@webiny/pulumi-aws 5.43.1-beta.2 → 5.43.1-beta.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -264,6 +264,7 @@ const ElasticSearch = exports.ElasticSearch = (0, _pulumi2.createAppModule)({
|
|
|
264
264
|
}
|
|
265
265
|
});
|
|
266
266
|
function getDynamoDbToElasticLambdaPolicy(app, domain) {
|
|
267
|
+
const logDynamoDbTable = app.getModule(_LogDynamo.LogDynamo);
|
|
267
268
|
return app.addResource(aws.iam.Policy, {
|
|
268
269
|
name: "DynamoDbToElasticLambdaPolicy-updated",
|
|
269
270
|
config: {
|
|
@@ -273,8 +274,13 @@ function getDynamoDbToElasticLambdaPolicy(app, domain) {
|
|
|
273
274
|
Statement: [{
|
|
274
275
|
Sid: "PermissionForES",
|
|
275
276
|
Effect: "Allow",
|
|
276
|
-
Action: ["es:ESHttpGet", "es:ESHttpDelete", "es:ESHttpPatch", "es:ESHttpPost", "es:ESHttpPut"
|
|
277
|
+
Action: ["es:ESHttpGet", "es:ESHttpDelete", "es:ESHttpPatch", "es:ESHttpPost", "es:ESHttpPut"],
|
|
277
278
|
Resource: [pulumi.interpolate`${domain.arn}`, pulumi.interpolate`${domain.arn}/*`]
|
|
279
|
+
}, {
|
|
280
|
+
Sid: "PermissionForDynamoDbLog",
|
|
281
|
+
Effect: "Allow",
|
|
282
|
+
Action: ["dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:Scan", "dynamodb:Query"],
|
|
283
|
+
Resource: [pulumi.interpolate`${logDynamoDbTable.output.arn}`, pulumi.interpolate`${logDynamoDbTable.output.arn}/*`]
|
|
278
284
|
}]
|
|
279
285
|
}
|
|
280
286
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_pulumi2","_awsUtils","_CoreVpc","_constants","_LogDynamo","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","ElasticSearch","exports","createAppModule","name","config","app","params","domainName","accountId","getAwsAccountId","productionEnvironments","create","DEFAULT_PROD_ENV_NAMES","isProduction","includes","run","env","vpc","getModule","CoreVpc","optional","logDynamoDbTable","LogDynamo","domain","domainPolicy","process","AWS_ELASTIC_SEARCH_DOMAIN_NAME","String","addRemoteResource","elasticsearch","getDomain","async","addResource","Domain","elasticsearchVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","DomainPolicy","accessPolicies","Version","Statement","Effect","Principal","AWS","Action","Resource","interpolate","arn","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","environment","variables","DEBUG","ELASTIC_SEARCH_ENDPOINT","endpoint","DB_TABLE_LOG","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","elasticsearchDomainArn","elasticsearchDomainEndpoint","elasticsearchDynamodbTableArn","elasticsearchDynamodbTableName","elasticsearchDynamoToElasticLambdaName","dynamoToElastic","Policy","Sid"],"sources":["CoreElasticSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport {\n createAppModule,\n PulumiApp,\n PulumiAppRemoteResource,\n PulumiAppResource,\n PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { CoreVpc } from \"./CoreVpc\";\nimport { DEFAULT_PROD_ENV_NAMES, LAMBDA_RUNTIME } from \"~/constants\";\nimport { LogDynamo } from \"~/apps/core/LogDynamo\";\n\nexport interface ElasticSearchParams {\n protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n return {\n instanceType: \"t3.small.elasticsearch\"\n };\n}\n\nfunction getProdClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n return {\n // For production deployments, we create 2 instances and configure multi-AZ.\n instanceType: \"t3.medium.elasticsearch\",\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 2\n }\n };\n}\n\nexport const ElasticSearch = createAppModule({\n name: \"ElasticSearch\",\n config(app, params: ElasticSearchParams) {\n const domainName = \"webiny-js\";\n const accountId = getAwsAccountId(app);\n\n const productionEnvironments =\n app.params.create.productionEnvironments || DEFAULT_PROD_ENV_NAMES;\n const isProduction = productionEnvironments.includes(app.params.run.env);\n\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n const logDynamoDbTable = app.getModule(LogDynamo);\n\n // This needs to be implemented in order to be able to use a shared ElasticSearch cluster.\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.elasticsearch.Domain>>\n | PulumiAppRemoteResource<aws.elasticsearch.GetDomainResult>;\n\n let domainPolicy;\n\n if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {\n const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME);\n // This can be useful for testing purposes in ephemeral environments. More information here:\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(domainName, () => {\n return aws.elasticsearch.getDomain({ domainName }, { async: true });\n });\n } else {\n // Regular ElasticSearch deployment.\n domain = app.addResource(aws.elasticsearch.Domain, {\n name: domainName,\n config: {\n elasticsearchVersion: \"7.10\",\n clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n /**\n * Domain policy defines who can access your Elasticsearch Domain.\n * For details on Elasticsearch security, read the official documentation:\n * https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/security.html\n */\n domainPolicy = app.addResource(aws.elasticsearch.DomainPolicy, {\n name: `${domainName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: {\n Version: \"2012-10-17\",\n Statement: [\n /**\n * Allow requests signed with current account\n */\n {\n Effect: \"Allow\",\n Principal: {\n AWS: accountId\n },\n Action: \"es:*\",\n Resource: pulumi.interpolate`${domain.output.arn}/*`\n }\n ]\n }\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for Elasticsearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your Elasticsearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with Elasticsearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\"\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n if (vpc) {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n } else {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n }\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains Elasticsearch items.