npm - @webiny/pulumi-aws - Versions diffs - 5.42.0-beta.0 → 5.42.0-beta.1 - Mend

@webiny/pulumi-aws 5.42.0-beta.0 → 5.42.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/apps/api/ApiApwScheduler.js +5 -0
package/apps/api/ApiApwScheduler.js.map +1 -1
package/apps/api/ApiFileManager.js +5 -0
package/apps/api/ApiFileManager.js.map +1 -1
package/apps/api/ApiGraphql.js +1 -1
package/apps/api/ApiGraphql.js.map +1 -1
package/apps/api/ApiPageBuilder.js +1 -1
package/apps/api/ApiPageBuilder.js.map +1 -1
package/apps/website/WebsitePrerendering.js +1 -1
package/apps/website/WebsitePrerendering.js.map +1 -1
package/package.json +10 -10

package/apps/api/ApiApwScheduler.js CHANGED Viewed

@@ -139,6 +139,11 @@ function createExecuteActionLambdaPolicy(app) {
           Effect: "Allow",
           Action: ["dynamodb:Query", "dynamodb:GetItem", "dynamodb:DeleteItem"],
           Resource: [pulumi.interpolate`${core.primaryDynamodbTableArn}`, pulumi.interpolate`${core.primaryDynamodbTableArn}/*`]
+        }, {
+          Sid: "PermissionDynamoDBLog",
+          Effect: "Allow",
+          Action: ["dynamodb:Query", "dynamodb:GetItem", "dynamodb:DeleteItem", "dynamodb:PutItem"],
+          Resource: [pulumi.interpolate`${core.logDynamodbTableArn}`, pulumi.interpolate`${core.logDynamodbTableArn}/*`]
         }]
       }
     }

package/apps/api/ApiApwScheduler.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_constants","_pulumi2","_common","_lambdaUtils","LAMBDA_NAME_PREFIX","CREATE_RULE_LAMBDA","EXECUTE_ACTION_LAMBDA","EVENT_RULE_NAME","EVENT_RULE_TARGET","ApiApwScheduler","exports","createAppModule","name","config","app","params","executeAction","createExecuteActionLambda","scheduleAction","createScheduleActionLambda","lambda","output","eventRule","addResource","cloudwatch","EventRule","description","scheduleExpression","state","Permission","action","function","arn","principal","statementId","eventTarget","EventTarget","rule","role","iam","Role","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","meta","isLambdaFunctionRole","policy","createExecuteActionLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaBasicExecutionRole","Function","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","core","getModule","CoreOutput","Policy","Sid","Resource","interpolate","primaryDynamodbTableArn","executeLambda","createScheduleActionLambdaPolicy","APW_SCHEDULER_EXECUTE_ACTION_HANDLER"],"sources":["ApiApwScheduler.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { CoreOutput } from \"../common\";\nimport { getCommonLambdaEnvVariables } from \"../lambdaUtils\";\n\ninterface ScheduleActionParams {\n env: Record<string, any>;\n}\n\nconst LAMBDA_NAME_PREFIX = \"apw-scheduler\";\nconst CREATE_RULE_LAMBDA = `${LAMBDA_NAME_PREFIX}-schedule-action-lambda`;\nconst EXECUTE_ACTION_LAMBDA = `${LAMBDA_NAME_PREFIX}-execute-action-lambda`;\nconst EVENT_RULE_NAME = `${LAMBDA_NAME_PREFIX}-event-rule`;\nconst EVENT_RULE_TARGET = `${LAMBDA_NAME_PREFIX}-event-rule-target`;\n\nexport type ApiApwScheduler = PulumiAppModule<typeof ApiApwScheduler>;\n\nexport const ApiApwScheduler = createAppModule({\n name: \"ApiApwScheduler\",\n config(app: PulumiApp, params: ScheduleActionParams) {\n const executeAction = createExecuteActionLambda(app, params);\n const scheduleAction = createScheduleActionLambda(app, executeAction.lambda.output, params);\n\n // Create event rule.\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: EVENT_RULE_NAME,\n config: {\n description: `Enable us to schedule an action in publishing workflow at a particular datetime`,\n scheduleExpression: \"cron(* * * * ? 2000)\",\n state: \"ENABLED\"\n }\n });\n\n // Add required permission to the target lambda.\n app.addResource(aws.lambda.Permission, {\n name: \"eventTargetPermission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: scheduleAction.lambda.output.arn,\n principal: \"events.amazonaws.com\",\n statementId: \"allow-rule-invoke-\" + EVENT_RULE_NAME\n }\n });\n\n // Add lambda as target to the event rule.\n const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n name: EVENT_RULE_TARGET,\n config: {\n rule: eventRule.output.name,\n arn: scheduleAction.lambda.output.arn\n }\n });\n\n return {\n executeAction,\n scheduleAction,\n eventRule,\n eventTarget\n };\n }\n});\n\nfunction createExecuteActionLambda(app: PulumiApp, params: ScheduleActionParams) {\n const role = app.addResource(aws.iam.Role, {\n name: `${EXECUTE_ACTION_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = createExecuteActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: EXECUTE_ACTION_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 512,\n description: \"Handle execute action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/executeAction/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createExecuteActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerExecuteActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\"dynamodb:Query\", \"dynamodb:GetItem\", \"dynamodb:DeleteItem\"],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/`\n ]\n }\n ]\n }\n }\n });\n}\n\nfunction createScheduleActionLambda(\n app: PulumiApp,\n executeLambda: pulumi.Output<aws.lambda.Function>,\n params: ScheduleActionParams\n) {\n const role = app.addResource(aws.iam.Role, {\n name: `${CREATE_RULE_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = createScheduleActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: CREATE_RULE_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 512,\n description: \"Handle schedule action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/scheduleAction/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n APW_SCHEDULER_EXECUTE_ACTION_HANDLER: executeLambda.arn\n // RULE_NAME: this.eventRule.name.apply(name => name),\n // RULE_TARGET_ID: this.eventTarget.targetId.apply(id => id)\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createScheduleActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerScheduleActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:GetItem\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:DeleteItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/`\n ]\n },\n {\n Sid: \"PermissionEvents\",\n Effect: \"Allow\",\n Action: [\n \"events:DeleteRule\",\n \"events:PutTargets\",\n \"events:PutRule\",\n \"events:ListRules\",\n \"events:RemoveTargets\",\n \"events:ListTargetsByRule\"\n ],\n Resource: [\"*\"]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AACA,IAAAO,YAAA,GAAAP,OAAA;AAMA,MAAMQ,kBAAkB,GAAG,eAAe;AAC1C,MAAMC,kBAAkB,GAAG,GAAGD,kBAAkB,yBAAyB;AACzE,MAAME,qBAAqB,GAAG,GAAGF,kBAAkB,wBAAwB;AAC3E,MAAMG,eAAe,GAAG,GAAGH,kBAAkB,aAAa;AAC1D,MAAMI,iBAAiB,GAAG,GAAGJ,kBAAkB,oBAAoB;AAI5D,MAAMK,eAAe,GAAAC,OAAA,CAAAD,eAAA,GAAG,IAAAE,wBAAe,EAAC;EAC3CC,IAAI,EAAE,iBAAiB;EACvBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,MAAMC,aAAa,GAAGC,yBAAyB,CAACH,GAAG,EAAEC,MAAM,CAAC;IAC5D,MAAMG,cAAc,GAAGC,0BAA0B,CAACL,GAAG,EAAEE,aAAa,CAACI,MAAM,CAACC,MAAM,EAAEN,MAAM,CAAC;;IAE3F;IACA,MAAMO,SAAS,GAAGR,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACyB,UAAU,CAACC,SAAS,EAAE;MACxDb,IAAI,EAAEL,eAAe;MACrBM,MAAM,EAAE;QACJa,WAAW,EAAE,iFAAiF;QAC9FC,kBAAkB,EAAE,sBAAsB;QAC1CC,KAAK,EAAE;MACX;IACJ,CAAC,CAAC;;IAEF;IACAd,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACS,UAAU,EAAE;MACnCjB,IAAI,EAAE,uBAAuB;MAC7BC,MAAM,EAAE;QACJiB,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAEb,cAAc,CAACE,MAAM,CAACC,MAAM,CAACW,GAAG;QAC1CC,SAAS,EAAE,sBAAsB;QACjCC,WAAW,EAAE,oBAAoB,GAAG3B;MACxC;IACJ,CAAC,CAAC;;IAEF;IACA,MAAM4B,WAAW,GAAGrB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACyB,UAAU,CAACY,WAAW,EAAE;MAC5DxB,IAAI,EAAEJ,iBAAiB;MACvBK,MAAM,EAAE;QACJwB,IAAI,EAAEf,SAAS,CAACD,MAAM,CAACT,IAAI;QAC3BoB,GAAG,EAAEd,cAAc,CAACE,MAAM,CAACC,MAAM,CAACW;MACtC;IACJ,CAAC,CAAC;IAEF,OAAO;MACHhB,aAAa;MACbE,cAAc;MACdI,SAAS;MACTa;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASlB,yBAAyBA,CAACH,GAAc,EAAEC,MAA4B,EAAE;EAC7E,MAAMuB,IAAI,GAAGxB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACC,IAAI,EAAE;IACvC5B,IAAI,EAAE,GAAGN,qBAAqB,OAAO;IACrCO,MAAM,EAAE;MACJ4B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBAAgB;UACxBC,SAAS,EAAE;YACPC,OAAO,EAAE;UACb,CAAC;UACDC,MAAM,EAAE;QACZ,CAAC;MAET;IACJ,CAAC;IACDC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAK;EACvC,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGC,+BAA+B,CAACrC,GAAG,CAAC;EAEnDA,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGN,qBAAqB,yBAAyB;IACvDO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEH,MAAM,CAAC7B,MAAM,CAACW;IAC7B;EACJ,CAAC,CAAC;EAEFlB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGN,qBAAqB,8BAA8B;IAC5DO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEtD,GAAG,CAACwC,GAAG,CAACe,aAAa,CAACC;IACrC;EACJ,CAAC,CAAC;EAEF,MAAMnC,MAAM,GAAGN,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACoC,QAAQ,EAAE;IAChD5C,IAAI,EAAEN,qBAAqB;IAC3BO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM,CAACW,GAAG;MACrByB,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfnC,WAAW,EAAE,iDAAiD;MAC9DoC,IAAI,EAAE,IAAIjE,MAAM,CAACkE,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAInE,MAAM,CAACkE,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACrD,GAAG,CAACsD,KAAK,CAACC,SAAS,EAAE,yBAAyB,CAC5D;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAG3D,MAAM,CAAC4D;QACd,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHrC,IAAI;IACJY,MAAM;IACN9B;EACJ,CAAC;AACL;AAEA,SAAS+B,+BAA+BA,CAACrC,GAAc,EAAE;EACrD,MAAM8D,IAAI,GAAG9D,GAAG,CAAC+D,SAAS,CAACC,kBAAU,CAAC;EAEtC,OAAOhE,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACwC,MAAM,EAAE;IACnCnE,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJa,WAAW,EAAE,sEAAsE;MACnFwB,MAAM,EAAE;QACJR,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIqC,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,uBAAuB,CAAC;UACjCqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC,EACD;UACID,GAAG,EAAE,oBAAoB;UACzBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,qBAAqB,CAAC;UACrEqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,EAAE,EACnDtF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,IAAI;QAE7D,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN;AAEA,SAAShE,0BAA0BA,CAC/BL,GAAc,EACdsE,aAAiD,EACjDrE,MAA4B,EAC9B;EACE,MAAMuB,IAAI,GAAGxB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACC,IAAI,EAAE;IACvC5B,IAAI,EAAE,GAAGP,kBAAkB,OAAO;IAClCQ,MAAM,EAAE;MACJ4B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBAAgB;UACxBC,SAAS,EAAE;YACPC,OAAO,EAAE;UACb,CAAC;UACDC,MAAM,EAAE;QACZ,CAAC;MAET;IACJ,CAAC;IACDC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAK;EACvC,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGmC,gCAAgC,CAACvE,GAAG,CAAC;EAEpDA,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGP,kBAAkB,yBAAyB;IACpDQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEH,MAAM,CAAC7B,MAAM,CAACW;IAC7B;EACJ,CAAC,CAAC;EAEFlB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGP,kBAAkB,8BAA8B;IACzDQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEtD,GAAG,CAACwC,GAAG,CAACe,aAAa,CAACC;IACrC;EACJ,CAAC,CAAC;EAEF,MAAMnC,MAAM,GAAGN,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACoC,QAAQ,EAAE;IAChD5C,IAAI,EAAEP,kBAAkB;IACxBQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM,CAACW,GAAG;MACrByB,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfnC,WAAW,EAAE,kDAAkD;MAC/DoC,IAAI,EAAE,IAAIjE,MAAM,CAACkE,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAInE,MAAM,CAACkE,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACrD,GAAG,CAACsD,KAAK,CAACC,SAAS,EAAE,0BAA0B,CAC7D;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAG3D,MAAM,CAAC4D,GAAG;UACbW,oCAAoC,EAAEF,aAAa,CAACpD;UACpD;UACA;QACJ,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHM,IAAI;IACJY,MAAM;IACN9B;EACJ,CAAC;AACL;AAEA,SAASiE,gCAAgCA,CAACvE,GAAc,EAAE;EACtD,MAAM8D,IAAI,GAAG9D,GAAG,CAAC+D,SAAS,CAACC,kBAAU,CAAC;EAEtC,OAAOhE,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACwC,MAAM,EAAE;IACnCnE,IAAI,EAAE,wCAAwC;IAC9CC,MAAM,EAAE;MACJa,WAAW,EAAE,sEAAsE;MACnFwB,MAAM,EAAE;QACJR,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIqC,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,uBAAuB,CAAC;UACjCqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC,EACD;UACID,GAAG,EAAE,oBAAoB;UACzBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,CACxB;UACDqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,EAAE,EACnDtF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,IAAI;QAE7D,CAAC,EACD;UACIH,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,0BAA0B,CAC7B;UACDqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
1	+ {"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_constants","_pulumi2","_common","_lambdaUtils","LAMBDA_NAME_PREFIX","CREATE_RULE_LAMBDA","EXECUTE_ACTION_LAMBDA","EVENT_RULE_NAME","EVENT_RULE_TARGET","ApiApwScheduler","exports","createAppModule","name","config","app","params","executeAction","createExecuteActionLambda","scheduleAction","createScheduleActionLambda","lambda","output","eventRule","addResource","cloudwatch","EventRule","description","scheduleExpression","state","Permission","action","function","arn","principal","statementId","eventTarget","EventTarget","rule","role","iam","Role","assumeRolePolicy","Version","Statement","Action","Principal","Service","Effect","meta","isLambdaFunctionRole","policy","createExecuteActionLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaBasicExecutionRole","Function","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","core","getModule","CoreOutput","Policy","Sid","Resource","interpolate","primaryDynamodbTableArn","logDynamodbTableArn","executeLambda","createScheduleActionLambdaPolicy","APW_SCHEDULER_EXECUTE_ACTION_HANDLER"],"sources":["ApiApwScheduler.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { CoreOutput } from \"../common\";\nimport { getCommonLambdaEnvVariables } from \"../lambdaUtils\";\n\ninterface ScheduleActionParams {\n env: Record<string, any>;\n}\n\nconst LAMBDA_NAME_PREFIX = \"apw-scheduler\";\nconst CREATE_RULE_LAMBDA = `${LAMBDA_NAME_PREFIX}-schedule-action-lambda`;\nconst EXECUTE_ACTION_LAMBDA = `${LAMBDA_NAME_PREFIX}-execute-action-lambda`;\nconst EVENT_RULE_NAME = `${LAMBDA_NAME_PREFIX}-event-rule`;\nconst EVENT_RULE_TARGET = `${LAMBDA_NAME_PREFIX}-event-rule-target`;\n\nexport type ApiApwScheduler = PulumiAppModule<typeof ApiApwScheduler>;\n\nexport const ApiApwScheduler = createAppModule({\n name: \"ApiApwScheduler\",\n config(app: PulumiApp, params: ScheduleActionParams) {\n const executeAction = createExecuteActionLambda(app, params);\n const scheduleAction = createScheduleActionLambda(app, executeAction.lambda.output, params);\n\n // Create event rule.\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: EVENT_RULE_NAME,\n config: {\n description: `Enable us to schedule an action in publishing workflow at a particular datetime`,\n scheduleExpression: \"cron(* * * * ? 2000)\",\n state: \"ENABLED\"\n }\n });\n\n // Add required permission to the target lambda.\n app.addResource(aws.lambda.Permission, {\n name: \"eventTargetPermission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: scheduleAction.lambda.output.arn,\n principal: \"events.amazonaws.com\",\n statementId: \"allow-rule-invoke-\" + EVENT_RULE_NAME\n }\n });\n\n // Add lambda as target to the event rule.\n const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n name: EVENT_RULE_TARGET,\n config: {\n rule: eventRule.output.name,\n arn: scheduleAction.lambda.output.arn\n }\n });\n\n return {\n executeAction,\n scheduleAction,\n eventRule,\n eventTarget\n };\n }\n});\n\nfunction createExecuteActionLambda(app: PulumiApp, params: ScheduleActionParams) {\n const role = app.addResource(aws.iam.Role, {\n name: `${EXECUTE_ACTION_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = createExecuteActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${EXECUTE_ACTION_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: EXECUTE_ACTION_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 512,\n description: \"Handle execute action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/executeAction/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createExecuteActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerExecuteActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\"dynamodb:Query\", \"dynamodb:GetItem\", \"dynamodb:DeleteItem\"],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/`\n ]\n },\n {\n Sid: \"PermissionDynamoDBLog\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:Query\",\n \"dynamodb:GetItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:PutItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.logDynamodbTableArn}`,\n pulumi.interpolate`${core.logDynamodbTableArn}/`\n ]\n }\n ]\n }\n }\n });\n}\n\nfunction createScheduleActionLambda(\n app: PulumiApp,\n executeLambda: pulumi.Output<aws.lambda.Function>,\n params: ScheduleActionParams\n) {\n const role = app.addResource(aws.iam.Role, {\n name: `${CREATE_RULE_LAMBDA}-role`,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = createScheduleActionLambdaPolicy(app);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-role-policy-attachment`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${CREATE_RULE_LAMBDA}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: CREATE_RULE_LAMBDA,\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 512,\n description: \"Handle schedule action workflow in apw scheduler\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"apw/scheduleAction/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n APW_SCHEDULER_EXECUTE_ACTION_HANDLER: executeLambda.arn\n // RULE_NAME: this.eventRule.name.apply(name => name),\n // RULE_TARGET_ID: this.eventTarget.targetId.apply(id => id)\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n lambda\n };\n}\n\nfunction createScheduleActionLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApwSchedulerScheduleActionLambdaPolicy\",\n config: {\n description: \"This policy enables access to cloudwatch event and lambda invocation\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: [\"\"]\n },\n {\n Sid: \"PermissionDynamoDB\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:GetItem\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:DeleteItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/`\n ]\n },\n {\n Sid: \"PermissionEvents\",\n Effect: \"Allow\",\n Action: [\n \"events:DeleteRule\",\n \"events:PutTargets\",\n \"events:PutRule\",\n \"events:ListRules\",\n \"events:RemoveTargets\",\n \"events:ListTargetsByRule\"\n ],\n Resource: [\"\"]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AACA,IAAAO,YAAA,GAAAP,OAAA;AAMA,MAAMQ,kBAAkB,GAAG,eAAe;AAC1C,MAAMC,kBAAkB,GAAG,GAAGD,kBAAkB,yBAAyB;AACzE,MAAME,qBAAqB,GAAG,GAAGF,kBAAkB,wBAAwB;AAC3E,MAAMG,eAAe,GAAG,GAAGH,kBAAkB,aAAa;AAC1D,MAAMI,iBAAiB,GAAG,GAAGJ,kBAAkB,oBAAoB;AAI5D,MAAMK,eAAe,GAAAC,OAAA,CAAAD,eAAA,GAAG,IAAAE,wBAAe,EAAC;EAC3CC,IAAI,EAAE,iBAAiB;EACvBC,MAAMA,CAACC,GAAc,EAAEC,MAA4B,EAAE;IACjD,MAAMC,aAAa,GAAGC,yBAAyB,CAACH,GAAG,EAAEC,MAAM,CAAC;IAC5D,MAAMG,cAAc,GAAGC,0BAA0B,CAACL,GAAG,EAAEE,aAAa,CAACI,MAAM,CAACC,MAAM,EAAEN,MAAM,CAAC;;IAE3F;IACA,MAAMO,SAAS,GAAGR,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACyB,UAAU,CAACC,SAAS,EAAE;MACxDb,IAAI,EAAEL,eAAe;MACrBM,MAAM,EAAE;QACJa,WAAW,EAAE,iFAAiF;QAC9FC,kBAAkB,EAAE,sBAAsB;QAC1CC,KAAK,EAAE;MACX;IACJ,CAAC,CAAC;;IAEF;IACAd,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACS,UAAU,EAAE;MACnCjB,IAAI,EAAE,uBAAuB;MAC7BC,MAAM,EAAE;QACJiB,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAEb,cAAc,CAACE,MAAM,CAACC,MAAM,CAACW,GAAG;QAC1CC,SAAS,EAAE,sBAAsB;QACjCC,WAAW,EAAE,oBAAoB,GAAG3B;MACxC;IACJ,CAAC,CAAC;;IAEF;IACA,MAAM4B,WAAW,GAAGrB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACyB,UAAU,CAACY,WAAW,EAAE;MAC5DxB,IAAI,EAAEJ,iBAAiB;MACvBK,MAAM,EAAE;QACJwB,IAAI,EAAEf,SAAS,CAACD,MAAM,CAACT,IAAI;QAC3BoB,GAAG,EAAEd,cAAc,CAACE,MAAM,CAACC,MAAM,CAACW;MACtC;IACJ,CAAC,CAAC;IAEF,OAAO;MACHhB,aAAa;MACbE,cAAc;MACdI,SAAS;MACTa;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASlB,yBAAyBA,CAACH,GAAc,EAAEC,MAA4B,EAAE;EAC7E,MAAMuB,IAAI,GAAGxB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACC,IAAI,EAAE;IACvC5B,IAAI,EAAE,GAAGN,qBAAqB,OAAO;IACrCO,MAAM,EAAE;MACJ4B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBAAgB;UACxBC,SAAS,EAAE;YACPC,OAAO,EAAE;UACb,CAAC;UACDC,MAAM,EAAE;QACZ,CAAC;MAET;IACJ,CAAC;IACDC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAK;EACvC,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGC,+BAA+B,CAACrC,GAAG,CAAC;EAEnDA,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGN,qBAAqB,yBAAyB;IACvDO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEH,MAAM,CAAC7B,MAAM,CAACW;IAC7B;EACJ,CAAC,CAAC;EAEFlB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGN,qBAAqB,8BAA8B;IAC5DO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEtD,GAAG,CAACwC,GAAG,CAACe,aAAa,CAACC;IACrC;EACJ,CAAC,CAAC;EAEF,MAAMnC,MAAM,GAAGN,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACoC,QAAQ,EAAE;IAChD5C,IAAI,EAAEN,qBAAqB;IAC3BO,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM,CAACW,GAAG;MACrByB,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfnC,WAAW,EAAE,iDAAiD;MAC9DoC,IAAI,EAAE,IAAIjE,MAAM,CAACkE,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAInE,MAAM,CAACkE,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACrD,GAAG,CAACsD,KAAK,CAACC,SAAS,EAAE,yBAAyB,CAC5D;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAG3D,MAAM,CAAC4D;QACd,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHrC,IAAI;IACJY,MAAM;IACN9B;EACJ,CAAC;AACL;AAEA,SAAS+B,+BAA+BA,CAACrC,GAAc,EAAE;EACrD,MAAM8D,IAAI,GAAG9D,GAAG,CAAC+D,SAAS,CAACC,kBAAU,CAAC;EAEtC,OAAOhE,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACwC,MAAM,EAAE;IACnCnE,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJa,WAAW,EAAE,sEAAsE;MACnFwB,MAAM,EAAE;QACJR,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIqC,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,uBAAuB,CAAC;UACjCqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC,EACD;UACID,GAAG,EAAE,oBAAoB;UACzBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,qBAAqB,CAAC;UACrEqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,EAAE,EACnDtF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,IAAI;QAE7D,CAAC,EACD;UACIH,GAAG,EAAE,uBAAuB;UAC5BjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,kBAAkB,CACrB;UACDqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACQ,mBAAmB,EAAE,EAC/CvF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACQ,mBAAmB,IAAI;QAEzD,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN;AAEA,SAASjE,0BAA0BA,CAC/BL,GAAc,EACduE,aAAiD,EACjDtE,MAA4B,EAC9B;EACE,MAAMuB,IAAI,GAAGxB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACC,IAAI,EAAE;IACvC5B,IAAI,EAAE,GAAGP,kBAAkB,OAAO;IAClCQ,MAAM,EAAE;MACJ4B,gBAAgB,EAAE;QACdC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,MAAM,EAAE,gBAAgB;UACxBC,SAAS,EAAE;YACPC,OAAO,EAAE;UACb,CAAC;UACDC,MAAM,EAAE;QACZ,CAAC;MAET;IACJ,CAAC;IACDC,IAAI,EAAE;MAAEC,oBAAoB,EAAE;IAAK;EACvC,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGoC,gCAAgC,CAACxE,GAAG,CAAC;EAEpDA,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGP,kBAAkB,yBAAyB;IACpDQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEH,MAAM,CAAC7B,MAAM,CAACW;IAC7B;EACJ,CAAC,CAAC;EAEFlB,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACa,oBAAoB,EAAE;IAC1CxC,IAAI,EAAE,GAAGP,kBAAkB,8BAA8B;IACzDQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM;MACjBgC,SAAS,EAAEtD,GAAG,CAACwC,GAAG,CAACe,aAAa,CAACC;IACrC;EACJ,CAAC,CAAC;EAEF,MAAMnC,MAAM,GAAGN,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACqB,MAAM,CAACoC,QAAQ,EAAE;IAChD5C,IAAI,EAAEP,kBAAkB;IACxBQ,MAAM,EAAE;MACJyB,IAAI,EAAEA,IAAI,CAACjB,MAAM,CAACW,GAAG;MACrByB,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,GAAG;MACfnC,WAAW,EAAE,kDAAkD;MAC/DoC,IAAI,EAAE,IAAIjE,MAAM,CAACkE,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAInE,MAAM,CAACkE,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACrD,GAAG,CAACsD,KAAK,CAACC,SAAS,EAAE,0BAA0B,CAC7D;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAG3D,MAAM,CAAC4D,GAAG;UACbY,oCAAoC,EAAEF,aAAa,CAACrD;UACpD;UACA;QACJ,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHM,IAAI;IACJY,MAAM;IACN9B;EACJ,CAAC;AACL;AAEA,SAASkE,gCAAgCA,CAACxE,GAAc,EAAE;EACtD,MAAM8D,IAAI,GAAG9D,GAAG,CAAC+D,SAAS,CAACC,kBAAU,CAAC;EAEtC,OAAOhE,GAAG,CAACS,WAAW,CAACxB,GAAG,CAACwC,GAAG,CAACwC,MAAM,EAAE;IACnCnE,IAAI,EAAE,wCAAwC;IAC9CC,MAAM,EAAE;MACJa,WAAW,EAAE,sEAAsE;MACnFwB,MAAM,EAAE;QACJR,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIqC,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CAAC,uBAAuB,CAAC;UACjCqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC,EACD;UACID,GAAG,EAAE,oBAAoB;UACzBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,CACxB;UACDqC,QAAQ,EAAE,CACNpF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,EAAE,EACnDtF,MAAM,CAACqF,WAAW,GAAGN,IAAI,CAACO,uBAAuB,IAAI;QAE7D,CAAC,EACD;UACIH,GAAG,EAAE,kBAAkB;UACvBjC,MAAM,EAAE,OAAO;UACfH,MAAM,EAAE,CACJ,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,0BAA0B,CAC7B;UACDqC,QAAQ,EAAE,CAAC,GAAG;QAClB,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}

