAAG;QACrBuC,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE3F,MAAM,CAACH,OAAO,CAACP,GAAG,CAACqG,KAAK,CAAC;YAChCC,uBAAuB,EAAEjG,MAAM,CAAC+B,MAAM,CAACmE;UAC3C;QACJ,CAAC;QACDC,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAItI,MAAM,CAACuI,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIxI,MAAM,CAACuI,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACtH,GAAG,CAACuH,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAEhH,GAAG,GACR;UACI8B,SAAS,EAAE9B,GAAG,CAAC+B,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAACrC,GAAG,CAACA,GAAG,CAACmC,MAAM,CAACG,sBAAsB;QAC5D,CAAC,GACDC;MACV;IACJ,CAAC,CAAC;IAEF,MAAM0E,kBAAkB,GAAG1H,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACuH,MAAM,CAACuB,kBAAkB,EAAE;MACtE7H,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJ6H,cAAc,EAAElD,KAAK,CAAC9B,MAAM,CAACiF,SAAS;QACtCC,YAAY,EAAE1B,MAAM,CAACxD,MAAM,CAACmB,GAAG;QAC/BgE,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,EAAE;QACbC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFlI,GAAG,CAACmI,UAAU,CAAC;MACXC,sBAAsB,EAAEvH,MAAM,CAAC+B,MAAM,CAACmB,GAAG;MACzCsE,2BAA2B,EAAExH,MAAM,CAAC+B,MAAM,CAACmE,QAAQ;MACnDuB,6BAA6B,EAAE5D,KAAK,CAAC9B,MAAM,CAACmB,GAAG;MAC/CwE,8BAA8B,EAAE7D,KAAK,CAAC9B,MAAM,CAAC9C;IACjD,CAAC,CAAC;IAEF,OAAO;MACHe,MAAM;MACNC,YAAY;MACZ4D,KAAK;MACL8D,eAAe,EAAE;QACbnD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNsB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS7B,gCAAgCA,CACrC7F,GAAc,EACda,MAA6E,EAC/E;EACE,OAAOb,GAAG,CAACkC,WAAW,CAACrD,GAAG,CAACyG,GAAG,CAACmD,MAAM,EAAE;IACnC3I,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJiH,WAAW,EAAE,uDAAuD;MACpEpB,MAAM,EAAE;QACJzB,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIsE,GAAG,EAAE,iBAAiB;UACtBrE,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,CACjB;UACDC,QAAQ,EAAE,CACN9F,MAAM,CAACgK,WAAY,GAAE9H,MAAM,CAACkD,GAAI,EAAC,EACjCpF,MAAM,CAACgK,WAAY,GAAE9H,MAAM,CAACkD,GAAI,IAAG;QAE3C,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}

package/apps/website/WebsitePrerendering.js

@@ -150,7 +150,7 @@ function createRenderer(app, queue, policy, params) {
       handler: "handler.handler",
       timeout: 300,
       memorySize: 2048,
-      layers: [(0, _awsLayers.getLayerArn)("shelf-io-chrome-aws-lambda-layer")],
+      layers: [(0, _awsLayers.getLayerArn)("chromium")],
       environment: {
         variables: (0, _lambdaUtils.getCommonLambdaEnvVariables)().apply(value => ({
           ...value,

package/apps/website/WebsitePrerendering.js.map

@@ -1 +1 @@
-{"version":3,"names":["path","_interopRequireWildcard","require","pulumi","aws","_clientDynamodb","_awsLayers","_lambdaUtils","_common","_awsUtils","_constants","createPrerenderingService","app","params","queue","addResource","sqs","Queue","name","config","visibilityTimeoutSeconds","fifoQueue","policy","createLambdaPolicy","output","renderer","createRenderer","subscriber","createRenderSubscriber","flush","createFlushService","settings","createPrerenderingSettingsDbItem","tableItem","dynamodb","TableItem","tableName","dbTableName","hashKey","dbTableHashKey","rangeKey","dbTableRangeKey","item","interpolate","run","variant","appUrl","deliveryUrl","bucket","cloudfrontId","url","apply","v","JSON","stringify","marshall","parse","core","getModule","CoreOutput","role","createLambdaRole","lambda","Function","arn","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","environment","variables","getCommonLambdaEnvVariables","value","DB_TABLE","description","code","asset","AssetArchive","FileArchive","join","paths","workspace","vpcConfig","VpcConfig","functionVpcConfig","eventRule","cloudwatch","EventRule","eventBusName","eventBusArn","eventPattern","eventPermission","Permission","action","function","principal","sourceArn","eventTarget","EventTarget","rule","executionRole","iam","ManagedPolicy","AWSLambdaSQSQueueExecutionRole","layers","getLayerArn","eventSourceMapping","EventSourceMapping","functionName","eventSourceArn","batchSize","awsAccountId","getAwsAccountId","Policy","Version","Statement","Sid","Effect","Action","Resource","s","resources","primaryDynamodbTableArn","elasticsearchDynamodbTableArn","push"],"sources":["WebsitePrerendering.ts"],"sourcesContent":["import * as path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { marshall } from \"@webiny/aws-sdk/client-dynamodb\";\n\nimport { PulumiApp } from \"@webiny/pulumi\";\nimport { getLayerArn } from \"@webiny/aws-layers\";\n\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"../common\";\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\n\ninterface PreRenderingServiceParams {\n    dbTableName: pulumi.Output<string>;\n    dbTableHashKey: pulumi.Output<string>;\n    dbTableRangeKey: pulumi.Output<string>;\n    appUrl: pulumi.Output<string>;\n    deliveryUrl: pulumi.Output<string>;\n    bucket: pulumi.Output<string>;\n    cloudfrontId: pulumi.Output<string>;\n}\n\nexport function createPrerenderingService(app: PulumiApp, params: PreRenderingServiceParams) {\n    const queue = app.addResource(aws.sqs.Queue, {\n        name: \"ps-render-queue\",\n        config: {\n            visibilityTimeoutSeconds: 300,\n            fifoQueue: true\n        }\n    });\n\n    const policy = createLambdaPolicy(app, queue.output, params);\n    const renderer = createRenderer(app, queue.output, policy.output, params);\n    const subscriber = createRenderSubscriber(app, policy.output, params);\n    const flush = createFlushService(app, policy.output, params);\n    const settings = createPrerenderingSettingsDbItem(app, queue.output, params);\n\n    return {\n        subscriber,\n        renderer,\n        flush,\n        settings\n    };\n}\n\nfunction createPrerenderingSettingsDbItem(\n    app: PulumiApp,\n    queue: pulumi.Output<aws.sqs.Queue>,\n    params: PreRenderingServiceParams\n) {\n    /**\n     * To handle everything related to prerendering, we need the following information:\n     * - appUrl - SPA URL used to prerender HTML\n     * - bucket - name of the S3 bucket used for storage of HTML snapshots\n     * - cloudfrontId - for cache invalidation\n     * - sqsQueueUrl - an SQS queue for prerendering tasks (messages)\n     */\n    const tableItem = app.addResource(aws.dynamodb.TableItem, {\n        name: \"psSettings\",\n        config: {\n            tableName: params.dbTableName,\n            hashKey: params.dbTableHashKey,\n            rangeKey: params.dbTableRangeKey,\n            item: pulumi.interpolate`{\n                \"PK\": \"PS#SETTINGS\",\n                \"SK\": \"${app.params.run.variant || \"default\"}\",\n                \"data\": {\n                    \"appUrl\": \"${params.appUrl}\",\n                    \"deliveryUrl\": \"${params.deliveryUrl}\",\n                    \"bucket\": \"${params.bucket}\",\n                    \"cloudfrontId\": \"${params.cloudfrontId}\",\n                    \"sqsQueueUrl\": \"${queue.url}\"\n                }\n            }`\n                // We're using the native DynamoDB converter to avoid building those nested objects ourselves.\n                .apply(v => JSON.stringify(marshall(JSON.parse(v))))\n        }\n    });\n\n    return { tableItem };\n}\n\nfunction createRenderSubscriber(\n    app: PulumiApp,\n    policy: pulumi.Output<aws.iam.Policy>,\n    params: PreRenderingServiceParams\n) {\n    const core = app.getModule(CoreOutput);\n\n    const role = createLambdaRole(app, {\n        name: \"ps-render-subscriber-role\",\n        policy: policy\n    });\n\n    const lambda = app.addResource(aws.lambda.Function, {\n        name: \"ps-render-subscriber-lambda\",\n        config: {\n            role: role.output.arn,\n            runtime: LAMBDA_RUNTIME,\n            handler: \"handler.handler\",\n            timeout: 30,\n            memorySize: 512,\n            environment: {\n                variables: getCommonLambdaEnvVariables().apply(value => ({\n                    ...value,\n                    DB_TABLE: params.dbTableName\n                }))\n            },\n            description: \"Subscribes to render events on event bus\",\n            code: new pulumi.asset.AssetArchive({\n                \".\": new pulumi.asset.FileArchive(\n                    path.join(app.paths.workspace, \"prerendering/subscribe/build\")\n                )\n            }),\n            vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n        }\n    });\n\n    /**\n     * TODO: when we get to staged rollouts and variants, maybe we can create per-variant event rules,\n     * to avoid invocation of all variant lambdas just to do a `detail-type` check and exit early.\n     * That way, we would be publishing events scoped to a variant, like \"RenderPages-{variant}\".\n     */\n\n    const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n        name: \"ps-render-subscriber-event-rule\",\n        config: {\n            eventBusName: core.eventBusArn,\n            eventPattern: JSON.stringify({\n                \"detail-type\": [\"RenderPages\"]\n            })\n        }\n    });\n\n    const eventPermission = app.addResource(aws.lambda.Permission, {\n        name: \"ps-render-subscriber-event-permission\",\n        config: {\n            action: \"lambda:InvokeFunction\",\n            function: lambda.output.arn,\n            principal: \"events.amazonaws.com\",\n            sourceArn: eventRule.output.arn\n        }\n    });\n\n    const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n        name: \"ps-render-subscriber-event-target\",\n        config: {\n            rule: eventRule.output.name,\n            eventBusName: core.eventBusArn,\n            arn: lambda.output.arn\n        }\n    });\n\n    return {\n        policy,\n        role,\n        lambda,\n        eventRule,\n        eventPermission,\n        eventTarget\n    };\n}\n\nfunction createRenderer(\n    app: PulumiApp,\n    queue: pulumi.Output<aws.sqs.Queue>,\n    policy: pulumi.Output<aws.iam.Policy>,\n    params: PreRenderingServiceParams\n) {\n    const role = createLambdaRole(app, {\n        name: \"ps-render-lambda-role\",\n        policy: policy,\n        executionRole: aws.iam.ManagedPolicy.AWSLambdaSQSQueueExecutionRole\n    });\n\n    const lambda = app.addResource(aws.lambda.Function, {\n        name: \"ps-render-lambda\",\n        config: {\n            role: role.output.arn,\n            runtime: LAMBDA_RUNTIME,\n            handler: \"handler.handler\",\n            timeout: 300,\n            memorySize: 2048,\n            layers: [getLayerArn(\"shelf-io-chrome-aws-lambda-layer\")],\n            environment: {\n                variables: getCommonLambdaEnvVariables().apply(value => ({\n                    ...value,\n                    DB_TABLE: params.dbTableName\n                }))\n            },\n            description: \"Renders pages and stores output in an S3 bucket of choice.\",\n            code: new pulumi.asset.AssetArchive({\n                \".\": new pulumi.asset.FileArchive(\n                    path.join(app.paths.workspace, \"prerendering/render/build\")\n                )\n            }),\n            vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n        }\n    });\n\n    const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n        name: \"ps-render-event-source-mapping\",\n        config: {\n            functionName: lambda.output.arn,\n            eventSourceArn: queue.arn,\n            batchSize: 1\n        }\n    });\n\n    return {\n        policy,\n        role,\n        lambda,\n        eventSourceMapping\n    };\n}\n\nfunction createFlushService(\n    app: PulumiApp,\n    policy: pulumi.Output<aws.iam.Policy>,\n    params: PreRenderingServiceParams\n) {\n    const core = app.getModule(CoreOutput);\n\n    const role = createLambdaRole(app, {\n        name: \"ps-flush-lambda-role\",\n        policy: policy\n    });\n\n    const lambda = app.addResource(aws.lambda.Function, {\n        name: \"ps-flush-lambda\",\n        config: {\n            role: role.output.arn,\n            runtime: LAMBDA_RUNTIME,\n            handler: \"handler.handler\",\n            timeout: 30,\n            memorySize: 512,\n            environment: {\n                variables: getCommonLambdaEnvVariables().apply(value => ({\n                    ...value,\n                    DB_TABLE: params.dbTableName\n                }))\n            },\n            description: \"Subscribes to flush events on event bus\",\n            code: new pulumi.asset.AssetArchive({\n                \".