\n * Elasticsearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for Elasticsearch in a DynamoDB table, and asynchronously insert it into Elasticsearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 900,\n memorySize: 1024,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint,\n DB_TABLE_LOG: logDynamoDbTable.output.name\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 50,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n elasticsearchDomainArn: domain.output.arn,\n elasticsearchDomainEndpoint: domain.output.endpoint,\n elasticsearchDynamodbTableArn: table.output.arn,\n elasticsearchDynamodbTableName: table.output.name,\n elasticsearchDynamoToElasticLambdaName: lambda.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n app: PulumiApp,\n domain: pulumi.Output<aws.elasticsearch.Domain | aws.elasticsearch.GetDomainResult>\n) {\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpGet\",\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\",\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${domain.arn}`,\n pulumi.interpolate`${domain.arn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;AAKA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,QAAA,GAAAJ,OAAA;AAQA,IAAAK,SAAA,GAAAL,OAAA;AACA,IAAAM,QAAA,GAAAN,OAAA;AACA,IAAAO,UAAA,GAAAP,OAAA;AACA,IAAAQ,UAAA,GAAAR,OAAA;AAnBA;AACA;AACA;AACA;AACA;;AAqBA,SAASS,mBAAmBA,CAAA,EAAsD;EAC9E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAsD;EAC/E,OAAO;IACH;IACAD,YAAY,EAAE,yBAAyB;IACvCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEO,MAAMC,aAAa,GAAAC,OAAA,CAAAD,aAAA,GAAG,IAAAE,wBAAe,EAAC;EACzCC,IAAI,EAAE,eAAe;EACrBC,MAAMA,CAACC,GAAG,EAAEC,MAA2B,EAAE;IACrC,MAAMC,UAAU,GAAG,WAAW;IAC9B,MAAMC,SAAS,GAAG,IAAAC,yBAAe,EAACJ,GAAG,CAAC;IAEtC,MAAMK,sBAAsB,GACxBL,GAAG,CAACC,MAAM,CAACK,MAAM,CAACD,sBAAsB,IAAIE,iCAAsB;IACtE,MAAMC,YAAY,GAAGH,sBAAsB,CAACI,QAAQ,CAACT,GAAG,CAACC,MAAM,CAACS,GAAG,CAACC,GAAG,CAAC;IAExE,MAAMC,GAAG,GAAGZ,GAAG,CAACa,SAAS,CAACC,gBAAO,EAAE;MAAEC,QAAQ,EAAE;IAAK,CAAC,CAAC;IAEtD,MAAMC,gBAAgB,GAAGhB,GAAG,CAACa,SAAS,CAACI,oBAAS,CAAC;;IAEjD;IACA,IAAIC,MAE4D;IAEhE,IAAIC,YAAY;IAEhB,IAAIC,OAAO,CAACT,GAAG,CAACU,8BAA8B,EAAE;MAC5C,MAAMnB,UAAU,GAAGoB,MAAM,CAACF,OAAO,CAACT,GAAG,CAACU,8BAA8B,CAAC;MACrE;MACA;MACAH,MAAM,GAAGlB,GAAG,CAACuB,iBAAiB,CAACrB,UAAU,EAAE,MAAM;QAC7C,OAAOpB,GAAG,CAAC0C,aAAa,CAACC,SAAS,CAAC;UAAEvB;QAAW,CAAC,EAAE;UAAEwB,KAAK,EAAE;QAAK,CAAC,CAAC;MACvE,CAAC,CAAC;IACN,CAAC,MAAM;MACH;MACAR,MAAM,GAAGlB,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC0C,aAAa,CAACI,MAAM,EAAE;QAC/C9B,IAAI,EAAEI,UAAU;QAChBH,MAAM,EAAE;UACJ8B,oBAAoB,EAAE,MAAM;UAC5BC,aAAa,EAAEtB,YAAY,GAAGlB,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5E2C,UAAU,EAAEnB,GAAG,GACT;YACIoB,SAAS,EAAEpB,GAAG,CAACqB,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAAC3B,GAAG,CAACA,GAAG,CAACyB,MAAM,CAACG,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAEjD,MAAM,CAACiD;QAAQ;MACpC,CAAC,CAAC;;MAEF;AACZ;AACA;AACA;AACA;MACY/B,YAAY,GAAGnB,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC0C,aAAa,CAAC2B,YAAY,EAAE;QAC3DrD,IAAI,EAAE,GAAGI,UAAU,SAAS;QAC5BH,MAAM,EAAE;UACJG,UAAU,EAAEgB,MAAM,CAACmB,MAAM,CAACnC,UAAU;UACpCkD,cAAc,EAAE;YACZC,OAAO,EAAE,YAAY;YACrBC,SAAS,EAAE;YACP;AAC5B;AACA;YAC4B;cACIC,MAAM,EAAE,OAAO;cACfC,SAAS,EAAE;gBACPC,GAAG,EAAEtD;cACT,CAAC;cACDuD,MAAM,EAAE,MAAM;cACdC,QAAQ,EAAE/E,MAAM,CAACgF,WAAW,GAAG1C,MAAM,CAACmB,MAAM,CAACwB,GAAG;YACpD,CAAC;UAET;QACJ,CAAC;QACDZ,IAAI,EAAE;UAAEC,OAAO,EAAEjD,MAAM,CAACiD;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMY,KAAK,GAAG9D,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAACiF,QAAQ,CAACC,KAAK,EAAE;MAC9ClE,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJkE,UAAU,EAAE,CACR;UAAEnE,IAAI,EAAE,IAAI;UAAEoE,IAAI,EAAE;QAAI,CAAC,EACzB;UAAEpE,IAAI,EAAE,IAAI;UAAEoE,IAAI,EAAE;QAAI,CAAC,CAC5B;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE;MACd,CAAC;MACDtB,IAAI,EAAE;QAAEC,OAAO,EAAEjD,MAAM,CAACiD;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAMsB,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAGzE,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC4F,GAAG,CAACC,IAAI,EAAE;MACvC7E,IAAI,EAAE0E,QAAQ;MACdzE,MAAM,EAAE;QACJ6E,gBAAgB,EAAE;UACdvB,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACPqB,OAAO,EAAE;YACb,CAAC;YACDtB,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACDuB,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAACjF,GAAG,EAAEkB,MAAM,CAACmB,MAAM,CAAC;IAEnErC,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC4F,GAAG,CAACQ,oBAAoB,EAAE;MAC1CpF,IAAI,EAAE,GAAG0E,QAAQ,gCAAgC;MACjDzE,MAAM,EAAE;QACJ0E,IAAI,EAAEA,IAAI,CAACpC,MAAM;QACjB8C,SAAS,EAAEH,MAAM,CAAC3C,MAAM,CAACwB;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAIjD,GAAG,EAAE;MACLZ,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC4F,GAAG,CAACQ,oBAAoB,EAAE;QAC1CpF,IAAI,EAAE,GAAG0E,QAAQ,kCAAkC;QACnDzE,MAAM,EAAE;UACJ0E,IAAI,EAAEA,IAAI,CAACpC,MAAM;UACjB8C,SAAS,EAAErG,GAAG,CAAC4F,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHrF,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC4F,GAAG,CAACQ,oBAAoB,EAAE;QAC1CpF,IAAI,EAAE,GAAG0E,QAAQ,8BAA8B;