package/apps/api/ApiFileManager.js CHANGED Viewed

@@ -125,6 +125,11 @@ function createFileManagerLambdaPolicy(app) {
           Effect: "Allow",
           Action: ["dynamodb:GetItem", "dynamodb:Query"],
           Resource: [pulumi.interpolate`${core.primaryDynamodbTableArn}`, pulumi.interpolate`${core.primaryDynamodbTableArn}/*`]
+        }, {
+          Sid: "PermissionForDynamoDBLog",
+          Effect: "Allow",
+          Action: ["dynamodb:GetItem", "dynamodb:Query", "dynamodb:PutItem", "dynamodb:BatchWriteItem"],
+          Resource: [pulumi.interpolate`${core.logDynamodbTableArn}`, pulumi.interpolate`${core.logDynamodbTableArn}/*`]
         }]
       }
     }

package/apps/api/ApiFileManager.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_awsLayers","_pulumi2","_lambdaUtils","_","_awsUtils","_constants","ApiFileManager","exports","createAppModule","name","config","app","core","getModule","CoreOutput","graphql","ApiGraphql","accountId","getAwsAccountId","policy","createFileManagerLambdaPolicy","role","createLambdaRole","output","manage","addResource","lambda","Function","arn","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","S3_BUCKET","fileManagerBucketId","vpcConfig","VpcConfig","functionVpcConfig","baseConfig","functions","clone","download","layers","getLayerArn","env","WEBINY_FUNCTION_TYPE","manageS3LambdaPermission","Permission","action","function","principal","sourceArn","interpolate","sourceAccount","opts","dependsOn","bucketNotification","s3","BucketNotification","bucket","lambdaFunctions","lambdaFunctionArn","events","iam","Policy","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn"],"sources":["ApiFileManager.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { getLayerArn } from \"@webiny/aws-layers\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\n\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { ApiGraphql, CoreOutput, VpcConfig } from \"~/apps\";\nimport { getAwsAccountId } from \"~/apps/awsUtils\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\n\nexport type ApiFileManager = PulumiAppModule<typeof ApiFileManager>;\n\ninterface ApiFileManagerConfig {\n env: Record<string, any>;\n}\n\nexport const ApiFileManager = createAppModule({\n name: \"ApiFileManager\",\n config(app: PulumiApp, config: ApiFileManagerConfig) {\n const core = app.getModule(CoreOutput);\n const graphql = app.getModule(ApiGraphql);\n const accountId = getAwsAccountId(app);\n\n const policy = createFileManagerLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"fm-lambda-role\",\n policy: policy.output\n });\n\n const manage = app.addResource(aws.lambda.Function, {\n name: \"fm-manage\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 30,\n memorySize: 1024,\n description: \"Triggered when a file is deleted.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"fileManager/manage/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n S3_BUCKET: core.fileManagerBucketId\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n const baseConfig = graphql.functions.graphql.config.clone();\n\n const download = app.addResource(aws.lambda.Function, {\n name: \"fm-download\",\n config: {\n ...baseConfig,\n memorySize: 1600,\n description: \"Serves previously uploaded files.\",\n layers: [getLayerArn(\"sharp\")],\n environment: {\n variables: graphql.functions.graphql.output.environment.apply(env => {\n return {\n WEBINY_FUNCTION_TYPE: \"asset-delivery\",\n ...env?.variables,\n ...config.env\n };\n })\n }\n }\n });\n\n const manageS3LambdaPermission = app.addResource(aws.lambda.Permission, {\n name: \"fm-manage-s3-lambda-permission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: manage.output.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`,\n sourceAccount: accountId\n },\n opts: {\n dependsOn: [manage.output]\n }\n });\n\n const bucketNotification = app.addResource(aws.s3.BucketNotification, {\n name: \"bucketNotification\",\n config: {\n bucket: core.fileManagerBucketId,\n lambdaFunctions: [\n {\n lambdaFunctionArn: manage.output.arn,\n events: [\"s3:ObjectRemoved:\"]\n }\n ]\n },\n opts: {\n dependsOn: [manage.output, manageS3LambdaPermission.output]\n }\n });\n\n const functions = {\n manage,\n download\n };\n\n return {\n functions,\n bucketNotification\n };\n }\n});\n\nfunction createFileManagerLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"FileManagerLambdaPolicy\",\n config: {\n description: \"This policy enables access to Lambda and S3\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: \"lambda:InvokeFunction\",\n Resource: \"\"\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:DeleteObject\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`,\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}/`\n ]\n },\n {\n Sid: \"PermissionForDynamoDB\",\n Effect: \"Allow\",\n Action: [\"dynamodb:GetItem\", \"dynamodb:Query\"],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AAEA,IAAAM,YAAA,GAAAN,OAAA;AACA,IAAAO,CAAA,GAAAP,OAAA;AACA,IAAAQ,SAAA,GAAAR,OAAA;AACA,IAAAS,UAAA,GAAAT,OAAA;AAQO,MAAMU,cAAc,GAAAC,OAAA,CAAAD,cAAA,GAAG,IAAAE,wBAAe,EAAC;EAC1CC,IAAI,EAAE,gBAAgB;EACtBC,MAAMA,CAACC,GAAc,EAAED,MAA4B,EAAE;IACjD,MAAME,IAAI,GAAGD,GAAG,CAACE,SAAS,CAACC,YAAU,CAAC;IACtC,MAAMC,OAAO,GAAGJ,GAAG,CAACE,SAAS,CAACG,YAAU,CAAC;IACzC,MAAMC,SAAS,GAAG,IAAAC,yBAAe,EAACP,GAAG,CAAC;IAEtC,MAAMQ,MAAM,GAAGC,6BAA6B,CAACT,GAAG,CAAC;IACjD,MAAMU,IAAI,GAAG,IAAAC,6BAAgB,EAACX,GAAG,EAAE;MAC/BF,IAAI,EAAE,gBAAgB;MACtBU,MAAM,EAAEA,MAAM,CAACI;IACnB,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGb,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACC,QAAQ,EAAE;MAChDlB,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJW,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACK,GAAG;QACrBC,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,EAAE;QACXC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE,mCAAmC;QAChDC,IAAI,EAAE,IAAItC,MAAM,CAACuC,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIxC,MAAM,CAACuC,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAAC7B,GAAG,CAAC8B,KAAK,CAACC,SAAS,EAAE,0BAA0B,CAC7D;QACJ,CAAC,CAAC;QACFC,WAAW,EAAE;UACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;YACrD,GAAGA,KAAK;YACRC,SAAS,EAAEpC,IAAI,CAACqC;UACpB,CAAC,CAAC;QACN,CAAC;QACDC,SAAS,EAAEvC,GAAG,CAACE,SAAS,CAACsC,WAAS,CAAC,CAACC;MACxC;IACJ,CAAC,CAAC;IAEF,MAAMC,UAAU,GAAGtC,OAAO,CAACuC,SAAS,CAACvC,OAAO,CAACL,MAAM,CAAC6C,KAAK,CAAC,CAAC;IAE3D,MAAMC,QAAQ,GAAG7C,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACC,QAAQ,EAAE;MAClDlB,IAAI,EAAE,aAAa;MACnBC,MAAM,EAAE;QACJ,GAAG2C,UAAU;QACbpB,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE,mCAAmC;QAChDuB,MAAM,EAAE,CAAC,IAAAC,sBAAW,EAAC,OAAO,CAAC,CAAC;QAC9Bf,WAAW,EAAE;UACTC,SAAS,EAAE7B,OAAO,CAACuC,SAAS,CAACvC,OAAO,CAACQ,MAAM,CAACoB,WAAW,CAACG,KAAK,CAACa,GAAG,IAAI;YACjE,OAAO;cACHC,oBAAoB,EAAE,gBAAgB;cACtC,GAAGD,GAAG,EAAEf,SAAS;cACjB,GAAGlC,MAAM,CAACiD;YACd,CAAC;UACL,CAAC;QACL;MACJ;IACJ,CAAC,CAAC;IAEF,MAAME,wBAAwB,GAAGlD,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACoC,UAAU,EAAE;MACpErD,IAAI,EAAE,gCAAgC;MACtCC,MAAM,EAAE;QACJqD,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAExC,MAAM,CAACD,MAAM,CAACK,GAAG;QAC3BqC,SAAS,EAAE,kBAAkB;QAC7BC,SAAS,EAAErE,MAAM,CAACsE,WAAW,gBAAgBvD,IAAI,CAACqC,mBAAmB,EAAE;QACvEmB,aAAa,EAAEnD;MACnB,CAAC;MACDoD,IAAI,EAAE;QACFC,SAAS,EAAE,CAAC9C,MAAM,CAACD,MAAM;MAC7B;IACJ,CAAC,CAAC;IAEF,MAAMgD,kBAAkB,GAAG5D,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAACyE,EAAE,CAACC,kBAAkB,EAAE;MAClEhE,IAAI,EAAE,oBAAoB;MAC1BC,MAAM,EAAE;QACJgE,MAAM,EAAE9D,IAAI,CAACqC,mBAAmB;QAChC0B,eAAe,EAAE,CACb;UACIC,iBAAiB,EAAEpD,MAAM,CAACD,MAAM,CAACK,GAAG;UACpCiD,MAAM,EAAE,CAAC,oBAAoB;QACjC,CAAC;MAET,CAAC;MACDR,IAAI,EAAE;QACFC,SAAS,EAAE,CAAC9C,MAAM,CAACD,MAAM,EAAEsC,wBAAwB,CAACtC,MAAM;MAC9D;IACJ,CAAC,CAAC;IAEF,MAAM+B,SAAS,GAAG;MACd9B,MAAM;MACNgC;IACJ,CAAC;IAED,OAAO;MACHF,SAAS;MACTiB;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASnD,6BAA6BA,CAACT,GAAc,EAAE;EACnD,MAAMC,IAAI,GAAGD,GAAG,CAACE,SAAS,CAACC,YAAU,CAAC;EAEtC,OAAOH,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC+E,GAAG,CAACC,MAAM,EAAE;IACnCtE,IAAI,EAAE,yBAAyB;IAC/BC,MAAM,EAAE;MACJwB,WAAW,EAAE,6CAA6C;MAC1Df,MAAM,EAAE;QACJ6D,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,qBAAqB;UAC1BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,uBAAuB;UAC/BC,QAAQ,EAAE;QACd,CAAC,EACD;UACIH,GAAG,EAAE,iBAAiB;UACtBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,eAAe,CAClB;UACDC,QAAQ,EAAE,CACNxF,MAAM,CAACsE,WAAW,gBAAgBvD,IAAI,CAACqC,mBAAmB,EAAE,EAC5DpD,MAAM,CAACsE,WAAW,gBAAgBvD,IAAI,CAACqC,mBAAmB,IAAI;QAEtE,CAAC,EACD;UACIiC,GAAG,EAAE,uBAAuB;UAC5BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,CAAC;UAC9CC,QAAQ,EAAE,CACNxF,MAAM,CAACsE,WAAW,GAAGvD,IAAI,CAAC0E,uBAAuB,EAAE,EACnDzF,MAAM,CAACsE,WAAW,GAAGvD,IAAI,CAAC0E,uBAAuB,IAAI;QAE7D,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
1	+ {"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_awsLayers","_pulumi2","_lambdaUtils","_","_awsUtils","_constants","ApiFileManager","exports","createAppModule","name","config","app","core","getModule","CoreOutput","graphql","ApiGraphql","accountId","getAwsAccountId","policy","createFileManagerLambdaPolicy","role","createLambdaRole","output","manage","addResource","lambda","Function","arn","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","S3_BUCKET","fileManagerBucketId","vpcConfig","VpcConfig","functionVpcConfig","baseConfig","functions","clone","download","layers","getLayerArn","env","WEBINY_FUNCTION_TYPE","manageS3LambdaPermission","Permission","action","function","principal","sourceArn","interpolate","sourceAccount","opts","dependsOn","bucketNotification","s3","BucketNotification","bucket","lambdaFunctions","lambdaFunctionArn","events","iam","Policy","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","logDynamodbTableArn"],"sources":["ApiFileManager.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { getLayerArn } from \"@webiny/aws-layers\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\n\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { ApiGraphql, CoreOutput, VpcConfig } from \"~/apps\";\nimport { getAwsAccountId } from \"~/apps/awsUtils\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\n\nexport type ApiFileManager = PulumiAppModule<typeof ApiFileManager>;\n\ninterface ApiFileManagerConfig {\n env: Record<string, any>;\n}\n\nexport const ApiFileManager = createAppModule({\n name: \"ApiFileManager\",\n config(app: PulumiApp, config: ApiFileManagerConfig) {\n const core = app.getModule(CoreOutput);\n const graphql = app.getModule(ApiGraphql);\n const accountId = getAwsAccountId(app);\n\n const policy = createFileManagerLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"fm-lambda-role\",\n policy: policy.output\n });\n\n const manage = app.addResource(aws.lambda.Function, {\n name: \"fm-manage\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 30,\n memorySize: 1024,\n description: \"Triggered when a file is deleted.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"fileManager/manage/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n S3_BUCKET: core.fileManagerBucketId\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n const baseConfig = graphql.functions.graphql.config.clone();\n\n const download = app.addResource(aws.lambda.Function, {\n name: \"fm-download\",\n config: {\n ...baseConfig,\n memorySize: 1600,\n description: \"Serves previously uploaded files.\",\n layers: [getLayerArn(\"sharp\")],\n environment: {\n variables: graphql.functions.graphql.output.environment.apply(env => {\n return {\n WEBINY_FUNCTION_TYPE: \"asset-delivery\",\n ...env?.variables,\n ...config.env\n };\n })\n }\n }\n });\n\n const manageS3LambdaPermission = app.addResource(aws.lambda.Permission, {\n name: \"fm-manage-s3-lambda-permission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: manage.output.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`,\n sourceAccount: accountId\n },\n opts: {\n dependsOn: [manage.output]\n }\n });\n\n const bucketNotification = app.addResource(aws.s3.BucketNotification, {\n name: \"bucketNotification\",\n config: {\n bucket: core.fileManagerBucketId,\n lambdaFunctions: [\n {\n lambdaFunctionArn: manage.output.arn,\n events: [\"s3:ObjectRemoved:\"]\n }\n ]\n },\n opts: {\n dependsOn: [manage.output, manageS3LambdaPermission.output]\n }\n });\n\n const functions = {\n manage,\n download\n };\n\n return {\n functions,\n bucketNotification\n };\n }\n});\n\nfunction createFileManagerLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n\n return app.addResource(aws.iam.Policy, {\n name: \"FileManagerLambdaPolicy\",\n config: {\n description: \"This policy enables access to Lambda and S3\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: \"lambda:InvokeFunction\",\n Resource: \"\"\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:DeleteObject\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`,\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}/`\n ]\n },\n {\n Sid: \"PermissionForDynamoDB\",\n Effect: \"Allow\",\n Action: [\"dynamodb:GetItem\", \"dynamodb:Query\"],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/`\n ]\n },\n {\n Sid: \"PermissionForDynamoDBLog\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:GetItem\",\n \"dynamodb:Query\",\n \"dynamodb:PutItem\",\n \"dynamodb:BatchWriteItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.logDynamodbTableArn}`,\n pulumi.interpolate`${core.logDynamodbTableArn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,UAAA,GAAAJ,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AAEA,IAAAM,YAAA,GAAAN,OAAA;AACA,IAAAO,CAAA,GAAAP,OAAA;AACA,IAAAQ,SAAA,GAAAR,OAAA;AACA,IAAAS,UAAA,GAAAT,OAAA;AAQO,MAAMU,cAAc,GAAAC,OAAA,CAAAD,cAAA,GAAG,IAAAE,wBAAe,EAAC;EAC1CC,IAAI,EAAE,gBAAgB;EACtBC,MAAMA,CAACC,GAAc,EAAED,MAA4B,EAAE;IACjD,MAAME,IAAI,GAAGD,GAAG,CAACE,SAAS,CAACC,YAAU,CAAC;IACtC,MAAMC,OAAO,GAAGJ,GAAG,CAACE,SAAS,CAACG,YAAU,CAAC;IACzC,MAAMC,SAAS,GAAG,IAAAC,yBAAe,EAACP,GAAG,CAAC;IAEtC,MAAMQ,MAAM,GAAGC,6BAA6B,CAACT,GAAG,CAAC;IACjD,MAAMU,IAAI,GAAG,IAAAC,6BAAgB,EAACX,GAAG,EAAE;MAC/BF,IAAI,EAAE,gBAAgB;MACtBU,MAAM,EAAEA,MAAM,CAACI;IACnB,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGb,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACC,QAAQ,EAAE;MAChDlB,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJW,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACK,GAAG;QACrBC,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,EAAE;QACXC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE,mCAAmC;QAChDC,IAAI,EAAE,IAAItC,MAAM,CAACuC,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIxC,MAAM,CAACuC,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAAC7B,GAAG,CAAC8B,KAAK,CAACC,SAAS,EAAE,0BAA0B,CAC7D;QACJ,CAAC,CAAC;QACFC,WAAW,EAAE;UACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;YACrD,GAAGA,KAAK;YACRC,SAAS,EAAEpC,IAAI,CAACqC;UACpB,CAAC,CAAC;QACN,CAAC;QACDC,SAAS,EAAEvC,GAAG,CAACE,SAAS,CAACsC,WAAS,CAAC,CAACC;MACxC;IACJ,CAAC,CAAC;IAEF,MAAMC,UAAU,GAAGtC,OAAO,CAACuC,SAAS,CAACvC,OAAO,CAACL,MAAM,CAAC6C,KAAK,CAAC,CAAC;IAE3D,MAAMC,QAAQ,GAAG7C,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACC,QAAQ,EAAE;MAClDlB,IAAI,EAAE,aAAa;MACnBC,MAAM,EAAE;QACJ,GAAG2C,UAAU;QACbpB,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE,mCAAmC;QAChDuB,MAAM,EAAE,CAAC,IAAAC,sBAAW,EAAC,OAAO,CAAC,CAAC;QAC9Bf,WAAW,EAAE;UACTC,SAAS,EAAE7B,OAAO,CAACuC,SAAS,CAACvC,OAAO,CAACQ,MAAM,CAACoB,WAAW,CAACG,KAAK,CAACa,GAAG,IAAI;YACjE,OAAO;cACHC,oBAAoB,EAAE,gBAAgB;cACtC,GAAGD,GAAG,EAAEf,SAAS;cACjB,GAAGlC,MAAM,CAACiD;YACd,CAAC;UACL,CAAC;QACL;MACJ;IACJ,CAAC,CAAC;IAEF,MAAME,wBAAwB,GAAGlD,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACoC,UAAU,EAAE;MACpErD,IAAI,EAAE,gCAAgC;MACtCC,MAAM,EAAE;QACJqD,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAExC,MAAM,CAACD,MAAM,CAACK,GAAG;QAC3BqC,SAAS,EAAE,kBAAkB;QAC7BC,SAAS,EAAErE,MAAM,CAACsE,WAAW,gBAAgBvD,IAAI,CAACqC,mBAAmB,EAAE;QACvEmB,aAAa,EAAEnD;MACnB,CAAC;MACDoD,IAAI,EAAE;QACFC,SAAS,EAAE,CAAC9C,MAAM,CAACD,MAAM;MAC7B;IACJ,CAAC,CAAC;IAEF,MAAMgD,kBAAkB,GAAG5D,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAACyE,EAAE,CAACC,kBAAkB,EAAE;MAClEhE,IAAI,EAAE,oBAAoB;MAC1BC,MAAM,EAAE;QACJgE,MAAM,EAAE9D,IAAI,CAACqC,mBAAmB;QAChC0B,eAAe,EAAE,CACb;UACIC,iBAAiB,EAAEpD,MAAM,CAACD,MAAM,CAACK,GAAG;UACpCiD,MAAM,EAAE,CAAC,oBAAoB;QACjC,CAAC;MAET,CAAC;MACDR,IAAI,EAAE;QACFC,SAAS,EAAE,CAAC9C,MAAM,CAACD,MAAM,EAAEsC,wBAAwB,CAACtC,MAAM;MAC9D;IACJ,CAAC,CAAC;IAEF,MAAM+B,SAAS,GAAG;MACd9B,MAAM;MACNgC;IACJ,CAAC;IAED,OAAO;MACHF,SAAS;MACTiB;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASnD,6BAA6BA,CAACT,GAAc,EAAE;EACnD,MAAMC,IAAI,GAAGD,GAAG,CAACE,SAAS,CAACC,YAAU,CAAC;EAEtC,OAAOH,GAAG,CAACc,WAAW,CAAC1B,GAAG,CAAC+E,GAAG,CAACC,MAAM,EAAE;IACnCtE,IAAI,EAAE,yBAAyB;IAC/BC,MAAM,EAAE;MACJwB,WAAW,EAAE,6CAA6C;MAC1Df,MAAM,EAAE;QACJ6D,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,qBAAqB;UAC1BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,uBAAuB;UAC/BC,QAAQ,EAAE;QACd,CAAC,EACD;UACIH,GAAG,EAAE,iBAAiB;UACtBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,eAAe,CAClB;UACDC,QAAQ,EAAE,CACNxF,MAAM,CAACsE,WAAW,gBAAgBvD,IAAI,CAACqC,mBAAmB,EAAE,EAC5DpD,MAAM,CAACsE,WAAW,gBAAgBvD,IAAI,CAACqC,mBAAmB,IAAI;QAEtE,CAAC,EACD;UACIiC,GAAG,EAAE,uBAAuB;UAC5BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,CAAC;UAC9CC,QAAQ,EAAE,CACNxF,MAAM,CAACsE,WAAW,GAAGvD,IAAI,CAAC0E,uBAAuB,EAAE,EACnDzF,MAAM,CAACsE,WAAW,GAAGvD,IAAI,CAAC0E,uBAAuB,IAAI;QAE7D,CAAC,EACD;UACIJ,GAAG,EAAE,0BAA0B;UAC/BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,yBAAyB,CAC5B;UACDC,QAAQ,EAAE,CACNxF,MAAM,CAACsE,WAAW,GAAGvD,IAAI,CAAC2E,mBAAmB,EAAE,EAC/C1F,MAAM,CAACsE,WAAW,GAAGvD,IAAI,CAAC2E,mBAAmB,IAAI;QAEzD,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}