\": new pulumi.asset.FileArchive(\n                    path.join(app.paths.workspace, \"prerendering/flush/build\")\n                )\n            }),\n            vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n        }\n    });\n\n    const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n        name: \"ps-flush-event-rule\",\n        config: {\n            eventBusName: core.eventBusArn,\n            eventPattern: JSON.stringify({\n                \"detail-type\": [\"FlushPages\"]\n            })\n        }\n    });\n\n    const eventPermission = app.addResource(aws.lambda.Permission, {\n        name: \"ps-flush-event-permission\",\n        config: {\n            action: \"lambda:InvokeFunction\",\n            function: lambda.output.arn,\n            principal: \"events.amazonaws.com\",\n            sourceArn: eventRule.output.arn\n        }\n    });\n\n    const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n        name: \"ps-flush-event-target\",\n        config: {\n            rule: eventRule.output.name,\n            eventBusName: core.eventBusArn,\n            arn: lambda.output.arn\n        }\n    });\n\n    return {\n        policy,\n        role,\n        lambda,\n        eventRule,\n        eventPermission,\n        eventTarget\n    };\n}\n\nfunction createLambdaPolicy(\n    app: PulumiApp,\n    queue: pulumi.Output<aws.sqs.Queue>,\n    params: PreRenderingServiceParams\n) {\n    const core = app.getModule(CoreOutput);\n    const awsAccountId = getAwsAccountId(app);\n\n    return app.addResource(aws.iam.Policy, {\n        name: \"ps-lambda-policy\",\n        config: {\n            description: \"This policy enables access to Lambda, S3, Cloudfront, SQS and Dynamodb\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForDynamodb\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"dynamodb:BatchGetItem\",\n                            \"dynamodb:BatchWriteItem\",\n                            \"dynamodb:DeleteItem\",\n                            \"dynamodb:GetItem\",\n                            \"dynamodb:PutItem\",\n                            \"dynamodb:Query\",\n                            \"dynamodb:Scan\",\n                            \"dynamodb:UpdateItem\"\n                        ],\n                        Resource: core.apply(s => {\n                            // Add permissions to DynamoDB table\n                            const resources = [\n                                `${s.primaryDynamodbTableArn}`,\n                                `${s.primaryDynamodbTableArn}/*`\n                            ];\n\n                            // Attach permissions for elastic search dynamo as well (if ES is enabled).\n                            if (s.elasticsearchDynamodbTableArn) {\n                                resources.push(\n                                    `${s.elasticsearchDynamodbTableArn}`,\n                                    `${s.elasticsearchDynamodbTableArn}/*`\n                                );\n                            }\n\n                            return resources;\n                        })\n                    },\n                    {\n                        Sid: \"PermissionForS3\",\n                        Effect: \"Allow\",\n                        Action: [\"s3:DeleteObject\", \"s3:GetObject\", \"s3:PutObject\"],\n                        Resource: [pulumi.interpolate`arn:aws:s3:::${params.bucket}/*`]\n                    },\n                    {\n                        Sid: \"PermissionForCloudfront\",\n                        Effect: \"Allow\",\n                        Action: \"cloudfront:CreateInvalidation\",\n                        Resource: pulumi.interpolate`arn:aws:cloudfront::${awsAccountId}:distribution/*`\n                    },\n                    {\n                        Sid: \"PermissionForSQS\",\n                        Effect: \"Allow\",\n                        Action: [\"sqs:SendMessage\", \"sqs:SendMessageBatch\"],\n                        Resource: queue.arn\n                    }\n                ]\n            }\n        }\n    });\n}\n"],"mappings":";;;;;;;AAAA,IAAAA,IAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAF,uBAAA,CAAAC,OAAA;AACA,IAAAE,GAAA,GAAAH,uBAAA,CAAAC,OAAA;AACA,IAAAG,eAAA,GAAAH,OAAA;AAGA,IAAAI,UAAA,GAAAJ,OAAA;AAEA,IAAAK,YAAA,GAAAL,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AACA,IAAAO,SAAA,GAAAP,OAAA;AACA,IAAAQ,UAAA,GAAAR,OAAA;AAYO,SAASS,yBAAyBA,CAACC,GAAc,EAAEC,MAAiC,EAAE;EACzF,MAAMC,KAAK,GAAGF,GAAG,CAACG,WAAW,CAACX,GAAG,CAACY,GAAG,CAACC,KAAK,EAAE;IACzCC,IAAI,EAAE,iBAAiB;IACvBC,MAAM,EAAE;MACJC,wBAAwB,EAAE,GAAG;MAC7BC,SAAS,EAAE;IACf;EACJ,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGC,kBAAkB,CAACX,GAAG,EAAEE,KAAK,CAACU,MAAM,EAAEX,MAAM,CAAC;EAC5D,MAAMY,QAAQ,GAAGC,cAAc,CAACd,GAAG,EAAEE,KAAK,CAACU,MAAM,EAAEF,MAAM,CAACE,MAAM,EAAEX,MAAM,CAAC;EACzE,MAAMc,UAAU,GAAGC,sBAAsB,CAAChB,GAAG,EAAEU,MAAM,CAACE,MAAM,EAAEX,MAAM,CAAC;EACrE,MAAMgB,KAAK,GAAGC,kBAAkB,CAAClB,GAAG,EAAEU,MAAM,CAACE,MAAM,EAAEX,MAAM,CAAC;EAC5D,MAAMkB,QAAQ,GAAGC,gCAAgC,CAACpB,GAAG,EAAEE,KAAK,CAACU,MAAM,EAAEX,MAAM,CAAC;EAE5E,OAAO;IACHc,UAAU;IACVF,QAAQ;IACRI,KAAK;IACLE;EACJ,CAAC;AACL;AAEA,SAASC,gCAAgCA,CACrCpB,GAAc,EACdE,KAAmC,EACnCD,MAAiC,EACnC;EACE;AACJ;AACA;AACA;AACA;AACA;AACA;EACI,MAAMoB,SAAS,GAAGrB,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC8B,QAAQ,CAACC,SAAS,EAAE;IACtDjB,IAAI,EAAE,YAAY;IAClBC,MAAM,EAAE;MACJiB,SAAS,EAAEvB,MAAM,CAACwB,WAAW;MAC7BC,OAAO,EAAEzB,MAAM,CAAC0B,cAAc;MAC9BC,QAAQ,EAAE3B,MAAM,CAAC4B,eAAe;MAChCC,IAAI,EAAEvC,MAAM,CAACwC,WAAY;AACrC;AACA,yBAAyB/B,GAAG,CAACC,MAAM,CAAC+B,GAAG,CAACC,OAAO,IAAI,SAAU;AAC7D;AACA,iCAAiChC,MAAM,CAACiC,MAAO;AAC/C,sCAAsCjC,MAAM,CAACkC,WAAY;AACzD,iCAAiClC,MAAM,CAACmC,MAAO;AAC/C,uCAAuCnC,MAAM,CAACoC,YAAa;AAC3D,sCAAsCnC