QAC/CzE,MAAM,EAAE;UACJ0E,IAAI,EAAEA,IAAI,CAACpC,MAAM;UACjB8C,SAAS,EAAErG,GAAG,CAAC4F,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEAtF,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC4F,GAAG,CAACQ,oBAAoB,EAAE;MAC1CpF,IAAI,EAAE,GAAG0E,QAAQ,iCAAiC;MAClDzE,MAAM,EAAE;QACJ0E,IAAI,EAAEA,IAAI,CAACpC,MAAM;QACjB8C,SAAS,EAAErG,GAAG,CAAC4F,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAGxF,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC0G,MAAM,CAACC,QAAQ,EAAE;MAChD3F,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJ0E,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwB,GAAG;QACrB6B,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE3E,MAAM,CAACF,OAAO,CAACT,GAAG,CAACsF,KAAK,CAAC;YAChCC,uBAAuB,EAAEhF,MAAM,CAACmB,MAAM,CAAC8D,QAAQ;YAC/CC,YAAY,EAAEpF,gBAAgB,CAACqB,MAAM,CAACvC;UAC1C;QACJ,CAAC;QACDuG,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAI1H,MAAM,CAAC2H,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAI5H,MAAM,CAAC2H,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAAC3G,GAAG,CAAC4G,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAElG,GAAG,GACR;UACIoB,SAAS,EAAEpB,GAAG,CAACqB,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAAC3B,GAAG,CAACA,GAAG,CAACyB,MAAM,CAACG,sBAAsB;QAC5D,CAAC,GACDC;MACV;IACJ,CAAC,CAAC;IAEF,MAAMsE,kBAAkB,GAAG/G,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC0G,MAAM,CAACwB,kBAAkB,EAAE;MACtElH,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJkH,cAAc,EAAEnD,KAAK,CAACzB,MAAM,CAAC6E,SAAS;QACtCC,YAAY,EAAE3B,MAAM,CAACnD,MAAM,CAACwB,GAAG;QAC/BuD,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,EAAE;QACbC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFvH,GAAG,CAACwH,UAAU,CAAC;MACXC,sBAAsB,EAAEvG,MAAM,CAACmB,MAAM,CAACwB,GAAG;MACzC6D,2BAA2B,EAAExG,MAAM,CAACmB,MAAM,CAAC8D,QAAQ;MACnDwB,6BAA6B,EAAE7D,KAAK,CAACzB,MAAM,CAACwB,GAAG;MAC/C+D,8BAA8B,EAAE9D,KAAK,CAACzB,MAAM,CAACvC,IAAI;MACjD+H,sCAAsC,EAAErC,MAAM,CAACnD,MAAM,CAACvC;IAC1D,CAAC,CAAC;IAEF,OAAO;MACHoB,MAAM;MACNC,YAAY;MACZ2C,KAAK;MACLgE,eAAe,EAAE;QACbrD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNuB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS9B,gCAAgCA,CACrCjF,GAAc,EACdkB,MAAmF,EACrF;EACE,OAAOlB,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC4F,GAAG,CAACqD,MAAM,EAAE;IACnCjI,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJsG,WAAW,EAAE,uDAAuD;MACpErB,MAAM,EAAE;QACJ3B,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACI0E,GAAG,EAAE,iBAAiB;UACtBzE,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,EAChB,qBAAqB,CACxB;UACDC,QAAQ,EAAE,CACN/E,MAAM,CAACgF,WAAW,GAAG1C,MAAM,CAAC2C,GAAG,EAAE,EACjCjF,MAAM,CAACgF,WAAW,GAAG1C,MAAM,CAAC2C,GAAG,IAAI;QAE3C,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
|
|
1
|
+
{"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","_pulumi2","_awsUtils","_CoreVpc","_constants","_LogDynamo","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","ElasticSearch","exports","createAppModule","name","config","app","params","domainName","accountId","getAwsAccountId","productionEnvironments","create","DEFAULT_PROD_ENV_NAMES","isProduction","includes","run","env","vpc","getModule","CoreVpc","optional","logDynamoDbTable","LogDynamo","domain","domainPolicy","process","AWS_ELASTIC_SEARCH_DOMAIN_NAME","String","addRemoteResource","elasticsearch","getDomain","async","addResource","Domain","elasticsearchVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","DomainPolicy","accessPolicies","Version","Statement","Effect","Principal","AWS","Action","Resource","interpolate","arn","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","environment","variables","DEBUG","ELASTIC_SEARCH_ENDPOINT","endpoint","DB_TABLE_LOG","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","elasticsearchDomainArn","elasticsearchDomainEndpoint","elasticsearchDynamodbTableArn","elasticsearchDynamodbTableName","elasticsearchDynamoToElasticLambdaName","dynamoToElastic","Policy","Sid"],"sources":["CoreElasticSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport {\n createAppModule,\n PulumiApp,\n PulumiAppRemoteResource,\n PulumiAppResource,\n PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { CoreVpc } from \"./CoreVpc\";\nimport { DEFAULT_PROD_ENV_NAMES, LAMBDA_RUNTIME } from \"~/constants\";\nimport { LogDynamo } from \"~/apps/core/LogDynamo\";\n\nexport interface ElasticSearchParams {\n protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n return {\n instanceType: \"t3.small.elasticsearch\"\n };\n}\n\nfunction getProdClusterConfig(): aws.types.input.elasticsearch.DomainClusterConfig {\n return {\n // For production deployments, we create 2 instances and configure multi-AZ.\n instanceType: \"t3.medium.elasticsearch\",\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 2\n }\n };\n}\n\nexport const ElasticSearch = createAppModule({\n name: \"ElasticSearch\",\n config(app, params: ElasticSearchParams) {\n const domainName = \"webiny-js\";\n const accountId = getAwsAccountId(app);\n\n const productionEnvironments =\n app.params.create.productionEnvironments || DEFAULT_PROD_ENV_NAMES;\n const isProduction = productionEnvironments.includes(app.params.run.env);\n\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n const logDynamoDbTable = app.getModule(LogDynamo);\n\n // This needs to be implemented in order to be able to use a shared ElasticSearch cluster.