package/apps/api/ApiGraphql.js CHANGED Viewed

@@ -145,7 +145,7 @@ function createGraphqlLambdaPolicy(app) {
             Sid: "PermissionForDynamodb",
             Effect: "Allow",
             Action: ["dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:ConditionCheckItem", "dynamodb:CreateBackup", "dynamodb:CreateTable", "dynamodb:CreateTableReplica", "dynamodb:DeleteBackup", "dynamodb:DeleteItem", "dynamodb:DeleteTable", "dynamodb:DeleteTableReplica", "dynamodb:DescribeBackup", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeContributorInsights", "dynamodb:DescribeExport", "dynamodb:DescribeKinesisStreamingDestination", "dynamodb:DescribeLimits", "dynamodb:DescribeReservedCapacity", "dynamodb:DescribeReservedCapacityOfferings", "dynamodb:DescribeStream", "dynamodb:DescribeTable", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "dynamodb:DisableKinesisStreamingDestination", "dynamodb:EnableKinesisStreamingDestination", "dynamodb:ExportTableToPointInTime", "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListBackups", "dynamodb:ListContributorInsights", "dynamodb:ListExports", "dynamodb:ListStreams", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLSelect", "dynamodb:PartiQLUpdate", "dynamodb:PurchaseReservedCapacityOfferings", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:RestoreTableFromBackup", "dynamodb:RestoreTableToPointInTime", "dynamodb:Scan", "dynamodb:UpdateContinuousBackups", "dynamodb:UpdateContributorInsights", "dynamodb:UpdateItem", "dynamodb:UpdateTable", "dynamodb:UpdateTableReplicaAutoScaling", "dynamodb:UpdateTimeToLive"],
-            Resource: [`${core.primaryDynamodbTableArn}`, `${core.primaryDynamodbTableArn}/*`,
+            Resource: [`${core.primaryDynamodbTableArn}`, `${core.primaryDynamodbTableArn}/*`, `${core.logDynamodbTableArn}`, `${core.logDynamodbTableArn}/*`,
             // Attach permissions for elastic search dynamo as well (if ES is enabled).
             ...(core.elasticsearchDynamodbTableArn ? [`${core.elasticsearchDynamodbTableArn}`, `${core.elasticsearchDynamodbTableArn}/*`] : [])]
           }, {