,KAAK,CAACoC,GAAI;AAChD;AACA;MACgB;MAAA,CACCC,KAAK,CAACC,CAAC,IAAIC,IAAI,CAACC,SAAS,CAAC,IAAAC,wBAAQ,EAACF,IAAI,CAACG,KAAK,CAACJ,CAAC,CAAC,CAAC,CAAC;IAC3D;EACJ,CAAC,CAAC;EAEF,OAAO;IAAEnB;EAAU,CAAC;AACxB;AAEA,SAASL,sBAAsBA,CAC3BhB,GAAc,EACdU,MAAqC,EACrCT,MAAiC,EACnC;EACE,MAAM4C,IAAI,GAAG7C,GAAG,CAAC8C,SAAS,CAACC,kBAAU,CAAC;EAEtC,MAAMC,IAAI,GAAG,IAAAC,6BAAgB,EAACjD,GAAG,EAAE;IAC/BM,IAAI,EAAE,2BAA2B;IACjCI,MAAM,EAAEA;EACZ,CAAC,CAAC;EAEF,MAAMwC,MAAM,GAAGlD,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACC,QAAQ,EAAE;IAChD7C,IAAI,EAAE,6BAA6B;IACnCC,MAAM,EAAE;MACJyC,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwC,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACrB,KAAK,CAACsB,KAAK,KAAK;UACrD,GAAGA,KAAK;UACRC,QAAQ,EAAE7D,MAAM,CAACwB;QACrB,CAAC,CAAC;MACN,CAAC;MACDsC,WAAW,EAAE,0CAA0C;MACvDC,IAAI,EAAE,IAAIzE,MAAM,CAAC0E,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAI3E,MAAM,CAAC0E,KAAK,CAACE,WAAW,CAC7B/E,IAAI,CAACgF,IAAI,CAACpE,GAAG,CAACqE,KAAK,CAACC,SAAS,EAAE,8BAA8B,CACjE;MACJ,CAAC,CAAC;MACFC,SAAS,EAAEvE,GAAG,CAAC8C,SAAS,CAAC0B,iBAAS,CAAC,CAACC;IACxC;EACJ,CAAC,CAAC;;EAEF;AACJ;AACA;AACA;AACA;;EAEI,MAAMC,SAAS,GAAG1E,GAAG,CAACG,WAAW,CAACX,GAAG,CAACmF,UAAU,CAACC,SAAS,EAAE;IACxDtE,IAAI,EAAE,iCAAiC;IACvCC,MAAM,EAAE;MACJsE,YAAY,EAAEhC,IAAI,CAACiC,WAAW;MAC9BC,YAAY,EAAEtC,IAAI,CAACC,SAAS,CAAC;QACzB,aAAa,EAAE,CAAC,aAAa;MACjC,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMsC,eAAe,GAAGhF,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAAC+B,UAAU,EAAE;IAC3D3E,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJ2E,MAAM,EAAE,uBAAuB;MAC/BC,QAAQ,EAAEjC,MAAM,CAACtC,MAAM,CAACwC,GAAG;MAC3BgC,SAAS,EAAE,sBAAsB;MACjCC,SAAS,EAAEX,SAAS,CAAC9D,MAAM,CAACwC;IAChC;EACJ,CAAC,CAAC;EAEF,MAAMkC,WAAW,GAAGtF,GAAG,CAACG,WAAW,CAACX,GAAG,CAACmF,UAAU,CAACY,WAAW,EAAE;IAC5DjF,IAAI,EAAE,mCAAmC;IACzCC,MAAM,EAAE;MACJiF,IAAI,EAAEd,SAAS,CAAC9D,MAAM,CAACN,IAAI;MAC3BuE,YAAY,EAAEhC,IAAI,CAACiC,WAAW;MAC9B1B,GAAG,EAAEF,MAAM,CAACtC,MAAM,CAACwC;IACvB;EACJ,CAAC,CAAC;EAEF,OAAO;IACH1C,MAAM;IACNsC,IAAI;IACJE,MAAM;IACNwB,SAAS;IACTM,eAAe;IACfM;EACJ,CAAC;AACL;AAEA,SAASxE,cAAcA,CACnBd,GAAc,EACdE,KAAmC,EACnCQ,MAAqC,EACrCT,MAAiC,EACnC;EACE,MAAM+C,IAAI,GAAG,IAAAC,6BAAgB,EAACjD,GAAG,EAAE;IAC/BM,IAAI,EAAE,uBAAuB;IAC7BI,MAAM,EAAEA,MAAM;IACd+E,aAAa,EAAEjG,GAAG,CAACkG,GAAG,CAACC,aAAa,CAACC;EACzC,CAAC,CAAC;EAEF,MAAM1C,MAAM,GAAGlD,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACC,QAAQ,EAAE;IAChD7C,IAAI,EAAE,kBAAkB;IACxBC,MAAM,EAAE;MACJyC,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwC,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,GAAG;MACZC,UAAU,EAAE,IAAI;MAChBoC,MAAM,EAAE,CAAC,IAAAC,sBAAW,EAAC,kCAAkC,CAAC,CAAC;MACzDpC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACrB,KAAK,CAACsB,KAAK,KAAK;UACrD,GAAGA,KAAK;UACRC,QAAQ,EAAE7D,MAAM,CAACwB;QACrB,CAAC,CAAC;MACN,CAAC;MACDsC,WAAW,EAAE,4DAA4D;MACzEC,IAAI,EAAE,IAAIzE,MAAM,CAAC0E,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAI3E,MAAM,CAAC0E,KAAK,CAACE,WAAW,CAC7B/E,IAAI,CAACgF,IAAI,CAACpE,GAAG,CAACqE,KAAK,CAACC,SAAS,EAAE,2BAA2B,CAC9D;MACJ,CAAC,CAAC;MACFC,SAAS,EAAEvE,GAAG,CAAC8C,SAAS,CAAC0B,iBAAS,CAAC,CAACC;IACxC;EACJ,CAAC,CAAC;EAEF,MAAMsB,kBAAkB,GAAG/F,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAAC8C,kBAAkB,EAAE;IACtE1F,IAAI,EAAE,gCAAgC;IACtCC,MAAM,EAAE;MACJ0F,YAAY,EAAE/C,MAAM,CAACtC,MAAM,CAACwC,GAAG;MAC/B8C,cAAc,EAAEhG,KAAK,CAACkD,GAAG;MACzB+C,SAAS,EAAE;IACf;EACJ,CAAC,CAAC;EAEF,OAAO;IACHzF,MAAM;IACNsC,IAAI;IACJE,MAAM;IACN6C;EACJ,CAAC;AACL;AAEA,SAAS7E,kBAAkBA,CACvBlB,GAAc,EACdU,MAAqC,EACrCT,MAAiC,EACnC;EACE,MAAM4C,IAAI,GAAG7C,GAAG,CAAC8C,SAAS,CAACC,kBAAU,CAAC;EAEtC,MAAMC,IAAI,GAAG,IAAAC,6BAAgB,EAACjD,GAAG,EAAE;IAC/BM,IAAI,EAAE,sBAAsB;IAC5BI,MAAM,EAAEA;EACZ,CAAC,CAAC;EAEF,MAAMwC,MAAM,GAAGlD,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACC,QAAQ,EAAE;IAChD7C,IAAI,EAAE,iBAAiB;IACvBC,MAAM,EAAE;MACJyC,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwC,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACrB,KAAK,CAACsB,KAAK,KAAK;UACrD,GAAGA,KAAK;UACRC,QAAQ,EAAE7D,MAAM,CAACwB;QACrB,CAAC,CAAC;MACN,CAAC;MACDsC,WAAW,EAAE,yCAAyC;MACtDC,IAAI,EAAE,IAAIzE,MAAM,CAAC0E,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAI3E,MAAM,CAAC0E,KAAK,CAACE,WAAW,CAC7B/E,IAAI,CAACgF,IAAI,CAACpE,GAAG,CAACqE,KAAK,CAACC,SAAS,EAAE,0BAA0B,CAC7D;MACJ,CAAC,CAAC;MACFC,SAAS,EAAEvE,GAAG,CAAC8C,SAAS,CAAC0B,iBAAS,CAAC,CAACC;IACxC;EACJ,CAAC,CAAC;EAEF,MAAMC,SAAS,GAAG1E,GAAG,CAACG,WAAW,CAACX,GAAG,CAACmF,UAAU,CAACC,SAAS,EAAE;IACxDtE,IAAI,EAAE,qBAAqB;IAC3BC,MAAM,EAAE;MACJsE,YAAY,EAAEhC,IAAI,CAACiC,WAAW;MAC9BC,YAAY,EAAEtC,IAAI,CAACC,SAAS,CAAC;QACzB,aAAa,EAAE,CAAC,YAAY;MAChC,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMsC,eAAe,GAAGhF,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAAC+B,UAAU,EAAE;IAC3D3E,IAAI,EAAE,2BAA2B;IACjCC,MAAM,EAAE;MACJ2E,MAAM,EAAE,uBAAuB;MAC/BC,QAAQ,EAAEjC,MAAM,CAACtC,MAAM,CAACwC,GAAG;MAC3BgC,SAAS,EAAE,sBAAsB;MACjCC,SAAS,EAAEX,SAAS,CAAC9D,MAAM,CAACwC;IAChC;EACJ,CAAC,CAAC;EAEF,MAAMkC,WAAW,GAAGtF,GAAG,CAACG,WAAW,CAACX,GAAG,CAACmF,UAAU,CAACY,WAAW,EAAE;IAC5DjF,IAAI,EAAE,uBAAuB;IAC7BC,MAAM,EAAE;MACJiF,IAAI,EAAEd,SAAS,CAAC9D,MAAM,CAACN,IAAI;MAC3BuE,YAAY,EAAEhC,IAAI,CAACiC,WAAW;MAC9B1B,GAAG,EAAEF,MAAM,CAACtC,MAAM,CAACwC;IACvB;EACJ,CAAC,CAAC;EAEF,OAAO;IACH1C,MAAM;IACNsC,IAAI;IACJE,MAAM;IACNwB,SAAS;IACTM,eAAe;IACfM;EACJ,CAAC;AACL;AAEA,SAAS3E,kBAAkBA,CACvBX,GAAc,EACdE,KAAmC,EACnCD,MAAiC,EACnC;EACE,MAAM4C,IAAI,GAAG7C,GAAG,CAAC8C,SAAS,CAACC,kBAAU,CAAC;EACtC,MAAMqD,YAAY,GAAG,IAAAC,yBAAe,EAACrG,GAAG,CAAC;EAEzC,OAAOA,GAAG,CAACG,WAAW,CAACX,GAAG,CAACkG,GAAG,CAACY,MAAM,EAAE;IACnChG,IAAI,EAAE,kBAAkB;IACxBC,MAAM,EAAE;MACJwD,WAAW,EAAE,wEAAwE;MACrFrD,MAAM,EAAE;QACJ6F,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,uBAAuB;UAC5BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,qBAAqB,EACrB,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,eAAe,EACf,qBAAqB,CACxB;UACDC,QAAQ,EAAE/D,IAAI,CAACN,KAAK,CAACsE,CAAC,IAAI;YACtB;YACA,MAAMC,SAAS,GAAG,CACb,GAAED,CAAC,CAACE,uBAAwB,EAAC,EAC7B,GAAEF,CAAC,CAACE,uBAAwB,IAAG,CACnC;;YAED;YACA,IAAIF,CAAC,CAACG,6BAA6B,EAAE;cACjCF,SAAS,CAACG,IAAI,CACT,GAAEJ,CAAC,CAACG,6BAA8B,EAAC,EACnC,GAAEH,CAAC,CAACG,6BAA8B,IACvC,CAAC;YACL;YAEA,OAAOF,SAAS;UACpB,CAAC;QACL,CAAC,EACD;UACIL,GAAG,EAAE,iBAAiB;UACtBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,iBAAiB,EAAE,cAAc,EAAE,cAAc,CAAC;UAC3DC,QAAQ,EAAE,CAACrH,MAAM,CAACwC,WAAY,gBAAe9B,MAAM,CAACmC,MAAO,IAAG;QAClE,CAAC,EACD;UACIqE,GAAG,EAAE,yBAAyB;UAC9BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,+BAA+B;UACvCC,QAAQ,EAAErH,MAAM,CAACwC,WAAY,uBAAsBqE,YAAa;QACpE,CAAC,EACD;UACIK,GAAG,EAAE,kBAAkB;UACvBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,iBAAiB,EAAE,sBAAsB,CAAC;UACnDC,QAAQ,EAAE1G,KAAK,CAACkD;QACpB,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