\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.elasticsearch.Domain>>\n | PulumiAppRemoteResource<aws.elasticsearch.GetDomainResult>;\n\n let domainPolicy;\n\n if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {\n const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME);\n // This can be useful for testing purposes in ephemeral environments. More information here:\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(domainName, () => {\n return aws.elasticsearch.getDomain({ domainName }, { async: true });\n });\n } else {\n // Regular ElasticSearch deployment.\n domain = app.addResource(aws.elasticsearch.Domain, {\n name: domainName,\n config: {\n elasticsearchVersion: \"7.10\",\n clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n /**\n * Domain policy defines who can access your Elasticsearch Domain.\n * For details on Elasticsearch security, read the official documentation:\n * https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/security.html\n */\n domainPolicy = app.addResource(aws.elasticsearch.DomainPolicy, {\n name: `${domainName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: {\n Version: \"2012-10-17\",\n Statement: [\n /**\n * Allow requests signed with current account\n */\n {\n Effect: \"Allow\",\n Principal: {\n AWS: accountId\n },\n Action: \"es:*\",\n Resource: pulumi.interpolate`${domain.output.arn}/*`\n }\n ]\n }\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for Elasticsearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your Elasticsearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with Elasticsearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\"\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n if (vpc) {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n } else {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n }\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains Elasticsearch items.\n * Elasticsearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for Elasticsearch in a DynamoDB table, and asynchronously insert it into Elasticsearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 900,\n memorySize: 1024,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint,\n DB_TABLE_LOG: logDynamoDbTable.output.name\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 50,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n elasticsearchDomainArn: domain.output.arn,\n elasticsearchDomainEndpoint: domain.output.endpoint,\n elasticsearchDynamodbTableArn: table.output.arn,\n elasticsearchDynamodbTableName: table.output.name,\n elasticsearchDynamoToElasticLambdaName: lambda.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n app: PulumiApp,\n domain: pulumi.Output<aws.elasticsearch.Domain | aws.elasticsearch.GetDomainResult>\n) {\n const logDynamoDbTable = app.getModule(LogDynamo);\n\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpGet\",\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\"\n ],\n Resource: [\n pulumi.interpolate`${domain.arn}`,\n pulumi.interpolate`${domain.arn}/*`\n ]\n },\n {\n Sid: \"PermissionForDynamoDbLog\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:GetItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:Scan\",\n \"dynamodb:Query\"\n ],\n Resource: [\n pulumi.interpolate`${logDynamoDbTable.output.arn}`,\n pulumi.interpolate`${logDynamoDbTable.output.arn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;AAKA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,QAAA,GAAAJ,OAAA;AAQA,IAAAK,SAAA,GAAAL,OAAA;AACA,IAAAM,QAAA,GAAAN,OAAA;AACA,IAAAO,UAAA,GAAAP,OAAA;AACA,IAAAQ,UAAA,GAAAR,OAAA;AAnBA;AACA;AACA;AACA;AACA;;AAqBA,SAASS,mBAAmBA,CAAA,EAAsD;EAC9E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAsD;EAC/E,OAAO;IACH;IACAD,YAAY,EAAE,yBAAyB;IACvCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEO,MAAMC,aAAa,GAAAC,OAAA,CAAAD,aAAA,GAAG,IAAAE,wBAAe,EAAC;EACzCC,IAAI,EAAE,eAAe;EACrBC,MAAMA,CAACC,GAAG,EAAEC,MAA2B,EAAE;IACrC,MAAMC,UAAU,GAAG,WAAW;IAC9B,MAAMC,SAAS,GAAG,IAAAC,yBAAe,EAACJ,GAAG,CAAC;IAEtC,MAAMK,sBAAsB,GACxBL,GAAG,CAACC,MAAM,CAACK,MAAM,CAACD,sBAAsB,IAAIE,iCAAsB;IACtE,MAAMC,YAAY,GAAGH,sBAAsB,CAACI,QAAQ,CAACT,GAAG,CAACC,MAAM,CAACS,GAAG,CAACC,GAAG,CAAC;IAExE,MAAMC,GAAG,GAAGZ,GAAG,CAACa,SAAS,CAACC,gBAAO,EAAE;MAAEC,QAAQ,EAAE;IAAK,CAAC,CAAC;IAEtD,MAAMC,gBAAgB,GAAGhB,GAAG,CAACa,SAAS,CAACI,oBAAS,CAAC;;IAEjD;IACA,IAAIC,MAE4D;IAEhE,IAAIC,YAAY;IAEhB,IAAIC,OAAO,CAACT,GAAG,CAACU,8BAA8B,EAAE;MAC5C,MAAMnB,UAAU,GAAGoB,MAAM,CAACF,OAAO,CAACT,GAAG,CAACU,8BAA8B,CAAC;MACrE;MACA;MACAH,MAAM,GAAGlB,GAAG,CAACuB,iBAAiB,CAACrB,UAAU,EAAE,MAAM;QAC7C,OAAOpB,GAAG,CAAC0C,aAAa,CAACC,SAAS,CAAC;UAAEvB;QAAW,CAAC,EAAE;UAAEwB,KAAK,EAAE;QAAK,CAAC,CAAC;MACvE,CAAC,CAAC;IACN,CAAC,MAAM;MACH;MACAR,MAAM,GAAGlB,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC0C,aAAa,CAACI,MAAM,EAAE;QAC/C9B,IAAI,EAAEI,UAAU;QAChBH,MAAM,EAAE;UACJ8B,oBAAoB,EAAE,MAAM;UAC5BC,aAAa,EAAEtB,YAAY,GAAGlB,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5E2C,UAAU,EAAEnB,GAAG,GACT;YACIoB,SAAS,EAAEpB,GAAG,CAACqB,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAAC3B,GAAG,CAACA,GAAG,CAACyB,MAAM,CAACG,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAEjD,MAAM,CAACiD;QAAQ;MACpC,CAAC,CAAC;;MAEF;AACZ;AACA;AACA;AACA;MACY/B,YAAY,GAAGnB,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC0C,aAAa,CAAC2B,YAAY,EAAE;QAC3DrD,IAAI,EAAE,GAAGI,UAAU,SAAS;QAC5BH,MAAM,EAAE;UACJG,UAAU,EAAEgB,MAAM,CAACmB,MAAM,CAACnC,UAAU;UACpCkD,cAAc,EAAE;YACZC,OAAO,EAAE,YAAY;YACrBC,SAAS,EAAE;YACP;AAC5B;AACA;YAC4B;cACIC,MAAM,EAAE,OAAO;cACfC,SAAS,EAAE;gBACPC,GAAG,EAAEtD;cACT,CAAC;cACDuD,MAAM,EAAE,MAAM;cACdC,QAAQ,EAAE/E,MAAM,CAACgF,WAAW,GAAG1C,MAAM,CAACmB,MAAM,CAACwB,GAAG;YACpD,CAAC;UAET;QACJ,CAAC;QACDZ,IAAI,EAAE;UAAEC,OAAO,EAAEjD,MAAM,CAACiD;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMY,KAAK,GAAG9D,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAACiF,QAAQ,CAACC,KAAK,EAAE;MAC9ClE,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJkE,UAAU,EAAE,CACR;UAAEnE,IAAI,EAAE,IAAI;UAAEoE,IAAI,EAAE;QAAI,CAAC,EACzB;UAAEpE,IAAI,EAAE,IAAI;UAAEoE,IAAI,EAAE;QAAI,CAAC,CAC5B;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE;MACd,CAAC;MACDtB,IAAI,EAAE;QAAEC,OAAO,EAAEjD,MAAM,CAACiD;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAMsB,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAGzE,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC4F,GAAG,CAACC,IAAI,EAAE;MACvC7E,IAAI,EAAE0E,QAAQ;MACdzE,MAAM,EAAE;QACJ6E,gBAAgB,EAAE;UACdvB,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACPqB,OAAO,EAAE;YACb,CAAC;YACDtB,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACDuB,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAACjF,GAAG,EAAEkB,MAAM,CAACmB,MAAM,CAAC;IAEnErC,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC4F,GAAG,CAACQ,oBAAoB,EAAE;MAC1CpF,IAAI,EAAE,GAAG0E,QAAQ,gCAAgC;MACjDzE,MAAM,EAAE;QACJ0E,IAAI,EAAEA,IAAI,CAACpC,MAAM;QACjB8C,SAAS,EAAEH,MAAM,CAAC3C,MAAM,CAACwB;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAIjD,GAAG,EAAE;MACLZ,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC4F,GAAG,CAACQ,oBAAoB,EAAE;QAC1CpF,IAAI,EAAE,GAAG0E,QAAQ,kCAAkC;QACnDzE,MAAM,EAAE;UACJ0E,IAAI,EAAEA,IAAI,CAACpC,MAAM;UACjB8C,SAAS,EAAErG,GAAG,CAAC4F,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHrF,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC4F,GAAG,CAACQ,oBAAoB,EAAE;QAC1CpF,IAAI,EAAE,GAAG0E,QAAQ,8BAA8B;QAC/CzE,MAAM,EAAE;UACJ0E,IAAI,EAAEA,IAAI,CAACpC,MAAM;UACjB8C,SAAS,EAAErG,GAAG,CAAC4F,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEAtF,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC4F,GAAG,CAACQ,oBAAoB,EAAE;MAC1CpF,IAAI,EAAE,GAAG0E,QAAQ,iCAAiC;MAClDzE,MAAM,EAAE;QACJ0E,IAAI,EAAEA,IAAI,CAACpC,MAAM;QACjB8C,SAAS,EAAErG,GAAG,CAAC4F,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAGxF,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC0G,MAAM,CAACC,QAAQ,EAAE;MAChD3F,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJ0E,IAAI,EAAEA,IAAI,CAACpC,MAAM,CAACwB,GAAG;QACrB6B,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE3E,MAAM,CAACF,OAAO,CAACT,GAAG,CAACsF,KAAK,CAAC;YAChCC,uBAAuB,EAAEhF,MAAM,CAACmB,MAAM,CAAC8D,QAAQ;YAC/CC,YAAY,EAAEpF,gBAAgB,CAACqB,MAAM,CAACvC;UAC1C;QACJ,CAAC;QACDuG,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAI1H,MAAM,CAAC2H,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAI5H,MAAM,CAAC2H,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAAC3G,GAAG,CAAC4G,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAElG,GAAG,GACR;UACIoB,SAAS,EAAEpB,GAAG,CAACqB,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAAC3B,GAAG,CAACA,GAAG,CAACyB,MAAM,CAACG,sBAAsB;QAC5D,CAAC,GACDC;MACV;IACJ,CAAC,CAAC;IAEF,MAAMsE,kBAAkB,GAAG/G,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC0G,MAAM,CAACwB,kBAAkB,EAAE;MACtElH,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJkH,cAAc,EAAEnD,KAAK,CAACzB,MAAM,CAAC6E,SAAS;QACtCC,YAAY,EAAE3B,MAAM,CAACnD,MAAM,CAACwB,GAAG;QAC/BuD,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,EAAE;QACbC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFvH,GAAG,CAACwH,UAAU,CAAC;MACXC,sBAAsB,EAAEvG,MAAM,CAACmB,MAAM,CAACwB,GAAG;MACzC6D,2BAA2B,EAAExG,MAAM,CAACmB,MAAM,CAAC8D,QAAQ;MACnDwB,6BAA6B,EAAE7D,KAAK,CAACzB,MAAM,CAACwB,GAAG;MAC/C+D,8BAA8B,EAAE9D,KAAK,CAACzB,MAAM,CAACvC,IAAI;MACjD+H,sCAAsC,EAAErC,MAAM,CAACnD,MAAM,CAACvC;IAC1D,CAAC,CAAC;IAEF,OAAO;MACHoB,MAAM;MACNC,YAAY;MACZ2C,KAAK;MACLgE,eAAe,EAAE;QACbrD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNuB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS9B,gCAAgCA,CACrCjF,GAAc,EACdkB,MAAmF,EACrF;EACE,MAAMF,gBAAgB,GAAGhB,GAAG,CAACa,SAAS,CAACI,oBAAS,CAAC;EAEjD,OAAOjB,GAAG,CAAC2B,WAAW,CAAC7C,GAAG,CAAC4F,GAAG,CAACqD,MAAM,EAAE;IACnCjI,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJsG,WAAW,EAAE,uDAAuD;MACpErB,MAAM,EAAE;QACJ3B,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACI0E,GAAG,EAAE,iBAAiB;UACtBzE,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,CACjB;UACDC,QAAQ,EAAE,CACN/E,MAAM,CAACgF,WAAW,GAAG1C,MAAM,CAAC2C,GAAG,EAAE,EACjCjF,MAAM,CAACgF,WAAW,GAAG1C,MAAM,CAAC2C,GAAG,IAAI;QAE3C,CAAC,EACD;UACImE,GAAG,EAAE,0BAA0B;UAC/BzE,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,eAAe,EACf,gBAAgB,CACnB;UACDC,QAAQ,EAAE,CACN/E,MAAM,CAACgF,WAAW,GAAG5C,gBAAgB,CAACqB,MAAM,CAACwB,GAAG,EAAE,EAClDjF,MAAM,CAACgF,WAAW,GAAG5C,gBAAgB,CAACqB,MAAM,CAACwB,GAAG,IAAI;QAE5D,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import * as aws from "@pulumi/aws";
|
|
2
|
-
import { PulumiAppResource, PulumiAppResourceConstructor
|
|
2
|
+
import { PulumiAppRemoteResource, PulumiAppResource, PulumiAppResourceConstructor } from "@webiny/pulumi";
|
|
3
3
|
export interface OpenSearchParams {
|
|
4
4
|
protect: boolean;
|
|
5
5
|
}
|
|
@@ -274,6 +274,7 @@ const OpenSearch = exports.OpenSearch = (0, _pulumi2.createAppModule)({
|
|
|
274
274
|
}
|
|
275
275
|
});
|
|
276
276
|
function getDynamoDbToElasticLambdaPolicy(app, domain) {
|
|
277
|
+
const logDynamoDbTable = app.getModule(_LogDynamo.LogDynamo);
|
|
277
278
|
return app.addResource(aws.iam.Policy, {
|
|
278
279
|
name: "DynamoDbToElasticLambdaPolicy-updated",
|
|
279
280
|
config: {
|
|