package/apps/api/ApiGraphql.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_kebabCase","_pulumi2","_lambdaUtils","_","_awsUtils","_constants","EMPTY_TRASH_BIN_EVENT_RULE_NAME","EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME","EMPTY_TRASH_BIN_EVENT_RULE_TARGET","ApiGraphql","exports","createAppModule","name","config","app","params","core","getModule","CoreOutput","policy","createGraphqlLambdaPolicy","role","createLambdaRole","output","graphql","addResource","lambda","Function","runtime","LAMBDA_RUNTIME","handler","arn","timeout","memorySize","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","AWS_NODEJS_CONNECTION_REUSE_ENABLED","vpcConfig","VpcConfig","functionVpcConfig","dynamodb","TableItem","tableName","primaryDynamodbTableName","hashKey","primaryDynamodbTableHashKey","rangeKey","primaryDynamodbTableRangeKey","key","item","interpolate","run","variant","apwSchedulerEventRule","apwSchedulerEventTarget","targetId","eventRule","cloudwatch","EventRule","description","scheduleExpression","Permission","action","function","principal","statementId","EventTarget","rule","input","JSON","stringify","source","functions","addRoute","routeParams","apiGateway","resources","console","log","kebabName","toKebabCase","method","coreOutput","awsAccountId","getAwsAccountId","awsRegion","getAwsRegion","iam","Policy","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","elasticsearchDynamodbTableArn","fileManagerBucketId","cognitoUserPoolArn","eventBusArn","elasticsearchDomainArn"],"sources":["ApiGraphql.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport toKebabCase from \"lodash/kebabCase\";\n\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"~/apps\";\nimport { getAwsAccountId, getAwsRegion } from \"../awsUtils\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\n\ninterface GraphqlParams {\n env: Record<string, any>;\n apwSchedulerEventRule: pulumi.Output<aws.cloudwatch.EventRule>;\n apwSchedulerEventTarget: pulumi.Output<aws.cloudwatch.EventTarget>;\n}\n\nexport interface AddRouteParams {\n /*\n Must be in kebab case (a-z and -)\n /\n name: string;\n path: `/${string}`;\n method: \"DELETE\" \| \"GET\" \| \"HEAD\" \| \"PATCH\" \| \"POST\" \| \"PUT\" \| \"OPTIONS\" \| \"ANY\";\n}\n\nconst EMPTY_TRASH_BIN_EVENT_RULE_NAME = `empty-trash-bin-event-rule`;\nconst EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME = `empty-trash-bin-event-target-permission`;\nconst EMPTY_TRASH_BIN_EVENT_RULE_TARGET = `empty-trash-bin-event-rule-target`;\n\nexport type ApiGraphql = PulumiAppModule<typeof ApiGraphql>;\n\nexport const ApiGraphql = createAppModule({\n name: \"ApiGraphql\",\n config(app: PulumiApp, params: GraphqlParams) {\n const core = app.getModule(CoreOutput);\n\n const policy = createGraphqlLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"api-lambda-role\",\n policy: policy.output\n });\n policy.config.policy;\n\n const graphql = app.addResource(aws.lambda.Function, {\n name: \"graphql\",\n config: {\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n role: role.output.arn,\n timeout: 30,\n memorySize: 1024,\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"graphql/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n AWS_NODEJS_CONNECTION_REUSE_ENABLED: \"1\"\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n /\n Store meta information like \"mainGraphqlFunctionArn\" in APW settings at deploy time.\n \n Note: We can't pass \"mainGraphqlFunctionArn\" as env variable due to circular dependency between\n * \"graphql\" lambda and \"api-apw-scheduler-execute-action\" lambda.\n /\n app.addResource(aws.dynamodb.TableItem, {\n name: \"apwSettings\",\n config: {\n tableName: core.primaryDynamodbTableName,\n hashKey: core.primaryDynamodbTableHashKey,\n rangeKey: pulumi\n .output(core.primaryDynamodbTableRangeKey)\n .apply(key => key \|\| \"SK\"),\n item: pulumi.interpolate`{\n \"PK\": {\"S\": \"APW#SETTINGS\"},\n \"SK\": {\"S\": \"${app.params.run.variant \|\| \"default\"}\"},\n \"mainGraphqlFunctionArn\": {\"S\": \"${graphql.output.arn}\"},\n \"eventRuleName\": {\"S\": \"${params.apwSchedulerEventRule.name}\"},\n \"eventTargetId\": {\"S\": \"${params.apwSchedulerEventTarget.targetId}\"}\n }`\n }\n });\n\n // Create event rule.\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: EMPTY_TRASH_BIN_EVENT_RULE_NAME,\n config: {\n description: \"Enable us to empty the trash-bin ever day\",\n scheduleExpression: \"cron(0 3 * ? )\"\n }\n });\n\n // Add required permission to the target lambda.\n app.addResource(aws.lambda.Permission, {\n name: EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME,\n config: {\n action: \"lambda:InvokeFunction\",\n function: graphql.output.arn,\n principal: \"events.amazonaws.com\",\n statementId: \"allow-rule-invoke-\" + EMPTY_TRASH_BIN_EVENT_RULE_NAME\n }\n });\n\n // Target the main graphql lambda.\n app.addResource(aws.cloudwatch.EventTarget, {\n name: EMPTY_TRASH_BIN_EVENT_RULE_TARGET,\n config: {\n rule: eventRule.output.name,\n arn: graphql.output.arn,\n input: JSON.stringify({\n source: \"webiny.events\",\n \"detail-type\": \"WebinyEmptyTrashBin\"\n })\n }\n });\n\n return {\n role,\n policy,\n functions: {\n graphql\n },\n addRoute: (routeParams: AddRouteParams) => {\n const apiGateway: any = app.resources.apiGateway;\n if (!apiGateway) {\n console.log(\n \"Could not add route because there is no apiGateway in the resources.\"\n );\n return;\n }\n const kebabName = toKebabCase(routeParams.name);\n if (kebabName !== routeParams.name) {\n console.log(`Route name is not allowed: \"${routeParams.name}\".`);\n return;\n }\n return apiGateway.addRoute(routeParams.name, {\n path: routeParams.path,\n method: routeParams.method,\n function: graphql.output.arn\n });\n }\n };\n }\n});\n\nfunction createGraphqlLambdaPolicy(app: PulumiApp) {\n const coreOutput = app.getModule(CoreOutput);\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApiGraphqlLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb, S3, Lambda and Cognito IDP\",\n // Core is pulumi.Output, so we need to run apply() to resolve policy based on it\n policy: coreOutput.apply(core => {\n const policy: aws.iam.PolicyDocument = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:ConditionCheckItem\",\n \"dynamodb:CreateBackup\",\n \"dynamodb:CreateTable\",\n \"dynamodb:CreateTableReplica\",\n \"dynamodb:DeleteBackup\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:DeleteTable\",\n \"dynamodb:DeleteTableReplica\",\n \"dynamodb:DescribeBackup\",\n \"dynamodb:DescribeContinuousBackups\",\n \"dynamodb:DescribeContributorInsights\",\n \"dynamodb:DescribeExport\",\n \"dynamodb:DescribeKinesisStreamingDestination\",\n \"dynamodb:DescribeLimits\",\n \"dynamodb:DescribeReservedCapacity\",\n \"dynamodb:DescribeReservedCapacityOfferings\",\n \"dynamodb:DescribeStream\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:DescribeTableReplicaAutoScaling\",\n \"dynamodb:DescribeTimeToLive\",\n \"dynamodb:DisableKinesisStreamingDestination\",\n \"dynamodb:EnableKinesisStreamingDestination\",\n \"dynamodb:ExportTableToPointInTime\",\n \"dynamodb:GetItem\",\n \"dynamodb:GetRecords\",\n \"dynamodb:GetShardIterator\",\n \"dynamodb:ListBackups\",\n \"dynamodb:ListContributorInsights\",\n \"dynamodb:ListExports\",\n \"dynamodb:ListStreams\",\n \"dynamodb:ListTables\",\n \"dynamodb:ListTagsOfResource\",\n \"dynamodb:PartiQLDelete\",\n \"dynamodb:PartiQLInsert\",\n \"dynamodb:PartiQLSelect\",\n \"dynamodb:PartiQLUpdate\",\n \"dynamodb:PurchaseReservedCapacityOfferings\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:RestoreTableFromBackup\",\n \"dynamodb:RestoreTableToPointInTime\",\n \"dynamodb:Scan\",\n \"dynamodb:UpdateContinuousBackups\",\n \"dynamodb:UpdateContributorInsights\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:UpdateTable\",\n \"dynamodb:UpdateTableReplicaAutoScaling\",\n \"dynamodb:UpdateTimeToLive\"\n ],\n Resource: [\n `${core.primaryDynamodbTableArn}`,\n `${core.primaryDynamodbTableArn}/`,\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n ...(core.elasticsearchDynamodbTableArn\n ? [\n `${core.elasticsearchDynamodbTableArn}`,\n `${core.elasticsearchDynamodbTableArn}/`\n ]\n : [])\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:ListBucket\",\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`,\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}/`\n ]\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:`\n },\n {\n Sid: \"PermissionForCognitoIdp\",\n Effect: \"Allow\",\n Action: \"cognito-idp:\",\n Resource: `${core.cognitoUserPoolArn}`\n },\n {\n Sid: \"PermissionForEventBus\",\n Effect: \"Allow\",\n Action: \"events:PutEvents\",\n Resource: core.eventBusArn\n },\n {\n Sid: \"PermissionForCloudfront\",\n Effect: \"Allow\",\n Action: \"cloudfront:CreateInvalidation\",\n Resource: pulumi.interpolate`arn:aws:cloudfront::${awsAccountId}:distribution/`\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(core.elasticsearchDomainArn\n ? [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\" as const,\n Action: \"es:\",\n Resource: [\n `${core.elasticsearchDomainArn}`,\n `${core.elasticsearchDomainArn}/*`\n ]\n }\n ]\n : [])\n ]\n };\n\n return policy;\n })\n }\n });\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,UAAA,GAAAL,sBAAA,CAAAC,OAAA;AAEA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,YAAA,GAAAN,OAAA;AACA,IAAAO,CAAA,GAAAP,OAAA;AACA,IAAAQ,SAAA,GAAAR,OAAA;AACA,IAAAS,UAAA,GAAAT,OAAA;AAiBA,MAAMU,+BAA+B,GAAG,4BAA4B;AACpE,MAAMC,qCAAqC,GAAG,yCAAyC;AACvF,MAAMC,iCAAiC,GAAG,mCAAmC;AAItE,MAAMC,UAAU,GAAAC,OAAA,CAAAD,UAAA,GAAG,IAAAE,wBAAe,EAAC;EACtCC,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAc,EAAEC,MAAqB,EAAE;IAC1C,MAAMC,IAAI,GAAGF,GAAG,CAACG,SAAS,CAACC,YAAU,CAAC;IAEtC,MAAMC,MAAM,GAAGC,yBAAyB,CAACN,GAAG,CAAC;IAC7C,MAAMO,IAAI,GAAG,IAAAC,6BAAgB,EAACR,GAAG,EAAE;MAC/BF,IAAI,EAAE,iBAAiB;MACvBO,MAAM,EAAEA,MAAM,CAACI;IACnB,CAAC,CAAC;IACFJ,MAAM,CAACN,MAAM,CAACM,MAAM;IAEpB,MAAMK,OAAO,GAAGV,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACC,QAAQ,EAAE;MACjDf,IAAI,EAAE,SAAS;MACfC,MAAM,EAAE;QACJe,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BT,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACQ,GAAG;QACrBC,OAAO,EAAE,EAAE;QACXC,UAAU,EAAE,IAAI;QAChBC,IAAI,EAAE,IAAIrC,MAAM,CAACsC,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIvC,MAAM,CAACsC,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACzB,GAAG,CAAC0B,KAAK,CAACC,SAAS,EAAE,eAAe,CAClD;QACJ,CAAC,CAAC;QACFC,WAAW,EAAE;UACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;YACrD,GAAGA,KAAK;YACR,GAAG/B,MAAM,CAACgC,GAAG;YACbC,mCAAmC,EAAE;UACzC,CAAC,CAAC;QACN,CAAC;QACDC,SAAS,EAAEnC,GAAG,CAACG,SAAS,CAACiC,WAAS,CAAC,CAACC;MACxC;IACJ,CAAC,CAAC;IACF;AACR;AACA;AACA;AACA;AACA;IACQrC,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACqD,QAAQ,CAACC,SAAS,EAAE;MACpCzC,IAAI,EAAE,aAAa;MACnBC,MAAM,EAAE;QACJyC,SAAS,EAAEtC,IAAI,CAACuC,wBAAwB;QACxCC,OAAO,EAAExC,IAAI,CAACyC,2BAA2B;QACzCC,QAAQ,EAAE7D,MAAM,CACX0B,MAAM,CAACP,IAAI,CAAC2C,4BAA4B,CAAC,CACzCd,KAAK,CAACe,GAAG,IAAIA,GAAG,IAAI,IAAI,CAAC;QAC9BC,IAAI,EAAEhE,MAAM,CAACiE,WAAW;AACxC;AACA,6BAA6BhD,GAAG,CAACC,MAAM,CAACgD,GAAG,CAACC,OAAO,IAAI,SAAS;AAChE,iDAAiDxC,OAAO,CAACD,MAAM,CAACQ,GAAG;AACnE,wCAAwChB,MAAM,CAACkD,qBAAqB,CAACrD,IAAI;AACzE,wCAAwCG,MAAM,CAACmD,uBAAuB,CAACC,QAAQ;AAC/E;MACY;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMC,SAAS,GAAGtD,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACsE,UAAU,CAACC,SAAS,EAAE;MACxD1D,IAAI,EAAEN,+BAA+B;MACrCO,MAAM,EAAE;QACJ0D,WAAW,EAAE,2CAA2C;QACxDC,kBAAkB,EAAE;MACxB;IACJ,CAAC,CAAC;;IAEF;IACA1D,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAAC+C,UAAU,EAAE;MACnC7D,IAAI,EAAEL,qCAAqC;MAC3CM,MAAM,EAAE;QACJ6D,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAEnD,OAAO,CAACD,MAAM,CAACQ,GAAG;QAC5B6C,SAAS,EAAE,sBAAsB;QACjCC,WAAW,EAAE,oBAAoB,GAAGvE;MACxC;IACJ,CAAC,CAAC;;IAEF;IACAQ,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACsE,UAAU,CAACS,WAAW,EAAE;MACxClE,IAAI,EAAEJ,iCAAiC;MACvCK,MAAM,EAAE;QACJkE,IAAI,EAAEX,SAAS,CAAC7C,MAAM,CAACX,IAAI;QAC3BmB,GAAG,EAAEP,OAAO,CAACD,MAAM,CAACQ,GAAG;QACvBiD,KAAK,EAAEC,IAAI,CAACC,SAAS,CAAC;UAClBC,MAAM,EAAE,eAAe;UACvB,aAAa,EAAE;QACnB,CAAC;MACL;IACJ,CAAC,CAAC;IAEF,OAAO;MACH9D,IAAI;MACJF,MAAM;MACNiE,SAAS,EAAE;QACP5D;MACJ,CAAC;MACD6D,QAAQ,EAAGC,WAA2B,IAAK;QACvC,MAAMC,UAAe,GAAGzE,GAAG,CAAC0E,SAAS,CAACD,UAAU;QAChD,IAAI,CAACA,UAAU,EAAE;UACbE,OAAO,CAACC,GAAG,CACP,sEACJ,CAAC;UACD;QACJ;QACA,MAAMC,SAAS,GAAG,IAAAC,kBAAW,EAACN,WAAW,CAAC1E,IAAI,CAAC;QAC/C,IAAI+E,SAAS,KAAKL,WAAW,CAAC1E,IAAI,EAAE;UAChC6E,OAAO,CAACC,GAAG,CAAC,+BAA+BJ,WAAW,CAAC1E,IAAI,IAAI,CAAC;UAChE;QACJ;QACA,OAAO2E,UAAU,CAACF,QAAQ,CAACC,WAAW,CAAC1E,IAAI,EAAE;UACzC0B,IAAI,EAAEgD,WAAW,CAAChD,IAAI;UACtBuD,MAAM,EAAEP,WAAW,CAACO,MAAM;UAC1BlB,QAAQ,EAAEnD,OAAO,CAACD,MAAM,CAACQ;QAC7B,CAAC,CAAC;MACN;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASX,yBAAyBA,CAACN,GAAc,EAAE;EAC/C,MAAMgF,UAAU,GAAGhF,GAAG,CAACG,SAAS,CAACC,YAAU,CAAC;EAC5C,MAAM6E,YAAY,GAAG,IAAAC,yBAAe,EAAClF,GAAG,CAAC;EACzC,MAAMmF,SAAS,GAAG,IAAAC,sBAAY,EAACpF,GAAG,CAAC;EAEnC,OAAOA,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACoG,GAAG,CAACC,MAAM,EAAE;IACnCxF,IAAI,EAAE,wBAAwB;IAC9BC,MAAM,EAAE;MACJ0D,WAAW,EAAE,oEAAoE;MACjF;MACApD,MAAM,EAAE2E,UAAU,CAACjD,KAAK,CAAC7B,IAAI,IAAI;QAC7B,MAAMG,MAA8B,GAAG;UACnCkF,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,GAAG,EAAE,uBAAuB;YAC5BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,EACtB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,6BAA6B,EAC7B,yBAAyB,EACzB,oCAAoC,EACpC,sCAAsC,EACtC,yBAAyB,EACzB,8CAA8C,EAC9C,yBAAyB,EACzB,mCAAmC,EACnC,4CAA4C,EAC5C,yBAAyB,EACzB,wBAAwB,EACxB,0CAA0C,EAC1C,6BAA6B,EAC7B,6CAA6C,EAC7C,4CAA4C,EAC5C,mCAAmC,EACnC,kBAAkB,EAClB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,kCAAkC,EAClC,sBAAsB,EACtB,sBAAsB,EACtB,qBAAqB,EACrB,6BAA6B,EAC7B,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,4CAA4C,EAC5C,kBAAkB,EAClB,gBAAgB,EAChB,iCAAiC,EACjC,oCAAoC,EACpC,eAAe,EACf,kCAAkC,EAClC,oCAAoC,EACpC,qBAAqB,EACrB,sBAAsB,EACtB,wCAAwC,EACxC,2BAA2B,CAC9B;YACDC,QAAQ,EAAE,CACN,GAAG1F,IAAI,CAAC2F,uBAAuB,EAAE,EACjC,GAAG3F,IAAI,CAAC2F,uBAAuB,IAAI;YACnC;YACA,IAAI3F,IAAI,CAAC4F,6BAA6B,GAChC,CACI,GAAG5F,IAAI,CAAC4F,6BAA6B,EAAE,EACvC,GAAG5F,IAAI,CAAC4F,6BAA6B,IAAI,CAC5C,GACD,EAAE,CAAC;UAEjB,CAAC,EACD;YACIL,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,cAAc,CACjB;YACDC,QAAQ,EAAE,CACN7G,MAAM,CAACiE,WAAW,gBAAgB9C,IAAI,CAAC6F,mBAAmB,EAAE,EAC5DhH,MAAM,CAACiE,WAAW,gBAAgB9C,IAAI,CAAC6F,mBAAmB,IAAI;UAEtE,CAAC,EACD;YACIN,GAAG,EAAE,qBAAqB;YAC1BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CAAC,uBAAuB,CAAC;YACjCC,QAAQ,EAAE7G,MAAM,CAACiE,WAAW,kBAAkBmC,SAAS,IAAIF,YAAY;UAC3E,CAAC,EACD;YACIQ,GAAG,EAAE,yBAAyB;YAC9BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,eAAe;YACvBC,QAAQ,EAAE,GAAG1F,IAAI,CAAC8F,kBAAkB;UACxC,CAAC,EACD;YACIP,GAAG,EAAE,uBAAuB;YAC5BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,kBAAkB;YAC1BC,QAAQ,EAAE1F,IAAI,CAAC+F;UACnB,CAAC,EACD;YACIR,GAAG,EAAE,yBAAyB;YAC9BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,+BAA+B;YACvCC,QAAQ,EAAE7G,MAAM,CAACiE,WAAW,uBAAuBiC,YAAY;UACnE,CAAC;UACD;UACA,IAAI/E,IAAI,CAACgG,sBAAsB,GACzB,CACI;YACIT,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAgB;YACxBC,MAAM,EAAE,MAAM;YACdC,QAAQ,EAAE,CACN,GAAG1F,IAAI,CAACgG,sBAAsB,EAAE,EAChC,GAAGhG,IAAI,CAACgG,sBAAsB,IAAI;UAE1C,CAAC,CACJ,GACD,EAAE,CAAC;QAEjB,CAAC;QAED,OAAO7F,MAAM;MACjB,CAAC;IACL;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
1	+ {"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_kebabCase","_pulumi2","_lambdaUtils","_","_awsUtils","_constants","EMPTY_TRASH_BIN_EVENT_RULE_NAME","EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME","EMPTY_TRASH_BIN_EVENT_RULE_TARGET","ApiGraphql","exports","createAppModule","name","config","app","params","core","getModule","CoreOutput","policy","createGraphqlLambdaPolicy","role","createLambdaRole","output","graphql","addResource","lambda","Function","runtime","LAMBDA_RUNTIME","handler","arn","timeout","memorySize","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","AWS_NODEJS_CONNECTION_REUSE_ENABLED","vpcConfig","VpcConfig","functionVpcConfig","dynamodb","TableItem","tableName","primaryDynamodbTableName","hashKey","primaryDynamodbTableHashKey","rangeKey","primaryDynamodbTableRangeKey","key","item","interpolate","run","variant","apwSchedulerEventRule","apwSchedulerEventTarget","targetId","eventRule","cloudwatch","EventRule","description","scheduleExpression","Permission","action","function","principal","statementId","EventTarget","rule","input","JSON","stringify","source","functions","addRoute","routeParams","apiGateway","resources","console","log","kebabName","toKebabCase","method","coreOutput","awsAccountId","getAwsAccountId","awsRegion","getAwsRegion","iam","Policy","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","logDynamodbTableArn","elasticsearchDynamodbTableArn","fileManagerBucketId","cognitoUserPoolArn","eventBusArn","elasticsearchDomainArn"],"sources":["ApiGraphql.ts"],"sourcesContent":["import path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport toKebabCase from \"lodash/kebabCase\";\n\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"~/apps\";\nimport { getAwsAccountId, getAwsRegion } from \"../awsUtils\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\n\ninterface GraphqlParams {\n env: Record<string, any>;\n apwSchedulerEventRule: pulumi.Output<aws.cloudwatch.EventRule>;\n apwSchedulerEventTarget: pulumi.Output<aws.cloudwatch.EventTarget>;\n}\n\nexport interface AddRouteParams {\n /*\n Must be in kebab case (a-z and -)\n /\n name: string;\n path: `/${string}`;\n method: \"DELETE\" \| \"GET\" \| \"HEAD\" \| \"PATCH\" \| \"POST\" \| \"PUT\" \| \"OPTIONS\" \| \"ANY\";\n}\n\nconst EMPTY_TRASH_BIN_EVENT_RULE_NAME = `empty-trash-bin-event-rule`;\nconst EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME = `empty-trash-bin-event-target-permission`;\nconst EMPTY_TRASH_BIN_EVENT_RULE_TARGET = `empty-trash-bin-event-rule-target`;\n\nexport type ApiGraphql = PulumiAppModule<typeof ApiGraphql>;\n\nexport const ApiGraphql = createAppModule({\n name: \"ApiGraphql\",\n config(app: PulumiApp, params: GraphqlParams) {\n const core = app.getModule(CoreOutput);\n\n const policy = createGraphqlLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"api-lambda-role\",\n policy: policy.output\n });\n policy.config.policy;\n\n const graphql = app.addResource(aws.lambda.Function, {\n name: \"graphql\",\n config: {\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n role: role.output.arn,\n timeout: 30,\n memorySize: 1024,\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"graphql/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n AWS_NODEJS_CONNECTION_REUSE_ENABLED: \"1\"\n }))\n },\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n /\n Store meta information like \"mainGraphqlFunctionArn\" in APW settings at deploy time.\n \n Note: We can't pass \"mainGraphqlFunctionArn\" as env variable due to circular dependency between\n * \"graphql\" lambda and \"api-apw-scheduler-execute-action\" lambda.\n /\n app.addResource(aws.dynamodb.TableItem, {\n name: \"apwSettings\",\n config: {\n tableName: core.primaryDynamodbTableName,\n hashKey: core.primaryDynamodbTableHashKey,\n rangeKey: pulumi\n .output(core.primaryDynamodbTableRangeKey)\n .apply(key => key \|\| \"SK\"),\n item: pulumi.interpolate`{\n \"PK\": {\"S\": \"APW#SETTINGS\"},\n \"SK\": {\"S\": \"${app.params.run.variant \|\| \"default\"}\"},\n \"mainGraphqlFunctionArn\": {\"S\": \"${graphql.output.arn}\"},\n \"eventRuleName\": {\"S\": \"${params.apwSchedulerEventRule.name}\"},\n \"eventTargetId\": {\"S\": \"${params.apwSchedulerEventTarget.targetId}\"}\n }`\n }\n });\n\n // Create event rule.\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: EMPTY_TRASH_BIN_EVENT_RULE_NAME,\n config: {\n description: \"Enable us to empty the trash-bin ever day\",\n scheduleExpression: \"cron(0 3 * ? )\"\n }\n });\n\n // Add required permission to the target lambda.\n app.addResource(aws.lambda.Permission, {\n name: EMPTY_TRASH_BIN_EVENT_PERMISSION_NAME,\n config: {\n action: \"lambda:InvokeFunction\",\n function: graphql.output.arn,\n principal: \"events.amazonaws.com\",\n statementId: \"allow-rule-invoke-\" + EMPTY_TRASH_BIN_EVENT_RULE_NAME\n }\n });\n\n // Target the main graphql lambda.\n app.addResource(aws.cloudwatch.EventTarget, {\n name: EMPTY_TRASH_BIN_EVENT_RULE_TARGET,\n config: {\n rule: eventRule.output.name,\n arn: graphql.output.arn,\n input: JSON.stringify({\n source: \"webiny.events\",\n \"detail-type\": \"WebinyEmptyTrashBin\"\n })\n }\n });\n\n return {\n role,\n policy,\n functions: {\n graphql\n },\n addRoute: (routeParams: AddRouteParams) => {\n const apiGateway: any = app.resources.apiGateway;\n if (!apiGateway) {\n console.log(\n \"Could not add route because there is no apiGateway in the resources.\"\n );\n return;\n }\n const kebabName = toKebabCase(routeParams.name);\n if (kebabName !== routeParams.name) {\n console.log(`Route name is not allowed: \"${routeParams.name}\".`);\n return;\n }\n return apiGateway.addRoute(routeParams.name, {\n path: routeParams.path,\n method: routeParams.method,\n function: graphql.output.arn\n });\n }\n };\n }\n});\n\nfunction createGraphqlLambdaPolicy(app: PulumiApp) {\n const coreOutput = app.getModule(CoreOutput);\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ApiGraphqlLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb, S3, Lambda and Cognito IDP\",\n // Core is pulumi.Output, so we need to run apply() to resolve policy based on it\n policy: coreOutput.apply(core => {\n const policy: aws.iam.PolicyDocument = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:ConditionCheckItem\",\n \"dynamodb:CreateBackup\",\n \"dynamodb:CreateTable\",\n \"dynamodb:CreateTableReplica\",\n \"dynamodb:DeleteBackup\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:DeleteTable\",\n \"dynamodb:DeleteTableReplica\",\n \"dynamodb:DescribeBackup\",\n \"dynamodb:DescribeContinuousBackups\",\n \"dynamodb:DescribeContributorInsights\",\n \"dynamodb:DescribeExport\",\n \"dynamodb:DescribeKinesisStreamingDestination\",\n \"dynamodb:DescribeLimits\",\n \"dynamodb:DescribeReservedCapacity\",\n \"dynamodb:DescribeReservedCapacityOfferings\",\n \"dynamodb:DescribeStream\",\n \"dynamodb:DescribeTable\",\n \"dynamodb:DescribeTableReplicaAutoScaling\",\n \"dynamodb:DescribeTimeToLive\",\n \"dynamodb:DisableKinesisStreamingDestination\",\n \"dynamodb:EnableKinesisStreamingDestination\",\n \"dynamodb:ExportTableToPointInTime\",\n \"dynamodb:GetItem\",\n \"dynamodb:GetRecords\",\n \"dynamodb:GetShardIterator\",\n \"dynamodb:ListBackups\",\n \"dynamodb:ListContributorInsights\",\n \"dynamodb:ListExports\",\n \"dynamodb:ListStreams\",\n \"dynamodb:ListTables\",\n \"dynamodb:ListTagsOfResource\",\n \"dynamodb:PartiQLDelete\",\n \"dynamodb:PartiQLInsert\",\n \"dynamodb:PartiQLSelect\",\n \"dynamodb:PartiQLUpdate\",\n \"dynamodb:PurchaseReservedCapacityOfferings\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:RestoreTableFromBackup\",\n \"dynamodb:RestoreTableToPointInTime\",\n \"dynamodb:Scan\",\n \"dynamodb:UpdateContinuousBackups\",\n \"dynamodb:UpdateContributorInsights\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:UpdateTable\",\n \"dynamodb:UpdateTableReplicaAutoScaling\",\n \"dynamodb:UpdateTimeToLive\"\n ],\n Resource: [\n `${core.primaryDynamodbTableArn}`,\n `${core.primaryDynamodbTableArn}/`,\n `${core.logDynamodbTableArn}`,\n `${core.logDynamodbTableArn}/`,\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n ...(core.elasticsearchDynamodbTableArn\n ? [\n `${core.elasticsearchDynamodbTableArn}`,\n `${core.elasticsearchDynamodbTableArn}/`\n ]\n : [])\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:ListBucket\",\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`,\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}/`\n ]\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:`\n },\n {\n Sid: \"PermissionForCognitoIdp\",\n Effect: \"Allow\",\n Action: \"cognito-idp:\",\n Resource: `${core.cognitoUserPoolArn}`\n },\n {\n Sid: \"PermissionForEventBus\",\n Effect: \"Allow\",\n Action: \"events:PutEvents\",\n Resource: core.eventBusArn\n },\n {\n Sid: \"PermissionForCloudfront\",\n Effect: \"Allow\",\n Action: \"cloudfront:CreateInvalidation\",\n Resource: pulumi.interpolate`arn:aws:cloudfront::${awsAccountId}:distribution/`\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(core.elasticsearchDomainArn\n ? [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\" as const,\n Action: \"es:\",\n Resource: [\n `${core.elasticsearchDomainArn}`,\n `${core.elasticsearchDomainArn}/`\n ]\n }\n ]\n : [])\n ]\n };\n\n return policy;\n })\n }\n });\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,UAAA,GAAAL,sBAAA,CAAAC,OAAA;AAEA,IAAAK,QAAA,GAAAL,OAAA;AACA,IAAAM,YAAA,GAAAN,OAAA;AACA,IAAAO,CAAA,GAAAP,OAAA;AACA,IAAAQ,SAAA,GAAAR,OAAA;AACA,IAAAS,UAAA,GAAAT,OAAA;AAiBA,MAAMU,+BAA+B,GAAG,4BAA4B;AACpE,MAAMC,qCAAqC,GAAG,yCAAyC;AACvF,MAAMC,iCAAiC,GAAG,mCAAmC;AAItE,MAAMC,UAAU,GAAAC,OAAA,CAAAD,UAAA,GAAG,IAAAE,wBAAe,EAAC;EACtCC,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAc,EAAEC,MAAqB,EAAE;IAC1C,MAAMC,IAAI,GAAGF,GAAG,CAACG,SAAS,CAACC,YAAU,CAAC;IAEtC,MAAMC,MAAM,GAAGC,yBAAyB,CAACN,GAAG,CAAC;IAC7C,MAAMO,IAAI,GAAG,IAAAC,6BAAgB,EAACR,GAAG,EAAE;MAC/BF,IAAI,EAAE,iBAAiB;MACvBO,MAAM,EAAEA,MAAM,CAACI;IACnB,CAAC,CAAC;IACFJ,MAAM,CAACN,MAAM,CAACM,MAAM;IAEpB,MAAMK,OAAO,GAAGV,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAACC,QAAQ,EAAE;MACjDf,IAAI,EAAE,SAAS;MACfC,MAAM,EAAE;QACJe,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BT,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACQ,GAAG;QACrBC,OAAO,EAAE,EAAE;QACXC,UAAU,EAAE,IAAI;QAChBC,IAAI,EAAE,IAAIrC,MAAM,CAACsC,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAIvC,MAAM,CAACsC,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACzB,GAAG,CAAC0B,KAAK,CAACC,SAAS,EAAE,eAAe,CAClD;QACJ,CAAC,CAAC;QACFC,WAAW,EAAE;UACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;YACrD,GAAGA,KAAK;YACR,GAAG/B,MAAM,CAACgC,GAAG;YACbC,mCAAmC,EAAE;UACzC,CAAC,CAAC;QACN,CAAC;QACDC,SAAS,EAAEnC,GAAG,CAACG,SAAS,CAACiC,WAAS,CAAC,CAACC;MACxC;IACJ,CAAC,CAAC;IACF;AACR;AACA;AACA;AACA;AACA;IACQrC,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACqD,QAAQ,CAACC,SAAS,EAAE;MACpCzC,IAAI,EAAE,aAAa;MACnBC,MAAM,EAAE;QACJyC,SAAS,EAAEtC,IAAI,CAACuC,wBAAwB;QACxCC,OAAO,EAAExC,IAAI,CAACyC,2BAA2B;QACzCC,QAAQ,EAAE7D,MAAM,CACX0B,MAAM,CAACP,IAAI,CAAC2C,4BAA4B,CAAC,CACzCd,KAAK,CAACe,GAAG,IAAIA,GAAG,IAAI,IAAI,CAAC;QAC9BC,IAAI,EAAEhE,MAAM,CAACiE,WAAW;AACxC;AACA,6BAA6BhD,GAAG,CAACC,MAAM,CAACgD,GAAG,CAACC,OAAO,IAAI,SAAS;AAChE,iDAAiDxC,OAAO,CAACD,MAAM,CAACQ,GAAG;AACnE,wCAAwChB,MAAM,CAACkD,qBAAqB,CAACrD,IAAI;AACzE,wCAAwCG,MAAM,CAACmD,uBAAuB,CAACC,QAAQ;AAC/E;MACY;IACJ,CAAC,CAAC;;IAEF;IACA,MAAMC,SAAS,GAAGtD,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACsE,UAAU,CAACC,SAAS,EAAE;MACxD1D,IAAI,EAAEN,+BAA+B;MACrCO,MAAM,EAAE;QACJ0D,WAAW,EAAE,2CAA2C;QACxDC,kBAAkB,EAAE;MACxB;IACJ,CAAC,CAAC;;IAEF;IACA1D,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAAC2B,MAAM,CAAC+C,UAAU,EAAE;MACnC7D,IAAI,EAAEL,qCAAqC;MAC3CM,MAAM,EAAE;QACJ6D,MAAM,EAAE,uBAAuB;QAC/BC,QAAQ,EAAEnD,OAAO,CAACD,MAAM,CAACQ,GAAG;QAC5B6C,SAAS,EAAE,sBAAsB;QACjCC,WAAW,EAAE,oBAAoB,GAAGvE;MACxC;IACJ,CAAC,CAAC;;IAEF;IACAQ,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACsE,UAAU,CAACS,WAAW,EAAE;MACxClE,IAAI,EAAEJ,iCAAiC;MACvCK,MAAM,EAAE;QACJkE,IAAI,EAAEX,SAAS,CAAC7C,MAAM,CAACX,IAAI;QAC3BmB,GAAG,EAAEP,OAAO,CAACD,MAAM,CAACQ,GAAG;QACvBiD,KAAK,EAAEC,IAAI,CAACC,SAAS,CAAC;UAClBC,MAAM,EAAE,eAAe;UACvB,aAAa,EAAE;QACnB,CAAC;MACL;IACJ,CAAC,CAAC;IAEF,OAAO;MACH9D,IAAI;MACJF,MAAM;MACNiE,SAAS,EAAE;QACP5D;MACJ,CAAC;MACD6D,QAAQ,EAAGC,WAA2B,IAAK;QACvC,MAAMC,UAAe,GAAGzE,GAAG,CAAC0E,SAAS,CAACD,UAAU;QAChD,IAAI,CAACA,UAAU,EAAE;UACbE,OAAO,CAACC,GAAG,CACP,sEACJ,CAAC;UACD;QACJ;QACA,MAAMC,SAAS,GAAG,IAAAC,kBAAW,EAACN,WAAW,CAAC1E,IAAI,CAAC;QAC/C,IAAI+E,SAAS,KAAKL,WAAW,CAAC1E,IAAI,EAAE;UAChC6E,OAAO,CAACC,GAAG,CAAC,+BAA+BJ,WAAW,CAAC1E,IAAI,IAAI,CAAC;UAChE;QACJ;QACA,OAAO2E,UAAU,CAACF,QAAQ,CAACC,WAAW,CAAC1E,IAAI,EAAE;UACzC0B,IAAI,EAAEgD,WAAW,CAAChD,IAAI;UACtBuD,MAAM,EAAEP,WAAW,CAACO,MAAM;UAC1BlB,QAAQ,EAAEnD,OAAO,CAACD,MAAM,CAACQ;QAC7B,CAAC,CAAC;MACN;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASX,yBAAyBA,CAACN,GAAc,EAAE;EAC/C,MAAMgF,UAAU,GAAGhF,GAAG,CAACG,SAAS,CAACC,YAAU,CAAC;EAC5C,MAAM6E,YAAY,GAAG,IAAAC,yBAAe,EAAClF,GAAG,CAAC;EACzC,MAAMmF,SAAS,GAAG,IAAAC,sBAAY,EAACpF,GAAG,CAAC;EAEnC,OAAOA,GAAG,CAACW,WAAW,CAAC1B,GAAG,CAACoG,GAAG,CAACC,MAAM,EAAE;IACnCxF,IAAI,EAAE,wBAAwB;IAC9BC,MAAM,EAAE;MACJ0D,WAAW,EAAE,oEAAoE;MACjF;MACApD,MAAM,EAAE2E,UAAU,CAACjD,KAAK,CAAC7B,IAAI,IAAI;QAC7B,MAAMG,MAA8B,GAAG;UACnCkF,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,GAAG,EAAE,uBAAuB;YAC5BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,EACtB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,6BAA6B,EAC7B,yBAAyB,EACzB,oCAAoC,EACpC,sCAAsC,EACtC,yBAAyB,EACzB,8CAA8C,EAC9C,yBAAyB,EACzB,mCAAmC,EACnC,4CAA4C,EAC5C,yBAAyB,EACzB,wBAAwB,EACxB,0CAA0C,EAC1C,6BAA6B,EAC7B,6CAA6C,EAC7C,4CAA4C,EAC5C,mCAAmC,EACnC,kBAAkB,EAClB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,kCAAkC,EAClC,sBAAsB,EACtB,sBAAsB,EACtB,qBAAqB,EACrB,6BAA6B,EAC7B,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,4CAA4C,EAC5C,kBAAkB,EAClB,gBAAgB,EAChB,iCAAiC,EACjC,oCAAoC,EACpC,eAAe,EACf,kCAAkC,EAClC,oCAAoC,EACpC,qBAAqB,EACrB,sBAAsB,EACtB,wCAAwC,EACxC,2BAA2B,CAC9B;YACDC,QAAQ,EAAE,CACN,GAAG1F,IAAI,CAAC2F,uBAAuB,EAAE,EACjC,GAAG3F,IAAI,CAAC2F,uBAAuB,IAAI,EACnC,GAAG3F,IAAI,CAAC4F,mBAAmB,EAAE,EAC7B,GAAG5F,IAAI,CAAC4F,mBAAmB,IAAI;YAC/B;YACA,IAAI5F,IAAI,CAAC6F,6BAA6B,GAChC,CACI,GAAG7F,IAAI,CAAC6F,6BAA6B,EAAE,EACvC,GAAG7F,IAAI,CAAC6F,6BAA6B,IAAI,CAC5C,GACD,EAAE,CAAC;UAEjB,CAAC,EACD;YACIN,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,cAAc,CACjB;YACDC,QAAQ,EAAE,CACN7G,MAAM,CAACiE,WAAW,gBAAgB9C,IAAI,CAAC8F,mBAAmB,EAAE,EAC5DjH,MAAM,CAACiE,WAAW,gBAAgB9C,IAAI,CAAC8F,mBAAmB,IAAI;UAEtE,CAAC,EACD;YACIP,GAAG,EAAE,qBAAqB;YAC1BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CAAC,uBAAuB,CAAC;YACjCC,QAAQ,EAAE7G,MAAM,CAACiE,WAAW,kBAAkBmC,SAAS,IAAIF,YAAY;UAC3E,CAAC,EACD;YACIQ,GAAG,EAAE,yBAAyB;YAC9BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,eAAe;YACvBC,QAAQ,EAAE,GAAG1F,IAAI,CAAC+F,kBAAkB;UACxC,CAAC,EACD;YACIR,GAAG,EAAE,uBAAuB;YAC5BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,kBAAkB;YAC1BC,QAAQ,EAAE1F,IAAI,CAACgG;UACnB,CAAC,EACD;YACIT,GAAG,EAAE,yBAAyB;YAC9BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,+BAA+B;YACvCC,QAAQ,EAAE7G,MAAM,CAACiE,WAAW,uBAAuBiC,YAAY;UACnE,CAAC;UACD;UACA,IAAI/E,IAAI,CAACiG,sBAAsB,GACzB,CACI;YACIV,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAgB;YACxBC,MAAM,EAAE,MAAM;YACdC,QAAQ,EAAE,CACN,GAAG1F,IAAI,CAACiG,sBAAsB,EAAE,EAChC,GAAGjG,IAAI,CAACiG,sBAAsB,IAAI;UAE1C,CAAC,CACJ,GACD,EAAE,CAAC;QAEjB,CAAC;QAED,OAAO9F,MAAM;MACjB,CAAC;IACL;EACJ,CAAC,CAAC;AACN","ignoreList":[]}

package/apps/api/ApiPageBuilder.js CHANGED Viewed

@@ -111,7 +111,7 @@ function createExportLambdaPolicy(app) {
           Sid: "AllowDynamoDBAccess",
           Effect: "Allow",
           Action: ["dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:Query", "dynamodb:UpdateItem"],
-          Resource: [pulumi.interpolate`${core.primaryDynamodbTableArn}`, pulumi.interpolate`${core.primaryDynamodbTableArn}/*`]
+          Resource: [pulumi.interpolate`${core.primaryDynamodbTableArn}`, pulumi.interpolate`${core.primaryDynamodbTableArn}/*`, pulumi.interpolate`${core.logDynamodbTableArn}`, pulumi.interpolate`${core.logDynamodbTableArn}/*`]
         }, {
           Sid: "PermissionForS3",
           Effect: "Allow",