+{"version":3,"names":["path","_interopRequireWildcard","require","pulumi","aws","_clientDynamodb","_awsLayers","_lambdaUtils","_common","_awsUtils","_constants","createPrerenderingService","app","params","queue","addResource","sqs","Queue","name","config","visibilityTimeoutSeconds","fifoQueue","policy","createLambdaPolicy","output","renderer","createRenderer","subscriber","createRenderSubscriber","flush","createFlushService","settings","createPrerenderingSettingsDbItem","tableItem","dynamodb","TableItem","tableName","dbTableName","hashKey","dbTableHashKey","rangeKey","dbTableRangeKey","item","interpolate","run","variant","appUrl","deliveryUrl","bucket","cloudfrontId","url","apply","v","JSON","stringify","marshall","parse","core","getModule","CoreOutput","role","createLambdaRole","lambda","Function","arn","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","environment","variables","getCommonLambdaEnvVariables","value","DB_TABLE","description","code","asset","AssetArchive","FileArchive","join","paths","workspace","vpcConfig","VpcConfig","functionVpcConfig","eventRule","cloudwatch","EventRule","eventBusName","eventBusArn","eventPattern","eventPermission","Permission","action","function","principal","sourceArn","eventTarget","EventTarget","rule","executionRole","iam","ManagedPolicy","AWSLambdaSQSQueueExecutionRole","layers","getLayerArn","eventSourceMapping","EventSourceMapping","functionName","eventSourceArn","batchSize","awsAccountId","getAwsAccountId","Policy","Version","Statement","Sid","Effect","Action","Resource","s","resources","primaryDynamodbTableArn","elasticsearchDynamodbTableArn","push"],"sources":["WebsitePrerendering.ts"],"sourcesContent":["import * as path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { marshall } from \"@webiny/aws-sdk/client-dynamodb\";\n\nimport { PulumiApp } from \"@webiny/pulumi\";\nimport { getLayerArn } from \"@webiny/aws-layers\";\n\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"../common\";\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\n\ninterface PreRenderingServiceParams {\n    dbTableName: pulumi.Output<string>;\n    dbTableHashKey: pulumi.Output<string>;\n    dbTableRangeKey: pulumi.Output<string>;\n    appUrl: pulumi.Output<string>;\n    deliveryUrl: pulumi.Output<string>;\n    bucket: pulumi.Output<string>;\n    cloudfrontId: pulumi.Output<string>;\n}\n\nexport function createPrerenderingService(app: PulumiApp, params: PreRenderingServiceParams) {\n    const queue = app.addResource(aws.sqs.Queue, {\n        name: \"ps-render-queue\",\n        config: {\n            visibilityTimeoutSeconds: 300,\n            fifoQueue: true\n        }\n    });\n\n    const policy = createLambdaPolicy(app, queue.output, params);\n    const renderer = createRenderer(app, queue.output, policy.output, params);\n    const subscriber = createRenderSubscriber(app, policy.output, params);\n    const flush = createFlushService(app, policy.output, params);\n    const settings = createPrerenderingSettingsDbItem(app, queue.output, params);\n\n    return {\n        subscriber,\n        renderer,\n        flush,\n        settings\n    };\n}\n\nfunction createPrerenderingSettingsDbItem(\n    app: PulumiApp,\n    queue: pulumi.Output<aws.sqs.Queue>,\n    params: PreRenderingServiceParams\n) {\n    /**\n     * To handle everything related to prerendering, we need the following information:\n     * - appUrl - SPA URL used to prerender HTML\n     * - bucket - name of the S3 bucket used for storage of HTML snapshots\n     * - cloudfrontId - for cache invalidation\n     * - sqsQueueUrl - an SQS queue for prerendering tasks (messages)\n     */\n    const tableItem = app.addResource(aws.dynamodb.TableItem, {\n        name: \"psSettings\",\n        config: {\n            tableName: params.dbTableName,\n            hashKey: params.dbTableHashKey,\n            rangeKey: params.dbTableRangeKey,\n            item: pulumi.interpolate`{\n                \"PK\": \"PS#SETTINGS\",\n                \"SK\": \"${app.params.run.variant || \"default\"}\",\n                \"data\": {\n                    \"appUrl\": \"${params.appUrl}\",\n                    \"deliveryUrl\": \"${params.deliveryUrl}\",\n                    \"bucket\": \"${params.bucket}\",\n                    \"cloudfrontId\": \"${params.cloudfrontId}\",\n                    \"sqsQueueUrl\": \"${queue.url}\"\n                }\n            }`\n                // We're using the native DynamoDB converter to avoid building those nested objects ourselves.\n                .apply(v => JSON.stringify(marshall(JSON.parse(v))))\n        }\n    });\n\n    return { tableItem };\n}\n\nfunction createRenderSubscriber(\n    app: PulumiApp,\n    policy: pulumi.Output<aws.iam.Policy>,\n    params: PreRenderingServiceParams\n) {\n    const core = app.getModule(CoreOutput);\n\n    const role = createLambdaRole(app, {\n        name: \"ps-render-subscriber-role\",\n        policy: policy\n    });\n\n    const lambda = app.addResource(aws.lambda.Function, {\n        name: \"ps-render-subscriber-lambda\",\n        config: {\n            role: role.output.arn,\n            runtime: LAMBDA_RUNTIME,\n            handler: \"handler.handler\",\n            timeout: 30,\n            memorySize: 512,\n            environment: {\n                variables: getCommonLambdaEnvVariables().apply(value => ({\n                    ...value,\n                    DB_TABLE: params.dbTableName\n                }))\n            },\n            description: \"Subscribes to render events on event bus\",\n            code: new pulumi.asset.AssetArchive({\n                \".