@@ -283,8 +284,13 @@ function getDynamoDbToElasticLambdaPolicy(app, domain) {
|
|
|
283
284
|
Statement: [{
|
|
284
285
|
Sid: "PermissionForES",
|
|
285
286
|
Effect: "Allow",
|
|
286
|
-
Action: ["es:ESHttpGet", "es:ESHttpDelete", "es:ESHttpPatch", "es:ESHttpPost", "es:ESHttpPut"
|
|
287
|
+
Action: ["es:ESHttpGet", "es:ESHttpDelete", "es:ESHttpPatch", "es:ESHttpPost", "es:ESHttpPut"],
|
|
287
288
|
Resource: [pulumi.interpolate`${domain.arn}`, pulumi.interpolate`${domain.arn}/*`]
|
|
289
|
+
}, {
|
|
290
|
+
Sid: "PermissionForDynamoDbLog",
|
|
291
|
+
Effect: "Allow",
|
|
292
|
+
Action: ["dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:Scan", "dynamodb:Query"],
|
|
293
|
+
Resource: [pulumi.interpolate`${logDynamoDbTable.output.arn}`, pulumi.interpolate`${logDynamoDbTable.output.arn}/*`]
|
|
288
294
|
}]
|
|
289
295
|
}
|
|
290
296
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","random","_pulumi2","_awsUtils","_CoreVpc","_constants","_LogDynamo","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","OS_ENGINE_VERSION","OpenSearch","exports","createAppModule","name","config","app","params","productionEnvironments","create","DEFAULT_PROD_ENV_NAMES","isProduction","includes","run","env","vpc","getModule","CoreVpc","optional","logDynamoDbTable","LogDynamo","domain","domainPolicy","process","AWS_ELASTIC_SEARCH_DOMAIN_NAME","domainName","String","addRemoteResource","opensearch","getDomain","async","randomId","RandomId","byteLength","namePrefix","getParam","pulumiResourceNamePrefix","domainLogicalName","domainPhysicalName","hex","apply","slice","addResource","Domain","engineVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","accountId","getAwsAccountId","DomainPolicy","accessPolicies","all","arn","domainArn","JSON","stringify","Version","Statement","Effect","Principal","AWS","Action","Resource","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","environment","variables","DEBUG","ELASTIC_SEARCH_ENDPOINT","endpoint","DB_TABLE_LOG","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","elasticsearchDomainArn","elasticsearchDomainEndpoint","elasticsearchDynamodbTableArn","elasticsearchDynamodbTableName","dynamoToElastic","Policy","Sid","interpolate"],"sources":["CoreOpenSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as random from \"@pulumi/random\";\nimport {\n createAppModule,\n PulumiApp,\n PulumiAppResource,\n PulumiAppResourceConstructor,\n PulumiAppRemoteResource\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { CoreVpc } from \"./CoreVpc\";\nimport { DEFAULT_PROD_ENV_NAMES, LAMBDA_RUNTIME } from \"~/constants\";\nimport { LogDynamo } from \"~/apps/core/LogDynamo\";\n\nexport interface OpenSearchParams {\n protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n instanceType: \"t3.small.search\"\n };\n}\n\nfunction getProdClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n // For production deployments, we create 2 instances and configure multi-AZ.\n instanceType: \"t3.medium.search\",\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 2\n }\n };\n}\n\nconst OS_ENGINE_VERSION = \"OpenSearch_2.11\";\n\nexport const OpenSearch = createAppModule({\n name: \"OpenSearch\",\n config(app, params: OpenSearchParams) {\n const productionEnvironments =\n app.params.create.productionEnvironments || DEFAULT_PROD_ENV_NAMES;\n const isProduction = productionEnvironments.includes(app.params.run.env);\n\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n const logDynamoDbTable = app.getModule(LogDynamo);\n\n // This needs to be implemented in order to be able to use a shared OpenSearch cluster.\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain>>\n | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>;\n\n let domainPolicy;\n\n if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {\n const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME);\n // This can be useful for testing purposes in ephemeral environments. More information here:\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(domainName, () => {\n return aws.opensearch.getDomain({ domainName }, { async: true });\n });\n } else {\n const randomId = new random.RandomId(\"osDomainRandomId\", { byteLength: 8 });\n const namePrefix = app.getParam(app.params.create.pulumiResourceNamePrefix) || \"\";\n\n const domainLogicalName = \"webiny-js\";\n const domainPhysicalName = randomId.hex.apply((hex: string) => {\n return `${namePrefix}${domainLogicalName}-${hex.slice(-7)}`;\n });\n\n domain = app.addResource(aws.opensearch.Domain, {\n name: domainLogicalName,\n config: {\n domainName: domainPhysicalName,\n engineVersion: OS_ENGINE_VERSION,\n clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n /**\n * Domain policy defines who can access your OpenSearch Domain.\n * For details on OpenSearch security, read the official documentation:\n * https://docs.aws.amazon.com/openSearch-service/latest/developerguide/security.html\n */\n const accountId = getAwsAccountId(app);\n\n domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {\n name: `${domainLogicalName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: pulumi\n .all([accountId, domain.output.arn])\n .apply(([accountId, domainArn]) => {\n return JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [\n /**\n * Allow requests signed with current account\n */\n {\n Effect: \"Allow\",\n Principal: {\n AWS: accountId\n },\n Action: \"es:*\",\n Resource: `${domainArn}/*`\n }\n ]\n });\n })\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for OpenSearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your OpenSearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with OpenSearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\"\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n if (vpc) {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n } else {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n }\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains OpenSearch items.