package/apps/api/ApiPageBuilder.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["path","_interopRequireWildcard","require","pulumi","aws","_installation","_pulumi2","_common","_lambdaUtils","_awsUtils","_constants","ApiPageBuilder","exports","createAppModule","name","config","app","params","core","getModule","CoreOutput","addHandler","pbInstallationZipPath","join","resolve","createInstallationZip","s3","BucketObject","key","bucket","fileManagerBucketId","contentType","source","asset","FileAsset","exportResources","createExportResources","importResources","createImportResources","export","import","policy","createExportLambdaPolicy","role","createLambdaRole","output","combine","addResource","lambda","Function","arn","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","description","code","AssetArchive","FileArchive","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","S3_BUCKET","process","EXPORT_COMBINE_HANDLER","functions","awsAccountId","getAwsAccountId","awsRegion","getAwsRegion","elasticSearchEnabled","create","elasticSearch","iam","Policy","Version","Statement","Sid","Effect","Action","Resource","interpolate","primaryDynamodbTableArn","elasticsearchDomainArn","createImportLambdaPolicy","IMPORT_QUEUE_PROCESS_HANDLER","coreOutput","elasticsearchDynamodbTableArn","cognitoUserPoolArn"],"sources":["ApiPageBuilder.ts"],"sourcesContent":["import * as path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { createInstallationZip } from \"@webiny/api-page-builder/installation\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { CoreOutput } from \"../common\";\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { getAwsAccountId, getAwsRegion } from \"../awsUtils\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\n\ninterface PageBuilderParams {\n env: Record<string, any>;\n}\n\nexport type ApiPageBuilder = PulumiAppModule<typeof ApiPageBuilder>;\n\nexport const ApiPageBuilder = createAppModule({\n name: \"ApiPageBuilder\",\n config(app: PulumiApp, params: PageBuilderParams) {\n const core = app.getModule(CoreOutput);\n\n app.addHandler(() => {\n const pbInstallationZipPath = path.join(path.resolve(), \".tmp\", \"pbInstallation.zip\");\n // Will create \"pbInstallation.zip\" and save it in the `pbInstallationZipPath` path.\n createInstallationZip(pbInstallationZipPath);\n\n new aws.s3.BucketObject(\"./pbInstallation.zip\", {\n key: \"pbInstallation.zip\",\n bucket: core.fileManagerBucketId,\n contentType: \"application/octet-stream\",\n source: new pulumi.asset.FileAsset(pbInstallationZipPath)\n });\n });\n\n const exportResources = createExportResources(app, params);\n const importResources = createImportResources(app, params);\n\n return {\n export: exportResources,\n import: importResources\n };\n }\n});\n\nfunction createExportResources(app: PulumiApp, params: PageBuilderParams) {\n const core = app.getModule(CoreOutput);\n\n const policy = createExportLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"pb-export-lambda-role\",\n policy: policy.output\n });\n\n const combine = app.addResource(aws.lambda.Function, {\n name: \"pb-export-combine\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 1024,\n description: \"Handle export's combine workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"pageBuilder/export/combine/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n S3_BUCKET: core.fileManagerBucketId\n }))\n }\n }\n });\n\n const process = app.addResource(aws.lambda.Function, {\n name: \"pb-export-process\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 1024,\n description: \"Handle export's process workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"pageBuilder/export/process/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n S3_BUCKET: core.fileManagerBucketId,\n EXPORT_COMBINE_HANDLER: combine.output.arn\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n functions: {\n process,\n combine\n }\n };\n}\n\nfunction createExportLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n\n const elasticSearchEnabled = !!app.params.create.elasticSearch;\n\n return app.addResource(aws.iam.Policy, {\n name: \"PbExportTaskLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"AllowDynamoDBAccess\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/`\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}/`,\n // We need to explicitly add bucket ARN to \"Resource\" list for \"s3:ListBucket\" action.\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`\n ]\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:`\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(elasticSearchEnabled\n ? [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\" as const,\n Action: \"es:\",\n Resource: [\n pulumi.interpolate`${core.elasticsearchDomainArn}`,\n pulumi.interpolate`${core.elasticsearchDomainArn}/`\n ]\n }\n ]\n : [])\n ]\n }\n }\n });\n}\n\nfunction createImportResources(app: PulumiApp, params: PageBuilderParams) {\n const core = app.getModule(CoreOutput);\n const policy = createImportLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"pb-import-lambda-role\",\n policy: policy.output\n });\n\n const process = app.addResource(aws.lambda.Function, {\n name: \"pb-import-queue-process\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 1024,\n description: \"Handle import queue process workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"pageBuilder/import/process/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n S3_BUCKET: core.fileManagerBucketId\n }))\n }\n }\n });\n\n const create = app.addResource(aws.lambda.Function, {\n name: \"pb-import-queue-create\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 1024,\n description: \"Handle import queue create workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"pageBuilder/import/create/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n S3_BUCKET: core.fileManagerBucketId,\n IMPORT_QUEUE_PROCESS_HANDLER: process.output.arn\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n functions: {\n create,\n process\n }\n };\n}\n\nfunction createImportLambdaPolicy(app: PulumiApp) {\n const coreOutput = app.getModule(CoreOutput);\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n\n const elasticSearchEnabled = !!app.params.create.elasticSearch;\n\n return app.addResource(aws.iam.Policy, {\n name: \"ImportLambdaPolicy\",\n config: {\n description: \"This policy enables access Dynamodb, S3, Lambda and Cognito IDP\",\n // Core is pulumi.Output, so we need to run apply() to resolve policy based on it\n policy: coreOutput.apply(core => {\n const policy: aws.iam.PolicyDocument = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n `${core.primaryDynamodbTableArn}`,\n `${core.primaryDynamodbTableArn}/`,\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n ...(core.elasticsearchDynamodbTableArn\n ? [\n `${core.elasticsearchDynamodbTableArn}`,\n `${core.elasticsearchDynamodbTableArn}/`\n ]\n : [])\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\"\n ],\n Resource: [\n `arn:aws:s3:::${core.fileManagerBucketId}/`,\n // We need to explicitly add bucket ARN to \"Resource\" list for \"s3:ListBucket\" action.\n `arn:aws:s3:::${core.fileManagerBucketId}`\n ]\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:`\n },\n {\n Sid: \"PermissionForCognitoIdp\",\n Effect: \"Allow\",\n Action: \"cognito-idp:\",\n Resource: `${core.cognitoUserPoolArn}`\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(elasticSearchEnabled\n ? [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\" as const,\n Action: \"es:\",\n Resource: [\n pulumi.interpolate`${core.elasticsearchDomainArn}`,\n pulumi.interpolate`${core.elasticsearchDomainArn}/`\n ]\n }\n ]\n : [])\n ]\n };\n\n return policy;\n })\n }\n });\n}\n"],"mappings":";;;;;;;AAAA,IAAAA,IAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAF,uBAAA,CAAAC,OAAA;AACA,IAAAE,GAAA,GAAAH,uBAAA,CAAAC,OAAA;AACA,IAAAG,aAAA,GAAAH,OAAA;AACA,IAAAI,QAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,YAAA,GAAAN,OAAA;AACA,IAAAO,SAAA,GAAAP,OAAA;AACA,IAAAQ,UAAA,GAAAR,OAAA;AAQO,MAAMS,cAAc,GAAAC,OAAA,CAAAD,cAAA,GAAG,IAAAE,wBAAe,EAAC;EAC1CC,IAAI,EAAE,gBAAgB;EACtBC,MAAMA,CAACC,GAAc,EAAEC,MAAyB,EAAE;IAC9C,MAAMC,IAAI,GAAGF,GAAG,CAACG,SAAS,CAACC,kBAAU,CAAC;IAEtCJ,GAAG,CAACK,UAAU,CAAC,MAAM;MACjB,MAAMC,qBAAqB,GAAGtB,IAAI,CAACuB,IAAI,CAACvB,IAAI,CAACwB,OAAO,CAAC,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC;MACrF;MACA,IAAAC,mCAAqB,EAACH,qBAAqB,CAAC;MAE5C,IAAIlB,GAAG,CAACsB,EAAE,CAACC,YAAY,CAAC,sBAAsB,EAAE;QAC5CC,GAAG,EAAE,oBAAoB;QACzBC,MAAM,EAAEX,IAAI,CAACY,mBAAmB;QAChCC,WAAW,EAAE,0BAA0B;QACvCC,MAAM,EAAE,IAAI7B,MAAM,CAAC8B,KAAK,CAACC,SAAS,CAACZ,qBAAqB;MAC5D,CAAC,CAAC;IACN,CAAC,CAAC;IAEF,MAAMa,eAAe,GAAGC,qBAAqB,CAACpB,GAAG,EAAEC,MAAM,CAAC;IAC1D,MAAMoB,eAAe,GAAGC,qBAAqB,CAACtB,GAAG,EAAEC,MAAM,CAAC;IAE1D,OAAO;MACHsB,MAAM,EAAEJ,eAAe;MACvBK,MAAM,EAAEH;IACZ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASD,qBAAqBA,CAACpB,GAAc,EAAEC,MAAyB,EAAE;EACtE,MAAMC,IAAI,GAAGF,GAAG,CAACG,SAAS,CAACC,kBAAU,CAAC;EAEtC,MAAMqB,MAAM,GAAGC,wBAAwB,CAAC1B,GAAG,CAAC;EAC5C,MAAM2B,IAAI,GAAG,IAAAC,6BAAgB,EAAC5B,GAAG,EAAE;IAC/BF,IAAI,EAAE,uBAAuB;IAC7B2B,MAAM,EAAEA,MAAM,CAACI;EACnB,CAAC,CAAC;EAEF,MAAMC,OAAO,GAAG9B,GAAG,CAAC+B,WAAW,CAAC3C,GAAG,CAAC4C,MAAM,CAACC,QAAQ,EAAE;IACjDnC,IAAI,EAAE,mBAAmB;IACzBC,MAAM,EAAE;MACJ4B,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACK,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,IAAI;MAChBC,WAAW,EAAE,kCAAkC;MAC/CC,IAAI,EAAE,IAAItD,MAAM,CAAC8B,KAAK,CAACyB,YAAY,CAAC;QAChC,GAAG,EAAE,IAAIvD,MAAM,CAAC8B,KAAK,CAAC0B,WAAW,CAC7B3D,IAAI,CAACuB,IAAI,CAACP,GAAG,CAAC4C,KAAK,CAACC,SAAS,EAAE,kCAAkC,CACrE;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAGjD,MAAM,CAACkD,GAAG;UACbC,SAAS,EAAElD,IAAI,CAACY;QACpB,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMuC,OAAO,GAAGrD,GAAG,CAAC+B,WAAW,CAAC3C,GAAG,CAAC4C,MAAM,CAACC,QAAQ,EAAE;IACjDnC,IAAI,EAAE,mBAAmB;IACzBC,MAAM,EAAE;MACJ4B,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACK,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,IAAI;MAChBC,WAAW,EAAE,kCAAkC;MAC/CC,IAAI,EAAE,IAAItD,MAAM,CAAC8B,KAAK,CAACyB,YAAY,CAAC;QAChC,GAAG,EAAE,IAAIvD,MAAM,CAAC8B,KAAK,CAAC0B,WAAW,CAC7B3D,IAAI,CAACuB,IAAI,CAACP,GAAG,CAAC4C,KAAK,CAACC,SAAS,EAAE,kCAAkC,CACrE;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAGjD,MAAM,CAACkD,GAAG;UACbC,SAAS,EAAElD,IAAI,CAACY,mBAAmB;UACnCwC,sBAAsB,EAAExB,OAAO,CAACD,MAAM,CAACK;QAC3C,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHP,IAAI;IACJF,MAAM;IACN8B,SAAS,EAAE;MACPF,OAAO;MACPvB;IACJ;EACJ,CAAC;AACL;AAEA,SAASJ,wBAAwBA,CAAC1B,GAAc,EAAE;EAC9C,MAAME,IAAI,GAAGF,GAAG,CAACG,SAAS,CAACC,kBAAU,CAAC;EACtC,MAAMoD,YAAY,GAAG,IAAAC,yBAAe,EAACzD,GAAG,CAAC;EACzC,MAAM0D,SAAS,GAAG,IAAAC,sBAAY,EAAC3D,GAAG,CAAC;EAEnC,MAAM4D,oBAAoB,GAAG,CAAC,CAAC5D,GAAG,CAACC,MAAM,CAAC4D,MAAM,CAACC,aAAa;EAE9D,OAAO9D,GAAG,CAAC+B,WAAW,CAAC3C,GAAG,CAAC2E,GAAG,CAACC,MAAM,EAAE;IACnClE,IAAI,EAAE,0BAA0B;IAChCC,MAAM,EAAE;MACJyC,WAAW,EAAE,wCAAwC;MACrDf,MAAM,EAAE;QACJwC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,qBAAqB;UAC1BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,qBAAqB,EACrB,kBAAkB,EAClB,gBAAgB,EAChB,qBAAqB,CACxB;UACDC,QAAQ,EAAE,CACNnF,MAAM,CAACoF,WAAW,GAAGrE,IAAI,CAACsE,uBAAuB,EAAE,EACnDrF,MAAM,CAACoF,WAAW,GAAGrE,IAAI,CAACsE,uBAAuB,IAAI;QAE7D,CAAC,EACD;UACIL,GAAG,EAAE,iBAAiB;UACtBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,eAAe,CAClB;UACDC,QAAQ,EAAE,CACNnF,MAAM,CAACoF,WAAW,gBAAgBrE,IAAI,CAACY,mBAAmB,IAAI;UAC9D;UACA3B,MAAM,CAACoF,WAAW,gBAAgBrE,IAAI,CAACY,mBAAmB,EAAE;QAEpE,CAAC,EACD;UACIqD,GAAG,EAAE,qBAAqB;UAC1BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,uBAAuB,CAAC;UACjCC,QAAQ,EAAEnF,MAAM,CAACoF,WAAW,kBAAkBb,SAAS,IAAIF,YAAY;QAC3E,CAAC;QACD;QACA,IAAII,oBAAoB,GAClB,CACI;UACIO,GAAG,EAAE,iBAAiB;UACtBC,MAAM,EAAE,OAAgB;UACxBC,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAE,CACNnF,MAAM,CAACoF,WAAW,GAAGrE,IAAI,CAACuE,sBAAsB,EAAE,EAClDtF,MAAM,CAACoF,WAAW,GAAGrE,IAAI,CAACuE,sBAAsB,IAAI;QAE5D,CAAC,CACJ,GACD,EAAE,CAAC;MAEjB;IACJ;EACJ,CAAC,CAAC;AACN;AAEA,SAASnD,qBAAqBA,CAACtB,GAAc,EAAEC,MAAyB,EAAE;EACtE,MAAMC,IAAI,GAAGF,GAAG,CAACG,SAAS,CAACC,kBAAU,CAAC;EACtC,MAAMqB,MAAM,GAAGiD,wBAAwB,CAAC1E,GAAG,CAAC;EAC5C,MAAM2B,IAAI,GAAG,IAAAC,6BAAgB,EAAC5B,GAAG,EAAE;IAC/BF,IAAI,EAAE,uBAAuB;IAC7B2B,MAAM,EAAEA,MAAM,CAACI;EACnB,CAAC,CAAC;EAEF,MAAMwB,OAAO,GAAGrD,GAAG,CAAC+B,WAAW,CAAC3C,GAAG,CAAC4C,MAAM,CAACC,QAAQ,EAAE;IACjDnC,IAAI,EAAE,yBAAyB;IAC/BC,MAAM,EAAE;MACJ4B,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACK,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,IAAI;MAChBC,WAAW,EAAE,sCAAsC;MACnDC,IAAI,EAAE,IAAItD,MAAM,CAAC8B,KAAK,CAACyB,YAAY,CAAC;QAChC,GAAG,EAAE,IAAIvD,MAAM,CAAC8B,KAAK,CAAC0B,WAAW,CAC7B3D,IAAI,CAACuB,IAAI,CAACP,GAAG,CAAC4C,KAAK,CAACC,SAAS,EAAE,kCAAkC,CACrE;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAGjD,MAAM,CAACkD,GAAG;UACbC,SAAS,EAAElD,IAAI,CAACY;QACpB,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,MAAM+C,MAAM,GAAG7D,GAAG,CAAC+B,WAAW,CAAC3C,GAAG,CAAC4C,MAAM,CAACC,QAAQ,EAAE;IAChDnC,IAAI,EAAE,wBAAwB;IAC9BC,MAAM,EAAE;MACJ4B,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACK,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,IAAI;MAChBC,WAAW,EAAE,qCAAqC;MAClDC,IAAI,EAAE,IAAItD,MAAM,CAAC8B,KAAK,CAACyB,YAAY,CAAC;QAChC,GAAG,EAAE,IAAIvD,MAAM,CAAC8B,KAAK,CAAC0B,WAAW,CAC7B3D,IAAI,CAACuB,IAAI,CAACP,GAAG,CAAC4C,KAAK,CAACC,SAAS,EAAE,iCAAiC,CACpE;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAGjD,MAAM,CAACkD,GAAG;UACbC,SAAS,EAAElD,IAAI,CAACY,mBAAmB;UACnC6D,4BAA4B,EAAEtB,OAAO,CAACxB,MAAM,CAACK;QACjD,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHP,IAAI;IACJF,MAAM;IACN8B,SAAS,EAAE;MACPM,MAAM;MACNR;IACJ;EACJ,CAAC;AACL;AAEA,SAASqB,wBAAwBA,CAAC1E,GAAc,EAAE;EAC9C,MAAM4E,UAAU,GAAG5E,GAAG,CAACG,SAAS,CAACC,kBAAU,CAAC;EAC5C,MAAMoD,YAAY,GAAG,IAAAC,yBAAe,EAACzD,GAAG,CAAC;EACzC,MAAM0D,SAAS,GAAG,IAAAC,sBAAY,EAAC3D,GAAG,CAAC;EAEnC,MAAM4D,oBAAoB,GAAG,CAAC,CAAC5D,GAAG,CAACC,MAAM,CAAC4D,MAAM,CAACC,aAAa;EAE9D,OAAO9D,GAAG,CAAC+B,WAAW,CAAC3C,GAAG,CAAC2E,GAAG,CAACC,MAAM,EAAE;IACnClE,IAAI,EAAE,oBAAoB;IAC1BC,MAAM,EAAE;MACJyC,WAAW,EAAE,iEAAiE;MAC9E;MACAf,MAAM,EAAEmD,UAAU,CAAC3B,KAAK,CAAC/C,IAAI,IAAI;QAC7B,MAAMuB,MAA8B,GAAG;UACnCwC,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,GAAG,EAAE,uBAAuB;YAC5BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,qBAAqB,EACrB,kBAAkB,EAClB,gBAAgB,EAChB,qBAAqB,CACxB;YACDC,QAAQ,EAAE,CACN,GAAGpE,IAAI,CAACsE,uBAAuB,EAAE,EACjC,GAAGtE,IAAI,CAACsE,uBAAuB,IAAI;YACnC;YACA,IAAItE,IAAI,CAAC2E,6BAA6B,GAChC,CACI,GAAG3E,IAAI,CAAC2E,6BAA6B,EAAE,EACvC,GAAG3E,IAAI,CAAC2E,6BAA6B,IAAI,CAC5C,GACD,EAAE,CAAC;UAEjB,CAAC,EACD;YACIV,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,eAAe,CAClB;YACDC,QAAQ,EAAE,CACN,gBAAgBpE,IAAI,CAACY,mBAAmB,IAAI;YAC5C;YACA,gBAAgBZ,IAAI,CAACY,mBAAmB,EAAE;UAElD,CAAC,EACD;YACIqD,GAAG,EAAE,qBAAqB;YAC1BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CAAC,uBAAuB,CAAC;YACjCC,QAAQ,EAAEnF,MAAM,CAACoF,WAAW,kBAAkBb,SAAS,IAAIF,YAAY;UAC3E,CAAC,EACD;YACIW,GAAG,EAAE,yBAAyB;YAC9BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,eAAe;YACvBC,QAAQ,EAAE,GAAGpE,IAAI,CAAC4E,kBAAkB;UACxC,CAAC;UACD;UACA,IAAIlB,oBAAoB,GAClB,CACI;YACIO,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAgB;YACxBC,MAAM,EAAE,MAAM;YACdC,QAAQ,EAAE,CACNnF,MAAM,CAACoF,WAAW,GAAGrE,IAAI,CAACuE,sBAAsB,EAAE,EAClDtF,MAAM,CAACoF,WAAW,GAAGrE,IAAI,CAACuE,sBAAsB,IAAI;UAE5D,CAAC,CACJ,GACD,EAAE,CAAC;QAEjB,CAAC;QAED,OAAOhD,MAAM;MACjB,CAAC;IACL;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