\": new pulumi.asset.FileArchive(\n                    path.join(app.paths.workspace, \"prerendering/subscribe/build\")\n                )\n            }),\n            vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n        }\n    });\n\n    /**\n     * TODO: when we get to staged rollouts and variants, maybe we can create per-variant event rules,\n     * to avoid invocation of all variant lambdas just to do a `detail-type` check and exit early.\n     * That way, we would be publishing events scoped to a variant, like \"RenderPages-{variant}\".\n     */\n\n    const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n        name: \"ps-render-subscriber-event-rule\",\n        config: {\n            eventBusName: core.eventBusArn,\n            eventPattern: JSON.stringify({\n                \"detail-type\": [\"RenderPages\"]\n            })\n        }\n    });\n\n    const eventPermission = app.addResource(aws.lambda.Permission, {\n        name: \"ps-render-subscriber-event-permission\",\n        config: {\n            action: \"lambda:InvokeFunction\",\n            function: lambda.output.arn,\n            principal: \"events.amazonaws.com\",\n            sourceArn: eventRule.output.arn\n        }\n    });\n\n    const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n        name: \"ps-render-subscriber-event-target\",\n        config: {\n            rule: eventRule.output.name,\n            eventBusName: core.eventBusArn,\n            arn: lambda.output.arn\n        }\n    });\n\n    return {\n        policy,\n        role,\n        lambda,\n        eventRule,\n        eventPermission,\n        eventTarget\n    };\n}\n\nfunction createRenderer(\n    app: PulumiApp,\n    queue: pulumi.Output<aws.sqs.Queue>,\n    policy: pulumi.Output<aws.iam.Policy>,\n    params: PreRenderingServiceParams\n) {\n    const role = createLambdaRole(app, {\n        name: \"ps-render-lambda-role\",\n        policy: policy,\n        executionRole: aws.iam.ManagedPolicy.AWSLambdaSQSQueueExecutionRole\n    });\n\n    const lambda = app.addResource(aws.lambda.Function, {\n        name: \"ps-render-lambda\",\n        config: {\n            role: role.output.arn,\n            runtime: LAMBDA_RUNTIME,\n            handler: \"handler.handler\",\n            timeout: 300,\n            memorySize: 2048,\n            layers: [getLayerArn(\"chromium\")],\n            environment: {\n                variables: getCommonLambdaEnvVariables().apply(value => ({\n                    ...value,\n                    DB_TABLE: params.dbTableName\n                }))\n            },\n            description: \"Renders pages and stores output in an S3 bucket of choice.\",\n            code: new pulumi.asset.AssetArchive({\n                \".\": new pulumi.asset.FileArchive(\n                    path.join(app.paths.workspace, \"prerendering/render/build\")\n                )\n            }),\n            vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n        }\n    });\n\n    const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n        name: \"ps-render-event-source-mapping\",\n        config: {\n            functionName: lambda.output.arn,\n            eventSourceArn: queue.arn,\n            batchSize: 1\n        }\n    });\n\n    return {\n        policy,\n        role,\n        lambda,\n        eventSourceMapping\n    };\n}\n\nfunction createFlushService(\n    app: PulumiApp,\n    policy: pulumi.Output<aws.iam.Policy>,\n    params: PreRenderingServiceParams\n) {\n    const core = app.getModule(CoreOutput);\n\n    const role = createLambdaRole(app, {\n        name: \"ps-flush-lambda-role\",\n        policy: policy\n    });\n\n    const lambda = app.addResource(aws.lambda.Function, {\n        name: \"ps-flush-lambda\",\n        config: {\n            role: role.output.arn,\n            runtime: LAMBDA_RUNTIME,\n            handler: \"handler.handler\",\n            timeout: 30,\n            memorySize: 512,\n            environment: {\n                variables: getCommonLambdaEnvVariables().apply(value => ({\n                    ...value,\n                    DB_TABLE: params.dbTableName\n                }))\n            },\n            description: \"Subscribes to flush events on event bus\",\n            code: new pulumi.asset.AssetArchive({\n                \".\": new pulumi.asset.FileArchive(\n                    path.join(app.paths.workspace, \"prerendering/flush/build\")\n                )\n            }),\n            vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n        }\n    });\n\n    const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n        name: \"ps-flush-event-rule\",\n        config: {\n            eventBusName: core.eventBusArn,\n            eventPattern: JSON.stringify({\n                \"detail-type\": [\"FlushPages\"]\n            })\n        }\n    });\n\n    const eventPermission = app.addResource(aws.lambda.Permission, {\n        name: \"ps-flush-event-permission\",\n        config: {\n            action: \"lambda:InvokeFunction\",\n            function: lambda.output.arn,\n            principal: \"events.amazonaws.com\",\n            sourceArn: eventRule.output.arn\n        }\n    });\n\n    const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n        name: \"ps-flush-event-target\",\n        config: {\n            rule: eventRule.output.name,\n            eventBusName: core.eventBusArn,\n            arn: lambda.output.arn\n        }\n    });\n\n    return {\n        policy,\n        role,\n        lambda,\n        eventRule,\n        eventPermission,\n        eventTarget\n    };\n}\n\nfunction createLambdaPolicy(\n    app: PulumiApp,\n    queue: pulumi.Output<aws.sqs.Queue>,\n    params: PreRenderingServiceParams\n) {\n    const core = app.getModule(CoreOutput);\n    const awsAccountId = getAwsAccountId(app);\n\n    return app.addResource(aws.iam.Policy, {\n        name: \"ps-lambda-policy\",\n        config: {\n            description: \"This policy enables access to Lambda, S3, Cloudfront, SQS and Dynamodb\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForDynamodb\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"dynamodb:BatchGetItem\",\n                            \"dynamodb:BatchWriteItem\",\n                            \"dynamodb:DeleteItem\",\n                            \"dynamodb:GetItem\",\n                            \"dynamodb:PutItem\",\n                            \"dynamodb:Query\",\n                            \"dynamodb:Scan\",\n                            \"dynamodb:UpdateItem\"\n                        ],\n                        Resource: core.apply(s => {\n                            // Add permissions to DynamoDB table\n                            const resources = [\n                                `${s.primaryDynamodbTableArn}`,\n                                `${s.primaryDynamodbTableArn}/*`\n                            ];\n\n                            // Attach permissions for elastic search dynamo as well (if ES is enabled).\n                            if (s.elasticsearchDynamodbTableArn) {\n                                resources.push(\n                                    `${s.elasticsearchDynamodbTableArn}`,\n                                    `${s.elasticsearchDynamodbTableArn}/*`\n                                );\n                            }\n\n                            return resources;\n                        })\n                    },\n                    {\n                        Sid: \"PermissionForS3\",\n                        Effect: \"Allow\",\n                        Action: [\"s3:DeleteObject\", \"s3:GetObject\", \"s3:PutObject\"],\n                        Resource: [pulumi.interpolate`arn:aws:s3:::${params.bucket}/*`]\n                    },\n                    {\n                        Sid: \"PermissionForCloudfront\",\n                        Effect: \"Allow\",\n                        Action: \"cloudfront:CreateInvalidation\",\n                        Resource: pulumi.interpolate`arn:aws:cloudfront::${awsAccountId}:distribution/*`\n                    },\n                    {\n                        Sid: \"PermissionForSQS\",\n                        Effect: \"Allow\",\n                        Action: [\"sqs:SendMessage\", \"sqs:SendMessageBatch\"],\n                        Resource: queue.arn\n                    }\n                ]\n            }\n        }\n    });\n}\n"],"mappings":";;;;;;;AAAA,IAAAA,IAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAF,uBAAA,CAAAC,OAAA;AACA,IAAAE,GAAA,GAAAH,uBAAA,CAAAC,OAAA;AACA,IAAAG,eAAA,GAAAH,OAAA;AAGA,IAAAI,UAAA,GAAAJ,OAAA;AAEA,IAAAK,YAAA,GAAAL,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AACA,IAAAO,SAAA,GAAAP,OAAA;AACA,IAAAQ,UAAA,GAAAR,OAAA;AAYO,SAASS,yBAAyBA,CAACC,GAAc,EAAEC,MAAiC,EAAE;EACzF,MAAMC,KAAK,GAAGF,GAAG,CAACG,WAAW,CAACX,GAAG,CAACY,GAAG,CAACC,KAAK,EAAE;IACzCC,IAAI,EAAE,iBAAiB;IACvBC,MAAM,EAAE;MACJC,wBAAwB,EAAE,GAAG;MAC7BC,SAAS,EAAE;IACf;EACJ,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGC,kBAAkB,CAACX,GAAG,EAAEE,KAAK,CAACU,MAAM,EAAEX,MAAM,CAAC;EAC5D,MAAMY,QAAQ,GAAGC,cAAc,CAACd,GAAG,EAAEE,KAAK,CAACU,MAAM,EAAEF,MAAM,CAACE,MAAM,EAAEX,MAAM,CAAC;EACzE,MAAMc,UAAU,GAAGC,sBAAsB,CAAChB,GAAG,EAAEU,MAAM,CAACE,MAAM,EAAEX,MAAM,CAAC;EACrE,MAAMgB,KAAK,GAAGC,kBAAkB,CAAClB,GAAG,EAAEU,MAAM,CAACE,MAAM,EAAEX,MAAM,CAAC;EAC5D,MAAMkB,QAAQ,GAAGC,gCAAgC,CAACpB,GAAG,EAAEE,KAAK,CAACU,MAAM,EAAEX,MAAM,CAAC;EAE5E,OAAO;IACHc,UAAU;IACVF,QAAQ;IACRI,KAAK;IACLE;EACJ,CAAC;AACL;AAEA,SAASC,gCAAgCA,CACrCpB,GAAc,EACdE,KAAmC,EACnCD,MAAiC,EACnC;EACE;AACJ;AACA;AACA;AACA;AACA;AACA;EACI,MAAMoB,SAAS,GAAGrB,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC8B,QAAQ,CAACC,SAAS,EAAE;IACtDjB,IAAI,EAAE,YAAY;IAClBC,MAAM,EAAE;MACJiB,SAAS,EAAEvB,MAAM,CAACwB,WAAW;MAC7BC,OAAO,EAAEzB,MAAM,CAAC0B,cAAc;MAC9BC,QAAQ,EAAE3B,MAAM,CAAC4B,eAAe;MAChCC,IAAI,EAAEvC,MAAM,CAACwC,WAAY;AACrC;AACA,yBAAyB/B,GAAG,CAACC,MAAM,CAAC+B,GAAG,CAACC,OAAO,IAAI,SAAU;AAC7D;AACA,iCAAiChC,MAAM,CAACiC,MAAO;AAC/C,sCAAsCjC,MAAM,CAACkC,WAAY;AACzD,iCAAiClC,MAAM,CAACmC,MAAO;AAC/C,uCAAuCnC,MAAM,CAACoC,YAAa;AAC3D,sCAAsCnC,KAAK,CAACoC,GAAI;AAChD;AACA;MACgB;MAAA,CACCC,KAAK,CAACC,CAAC,IAAIC,IAAI,CAACC,SAAS,CAAC,IAAAC,wBAAQ,EAACF,IAAI,CAACG,KAAK,CAACJ,CAAC,CAAC,CAAC,CAAC;IAC3D;EACJ,CAAC,CAAC;EAEF,OAAO;IAAEnB;EAAU,CAAC;AACxB;AAEA,SAASL,sBAAsBA,CAC3BhB,GAAc,EACdU,MAAqC,EACrCT,MAAiC,EACnC;EACE,MAAM4C,IAAI,GAAG7C,GAAG,CAAC8C,SAAS,CAACC,kBAAU,CAAC;EAEtC,MAAMC,IAAI,GAAG,IAAAC,6BAAgB,EAACjD,GAAG,EAAE;IAC/BM,IAAI,EAAE,2BAA2B;IACjCI,MAAM,EAAEA;EACZ,CAAC,CAAC;EAEF,MAAMwC,MAAM,GAAGlD,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACC,QAAQ,EAAE;IAChD7C,IAAI,EAAE,6BAA6B;IACnCC,MAAM,EAAE;MACJyC,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwC,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACrB,KAAK,CAACsB,KAAK,KAAK;UACrD,GAAGA,KAAK;UACRC,QAAQ,EAAE7D,MAAM,CAACwB;QACrB,CAAC,CAAC;MACN,CAAC;MACDsC,WAAW,EAAE,0CAA0C;MACvDC,IAAI,EAAE,IAAIzE,MAAM,CAAC0E,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAI3E,MAAM,CAAC0E,KAAK,CAACE,WAAW,CAC7B/E,IAAI,CAACgF,IAAI,CAACpE,GAAG,CAACqE,KAAK,CAACC,SAAS,EAAE,8BAA8B,CACjE;MACJ,CAAC,CAAC;MACFC,SAAS,EAAEvE,GAAG,CAAC8C,SAAS,CAAC0B,iBAAS,CAAC,CAACC;IACxC;EACJ,CAAC,CAAC;;EAEF;AACJ;AACA;AACA;AACA;;EAEI,MAAMC,SAAS,GAAG1E,GAAG,CAACG,WAAW,CAACX,GAAG,CAACmF,UAAU,CAACC,SAAS,EAAE;IACxDtE,IAAI,EAAE,iCAAiC;IACvCC,MAAM,EAAE;MACJsE,YAAY,EAAEhC,IAAI,CAACiC,WAAW;MAC9BC,YAAY,EAAEtC,IAAI,CAACC,SAAS,CAAC;QACzB,aAAa,EAAE,CAAC,aAAa;MACjC,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMsC,eAAe,GAAGhF,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAAC+B,UAAU,EAAE;IAC3D3E,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJ2E,MAAM,EAAE,uBAAuB;MAC/BC,QAAQ,EAAEjC,MAAM,CAACtC,MAAM,CAACwC,GAAG;MAC3BgC,SAAS,EAAE,sBAAsB;MACjCC,SAAS,EAAEX,SAAS,CAAC9D,MAAM,CAACwC;IAChC;EACJ,CAAC,CAAC;EAEF,MAAMkC,WAAW,GAAGtF,GAAG,CAACG,WAAW,CAACX,GAAG,CAACmF,UAAU,CAACY,WAAW,EAAE;IAC5DjF,IAAI,EAAE,mCAAmC;IACzCC,MAAM,EAAE;MACJiF,IAAI,EAAEd,SAAS,CAAC9D,MAAM,CAACN,IAAI;MAC3BuE,YAAY,EAAEhC,IAAI,CAACiC,WAAW;MAC9B1B,GAAG,EAAEF,MAAM,CAACtC,MAAM,CAACwC;IACvB;EACJ,CAAC,CAAC;EAEF,OAAO;IACH1C,MAAM;IACNsC,IAAI;IACJE,MAAM;IACNwB,SAAS;IACTM,eAAe;IACfM;EACJ,CAAC;AACL;AAEA,SAASxE,cAAcA,CACnBd,GAAc,EACdE,KAAmC,EACnCQ,MAAqC,EACrCT,MAAiC,EACnC;EACE,MAAM+C,IAAI,GAAG,IAAAC,6BAAgB,EAACjD,GAAG,EAAE;IAC/BM,IAAI,EAAE,uBAAuB;IAC7BI,MAAM,EAAEA,MAAM;IACd+E,aAAa,EAAEjG,GAAG,CAACkG,GAAG,CAACC,aAAa,CAACC;EACzC,CAAC,CAAC;EAEF,MAAM1C,MAAM,GAAGlD,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACC,QAAQ,EAAE;IAChD7C,IAAI,EAAE,kBAAkB;IACxBC,MAAM,EAAE;MACJyC,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwC,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,GAAG;MACZC,UAAU,EAAE,IAAI;MAChBoC,MAAM,EAAE,CAAC,IAAAC,sBAAW,EAAC,UAAU,CAAC,CAAC;MACjCpC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACrB,KAAK,CAACsB,KAAK,KAAK;UACrD,GAAGA,KAAK;UACRC,QAAQ,EAAE7D,MAAM,CAACwB;QACrB,CAAC,CAAC;MACN,CAAC;MACDsC,WAAW,EAAE,4DAA4D;MACzEC,IAAI,EAAE,IAAIzE,MAAM,CAAC0E,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAI3E,MAAM,CAAC0E,KAAK,CAACE,WAAW,CAC7B/E,IAAI,CAACgF,IAAI,CAACpE,GAAG,CAACqE,KAAK,CAACC,SAAS,EAAE,2BAA2B,CAC9D;MACJ,CAAC,CAAC;MACFC,SAAS,EAAEvE,GAAG,CAAC8C,SAAS,CAAC0B,iBAAS,CAAC,CAACC;IACxC;EACJ,CAAC,CAAC;EAEF,MAAMsB,kBAAkB,GAAG/F,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAAC8C,kBAAkB,EAAE;IACtE1F,IAAI,EAAE,gCAAgC;IACtCC,MAAM,EAAE;MACJ0F,YAAY,EAAE/C,MAAM,CAACtC,MAAM,CAACwC,GAAG;MAC/B8C,cAAc,EAAEhG,KAAK,CAACkD,GAAG;MACzB+C,SAAS,EAAE;IACf;EACJ,CAAC,CAAC;EAEF,OAAO;IACHzF,MAAM;IACNsC,IAAI;IACJE,MAAM;IACN6C;EACJ,CAAC;AACL;AAEA,SAAS7E,kBAAkBA,CACvBlB,GAAc,EACdU,MAAqC,EACrCT,MAAiC,EACnC;EACE,MAAM4C,IAAI,GAAG7C,GAAG,CAAC8C,SAAS,CAACC,kBAAU,CAAC;EAEtC,MAAMC,IAAI,GAAG,IAAAC,6BAAgB,EAACjD,GAAG,EAAE;IAC/BM,IAAI,EAAE,sBAAsB;IAC5BI,MAAM,EAAEA;EACZ,CAAC,CAAC;EAEF,MAAMwC,MAAM,GAAGlD,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACC,QAAQ,EAAE;IAChD7C,IAAI,EAAE,iBAAiB;IACvBC,MAAM,EAAE;MACJyC,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwC,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACrB,KAAK,CAACsB,KAAK,KAAK;UACrD,GAAGA,KAAK;UACRC,QAAQ,EAAE7D,MAAM,CAACwB;QACrB,CAAC,CAAC;MACN,CAAC;MACDsC,WAAW,EAAE,yCAAyC;MACtDC,IAAI,EAAE,IAAIzE,MAAM,CAAC0E,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAI3E,MAAM,CAAC0E,KAAK,CAACE,WAAW,CAC7B/E,IAAI,CAACgF,IAAI,CAACpE,GAAG,CAACqE,KAAK,CAACC,SAAS,EAAE,0BAA0B,CAC7D;MACJ,CAAC,CAAC;MACFC,SAAS,EAAEvE,GAAG,CAAC8C,SAAS,CAAC0B,iBAAS,CAAC,CAACC;IACxC;EACJ,CAAC,CAAC;EAEF,MAAMC,SAAS,GAAG1E,GAAG,CAACG,WAAW,CAACX,GAAG,CAACmF,UAAU,CAACC,SAAS,EAAE;IACxDtE,IAAI,EAAE,qBAAqB;IAC3BC,MAAM,EAAE;MACJsE,YAAY,EAAEhC,IAAI,CAACiC,WAAW;MAC9BC,YAAY,EAAEtC,IAAI,CAACC,SAAS,CAAC;QACzB,aAAa,EAAE,CAAC,YAAY;MAChC,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMsC,eAAe,GAAGhF,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAAC+B,UAAU,EAAE;IAC3D3E,IAAI,EAAE,2BAA2B;IACjCC,MAAM,EAAE;MACJ2E,MAAM,EAAE,uBAAuB;MAC/BC,QAAQ,EAAEjC,MAAM,CAACtC,MAAM,CAACwC,GAAG;MAC3BgC,SAAS,EAAE,sBAAsB;MACjCC,SAAS,EAAEX,SAAS,CAAC9D,MAAM,CAACwC;IAChC;EACJ,CAAC,CAAC;EAEF,MAAMkC,WAAW,GAAGtF,GAAG,CAACG,WAAW,CAACX,GAAG,CAACmF,UAAU,CAACY,WAAW,EAAE;IAC5DjF,IAAI,EAAE,uBAAuB;IAC7BC,MAAM,EAAE;MACJiF,IAAI,EAAEd,SAAS,CAAC9D,MAAM,CAACN,IAAI;MAC3BuE,YAAY,EAAEhC,IAAI,CAACiC,WAAW;MAC9B1B,GAAG,EAAEF,MAAM,CAACtC,MAAM,CAACwC;IACvB;EACJ,CAAC,CAAC;EAEF,OAAO;IACH1C,MAAM;IACNsC,IAAI;IACJE,MAAM;IACNwB,SAAS;IACTM,eAAe;IACfM;EACJ,CAAC;AACL;AAEA,SAAS3E,kBAAkBA,CACvBX,GAAc,EACdE,KAAmC,EACnCD,MAAiC,EACnC;EACE,MAAM4C,IAAI,GAAG7C,GAAG,CAAC8C,SAAS,CAACC,kBAAU,CAAC;EACtC,MAAMqD,YAAY,GAAG,IAAAC,yBAAe,EAACrG,GAAG,CAAC;EAEzC,OAAOA,GAAG,CAACG,WAAW,CAACX,GAAG,CAACkG,GAAG,CAACY,MAAM,EAAE;IACnChG,IAAI,EAAE,kBAAkB;IACxBC,MAAM,EAAE;MACJwD,WAAW,EAAE,wEAAwE;MACrFrD,MAAM,EAAE;QACJ6F,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,uBAAuB;UAC5BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,qBAAqB,EACrB,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,eAAe,EACf,qBAAqB,CACxB;UACDC,QAAQ,EAAE/D,IAAI,CAACN,KAAK,CAACsE,CAAC,IAAI;YACtB;YACA,MAAMC,SAAS,GAAG,CACb,GAAED,CAAC,CAACE,uBAAwB,EAAC,EAC7B,GAAEF,CAAC,CAACE,uBAAwB,IAAG,CACnC;;YAED;YACA,IAAIF,CAAC,CAACG,6BAA6B,EAAE;cACjCF,SAAS,CAACG,IAAI,CACT,GAAEJ,CAAC,CAACG,6BAA8B,EAAC,EACnC,GAAEH,CAAC,CAACG,6BAA8B,IACvC,CAAC;YACL;YAEA,OAAOF,SAAS;UACpB,CAAC;QACL,CAAC,EACD;UACIL,GAAG,EAAE,iBAAiB;UACtBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,iBAAiB,EAAE,cAAc,EAAE,cAAc,CAAC;UAC3DC,QAAQ,EAAE,CAACrH,MAAM,CAACwC,WAAY,gBAAe9B,MAAM,CAACmC,MAAO,IAAG;QAClE,CAAC,EACD;UACIqE,GAAG,EAAE,yBAAyB;UAC9BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,+BAA+B;UACvCC,QAAQ,EAAErH,MAAM,CAACwC,WAAY,uBAAsBqE,YAAa;QACpE,CAAC,EACD;UACIK,GAAG,EAAE,kBAAkB;UACvBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,iBAAiB,EAAE,sBAAsB,CAAC;UACnDC,QAAQ,EAAE1G,KAAK,CAACkD;QACpB,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@webiny/pulumi-aws",
-	"version": "5.40.0-beta.5",
+	"version": "5.40.0-beta.6",
 	"repository": {
 		"type": "git",
 		"url": "https://github.com/webiny/webiny-js.git"
@@ -16,9 +16,9 @@
 		"@pulumi/aws": "^6.32.0",
 		"@pulumi/pulumi": "^3.113.3",
 		"@pulumi/random": "v3.2.0",
-		"@webiny/aws-sdk": "5.40.0-beta.5",
-		"@webiny/cli-plugin-deploy-pulumi": "5.40.0-beta.5",
-		"@webiny/pulumi": "5.40.0-beta.5",
+		"@webiny/aws-sdk": "5.40.0-beta.6",
+		"@webiny/cli-plugin-deploy-pulumi": "5.40.0-beta.6",
+		"@webiny/pulumi": "5.40.0-beta.6",
 		"form-data": "4.0.0",
 		"node-fetch": "2.7.0"
 	},
@@ -28,10 +28,10 @@
 		"@babel/preset-env": "7.24.3",
 		"@babel/preset-typescript": "7.24.1",
 		"@babel/runtime": "7.24.1",
-		"@webiny/api-page-builder": "5.40.0-beta.5",
-		"@webiny/aws-layers": "5.40.0-beta.5",
-		"@webiny/cli": "5.40.0-beta.5",
-		"@webiny/project-utils": "5.40.0-beta.5",
+		"@webiny/api-page-builder": "5.40.0-beta.6",
+		"@webiny/aws-layers": "5.40.0-beta.6",
+		"@webiny/cli": "5.40.0-beta.6",
+		"@webiny/project-utils": "5.40.0-beta.6",
 		"chalk": "4.1.2",
 		"lodash": "4.17.21",
 		"mime": "2.6.0",
@@ -55,5 +55,5 @@
 			]
 		}
 	},
-	"gitHead": "04482b686c63fdadebd4c6c1db7595af1140cfc7"
+	"gitHead": "e6ce53a387a9b1ab39aa8d15e4ed9be2359f17aa"
 }