1	+ {"version":3,"names":["path","_interopRequireWildcard","require","pulumi","aws","_installation","_pulumi2","_common","_lambdaUtils","_awsUtils","_constants","ApiPageBuilder","exports","createAppModule","name","config","app","params","core","getModule","CoreOutput","addHandler","pbInstallationZipPath","join","resolve","createInstallationZip","s3","BucketObject","key","bucket","fileManagerBucketId","contentType","source","asset","FileAsset","exportResources","createExportResources","importResources","createImportResources","export","import","policy","createExportLambdaPolicy","role","createLambdaRole","output","combine","addResource","lambda","Function","arn","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","description","code","AssetArchive","FileArchive","paths","workspace","environment","variables","getCommonLambdaEnvVariables","apply","value","env","S3_BUCKET","process","EXPORT_COMBINE_HANDLER","functions","awsAccountId","getAwsAccountId","awsRegion","getAwsRegion","elasticSearchEnabled","create","elasticSearch","iam","Policy","Version","Statement","Sid","Effect","Action","Resource","interpolate","primaryDynamodbTableArn","logDynamodbTableArn","elasticsearchDomainArn","createImportLambdaPolicy","IMPORT_QUEUE_PROCESS_HANDLER","coreOutput","elasticsearchDynamodbTableArn","cognitoUserPoolArn"],"sources":["ApiPageBuilder.ts"],"sourcesContent":["import * as path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { createInstallationZip } from \"@webiny/api-page-builder/installation\";\nimport { createAppModule, PulumiApp, PulumiAppModule } from \"@webiny/pulumi\";\nimport { CoreOutput } from \"../common\";\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { getAwsAccountId, getAwsRegion } from \"../awsUtils\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\n\ninterface PageBuilderParams {\n env: Record<string, any>;\n}\n\nexport type ApiPageBuilder = PulumiAppModule<typeof ApiPageBuilder>;\n\nexport const ApiPageBuilder = createAppModule({\n name: \"ApiPageBuilder\",\n config(app: PulumiApp, params: PageBuilderParams) {\n const core = app.getModule(CoreOutput);\n\n app.addHandler(() => {\n const pbInstallationZipPath = path.join(path.resolve(), \".tmp\", \"pbInstallation.zip\");\n // Will create \"pbInstallation.zip\" and save it in the `pbInstallationZipPath` path.\n createInstallationZip(pbInstallationZipPath);\n\n new aws.s3.BucketObject(\"./pbInstallation.zip\", {\n key: \"pbInstallation.zip\",\n bucket: core.fileManagerBucketId,\n contentType: \"application/octet-stream\",\n source: new pulumi.asset.FileAsset(pbInstallationZipPath)\n });\n });\n\n const exportResources = createExportResources(app, params);\n const importResources = createImportResources(app, params);\n\n return {\n export: exportResources,\n import: importResources\n };\n }\n});\n\nfunction createExportResources(app: PulumiApp, params: PageBuilderParams) {\n const core = app.getModule(CoreOutput);\n\n const policy = createExportLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"pb-export-lambda-role\",\n policy: policy.output\n });\n\n const combine = app.addResource(aws.lambda.Function, {\n name: \"pb-export-combine\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 1024,\n description: \"Handle export's combine workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"pageBuilder/export/combine/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n S3_BUCKET: core.fileManagerBucketId\n }))\n }\n }\n });\n\n const process = app.addResource(aws.lambda.Function, {\n name: \"pb-export-process\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 1024,\n description: \"Handle export's process workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"pageBuilder/export/process/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n S3_BUCKET: core.fileManagerBucketId,\n EXPORT_COMBINE_HANDLER: combine.output.arn\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n functions: {\n process,\n combine\n }\n };\n}\n\nfunction createExportLambdaPolicy(app: PulumiApp) {\n const core = app.getModule(CoreOutput);\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n\n const elasticSearchEnabled = !!app.params.create.elasticSearch;\n\n return app.addResource(aws.iam.Policy, {\n name: \"PbExportTaskLambdaPolicy\",\n config: {\n description: \"This policy enables access to Dynamodb\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"AllowDynamoDBAccess\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${core.primaryDynamodbTableArn}`,\n pulumi.interpolate`${core.primaryDynamodbTableArn}/`,\n pulumi.interpolate`${core.logDynamodbTableArn}`,\n pulumi.interpolate`${core.logDynamodbTableArn}/`\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\"\n ],\n Resource: [\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}/`,\n // We need to explicitly add bucket ARN to \"Resource\" list for \"s3:ListBucket\" action.\n pulumi.interpolate`arn:aws:s3:::${core.fileManagerBucketId}`\n ]\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:`\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(elasticSearchEnabled\n ? [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\" as const,\n Action: \"es:\",\n Resource: [\n pulumi.interpolate`${core.elasticsearchDomainArn}`,\n pulumi.interpolate`${core.elasticsearchDomainArn}/`\n ]\n }\n ]\n : [])\n ]\n }\n }\n });\n}\n\nfunction createImportResources(app: PulumiApp, params: PageBuilderParams) {\n const core = app.getModule(CoreOutput);\n const policy = createImportLambdaPolicy(app);\n const role = createLambdaRole(app, {\n name: \"pb-import-lambda-role\",\n policy: policy.output\n });\n\n const process = app.addResource(aws.lambda.Function, {\n name: \"pb-import-queue-process\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 1024,\n description: \"Handle import queue process workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"pageBuilder/import/process/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n S3_BUCKET: core.fileManagerBucketId\n }))\n }\n }\n });\n\n const create = app.addResource(aws.lambda.Function, {\n name: \"pb-import-queue-create\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 60,\n memorySize: 1024,\n description: \"Handle import queue create workflow\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"pageBuilder/import/create/build\")\n )\n }),\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n ...params.env,\n S3_BUCKET: core.fileManagerBucketId,\n IMPORT_QUEUE_PROCESS_HANDLER: process.output.arn\n }))\n }\n }\n });\n\n return {\n role,\n policy,\n functions: {\n create,\n process\n }\n };\n}\n\nfunction createImportLambdaPolicy(app: PulumiApp) {\n const coreOutput = app.getModule(CoreOutput);\n const awsAccountId = getAwsAccountId(app);\n const awsRegion = getAwsRegion(app);\n\n const elasticSearchEnabled = !!app.params.create.elasticSearch;\n\n return app.addResource(aws.iam.Policy, {\n name: \"ImportLambdaPolicy\",\n config: {\n description: \"This policy enables access Dynamodb, S3, Lambda and Cognito IDP\",\n // Core is pulumi.Output, so we need to run apply() to resolve policy based on it\n policy: coreOutput.apply(core => {\n const policy: aws.iam.PolicyDocument = {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n `${core.primaryDynamodbTableArn}`,\n `${core.primaryDynamodbTableArn}/`,\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n ...(core.elasticsearchDynamodbTableArn\n ? [\n `${core.elasticsearchDynamodbTableArn}`,\n `${core.elasticsearchDynamodbTableArn}/`\n ]\n : [])\n ]\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\n \"s3:GetObjectAcl\",\n \"s3:DeleteObject\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\",\n \"s3:GetObject\",\n \"s3:ListBucket\"\n ],\n Resource: [\n `arn:aws:s3:::${core.fileManagerBucketId}/`,\n // We need to explicitly add bucket ARN to \"Resource\" list for \"s3:ListBucket\" action.\n `arn:aws:s3:::${core.fileManagerBucketId}`\n ]\n },\n {\n Sid: \"PermissionForLambda\",\n Effect: \"Allow\",\n Action: [\"lambda:InvokeFunction\"],\n Resource: pulumi.interpolate`arn:aws:lambda:${awsRegion}:${awsAccountId}:function:`\n },\n {\n Sid: \"PermissionForCognitoIdp\",\n Effect: \"Allow\",\n Action: \"cognito-idp:\",\n Resource: `${core.cognitoUserPoolArn}`\n },\n // Attach permissions for elastic search domain as well (if ES is enabled).\n ...(elasticSearchEnabled\n ? [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\" as const,\n Action: \"es:\",\n Resource: [\n pulumi.interpolate`${core.elasticsearchDomainArn}`,\n pulumi.interpolate`${core.elasticsearchDomainArn}/*`\n ]\n }\n ]\n : [])\n ]\n };\n\n return policy;\n })\n }\n });\n}\n"],"mappings":";;;;;;;AAAA,IAAAA,IAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAF,uBAAA,CAAAC,OAAA;AACA,IAAAE,GAAA,GAAAH,uBAAA,CAAAC,OAAA;AACA,IAAAG,aAAA,GAAAH,OAAA;AACA,IAAAI,QAAA,GAAAJ,OAAA;AACA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,YAAA,GAAAN,OAAA;AACA,IAAAO,SAAA,GAAAP,OAAA;AACA,IAAAQ,UAAA,GAAAR,OAAA;AAQO,MAAMS,cAAc,GAAAC,OAAA,CAAAD,cAAA,GAAG,IAAAE,wBAAe,EAAC;EAC1CC,IAAI,EAAE,gBAAgB;EACtBC,MAAMA,CAACC,GAAc,EAAEC,MAAyB,EAAE;IAC9C,MAAMC,IAAI,GAAGF,GAAG,CAACG,SAAS,CAACC,kBAAU,CAAC;IAEtCJ,GAAG,CAACK,UAAU,CAAC,MAAM;MACjB,MAAMC,qBAAqB,GAAGtB,IAAI,CAACuB,IAAI,CAACvB,IAAI,CAACwB,OAAO,CAAC,CAAC,EAAE,MAAM,EAAE,oBAAoB,CAAC;MACrF;MACA,IAAAC,mCAAqB,EAACH,qBAAqB,CAAC;MAE5C,IAAIlB,GAAG,CAACsB,EAAE,CAACC,YAAY,CAAC,sBAAsB,EAAE;QAC5CC,GAAG,EAAE,oBAAoB;QACzBC,MAAM,EAAEX,IAAI,CAACY,mBAAmB;QAChCC,WAAW,EAAE,0BAA0B;QACvCC,MAAM,EAAE,IAAI7B,MAAM,CAAC8B,KAAK,CAACC,SAAS,CAACZ,qBAAqB;MAC5D,CAAC,CAAC;IACN,CAAC,CAAC;IAEF,MAAMa,eAAe,GAAGC,qBAAqB,CAACpB,GAAG,EAAEC,MAAM,CAAC;IAC1D,MAAMoB,eAAe,GAAGC,qBAAqB,CAACtB,GAAG,EAAEC,MAAM,CAAC;IAE1D,OAAO;MACHsB,MAAM,EAAEJ,eAAe;MACvBK,MAAM,EAAEH;IACZ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAASD,qBAAqBA,CAACpB,GAAc,EAAEC,MAAyB,EAAE;EACtE,MAAMC,IAAI,GAAGF,GAAG,CAACG,SAAS,CAACC,kBAAU,CAAC;EAEtC,MAAMqB,MAAM,GAAGC,wBAAwB,CAAC1B,GAAG,CAAC;EAC5C,MAAM2B,IAAI,GAAG,IAAAC,6BAAgB,EAAC5B,GAAG,EAAE;IAC/BF,IAAI,EAAE,uBAAuB;IAC7B2B,MAAM,EAAEA,MAAM,CAACI;EACnB,CAAC,CAAC;EAEF,MAAMC,OAAO,GAAG9B,GAAG,CAAC+B,WAAW,CAAC3C,GAAG,CAAC4C,MAAM,CAACC,QAAQ,EAAE;IACjDnC,IAAI,EAAE,mBAAmB;IACzBC,MAAM,EAAE;MACJ4B,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACK,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,IAAI;MAChBC,WAAW,EAAE,kCAAkC;MAC/CC,IAAI,EAAE,IAAItD,MAAM,CAAC8B,KAAK,CAACyB,YAAY,CAAC;QAChC,GAAG,EAAE,IAAIvD,MAAM,CAAC8B,KAAK,CAAC0B,WAAW,CAC7B3D,IAAI,CAACuB,IAAI,CAACP,GAAG,CAAC4C,KAAK,CAACC,SAAS,EAAE,kCAAkC,CACrE;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAGjD,MAAM,CAACkD,GAAG;UACbC,SAAS,EAAElD,IAAI,CAACY;QACpB,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMuC,OAAO,GAAGrD,GAAG,CAAC+B,WAAW,CAAC3C,GAAG,CAAC4C,MAAM,CAACC,QAAQ,EAAE;IACjDnC,IAAI,EAAE,mBAAmB;IACzBC,MAAM,EAAE;MACJ4B,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACK,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,IAAI;MAChBC,WAAW,EAAE,kCAAkC;MAC/CC,IAAI,EAAE,IAAItD,MAAM,CAAC8B,KAAK,CAACyB,YAAY,CAAC;QAChC,GAAG,EAAE,IAAIvD,MAAM,CAAC8B,KAAK,CAAC0B,WAAW,CAC7B3D,IAAI,CAACuB,IAAI,CAACP,GAAG,CAAC4C,KAAK,CAACC,SAAS,EAAE,kCAAkC,CACrE;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAGjD,MAAM,CAACkD,GAAG;UACbC,SAAS,EAAElD,IAAI,CAACY,mBAAmB;UACnCwC,sBAAsB,EAAExB,OAAO,CAACD,MAAM,CAACK;QAC3C,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHP,IAAI;IACJF,MAAM;IACN8B,SAAS,EAAE;MACPF,OAAO;MACPvB;IACJ;EACJ,CAAC;AACL;AAEA,SAASJ,wBAAwBA,CAAC1B,GAAc,EAAE;EAC9C,MAAME,IAAI,GAAGF,GAAG,CAACG,SAAS,CAACC,kBAAU,CAAC;EACtC,MAAMoD,YAAY,GAAG,IAAAC,yBAAe,EAACzD,GAAG,CAAC;EACzC,MAAM0D,SAAS,GAAG,IAAAC,sBAAY,EAAC3D,GAAG,CAAC;EAEnC,MAAM4D,oBAAoB,GAAG,CAAC,CAAC5D,GAAG,CAACC,MAAM,CAAC4D,MAAM,CAACC,aAAa;EAE9D,OAAO9D,GAAG,CAAC+B,WAAW,CAAC3C,GAAG,CAAC2E,GAAG,CAACC,MAAM,EAAE;IACnClE,IAAI,EAAE,0BAA0B;IAChCC,MAAM,EAAE;MACJyC,WAAW,EAAE,wCAAwC;MACrDf,MAAM,EAAE;QACJwC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,qBAAqB;UAC1BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,qBAAqB,EACrB,kBAAkB,EAClB,gBAAgB,EAChB,qBAAqB,CACxB;UACDC,QAAQ,EAAE,CACNnF,MAAM,CAACoF,WAAW,GAAGrE,IAAI,CAACsE,uBAAuB,EAAE,EACnDrF,MAAM,CAACoF,WAAW,GAAGrE,IAAI,CAACsE,uBAAuB,IAAI,EACrDrF,MAAM,CAACoF,WAAW,GAAGrE,IAAI,CAACuE,mBAAmB,EAAE,EAC/CtF,MAAM,CAACoF,WAAW,GAAGrE,IAAI,CAACuE,mBAAmB,IAAI;QAEzD,CAAC,EACD;UACIN,GAAG,EAAE,iBAAiB;UACtBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,eAAe,CAClB;UACDC,QAAQ,EAAE,CACNnF,MAAM,CAACoF,WAAW,gBAAgBrE,IAAI,CAACY,mBAAmB,IAAI;UAC9D;UACA3B,MAAM,CAACoF,WAAW,gBAAgBrE,IAAI,CAACY,mBAAmB,EAAE;QAEpE,CAAC,EACD;UACIqD,GAAG,EAAE,qBAAqB;UAC1BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,uBAAuB,CAAC;UACjCC,QAAQ,EAAEnF,MAAM,CAACoF,WAAW,kBAAkBb,SAAS,IAAIF,YAAY;QAC3E,CAAC;QACD;QACA,IAAII,oBAAoB,GAClB,CACI;UACIO,GAAG,EAAE,iBAAiB;UACtBC,MAAM,EAAE,OAAgB;UACxBC,MAAM,EAAE,MAAM;UACdC,QAAQ,EAAE,CACNnF,MAAM,CAACoF,WAAW,GAAGrE,IAAI,CAACwE,sBAAsB,EAAE,EAClDvF,MAAM,CAACoF,WAAW,GAAGrE,IAAI,CAACwE,sBAAsB,IAAI;QAE5D,CAAC,CACJ,GACD,EAAE,CAAC;MAEjB;IACJ;EACJ,CAAC,CAAC;AACN;AAEA,SAASpD,qBAAqBA,CAACtB,GAAc,EAAEC,MAAyB,EAAE;EACtE,MAAMC,IAAI,GAAGF,GAAG,CAACG,SAAS,CAACC,kBAAU,CAAC;EACtC,MAAMqB,MAAM,GAAGkD,wBAAwB,CAAC3E,GAAG,CAAC;EAC5C,MAAM2B,IAAI,GAAG,IAAAC,6BAAgB,EAAC5B,GAAG,EAAE;IAC/BF,IAAI,EAAE,uBAAuB;IAC7B2B,MAAM,EAAEA,MAAM,CAACI;EACnB,CAAC,CAAC;EAEF,MAAMwB,OAAO,GAAGrD,GAAG,CAAC+B,WAAW,CAAC3C,GAAG,CAAC4C,MAAM,CAACC,QAAQ,EAAE;IACjDnC,IAAI,EAAE,yBAAyB;IAC/BC,MAAM,EAAE;MACJ4B,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACK,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,IAAI;MAChBC,WAAW,EAAE,sCAAsC;MACnDC,IAAI,EAAE,IAAItD,MAAM,CAAC8B,KAAK,CAACyB,YAAY,CAAC;QAChC,GAAG,EAAE,IAAIvD,MAAM,CAAC8B,KAAK,CAAC0B,WAAW,CAC7B3D,IAAI,CAACuB,IAAI,CAACP,GAAG,CAAC4C,KAAK,CAACC,SAAS,EAAE,kCAAkC,CACrE;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAGjD,MAAM,CAACkD,GAAG;UACbC,SAAS,EAAElD,IAAI,CAACY;QACpB,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,MAAM+C,MAAM,GAAG7D,GAAG,CAAC+B,WAAW,CAAC3C,GAAG,CAAC4C,MAAM,CAACC,QAAQ,EAAE;IAChDnC,IAAI,EAAE,wBAAwB;IAC9BC,MAAM,EAAE;MACJ4B,IAAI,EAAEA,IAAI,CAACE,MAAM,CAACK,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,IAAI;MAChBC,WAAW,EAAE,qCAAqC;MAClDC,IAAI,EAAE,IAAItD,MAAM,CAAC8B,KAAK,CAACyB,YAAY,CAAC;QAChC,GAAG,EAAE,IAAIvD,MAAM,CAAC8B,KAAK,CAAC0B,WAAW,CAC7B3D,IAAI,CAACuB,IAAI,CAACP,GAAG,CAAC4C,KAAK,CAACC,SAAS,EAAE,iCAAiC,CACpE;MACJ,CAAC,CAAC;MACFC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACC,KAAK,CAACC,KAAK,KAAK;UACrD,GAAGA,KAAK;UACR,GAAGjD,MAAM,CAACkD,GAAG;UACbC,SAAS,EAAElD,IAAI,CAACY,mBAAmB;UACnC8D,4BAA4B,EAAEvB,OAAO,CAACxB,MAAM,CAACK;QACjD,CAAC,CAAC;MACN;IACJ;EACJ,CAAC,CAAC;EAEF,OAAO;IACHP,IAAI;IACJF,MAAM;IACN8B,SAAS,EAAE;MACPM,MAAM;MACNR;IACJ;EACJ,CAAC;AACL;AAEA,SAASsB,wBAAwBA,CAAC3E,GAAc,EAAE;EAC9C,MAAM6E,UAAU,GAAG7E,GAAG,CAACG,SAAS,CAACC,kBAAU,CAAC;EAC5C,MAAMoD,YAAY,GAAG,IAAAC,yBAAe,EAACzD,GAAG,CAAC;EACzC,MAAM0D,SAAS,GAAG,IAAAC,sBAAY,EAAC3D,GAAG,CAAC;EAEnC,MAAM4D,oBAAoB,GAAG,CAAC,CAAC5D,GAAG,CAACC,MAAM,CAAC4D,MAAM,CAACC,aAAa;EAE9D,OAAO9D,GAAG,CAAC+B,WAAW,CAAC3C,GAAG,CAAC2E,GAAG,CAACC,MAAM,EAAE;IACnClE,IAAI,EAAE,oBAAoB;IAC1BC,MAAM,EAAE;MACJyC,WAAW,EAAE,iEAAiE;MAC9E;MACAf,MAAM,EAAEoD,UAAU,CAAC5B,KAAK,CAAC/C,IAAI,IAAI;QAC7B,MAAMuB,MAA8B,GAAG;UACnCwC,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACIC,GAAG,EAAE,uBAAuB;YAC5BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,qBAAqB,EACrB,kBAAkB,EAClB,gBAAgB,EAChB,qBAAqB,CACxB;YACDC,QAAQ,EAAE,CACN,GAAGpE,IAAI,CAACsE,uBAAuB,EAAE,EACjC,GAAGtE,IAAI,CAACsE,uBAAuB,IAAI;YACnC;YACA,IAAItE,IAAI,CAAC4E,6BAA6B,GAChC,CACI,GAAG5E,IAAI,CAAC4E,6BAA6B,EAAE,EACvC,GAAG5E,IAAI,CAAC4E,6BAA6B,IAAI,CAC5C,GACD,EAAE,CAAC;UAEjB,CAAC,EACD;YACIX,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CACJ,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,eAAe,CAClB;YACDC,QAAQ,EAAE,CACN,gBAAgBpE,IAAI,CAACY,mBAAmB,IAAI;YAC5C;YACA,gBAAgBZ,IAAI,CAACY,mBAAmB,EAAE;UAElD,CAAC,EACD;YACIqD,GAAG,EAAE,qBAAqB;YAC1BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,CAAC,uBAAuB,CAAC;YACjCC,QAAQ,EAAEnF,MAAM,CAACoF,WAAW,kBAAkBb,SAAS,IAAIF,YAAY;UAC3E,CAAC,EACD;YACIW,GAAG,EAAE,yBAAyB;YAC9BC,MAAM,EAAE,OAAO;YACfC,MAAM,EAAE,eAAe;YACvBC,QAAQ,EAAE,GAAGpE,IAAI,CAAC6E,kBAAkB;UACxC,CAAC;UACD;UACA,IAAInB,oBAAoB,GAClB,CACI;YACIO,GAAG,EAAE,iBAAiB;YACtBC,MAAM,EAAE,OAAgB;YACxBC,MAAM,EAAE,MAAM;YACdC,QAAQ,EAAE,CACNnF,MAAM,CAACoF,WAAW,GAAGrE,IAAI,CAACwE,sBAAsB,EAAE,EAClDvF,MAAM,CAACoF,WAAW,GAAGrE,IAAI,CAACwE,sBAAsB,IAAI;UAE5D,CAAC,CACJ,GACD,EAAE,CAAC;QAEjB,CAAC;QAED,OAAOjD,MAAM;MACjB,CAAC;IACL;EACJ,CAAC,CAAC;AACN","ignoreList":[]}

package/apps/website/WebsitePrerendering.js CHANGED Viewed

@@ -259,7 +259,7 @@ function createLambdaPolicy(app, queue, params) {
           Action: ["dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:UpdateItem"],
           Resource: core.apply(s => {
             // Add permissions to DynamoDB table
-            const resources = [`${s.primaryDynamodbTableArn}`, `${s.primaryDynamodbTableArn}/*`];
+            const resources = [`${s.primaryDynamodbTableArn}`, `${s.primaryDynamodbTableArn}/*`, `${s.logDynamodbTableArn}`, `${s.logDynamodbTableArn}/*`];
             // Attach permissions for elastic search dynamo as well (if ES is enabled).
             if (s.elasticsearchDynamodbTableArn) {

package/apps/website/WebsitePrerendering.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"names":["path","_interopRequireWildcard","require","pulumi","aws","_clientDynamodb","_awsLayers","_lambdaUtils","_common","_awsUtils","_constants","createPrerenderingService","app","params","queue","addResource","sqs","Queue","name","config","visibilityTimeoutSeconds","fifoQueue","policy","createLambdaPolicy","output","renderer","createRenderer","subscriber","createRenderSubscriber","flush","createFlushService","settings","createPrerenderingSettingsDbItem","tableItem","dynamodb","TableItem","tableName","dbTableName","hashKey","dbTableHashKey","rangeKey","dbTableRangeKey","item","interpolate","run","variant","appUrl","deliveryUrl","bucket","cloudfrontId","url","apply","v","JSON","stringify","marshall","parse","core","getModule","CoreOutput","role","createLambdaRole","lambda","Function","arn","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","environment","variables","getCommonLambdaEnvVariables","value","DB_TABLE","DB_TABLE_LOG","logDbTableName","description","code","asset","AssetArchive","FileArchive","join","paths","workspace","vpcConfig","VpcConfig","functionVpcConfig","eventRule","cloudwatch","EventRule","eventBusName","eventBusArn","eventPattern","eventPermission","Permission","action","function","principal","sourceArn","eventTarget","EventTarget","rule","executionRole","iam","ManagedPolicy","AWSLambdaSQSQueueExecutionRole","layers","getLayerArn","eventSourceMapping","EventSourceMapping","functionName","eventSourceArn","batchSize","awsAccountId","getAwsAccountId","Policy","Version","Statement","Sid","Effect","Action","Resource","s","resources","primaryDynamodbTableArn","elasticsearchDynamodbTableArn","push"],"sources":["WebsitePrerendering.ts"],"sourcesContent":["import * as path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { marshall } from \"@webiny/aws-sdk/client-dynamodb\";\n\nimport { PulumiApp } from \"@webiny/pulumi\";\nimport { getLayerArn } from \"@webiny/aws-layers\";\n\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"../common\";\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\n\ninterface PreRenderingServiceParams {\n dbTableName: pulumi.Output<string>;\n dbTableHashKey: pulumi.Output<string>;\n dbTableRangeKey: pulumi.Output<string>;\n logDbTableName: pulumi.Output<string>;\n appUrl: pulumi.Output<string>;\n deliveryUrl: pulumi.Output<string>;\n bucket: pulumi.Output<string>;\n cloudfrontId: pulumi.Output<string>;\n}\n\nexport function createPrerenderingService(app: PulumiApp, params: PreRenderingServiceParams) {\n const queue = app.addResource(aws.sqs.Queue, {\n name: \"ps-render-queue\",\n config: {\n visibilityTimeoutSeconds: 300,\n fifoQueue: true\n }\n });\n\n const policy = createLambdaPolicy(app, queue.output, params);\n const renderer = createRenderer(app, queue.output, policy.output, params);\n const subscriber = createRenderSubscriber(app, policy.output, params);\n const flush = createFlushService(app, policy.output, params);\n const settings = createPrerenderingSettingsDbItem(app, queue.output, params);\n\n return {\n subscriber,\n renderer,\n flush,\n settings\n };\n}\n\nfunction createPrerenderingSettingsDbItem(\n app: PulumiApp,\n queue: pulumi.Output<aws.sqs.Queue>,\n params: PreRenderingServiceParams\n) {\n /*\n To handle everything related to prerendering, we need the following information:\n * - appUrl - SPA URL used to prerender HTML\n * - bucket - name of the S3 bucket used for storage of HTML snapshots\n * - cloudfrontId - for cache invalidation\n * - sqsQueueUrl - an SQS queue for prerendering tasks (messages)\n /\n const tableItem = app.addResource(aws.dynamodb.TableItem, {\n name: \"psSettings\",\n config: {\n tableName: params.dbTableName,\n hashKey: params.dbTableHashKey,\n rangeKey: params.dbTableRangeKey,\n item: pulumi.interpolate`{\n \"PK\": \"PS#SETTINGS\",\n \"SK\": \"${app.params.run.variant \|\| \"default\"}\",\n \"data\": {\n \"appUrl\": \"${params.appUrl}\",\n \"deliveryUrl\": \"${params.deliveryUrl}\",\n \"bucket\": \"${params.bucket}\",\n \"cloudfrontId\": \"${params.cloudfrontId}\",\n \"sqsQueueUrl\": \"${queue.url}\"\n }\n }`\n // We're using the native DynamoDB converter to avoid building those nested objects ourselves.\n .apply(v => JSON.stringify(marshall(JSON.parse(v))))\n }\n });\n\n return { tableItem };\n}\n\nfunction createRenderSubscriber(\n app: PulumiApp,\n policy: pulumi.Output<aws.iam.Policy>,\n params: PreRenderingServiceParams\n) {\n const core = app.getModule(CoreOutput);\n\n const role = createLambdaRole(app, {\n name: \"ps-render-subscriber-role\",\n policy: policy\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"ps-render-subscriber-lambda\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 30,\n memorySize: 1024,\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n DB_TABLE: params.dbTableName,\n DB_TABLE_LOG: params.logDbTableName\n }))\n },\n description: \"Subscribes to render events on event bus\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"prerendering/subscribe/build\")\n )\n }),\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n /\n TODO: when we get to staged rollouts and variants, maybe we can create per-variant event rules,\n * to avoid invocation of all variant lambdas just to do a `detail-type` check and exit early.\n * That way, we would be publishing events scoped to a variant, like \"RenderPages-{variant}\".\n /\n\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: \"ps-render-subscriber-event-rule\",\n config: {\n eventBusName: core.eventBusArn,\n eventPattern: JSON.stringify({\n \"detail-type\": [\"RenderPages\"]\n })\n }\n });\n\n const eventPermission = app.addResource(aws.lambda.Permission, {\n name: \"ps-render-subscriber-event-permission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: lambda.output.arn,\n principal: \"events.amazonaws.com\",\n sourceArn: eventRule.output.arn\n }\n });\n\n const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n name: \"ps-render-subscriber-event-target\",\n config: {\n rule: eventRule.output.name,\n eventBusName: core.eventBusArn,\n arn: lambda.output.arn\n }\n });\n\n return {\n policy,\n role,\n lambda,\n eventRule,\n eventPermission,\n eventTarget\n };\n}\n\nfunction createRenderer(\n app: PulumiApp,\n queue: pulumi.Output<aws.sqs.Queue>,\n policy: pulumi.Output<aws.iam.Policy>,\n params: PreRenderingServiceParams\n) {\n const role = createLambdaRole(app, {\n name: \"ps-render-lambda-role\",\n policy: policy,\n executionRole: aws.iam.ManagedPolicy.AWSLambdaSQSQueueExecutionRole\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"ps-render-lambda\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 300,\n memorySize: 2048,\n layers: [getLayerArn(\"chromium\")],\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n DB_TABLE: params.dbTableName,\n DB_TABLE_LOG: params.logDbTableName\n }))\n },\n description: \"Renders pages and stores output in an S3 bucket of choice.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"prerendering/render/build\")\n )\n }),\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"ps-render-event-source-mapping\",\n config: {\n functionName: lambda.output.arn,\n eventSourceArn: queue.arn,\n batchSize: 1\n }\n });\n\n return {\n policy,\n role,\n lambda,\n eventSourceMapping\n };\n}\n\nfunction createFlushService(\n app: PulumiApp,\n policy: pulumi.Output<aws.iam.Policy>,\n params: PreRenderingServiceParams\n) {\n const core = app.getModule(CoreOutput);\n\n const role = createLambdaRole(app, {\n name: \"ps-flush-lambda-role\",\n policy: policy\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"ps-flush-lambda\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 30,\n memorySize: 1024,\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n DB_TABLE: params.dbTableName,\n DB_TABLE_LOG: params.logDbTableName\n }))\n },\n description: \"Subscribes to flush events on event bus\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"prerendering/flush/build\")\n )\n }),\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: \"ps-flush-event-rule\",\n config: {\n eventBusName: core.eventBusArn,\n eventPattern: JSON.stringify({\n \"detail-type\": [\"FlushPages\"]\n })\n }\n });\n\n const eventPermission = app.addResource(aws.lambda.Permission, {\n name: \"ps-flush-event-permission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: lambda.output.arn,\n principal: \"events.amazonaws.com\",\n sourceArn: eventRule.output.arn\n }\n });\n\n const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n name: \"ps-flush-event-target\",\n config: {\n rule: eventRule.output.name,\n eventBusName: core.eventBusArn,\n arn: lambda.output.arn\n }\n });\n\n return {\n policy,\n role,\n lambda,\n eventRule,\n eventPermission,\n eventTarget\n };\n}\n\nfunction createLambdaPolicy(\n app: PulumiApp,\n queue: pulumi.Output<aws.sqs.Queue>,\n params: PreRenderingServiceParams\n) {\n const core = app.getModule(CoreOutput);\n const awsAccountId = getAwsAccountId(app);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ps-lambda-policy\",\n config: {\n description: \"This policy enables access to Lambda, S3, Cloudfront, SQS and Dynamodb\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:Scan\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: core.apply(s => {\n // Add permissions to DynamoDB table\n const resources = [\n `${s.primaryDynamodbTableArn}`,\n `${s.primaryDynamodbTableArn}/`\n ];\n\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n if (s.elasticsearchDynamodbTableArn) {\n resources.push(\n `${s.elasticsearchDynamodbTableArn}`,\n `${s.elasticsearchDynamodbTableArn}/`\n );\n }\n\n return resources;\n })\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\"s3:DeleteObject\", \"s3:GetObject\", \"s3:PutObject\"],\n Resource: [pulumi.interpolate`arn:aws:s3:::${params.bucket}/`]\n },\n {\n Sid: \"PermissionForCloudfront\",\n Effect: \"Allow\",\n Action: \"cloudfront:CreateInvalidation\",\n Resource: pulumi.interpolate`arn:aws:cloudfront::${awsAccountId}:distribution/*`\n },\n {\n Sid: \"PermissionForSQS\",\n Effect: \"Allow\",\n Action: [\"sqs:SendMessage\", \"sqs:SendMessageBatch\"],\n Resource: queue.arn\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;AAAA,IAAAA,IAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAF,uBAAA,CAAAC,OAAA;AACA,IAAAE,GAAA,GAAAH,uBAAA,CAAAC,OAAA;AACA,IAAAG,eAAA,GAAAH,OAAA;AAGA,IAAAI,UAAA,GAAAJ,OAAA;AAEA,IAAAK,YAAA,GAAAL,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AACA,IAAAO,SAAA,GAAAP,OAAA;AACA,IAAAQ,UAAA,GAAAR,OAAA;AAaO,SAASS,yBAAyBA,CAACC,GAAc,EAAEC,MAAiC,EAAE;EACzF,MAAMC,KAAK,GAAGF,GAAG,CAACG,WAAW,CAACX,GAAG,CAACY,GAAG,CAACC,KAAK,EAAE;IACzCC,IAAI,EAAE,iBAAiB;IACvBC,MAAM,EAAE;MACJC,wBAAwB,EAAE,GAAG;MAC7BC,SAAS,EAAE;IACf;EACJ,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGC,kBAAkB,CAACX,GAAG,EAAEE,KAAK,CAACU,MAAM,EAAEX,MAAM,CAAC;EAC5D,MAAMY,QAAQ,GAAGC,cAAc,CAACd,GAAG,EAAEE,KAAK,CAACU,MAAM,EAAEF,MAAM,CAACE,MAAM,EAAEX,MAAM,CAAC;EACzE,MAAMc,UAAU,GAAGC,sBAAsB,CAAChB,GAAG,EAAEU,MAAM,CAACE,MAAM,EAAEX,MAAM,CAAC;EACrE,MAAMgB,KAAK,GAAGC,kBAAkB,CAAClB,GAAG,EAAEU,MAAM,CAACE,MAAM,EAAEX,MAAM,CAAC;EAC5D,MAAMkB,QAAQ,GAAGC,gCAAgC,CAACpB,GAAG,EAAEE,KAAK,CAACU,MAAM,EAAEX,MAAM,CAAC;EAE5E,OAAO;IACHc,UAAU;IACVF,QAAQ;IACRI,KAAK;IACLE;EACJ,CAAC;AACL;AAEA,SAASC,gCAAgCA,CACrCpB,GAAc,EACdE,KAAmC,EACnCD,MAAiC,EACnC;EACE;AACJ;AACA;AACA;AACA;AACA;AACA;EACI,MAAMoB,SAAS,GAAGrB,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC8B,QAAQ,CAACC,SAAS,EAAE;IACtDjB,IAAI,EAAE,YAAY;IAClBC,MAAM,EAAE;MACJiB,SAAS,EAAEvB,MAAM,CAACwB,WAAW;MAC7BC,OAAO,EAAEzB,MAAM,CAAC0B,cAAc;MAC9BC,QAAQ,EAAE3B,MAAM,CAAC4B,eAAe;MAChCC,IAAI,EAAEvC,MAAM,CAACwC,WAAW;AACpC;AACA,yBAAyB/B,GAAG,CAACC,MAAM,CAAC+B,GAAG,CAACC,OAAO,IAAI,SAAS;AAC5D;AACA,iCAAiChC,MAAM,CAACiC,MAAM;AAC9C,sCAAsCjC,MAAM,CAACkC,WAAW;AACxD,iCAAiClC,MAAM,CAACmC,MAAM;AAC9C,uCAAuCnC,MAAM,CAACoC,YAAY;AAC1D,sCAAsCnC,KAAK,CAACoC,GAAG;AAC/C;AACA;MACgB;MAAA,CACCC,KAAK,CAACC,CAAC,IAAIC,IAAI,CAACC,SAAS,CAAC,IAAAC,wBAAQ,EAACF,IAAI,CAACG,KAAK,CAACJ,CAAC,CAAC,CAAC,CAAC;IAC3D;EACJ,CAAC,CAAC;EAEF,OAAO;IAAEnB;EAAU,CAAC;AACxB;AAEA,SAASL,sBAAsBA,CAC3BhB,GAAc,EACdU,MAAqC,EACrCT,MAAiC,EACnC;EACE,MAAM4C,IAAI,GAAG7C,GAAG,CAAC8C,SAAS,CAACC,kBAAU,CAAC;EAEtC,MAAMC,IAAI,GAAG,IAAAC,6BAAgB,EAACjD,GAAG,EAAE;IAC/BM,IAAI,EAAE,2BAA2B;IACjCI,MAAM,EAAEA;EACZ,CAAC,CAAC;EAEF,MAAMwC,MAAM,GAAGlD,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACC,QAAQ,EAAE;IAChD7C,IAAI,EAAE,6BAA6B;IACnCC,MAAM,EAAE;MACJyC,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwC,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,IAAI;MAChBC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACrB,KAAK,CAACsB,KAAK,KAAK;UACrD,GAAGA,KAAK;UACRC,QAAQ,EAAE7D,MAAM,CAACwB,WAAW;UAC5BsC,YAAY,EAAE9D,MAAM,CAAC+D;QACzB,CAAC,CAAC;MACN,CAAC;MACDC,WAAW,EAAE,0CAA0C;MACvDC,IAAI,EAAE,IAAI3E,MAAM,CAAC4E,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAI7E,MAAM,CAAC4E,KAAK,CAACE,WAAW,CAC7BjF,IAAI,CAACkF,IAAI,CAACtE,GAAG,CAACuE,KAAK,CAACC,SAAS,EAAE,8BAA8B,CACjE;MACJ,CAAC,CAAC;MACFC,SAAS,EAAEzE,GAAG,CAAC8C,SAAS,CAAC4B,iBAAS,CAAC,CAACC;IACxC;EACJ,CAAC,CAAC;;EAEF;AACJ;AACA;AACA;AACA;;EAEI,MAAMC,SAAS,GAAG5E,GAAG,CAACG,WAAW,CAACX,GAAG,CAACqF,UAAU,CAACC,SAAS,EAAE;IACxDxE,IAAI,EAAE,iCAAiC;IACvCC,MAAM,EAAE;MACJwE,YAAY,EAAElC,IAAI,CAACmC,WAAW;MAC9BC,YAAY,EAAExC,IAAI,CAACC,SAAS,CAAC;QACzB,aAAa,EAAE,CAAC,aAAa;MACjC,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMwC,eAAe,GAAGlF,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACiC,UAAU,EAAE;IAC3D7E,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJ6E,MAAM,EAAE,uBAAuB;MAC/BC,QAAQ,EAAEnC,MAAM,CAACtC,MAAM,CAACwC,GAAG;MAC3BkC,SAAS,EAAE,sBAAsB;MACjCC,SAAS,EAAEX,SAAS,CAAChE,MAAM,CAACwC;IAChC;EACJ,CAAC,CAAC;EAEF,MAAMoC,WAAW,GAAGxF,GAAG,CAACG,WAAW,CAACX,GAAG,CAACqF,UAAU,CAACY,WAAW,EAAE;IAC5DnF,IAAI,EAAE,mCAAmC;IACzCC,MAAM,EAAE;MACJmF,IAAI,EAAEd,SAAS,CAAChE,MAAM,CAACN,IAAI;MAC3ByE,YAAY,EAAElC,IAAI,CAACmC,WAAW;MAC9B5B,GAAG,EAAEF,MAAM,CAACtC,MAAM,CAACwC;IACvB;EACJ,CAAC,CAAC;EAEF,OAAO;IACH1C,MAAM;IACNsC,IAAI;IACJE,MAAM;IACN0B,SAAS;IACTM,eAAe;IACfM;EACJ,CAAC;AACL;AAEA,SAAS1E,cAAcA,CACnBd,GAAc,EACdE,KAAmC,EACnCQ,MAAqC,EACrCT,MAAiC,EACnC;EACE,MAAM+C,IAAI,GAAG,IAAAC,6BAAgB,EAACjD,GAAG,EAAE;IAC/BM,IAAI,EAAE,uBAAuB;IAC7BI,MAAM,EAAEA,MAAM;IACdiF,aAAa,EAAEnG,GAAG,CAACoG,GAAG,CAACC,aAAa,CAACC;EACzC,CAAC,CAAC;EAEF,MAAM5C,MAAM,GAAGlD,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACC,QAAQ,EAAE;IAChD7C,IAAI,EAAE,kBAAkB;IACxBC,MAAM,EAAE;MACJyC,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwC,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,GAAG;MACZC,UAAU,EAAE,IAAI;MAChBsC,MAAM,EAAE,CAAC,IAAAC,sBAAW,EAAC,UAAU,CAAC,CAAC;MACjCtC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACrB,KAAK,CAACsB,KAAK,KAAK;UACrD,GAAGA,KAAK;UACRC,QAAQ,EAAE7D,MAAM,CAACwB,WAAW;UAC5BsC,YAAY,EAAE9D,MAAM,CAAC+D;QACzB,CAAC,CAAC;MACN,CAAC;MACDC,WAAW,EAAE,4DAA4D;MACzEC,IAAI,EAAE,IAAI3E,MAAM,CAAC4E,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAI7E,MAAM,CAAC4E,KAAK,CAACE,WAAW,CAC7BjF,IAAI,CAACkF,IAAI,CAACtE,GAAG,CAACuE,KAAK,CAACC,SAAS,EAAE,2BAA2B,CAC9D;MACJ,CAAC,CAAC;MACFC,SAAS,EAAEzE,GAAG,CAAC8C,SAAS,CAAC4B,iBAAS,CAAC,CAACC;IACxC;EACJ,CAAC,CAAC;EAEF,MAAMsB,kBAAkB,GAAGjG,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACgD,kBAAkB,EAAE;IACtE5F,IAAI,EAAE,gCAAgC;IACtCC,MAAM,EAAE;MACJ4F,YAAY,EAAEjD,MAAM,CAACtC,MAAM,CAACwC,GAAG;MAC/BgD,cAAc,EAAElG,KAAK,CAACkD,GAAG;MACzBiD,SAAS,EAAE;IACf;EACJ,CAAC,CAAC;EAEF,OAAO;IACH3F,MAAM;IACNsC,IAAI;IACJE,MAAM;IACN+C;EACJ,CAAC;AACL;AAEA,SAAS/E,kBAAkBA,CACvBlB,GAAc,EACdU,MAAqC,EACrCT,MAAiC,EACnC;EACE,MAAM4C,IAAI,GAAG7C,GAAG,CAAC8C,SAAS,CAACC,kBAAU,CAAC;EAEtC,MAAMC,IAAI,GAAG,IAAAC,6BAAgB,EAACjD,GAAG,EAAE;IAC/BM,IAAI,EAAE,sBAAsB;IAC5BI,MAAM,EAAEA;EACZ,CAAC,CAAC;EAEF,MAAMwC,MAAM,GAAGlD,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACC,QAAQ,EAAE;IAChD7C,IAAI,EAAE,iBAAiB;IACvBC,MAAM,EAAE;MACJyC,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwC,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,IAAI;MAChBC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACrB,KAAK,CAACsB,KAAK,KAAK;UACrD,GAAGA,KAAK;UACRC,QAAQ,EAAE7D,MAAM,CAACwB,WAAW;UAC5BsC,YAAY,EAAE9D,MAAM,CAAC+D;QACzB,CAAC,CAAC;MACN,CAAC;MACDC,WAAW,EAAE,yCAAyC;MACtDC,IAAI,EAAE,IAAI3E,MAAM,CAAC4E,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAI7E,MAAM,CAAC4E,KAAK,CAACE,WAAW,CAC7BjF,IAAI,CAACkF,IAAI,CAACtE,GAAG,CAACuE,KAAK,CAACC,SAAS,EAAE,0BAA0B,CAC7D;MACJ,CAAC,CAAC;MACFC,SAAS,EAAEzE,GAAG,CAAC8C,SAAS,CAAC4B,iBAAS,CAAC,CAACC;IACxC;EACJ,CAAC,CAAC;EAEF,MAAMC,SAAS,GAAG5E,GAAG,CAACG,WAAW,CAACX,GAAG,CAACqF,UAAU,CAACC,SAAS,EAAE;IACxDxE,IAAI,EAAE,qBAAqB;IAC3BC,MAAM,EAAE;MACJwE,YAAY,EAAElC,IAAI,CAACmC,WAAW;MAC9BC,YAAY,EAAExC,IAAI,CAACC,SAAS,CAAC;QACzB,aAAa,EAAE,CAAC,YAAY;MAChC,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMwC,eAAe,GAAGlF,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACiC,UAAU,EAAE;IAC3D7E,IAAI,EAAE,2BAA2B;IACjCC,MAAM,EAAE;MACJ6E,MAAM,EAAE,uBAAuB;MAC/BC,QAAQ,EAAEnC,MAAM,CAACtC,MAAM,CAACwC,GAAG;MAC3BkC,SAAS,EAAE,sBAAsB;MACjCC,SAAS,EAAEX,SAAS,CAAChE,MAAM,CAACwC;IAChC;EACJ,CAAC,CAAC;EAEF,MAAMoC,WAAW,GAAGxF,GAAG,CAACG,WAAW,CAACX,GAAG,CAACqF,UAAU,CAACY,WAAW,EAAE;IAC5DnF,IAAI,EAAE,uBAAuB;IAC7BC,MAAM,EAAE;MACJmF,IAAI,EAAEd,SAAS,CAAChE,MAAM,CAACN,IAAI;MAC3ByE,YAAY,EAAElC,IAAI,CAACmC,WAAW;MAC9B5B,GAAG,EAAEF,MAAM,CAACtC,MAAM,CAACwC;IACvB;EACJ,CAAC,CAAC;EAEF,OAAO;IACH1C,MAAM;IACNsC,IAAI;IACJE,MAAM;IACN0B,SAAS;IACTM,eAAe;IACfM;EACJ,CAAC;AACL;AAEA,SAAS7E,kBAAkBA,CACvBX,GAAc,EACdE,KAAmC,EACnCD,MAAiC,EACnC;EACE,MAAM4C,IAAI,GAAG7C,GAAG,CAAC8C,SAAS,CAACC,kBAAU,CAAC;EACtC,MAAMuD,YAAY,GAAG,IAAAC,yBAAe,EAACvG,GAAG,CAAC;EAEzC,OAAOA,GAAG,CAACG,WAAW,CAACX,GAAG,CAACoG,GAAG,CAACY,MAAM,EAAE;IACnClG,IAAI,EAAE,kBAAkB;IACxBC,MAAM,EAAE;MACJ0D,WAAW,EAAE,wEAAwE;MACrFvD,MAAM,EAAE;QACJ+F,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,uBAAuB;UAC5BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,qBAAqB,EACrB,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,eAAe,EACf,qBAAqB,CACxB;UACDC,QAAQ,EAAEjE,IAAI,CAACN,KAAK,CAACwE,CAAC,IAAI;YACtB;YACA,MAAMC,SAAS,GAAG,CACd,GAAGD,CAAC,CAACE,uBAAuB,EAAE,EAC9B,GAAGF,CAAC,CAACE,uBAAuB,IAAI,CACnC;;YAED;YACA,IAAIF,CAAC,CAACG,6BAA6B,EAAE;cACjCF,SAAS,CAACG,IAAI,CACV,GAAGJ,CAAC,CAACG,6BAA6B,EAAE,EACpC,GAAGH,CAAC,CAACG,6BAA6B,IACtC,CAAC;YACL;YAEA,OAAOF,SAAS;UACpB,CAAC;QACL,CAAC,EACD;UACIL,GAAG,EAAE,iBAAiB;UACtBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,iBAAiB,EAAE,cAAc,EAAE,cAAc,CAAC;UAC3DC,QAAQ,EAAE,CAACvH,MAAM,CAACwC,WAAW,gBAAgB9B,MAAM,CAACmC,MAAM,IAAI;QAClE,CAAC,EACD;UACIuE,GAAG,EAAE,yBAAyB;UAC9BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,+BAA+B;UACvCC,QAAQ,EAAEvH,MAAM,CAACwC,WAAW,uBAAuBuE,YAAY;QACnE,CAAC,EACD;UACIK,GAAG,EAAE,kBAAkB;UACvBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,iBAAiB,EAAE,sBAAsB,CAAC;UACnDC,QAAQ,EAAE5G,KAAK,CAACkD;QACpB,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
1	+ {"version":3,"names":["path","_interopRequireWildcard","require","pulumi","aws","_clientDynamodb","_awsLayers","_lambdaUtils","_common","_awsUtils","_constants","createPrerenderingService","app","params","queue","addResource","sqs","Queue","name","config","visibilityTimeoutSeconds","fifoQueue","policy","createLambdaPolicy","output","renderer","createRenderer","subscriber","createRenderSubscriber","flush","createFlushService","settings","createPrerenderingSettingsDbItem","tableItem","dynamodb","TableItem","tableName","dbTableName","hashKey","dbTableHashKey","rangeKey","dbTableRangeKey","item","interpolate","run","variant","appUrl","deliveryUrl","bucket","cloudfrontId","url","apply","v","JSON","stringify","marshall","parse","core","getModule","CoreOutput","role","createLambdaRole","lambda","Function","arn","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","environment","variables","getCommonLambdaEnvVariables","value","DB_TABLE","DB_TABLE_LOG","logDbTableName","description","code","asset","AssetArchive","FileArchive","join","paths","workspace","vpcConfig","VpcConfig","functionVpcConfig","eventRule","cloudwatch","EventRule","eventBusName","eventBusArn","eventPattern","eventPermission","Permission","action","function","principal","sourceArn","eventTarget","EventTarget","rule","executionRole","iam","ManagedPolicy","AWSLambdaSQSQueueExecutionRole","layers","getLayerArn","eventSourceMapping","EventSourceMapping","functionName","eventSourceArn","batchSize","awsAccountId","getAwsAccountId","Policy","Version","Statement","Sid","Effect","Action","Resource","s","resources","primaryDynamodbTableArn","logDynamodbTableArn","elasticsearchDynamodbTableArn","push"],"sources":["WebsitePrerendering.ts"],"sourcesContent":["import * as path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport { marshall } from \"@webiny/aws-sdk/client-dynamodb\";\n\nimport { PulumiApp } from \"@webiny/pulumi\";\nimport { getLayerArn } from \"@webiny/aws-layers\";\n\nimport { createLambdaRole, getCommonLambdaEnvVariables } from \"../lambdaUtils\";\nimport { CoreOutput, VpcConfig } from \"../common\";\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { LAMBDA_RUNTIME } from \"~/constants\";\n\ninterface PreRenderingServiceParams {\n dbTableName: pulumi.Output<string>;\n dbTableHashKey: pulumi.Output<string>;\n dbTableRangeKey: pulumi.Output<string>;\n logDbTableName: pulumi.Output<string>;\n appUrl: pulumi.Output<string>;\n deliveryUrl: pulumi.Output<string>;\n bucket: pulumi.Output<string>;\n cloudfrontId: pulumi.Output<string>;\n}\n\nexport function createPrerenderingService(app: PulumiApp, params: PreRenderingServiceParams) {\n const queue = app.addResource(aws.sqs.Queue, {\n name: \"ps-render-queue\",\n config: {\n visibilityTimeoutSeconds: 300,\n fifoQueue: true\n }\n });\n\n const policy = createLambdaPolicy(app, queue.output, params);\n const renderer = createRenderer(app, queue.output, policy.output, params);\n const subscriber = createRenderSubscriber(app, policy.output, params);\n const flush = createFlushService(app, policy.output, params);\n const settings = createPrerenderingSettingsDbItem(app, queue.output, params);\n\n return {\n subscriber,\n renderer,\n flush,\n settings\n };\n}\n\nfunction createPrerenderingSettingsDbItem(\n app: PulumiApp,\n queue: pulumi.Output<aws.sqs.Queue>,\n params: PreRenderingServiceParams\n) {\n /*\n To handle everything related to prerendering, we need the following information:\n * - appUrl - SPA URL used to prerender HTML\n * - bucket - name of the S3 bucket used for storage of HTML snapshots\n * - cloudfrontId - for cache invalidation\n * - sqsQueueUrl - an SQS queue for prerendering tasks (messages)\n /\n const tableItem = app.addResource(aws.dynamodb.TableItem, {\n name: \"psSettings\",\n config: {\n tableName: params.dbTableName,\n hashKey: params.dbTableHashKey,\n rangeKey: params.dbTableRangeKey,\n item: pulumi.interpolate`{\n \"PK\": \"PS#SETTINGS\",\n \"SK\": \"${app.params.run.variant \|\| \"default\"}\",\n \"data\": {\n \"appUrl\": \"${params.appUrl}\",\n \"deliveryUrl\": \"${params.deliveryUrl}\",\n \"bucket\": \"${params.bucket}\",\n \"cloudfrontId\": \"${params.cloudfrontId}\",\n \"sqsQueueUrl\": \"${queue.url}\"\n }\n }`\n // We're using the native DynamoDB converter to avoid building those nested objects ourselves.\n .apply(v => JSON.stringify(marshall(JSON.parse(v))))\n }\n });\n\n return { tableItem };\n}\n\nfunction createRenderSubscriber(\n app: PulumiApp,\n policy: pulumi.Output<aws.iam.Policy>,\n params: PreRenderingServiceParams\n) {\n const core = app.getModule(CoreOutput);\n\n const role = createLambdaRole(app, {\n name: \"ps-render-subscriber-role\",\n policy: policy\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"ps-render-subscriber-lambda\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 30,\n memorySize: 1024,\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n DB_TABLE: params.dbTableName,\n DB_TABLE_LOG: params.logDbTableName\n }))\n },\n description: \"Subscribes to render events on event bus\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"prerendering/subscribe/build\")\n )\n }),\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n /\n TODO: when we get to staged rollouts and variants, maybe we can create per-variant event rules,\n * to avoid invocation of all variant lambdas just to do a `detail-type` check and exit early.\n * That way, we would be publishing events scoped to a variant, like \"RenderPages-{variant}\".\n /\n\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: \"ps-render-subscriber-event-rule\",\n config: {\n eventBusName: core.eventBusArn,\n eventPattern: JSON.stringify({\n \"detail-type\": [\"RenderPages\"]\n })\n }\n });\n\n const eventPermission = app.addResource(aws.lambda.Permission, {\n name: \"ps-render-subscriber-event-permission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: lambda.output.arn,\n principal: \"events.amazonaws.com\",\n sourceArn: eventRule.output.arn\n }\n });\n\n const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n name: \"ps-render-subscriber-event-target\",\n config: {\n rule: eventRule.output.name,\n eventBusName: core.eventBusArn,\n arn: lambda.output.arn\n }\n });\n\n return {\n policy,\n role,\n lambda,\n eventRule,\n eventPermission,\n eventTarget\n };\n}\n\nfunction createRenderer(\n app: PulumiApp,\n queue: pulumi.Output<aws.sqs.Queue>,\n policy: pulumi.Output<aws.iam.Policy>,\n params: PreRenderingServiceParams\n) {\n const role = createLambdaRole(app, {\n name: \"ps-render-lambda-role\",\n policy: policy,\n executionRole: aws.iam.ManagedPolicy.AWSLambdaSQSQueueExecutionRole\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"ps-render-lambda\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 300,\n memorySize: 2048,\n layers: [getLayerArn(\"chromium\")],\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n DB_TABLE: params.dbTableName,\n DB_TABLE_LOG: params.logDbTableName\n }))\n },\n description: \"Renders pages and stores output in an S3 bucket of choice.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"prerendering/render/build\")\n )\n }),\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"ps-render-event-source-mapping\",\n config: {\n functionName: lambda.output.arn,\n eventSourceArn: queue.arn,\n batchSize: 1\n }\n });\n\n return {\n policy,\n role,\n lambda,\n eventSourceMapping\n };\n}\n\nfunction createFlushService(\n app: PulumiApp,\n policy: pulumi.Output<aws.iam.Policy>,\n params: PreRenderingServiceParams\n) {\n const core = app.getModule(CoreOutput);\n\n const role = createLambdaRole(app, {\n name: \"ps-flush-lambda-role\",\n policy: policy\n });\n\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"ps-flush-lambda\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 30,\n memorySize: 1024,\n environment: {\n variables: getCommonLambdaEnvVariables().apply(value => ({\n ...value,\n DB_TABLE: params.dbTableName,\n DB_TABLE_LOG: params.logDbTableName\n }))\n },\n description: \"Subscribes to flush events on event bus\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"prerendering/flush/build\")\n )\n }),\n vpcConfig: app.getModule(VpcConfig).functionVpcConfig\n }\n });\n\n const eventRule = app.addResource(aws.cloudwatch.EventRule, {\n name: \"ps-flush-event-rule\",\n config: {\n eventBusName: core.eventBusArn,\n eventPattern: JSON.stringify({\n \"detail-type\": [\"FlushPages\"]\n })\n }\n });\n\n const eventPermission = app.addResource(aws.lambda.Permission, {\n name: \"ps-flush-event-permission\",\n config: {\n action: \"lambda:InvokeFunction\",\n function: lambda.output.arn,\n principal: \"events.amazonaws.com\",\n sourceArn: eventRule.output.arn\n }\n });\n\n const eventTarget = app.addResource(aws.cloudwatch.EventTarget, {\n name: \"ps-flush-event-target\",\n config: {\n rule: eventRule.output.name,\n eventBusName: core.eventBusArn,\n arn: lambda.output.arn\n }\n });\n\n return {\n policy,\n role,\n lambda,\n eventRule,\n eventPermission,\n eventTarget\n };\n}\n\nfunction createLambdaPolicy(\n app: PulumiApp,\n queue: pulumi.Output<aws.sqs.Queue>,\n params: PreRenderingServiceParams\n) {\n const core = app.getModule(CoreOutput);\n const awsAccountId = getAwsAccountId(app);\n\n return app.addResource(aws.iam.Policy, {\n name: \"ps-lambda-policy\",\n config: {\n description: \"This policy enables access to Lambda, S3, Cloudfront, SQS and Dynamodb\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForDynamodb\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:Query\",\n \"dynamodb:Scan\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: core.apply(s => {\n // Add permissions to DynamoDB table\n const resources = [\n `${s.primaryDynamodbTableArn}`,\n `${s.primaryDynamodbTableArn}/`,\n `${s.logDynamodbTableArn}`,\n `${s.logDynamodbTableArn}/`\n ];\n\n // Attach permissions for elastic search dynamo as well (if ES is enabled).\n if (s.elasticsearchDynamodbTableArn) {\n resources.push(\n `${s.elasticsearchDynamodbTableArn}`,\n `${s.elasticsearchDynamodbTableArn}/`\n );\n }\n\n return resources;\n })\n },\n {\n Sid: \"PermissionForS3\",\n Effect: \"Allow\",\n Action: [\"s3:DeleteObject\", \"s3:GetObject\", \"s3:PutObject\"],\n Resource: [pulumi.interpolate`arn:aws:s3:::${params.bucket}/`]\n },\n {\n Sid: \"PermissionForCloudfront\",\n Effect: \"Allow\",\n Action: \"cloudfront:CreateInvalidation\",\n Resource: pulumi.interpolate`arn:aws:cloudfront::${awsAccountId}:distribution/`\n },\n {\n Sid: \"PermissionForSQS\",\n Effect: \"Allow\",\n Action: [\"sqs:SendMessage\", \"sqs:SendMessageBatch\"],\n Resource: queue.arn\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;AAAA,IAAAA,IAAA,GAAAC,uBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAF,uBAAA,CAAAC,OAAA;AACA,IAAAE,GAAA,GAAAH,uBAAA,CAAAC,OAAA;AACA,IAAAG,eAAA,GAAAH,OAAA;AAGA,IAAAI,UAAA,GAAAJ,OAAA;AAEA,IAAAK,YAAA,GAAAL,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AACA,IAAAO,SAAA,GAAAP,OAAA;AACA,IAAAQ,UAAA,GAAAR,OAAA;AAaO,SAASS,yBAAyBA,CAACC,GAAc,EAAEC,MAAiC,EAAE;EACzF,MAAMC,KAAK,GAAGF,GAAG,CAACG,WAAW,CAACX,GAAG,CAACY,GAAG,CAACC,KAAK,EAAE;IACzCC,IAAI,EAAE,iBAAiB;IACvBC,MAAM,EAAE;MACJC,wBAAwB,EAAE,GAAG;MAC7BC,SAAS,EAAE;IACf;EACJ,CAAC,CAAC;EAEF,MAAMC,MAAM,GAAGC,kBAAkB,CAACX,GAAG,EAAEE,KAAK,CAACU,MAAM,EAAEX,MAAM,CAAC;EAC5D,MAAMY,QAAQ,GAAGC,cAAc,CAACd,GAAG,EAAEE,KAAK,CAACU,MAAM,EAAEF,MAAM,CAACE,MAAM,EAAEX,MAAM,CAAC;EACzE,MAAMc,UAAU,GAAGC,sBAAsB,CAAChB,GAAG,EAAEU,MAAM,CAACE,MAAM,EAAEX,MAAM,CAAC;EACrE,MAAMgB,KAAK,GAAGC,kBAAkB,CAAClB,GAAG,EAAEU,MAAM,CAACE,MAAM,EAAEX,MAAM,CAAC;EAC5D,MAAMkB,QAAQ,GAAGC,gCAAgC,CAACpB,GAAG,EAAEE,KAAK,CAACU,MAAM,EAAEX,MAAM,CAAC;EAE5E,OAAO;IACHc,UAAU;IACVF,QAAQ;IACRI,KAAK;IACLE;EACJ,CAAC;AACL;AAEA,SAASC,gCAAgCA,CACrCpB,GAAc,EACdE,KAAmC,EACnCD,MAAiC,EACnC;EACE;AACJ;AACA;AACA;AACA;AACA;AACA;EACI,MAAMoB,SAAS,GAAGrB,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC8B,QAAQ,CAACC,SAAS,EAAE;IACtDjB,IAAI,EAAE,YAAY;IAClBC,MAAM,EAAE;MACJiB,SAAS,EAAEvB,MAAM,CAACwB,WAAW;MAC7BC,OAAO,EAAEzB,MAAM,CAAC0B,cAAc;MAC9BC,QAAQ,EAAE3B,MAAM,CAAC4B,eAAe;MAChCC,IAAI,EAAEvC,MAAM,CAACwC,WAAW;AACpC;AACA,yBAAyB/B,GAAG,CAACC,MAAM,CAAC+B,GAAG,CAACC,OAAO,IAAI,SAAS;AAC5D;AACA,iCAAiChC,MAAM,CAACiC,MAAM;AAC9C,sCAAsCjC,MAAM,CAACkC,WAAW;AACxD,iCAAiClC,MAAM,CAACmC,MAAM;AAC9C,uCAAuCnC,MAAM,CAACoC,YAAY;AAC1D,sCAAsCnC,KAAK,CAACoC,GAAG;AAC/C;AACA;MACgB;MAAA,CACCC,KAAK,CAACC,CAAC,IAAIC,IAAI,CAACC,SAAS,CAAC,IAAAC,wBAAQ,EAACF,IAAI,CAACG,KAAK,CAACJ,CAAC,CAAC,CAAC,CAAC;IAC3D;EACJ,CAAC,CAAC;EAEF,OAAO;IAAEnB;EAAU,CAAC;AACxB;AAEA,SAASL,sBAAsBA,CAC3BhB,GAAc,EACdU,MAAqC,EACrCT,MAAiC,EACnC;EACE,MAAM4C,IAAI,GAAG7C,GAAG,CAAC8C,SAAS,CAACC,kBAAU,CAAC;EAEtC,MAAMC,IAAI,GAAG,IAAAC,6BAAgB,EAACjD,GAAG,EAAE;IAC/BM,IAAI,EAAE,2BAA2B;IACjCI,MAAM,EAAEA;EACZ,CAAC,CAAC;EAEF,MAAMwC,MAAM,GAAGlD,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACC,QAAQ,EAAE;IAChD7C,IAAI,EAAE,6BAA6B;IACnCC,MAAM,EAAE;MACJyC,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwC,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,IAAI;MAChBC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACrB,KAAK,CAACsB,KAAK,KAAK;UACrD,GAAGA,KAAK;UACRC,QAAQ,EAAE7D,MAAM,CAACwB,WAAW;UAC5BsC,YAAY,EAAE9D,MAAM,CAAC+D;QACzB,CAAC,CAAC;MACN,CAAC;MACDC,WAAW,EAAE,0CAA0C;MACvDC,IAAI,EAAE,IAAI3E,MAAM,CAAC4E,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAI7E,MAAM,CAAC4E,KAAK,CAACE,WAAW,CAC7BjF,IAAI,CAACkF,IAAI,CAACtE,GAAG,CAACuE,KAAK,CAACC,SAAS,EAAE,8BAA8B,CACjE;MACJ,CAAC,CAAC;MACFC,SAAS,EAAEzE,GAAG,CAAC8C,SAAS,CAAC4B,iBAAS,CAAC,CAACC;IACxC;EACJ,CAAC,CAAC;;EAEF;AACJ;AACA;AACA;AACA;;EAEI,MAAMC,SAAS,GAAG5E,GAAG,CAACG,WAAW,CAACX,GAAG,CAACqF,UAAU,CAACC,SAAS,EAAE;IACxDxE,IAAI,EAAE,iCAAiC;IACvCC,MAAM,EAAE;MACJwE,YAAY,EAAElC,IAAI,CAACmC,WAAW;MAC9BC,YAAY,EAAExC,IAAI,CAACC,SAAS,CAAC;QACzB,aAAa,EAAE,CAAC,aAAa;MACjC,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMwC,eAAe,GAAGlF,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACiC,UAAU,EAAE;IAC3D7E,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJ6E,MAAM,EAAE,uBAAuB;MAC/BC,QAAQ,EAAEnC,MAAM,CAACtC,MAAM,CAACwC,GAAG;MAC3BkC,SAAS,EAAE,sBAAsB;MACjCC,SAAS,EAAEX,SAAS,CAAChE,MAAM,CAACwC;IAChC;EACJ,CAAC,CAAC;EAEF,MAAMoC,WAAW,GAAGxF,GAAG,CAACG,WAAW,CAACX,GAAG,CAACqF,UAAU,CAACY,WAAW,EAAE;IAC5DnF,IAAI,EAAE,mCAAmC;IACzCC,MAAM,EAAE;MACJmF,IAAI,EAAEd,SAAS,CAAChE,MAAM,CAACN,IAAI;MAC3ByE,YAAY,EAAElC,IAAI,CAACmC,WAAW;MAC9B5B,GAAG,EAAEF,MAAM,CAACtC,MAAM,CAACwC;IACvB;EACJ,CAAC,CAAC;EAEF,OAAO;IACH1C,MAAM;IACNsC,IAAI;IACJE,MAAM;IACN0B,SAAS;IACTM,eAAe;IACfM;EACJ,CAAC;AACL;AAEA,SAAS1E,cAAcA,CACnBd,GAAc,EACdE,KAAmC,EACnCQ,MAAqC,EACrCT,MAAiC,EACnC;EACE,MAAM+C,IAAI,GAAG,IAAAC,6BAAgB,EAACjD,GAAG,EAAE;IAC/BM,IAAI,EAAE,uBAAuB;IAC7BI,MAAM,EAAEA,MAAM;IACdiF,aAAa,EAAEnG,GAAG,CAACoG,GAAG,CAACC,aAAa,CAACC;EACzC,CAAC,CAAC;EAEF,MAAM5C,MAAM,GAAGlD,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACC,QAAQ,EAAE;IAChD7C,IAAI,EAAE,kBAAkB;IACxBC,MAAM,EAAE;MACJyC,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwC,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,GAAG;MACZC,UAAU,EAAE,IAAI;MAChBsC,MAAM,EAAE,CAAC,IAAAC,sBAAW,EAAC,UAAU,CAAC,CAAC;MACjCtC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACrB,KAAK,CAACsB,KAAK,KAAK;UACrD,GAAGA,KAAK;UACRC,QAAQ,EAAE7D,MAAM,CAACwB,WAAW;UAC5BsC,YAAY,EAAE9D,MAAM,CAAC+D;QACzB,CAAC,CAAC;MACN,CAAC;MACDC,WAAW,EAAE,4DAA4D;MACzEC,IAAI,EAAE,IAAI3E,MAAM,CAAC4E,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAI7E,MAAM,CAAC4E,KAAK,CAACE,WAAW,CAC7BjF,IAAI,CAACkF,IAAI,CAACtE,GAAG,CAACuE,KAAK,CAACC,SAAS,EAAE,2BAA2B,CAC9D;MACJ,CAAC,CAAC;MACFC,SAAS,EAAEzE,GAAG,CAAC8C,SAAS,CAAC4B,iBAAS,CAAC,CAACC;IACxC;EACJ,CAAC,CAAC;EAEF,MAAMsB,kBAAkB,GAAGjG,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACgD,kBAAkB,EAAE;IACtE5F,IAAI,EAAE,gCAAgC;IACtCC,MAAM,EAAE;MACJ4F,YAAY,EAAEjD,MAAM,CAACtC,MAAM,CAACwC,GAAG;MAC/BgD,cAAc,EAAElG,KAAK,CAACkD,GAAG;MACzBiD,SAAS,EAAE;IACf;EACJ,CAAC,CAAC;EAEF,OAAO;IACH3F,MAAM;IACNsC,IAAI;IACJE,MAAM;IACN+C;EACJ,CAAC;AACL;AAEA,SAAS/E,kBAAkBA,CACvBlB,GAAc,EACdU,MAAqC,EACrCT,MAAiC,EACnC;EACE,MAAM4C,IAAI,GAAG7C,GAAG,CAAC8C,SAAS,CAACC,kBAAU,CAAC;EAEtC,MAAMC,IAAI,GAAG,IAAAC,6BAAgB,EAACjD,GAAG,EAAE;IAC/BM,IAAI,EAAE,sBAAsB;IAC5BI,MAAM,EAAEA;EACZ,CAAC,CAAC;EAEF,MAAMwC,MAAM,GAAGlD,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACC,QAAQ,EAAE;IAChD7C,IAAI,EAAE,iBAAiB;IACvBC,MAAM,EAAE;MACJyC,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwC,GAAG;MACrBC,OAAO,EAAEC,yBAAc;MACvBC,OAAO,EAAE,iBAAiB;MAC1BC,OAAO,EAAE,EAAE;MACXC,UAAU,EAAE,IAAI;MAChBC,WAAW,EAAE;QACTC,SAAS,EAAE,IAAAC,wCAA2B,EAAC,CAAC,CAACrB,KAAK,CAACsB,KAAK,KAAK;UACrD,GAAGA,KAAK;UACRC,QAAQ,EAAE7D,MAAM,CAACwB,WAAW;UAC5BsC,YAAY,EAAE9D,MAAM,CAAC+D;QACzB,CAAC,CAAC;MACN,CAAC;MACDC,WAAW,EAAE,yCAAyC;MACtDC,IAAI,EAAE,IAAI3E,MAAM,CAAC4E,KAAK,CAACC,YAAY,CAAC;QAChC,GAAG,EAAE,IAAI7E,MAAM,CAAC4E,KAAK,CAACE,WAAW,CAC7BjF,IAAI,CAACkF,IAAI,CAACtE,GAAG,CAACuE,KAAK,CAACC,SAAS,EAAE,0BAA0B,CAC7D;MACJ,CAAC,CAAC;MACFC,SAAS,EAAEzE,GAAG,CAAC8C,SAAS,CAAC4B,iBAAS,CAAC,CAACC;IACxC;EACJ,CAAC,CAAC;EAEF,MAAMC,SAAS,GAAG5E,GAAG,CAACG,WAAW,CAACX,GAAG,CAACqF,UAAU,CAACC,SAAS,EAAE;IACxDxE,IAAI,EAAE,qBAAqB;IAC3BC,MAAM,EAAE;MACJwE,YAAY,EAAElC,IAAI,CAACmC,WAAW;MAC9BC,YAAY,EAAExC,IAAI,CAACC,SAAS,CAAC;QACzB,aAAa,EAAE,CAAC,YAAY;MAChC,CAAC;IACL;EACJ,CAAC,CAAC;EAEF,MAAMwC,eAAe,GAAGlF,GAAG,CAACG,WAAW,CAACX,GAAG,CAAC0D,MAAM,CAACiC,UAAU,EAAE;IAC3D7E,IAAI,EAAE,2BAA2B;IACjCC,MAAM,EAAE;MACJ6E,MAAM,EAAE,uBAAuB;MAC/BC,QAAQ,EAAEnC,MAAM,CAACtC,MAAM,CAACwC,GAAG;MAC3BkC,SAAS,EAAE,sBAAsB;MACjCC,SAAS,EAAEX,SAAS,CAAChE,MAAM,CAACwC;IAChC;EACJ,CAAC,CAAC;EAEF,MAAMoC,WAAW,GAAGxF,GAAG,CAACG,WAAW,CAACX,GAAG,CAACqF,UAAU,CAACY,WAAW,EAAE;IAC5DnF,IAAI,EAAE,uBAAuB;IAC7BC,MAAM,EAAE;MACJmF,IAAI,EAAEd,SAAS,CAAChE,MAAM,CAACN,IAAI;MAC3ByE,YAAY,EAAElC,IAAI,CAACmC,WAAW;MAC9B5B,GAAG,EAAEF,MAAM,CAACtC,MAAM,CAACwC;IACvB;EACJ,CAAC,CAAC;EAEF,OAAO;IACH1C,MAAM;IACNsC,IAAI;IACJE,MAAM;IACN0B,SAAS;IACTM,eAAe;IACfM;EACJ,CAAC;AACL;AAEA,SAAS7E,kBAAkBA,CACvBX,GAAc,EACdE,KAAmC,EACnCD,MAAiC,EACnC;EACE,MAAM4C,IAAI,GAAG7C,GAAG,CAAC8C,SAAS,CAACC,kBAAU,CAAC;EACtC,MAAMuD,YAAY,GAAG,IAAAC,yBAAe,EAACvG,GAAG,CAAC;EAEzC,OAAOA,GAAG,CAACG,WAAW,CAACX,GAAG,CAACoG,GAAG,CAACY,MAAM,EAAE;IACnClG,IAAI,EAAE,kBAAkB;IACxBC,MAAM,EAAE;MACJ0D,WAAW,EAAE,wEAAwE;MACrFvD,MAAM,EAAE;QACJ+F,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,uBAAuB;UAC5BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,qBAAqB,EACrB,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,eAAe,EACf,qBAAqB,CACxB;UACDC,QAAQ,EAAEjE,IAAI,CAACN,KAAK,CAACwE,CAAC,IAAI;YACtB;YACA,MAAMC,SAAS,GAAG,CACd,GAAGD,CAAC,CAACE,uBAAuB,EAAE,EAC9B,GAAGF,CAAC,CAACE,uBAAuB,IAAI,EAChC,GAAGF,CAAC,CAACG,mBAAmB,EAAE,EAC1B,GAAGH,CAAC,CAACG,mBAAmB,IAAI,CAC/B;;YAED;YACA,IAAIH,CAAC,CAACI,6BAA6B,EAAE;cACjCH,SAAS,CAACI,IAAI,CACV,GAAGL,CAAC,CAACI,6BAA6B,EAAE,EACpC,GAAGJ,CAAC,CAACI,6BAA6B,IACtC,CAAC;YACL;YAEA,OAAOH,SAAS;UACpB,CAAC;QACL,CAAC,EACD;UACIL,GAAG,EAAE,iBAAiB;UACtBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,iBAAiB,EAAE,cAAc,EAAE,cAAc,CAAC;UAC3DC,QAAQ,EAAE,CAACvH,MAAM,CAACwC,WAAW,gBAAgB9B,MAAM,CAACmC,MAAM,IAAI;QAClE,CAAC,EACD;UACIuE,GAAG,EAAE,yBAAyB;UAC9BC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,+BAA+B;UACvCC,QAAQ,EAAEvH,MAAM,CAACwC,WAAW,uBAAuBuE,YAAY;QACnE,CAAC,EACD;UACIK,GAAG,EAAE,kBAAkB;UACvBC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,iBAAiB,EAAE,sBAAsB,CAAC;UACnDC,QAAQ,EAAE5G,KAAK,CAACkD;QACpB,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@webiny/pulumi-aws",
-	"version": "5.42.0-beta.0",
+	"version": "5.42.0-beta.1",
 	"repository": {
 		"type": "git",
 		"url": "https://github.com/webiny/webiny-js.git"
@@ -16,18 +16,18 @@
 		"@pulumi/aws": "^6.66.2",
 		"@pulumi/pulumi": "^3.144.1",
 		"@pulumi/random": "4.16.8",
-		"@webiny/aws-sdk": "5.42.0-beta.0",
-		"@webiny/cli-plugin-deploy-pulumi": "5.42.0-beta.0",
-		"@webiny/pulumi": "5.42.0-beta.0",
+		"@webiny/aws-sdk": "5.42.0-beta.1",
+		"@webiny/cli-plugin-deploy-pulumi": "5.42.0-beta.1",
+		"@webiny/pulumi": "5.42.0-beta.1",
 		"form-data": "4.0.0",
 		"node-fetch": "2.6.7"
 	},
 	"devDependencies": {
-		"@webiny/api-page-builder": "5.42.0-beta.0",
-		"@webiny/aws-layers": "5.42.0-beta.0",
-		"@webiny/cli": "5.42.0-beta.0",
-		"@webiny/feature-flags": "5.42.0-beta.0",
-		"@webiny/project-utils": "5.42.0-beta.0",
+		"@webiny/api-page-builder": "5.42.0-beta.1",
+		"@webiny/aws-layers": "5.42.0-beta.1",
+		"@webiny/cli": "5.42.0-beta.1",
+		"@webiny/feature-flags": "5.42.0-beta.1",
+		"@webiny/project-utils": "5.42.0-beta.1",
 		"chalk": "4.1.2",
 		"lodash": "4.17.21",
 		"mime": "3.0.0",
@@ -51,5 +51,5 @@
 			]
 		}
 	},
-	"gitHead": "ebf90f62ed3f28114ffdb012b7e5f80988af53d3"
+	"gitHead": "5e69da579efa4f2c8268e0c97ac6407ddc3f5f07"
 }