\n * OpenSearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for OpenSearch in a DynamoDB table, and asynchronously insert it into OpenSearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 900,\n memorySize: 1024,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint,\n DB_TABLE_LOG: logDynamoDbTable.output.name\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 50,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n elasticsearchDomainArn: domain.output.arn,\n elasticsearchDomainEndpoint: domain.output.endpoint,\n elasticsearchDynamodbTableArn: table.output.arn,\n elasticsearchDynamodbTableName: table.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n app: PulumiApp,\n domain: pulumi.Output<aws.opensearch.Domain | aws.opensearch.GetDomainResult>\n) {\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpGet\",\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\",\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:Query\",\n \"dynamodb:UpdateItem\"\n ],\n Resource: [\n pulumi.interpolate`${domain.arn}`,\n pulumi.interpolate`${domain.arn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;AAKA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,MAAA,GAAAF,uBAAA,CAAAF,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AAQA,IAAAM,SAAA,GAAAN,OAAA;AACA,IAAAO,QAAA,GAAAP,OAAA;AACA,IAAAQ,UAAA,GAAAR,OAAA;AACA,IAAAS,UAAA,GAAAT,OAAA;AApBA;AACA;AACA;AACA;AACA;;AAsBA,SAASU,mBAAmBA,CAAA,EAAmD;EAC3E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAmD;EAC5E,OAAO;IACH;IACAD,YAAY,EAAE,kBAAkB;IAChCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEA,MAAMC,iBAAiB,GAAG,iBAAiB;AAEpC,MAAMC,UAAU,GAAAC,OAAA,CAAAD,UAAA,GAAG,IAAAE,wBAAe,EAAC;EACtCC,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAG,EAAEC,MAAwB,EAAE;IAClC,MAAMC,sBAAsB,GACxBF,GAAG,CAACC,MAAM,CAACE,MAAM,CAACD,sBAAsB,IAAIE,iCAAsB;IACtE,MAAMC,YAAY,GAAGH,sBAAsB,CAACI,QAAQ,CAACN,GAAG,CAACC,MAAM,CAACM,GAAG,CAACC,GAAG,CAAC;IAExE,MAAMC,GAAG,GAAGT,GAAG,CAACU,SAAS,CAACC,gBAAO,EAAE;MAAEC,QAAQ,EAAE;IAAK,CAAC,CAAC;IAEtD,MAAMC,gBAAgB,GAAGb,GAAG,CAACU,SAAS,CAACI,oBAAS,CAAC;;IAEjD;IACA,IAAIC,MAEyD;IAE7D,IAAIC,YAAY;IAEhB,IAAIC,OAAO,CAACT,GAAG,CAACU,8BAA8B,EAAE;MAC5C,MAAMC,UAAU,GAAGC,MAAM,CAACH,OAAO,CAACT,GAAG,CAACU,8BAA8B,CAAC;MACrE;MACA;MACAH,MAAM,GAAGf,GAAG,CAACqB,iBAAiB,CAACF,UAAU,EAAE,MAAM;QAC7C,OAAOvC,GAAG,CAAC0C,UAAU,CAACC,SAAS,CAAC;UAAEJ;QAAW,CAAC,EAAE;UAAEK,KAAK,EAAE;QAAK,CAAC,CAAC;MACpE,CAAC,CAAC;IACN,CAAC,MAAM;MACH,MAAMC,QAAQ,GAAG,IAAI5C,MAAM,CAAC6C,QAAQ,CAAC,kBAAkB,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAC3E,MAAMC,UAAU,GAAG5B,GAAG,CAAC6B,QAAQ,CAAC7B,GAAG,CAACC,MAAM,CAACE,MAAM,CAAC2B,wBAAwB,CAAC,IAAI,EAAE;MAEjF,MAAMC,iBAAiB,GAAG,WAAW;MACrC,MAAMC,kBAAkB,GAAGP,QAAQ,CAACQ,GAAG,CAACC,KAAK,CAAED,GAAW,IAAK;QAC3D,OAAO,GAAGL,UAAU,GAAGG,iBAAiB,IAAIE,GAAG,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;MAC/D,CAAC,CAAC;MAEFpB,MAAM,GAAGf,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC0C,UAAU,CAACe,MAAM,EAAE;QAC5CvC,IAAI,EAAEiC,iBAAiB;QACvBhC,MAAM,EAAE;UACJoB,UAAU,EAAEa,kBAAkB;UAC9BM,aAAa,EAAE5C,iBAAiB;UAChC6C,aAAa,EAAElC,YAAY,GAAGhB,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5EqD,UAAU,EAAE/B,GAAG,GACT;YACIgC,SAAS,EAAEhC,GAAG,CAACiC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAACvC,GAAG,CAACA,GAAG,CAACqC,MAAM,CAACG,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAE1D,MAAM,CAAC0D;QAAQ;MACpC,CAAC,CAAC;;MAEF;AACZ;AACA;AACA;AACA;MACY,MAAMC,SAAS,GAAG,IAAAC,yBAAe,EAAC7D,GAAG,CAAC;MAEtCgB,YAAY,GAAGhB,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC0C,UAAU,CAACwC,YAAY,EAAE;QACxDhE,IAAI,EAAE,GAAGiC,iBAAiB,SAAS;QACnChC,MAAM,EAAE;UACJoB,UAAU,EAAEJ,MAAM,CAAC+B,MAAM,CAAC3B,UAAU;UACpC4C,cAAc,EAAErF,MAAM,CACjBsF,GAAG,CAAC,CAACJ,SAAS,EAAE7C,MAAM,CAAC+B,MAAM,CAACmB,GAAG,CAAC,CAAC,CACnC/B,KAAK,CAAC,CAAC,CAAC0B,SAAS,EAAEM,SAAS,CAAC,KAAK;YAC/B,OAAOC,IAAI,CAACC,SAAS,CAAC;cAClBC,OAAO,EAAE,YAAY;cACrBC,SAAS,EAAE;cACP;AACpC;AACA;cACoC;gBACIC,MAAM,EAAE,OAAO;gBACfC,SAAS,EAAE;kBACPC,GAAG,EAAEb;gBACT,CAAC;gBACDc,MAAM,EAAE,MAAM;gBACdC,QAAQ,EAAE,GAAGT,SAAS;cAC1B,CAAC;YAET,CAAC,CAAC;UACN,CAAC;QACT,CAAC;QACDR,IAAI,EAAE;UAAEC,OAAO,EAAE1D,MAAM,CAAC0D;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMiB,KAAK,GAAG5E,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAACiG,QAAQ,CAACC,KAAK,EAAE;MAC9ChF,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJgF,UAAU,EAAE,CACR;UAAEjF,IAAI,EAAE,IAAI;UAAEkF,IAAI,EAAE;QAAI,CAAC,EACzB;UAAElF,IAAI,EAAE,IAAI;UAAEkF,IAAI,EAAE;QAAI,CAAC,CAC5B;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE;MACd,CAAC;MACD3B,IAAI,EAAE;QAAEC,OAAO,EAAE1D,MAAM,CAAC0D;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAM2B,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAGvF,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC4G,GAAG,CAACC,IAAI,EAAE;MACvC3F,IAAI,EAAEwF,QAAQ;MACdvF,MAAM,EAAE;QACJ2F,gBAAgB,EAAE;UACdrB,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACPmB,OAAO,EAAE;YACb,CAAC;YACDpB,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACDqB,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAAC/F,GAAG,EAAEe,MAAM,CAAC+B,MAAM,CAAC;IAEnE9C,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC4G,GAAG,CAACQ,oBAAoB,EAAE;MAC1ClG,IAAI,EAAE,GAAGwF,QAAQ,gCAAgC;MACjDvF,MAAM,EAAE;QACJwF,IAAI,EAAEA,IAAI,CAACzC,MAAM;QACjBmD,SAAS,EAAEH,MAAM,CAAChD,MAAM,CAACmB;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAIxD,GAAG,EAAE;MACLT,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC4G,GAAG,CAACQ,oBAAoB,EAAE;QAC1ClG,IAAI,EAAE,GAAGwF,QAAQ,kCAAkC;QACnDvF,MAAM,EAAE;UACJwF,IAAI,EAAEA,IAAI,CAACzC,MAAM;UACjBmD,SAAS,EAAErH,GAAG,CAAC4G,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHnG,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC4G,GAAG,CAACQ,oBAAoB,EAAE;QAC1ClG,IAAI,EAAE,GAAGwF,QAAQ,8BAA8B;QAC/CvF,MAAM,EAAE;UACJwF,IAAI,EAAEA,IAAI,CAACzC,MAAM;UACjBmD,SAAS,EAAErH,GAAG,CAAC4G,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEApG,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC4G,GAAG,CAACQ,oBAAoB,EAAE;MAC1ClG,IAAI,EAAE,GAAGwF,QAAQ,iCAAiC;MAClDvF,MAAM,EAAE;QACJwF,IAAI,EAAEA,IAAI,CAACzC,MAAM;QACjBmD,SAAS,EAAErH,GAAG,CAAC4G,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAGtG,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC0H,MAAM,CAACC,QAAQ,EAAE;MAChDzG,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJwF,IAAI,EAAEA,IAAI,CAACzC,MAAM,CAACmB,GAAG;QACrBuC,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE3F,MAAM,CAACH,OAAO,CAACT,GAAG,CAACuG,KAAK,CAAC;YAChCC,uBAAuB,EAAEjG,MAAM,CAAC+B,MAAM,CAACmE,QAAQ;YAC/CC,YAAY,EAAErG,gBAAgB,CAACiC,MAAM,CAAChD;UAC1C;QACJ,CAAC;QACDqH,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAI1I,MAAM,CAAC2I,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAI5I,MAAM,CAAC2I,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACzH,GAAG,CAAC0H,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAEnH,GAAG,GACR;UACIgC,SAAS,EAAEhC,GAAG,CAACiC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAACvC,GAAG,CAACA,GAAG,CAACqC,MAAM,CAACG,sBAAsB;QAC5D,CAAC,GACDC;MACV;IACJ,CAAC,CAAC;IAEF,MAAM2E,kBAAkB,GAAG7H,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC0H,MAAM,CAACwB,kBAAkB,EAAE;MACtEhI,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJgI,cAAc,EAAEnD,KAAK,CAAC9B,MAAM,CAACkF,SAAS;QACtCC,YAAY,EAAE3B,MAAM,CAACxD,MAAM,CAACmB,GAAG;QAC/BiE,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,EAAE;QACbC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFrI,GAAG,CAACsI,UAAU,CAAC;MACXC,sBAAsB,EAAExH,MAAM,CAAC+B,MAAM,CAACmB,GAAG;MACzCuE,2BAA2B,EAAEzH,MAAM,CAAC+B,MAAM,CAACmE,QAAQ;MACnDwB,6BAA6B,EAAE7D,KAAK,CAAC9B,MAAM,CAACmB,GAAG;MAC/CyE,8BAA8B,EAAE9D,KAAK,CAAC9B,MAAM,CAAChD;IACjD,CAAC,CAAC;IAEF,OAAO;MACHiB,MAAM;MACNC,YAAY;MACZ4D,KAAK;MACL+D,eAAe,EAAE;QACbpD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNuB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS9B,gCAAgCA,CACrC/F,GAAc,EACde,MAA6E,EAC/E;EACE,OAAOf,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC4G,GAAG,CAACoD,MAAM,EAAE;IACnC9I,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJoH,WAAW,EAAE,uDAAuD;MACpErB,MAAM,EAAE;QACJzB,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIuE,GAAG,EAAE,iBAAiB;UACtBtE,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,gBAAgB,EAChB,qBAAqB,CACxB;UACDC,QAAQ,EAAE,CACNjG,MAAM,CAACoK,WAAW,GAAG/H,MAAM,CAACkD,GAAG,EAAE,EACjCvF,MAAM,CAACoK,WAAW,GAAG/H,MAAM,CAACkD,GAAG,IAAI;QAE3C,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
|
|
1
|
+
{"version":3,"names":["_path","_interopRequireDefault","require","pulumi","_interopRequireWildcard","aws","random","_pulumi2","_awsUtils","_CoreVpc","_constants","_LogDynamo","getDevClusterConfig","instanceType","getProdClusterConfig","instanceCount","zoneAwarenessEnabled","zoneAwarenessConfig","availabilityZoneCount","OS_ENGINE_VERSION","OpenSearch","exports","createAppModule","name","config","app","params","productionEnvironments","create","DEFAULT_PROD_ENV_NAMES","isProduction","includes","run","env","vpc","getModule","CoreVpc","optional","logDynamoDbTable","LogDynamo","domain","domainPolicy","process","AWS_ELASTIC_SEARCH_DOMAIN_NAME","domainName","String","addRemoteResource","opensearch","getDomain","async","randomId","RandomId","byteLength","namePrefix","getParam","pulumiResourceNamePrefix","domainLogicalName","domainPhysicalName","hex","apply","slice","addResource","Domain","engineVersion","clusterConfig","vpcOptions","subnetIds","subnets","private","map","s","output","id","securityGroupIds","defaultSecurityGroupId","undefined","ebsOptions","ebsEnabled","volumeSize","volumeType","advancedOptions","snapshotOptions","automatedSnapshotStartHour","opts","protect","accountId","getAwsAccountId","DomainPolicy","accessPolicies","all","arn","domainArn","JSON","stringify","Version","Statement","Effect","Principal","AWS","Action","Resource","table","dynamodb","Table","attributes","type","streamEnabled","streamViewType","billingMode","hashKey","rangeKey","roleName","role","iam","Role","assumeRolePolicy","Service","meta","isLambdaFunctionRole","policy","getDynamoDbToElasticLambdaPolicy","RolePolicyAttachment","policyArn","ManagedPolicy","AWSLambdaVPCAccessExecutionRole","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","lambda","Function","runtime","LAMBDA_RUNTIME","handler","timeout","memorySize","environment","variables","DEBUG","ELASTIC_SEARCH_ENDPOINT","endpoint","DB_TABLE_LOG","description","code","asset","AssetArchive","FileArchive","path","join","paths","workspace","vpcConfig","eventSourceMapping","EventSourceMapping","eventSourceArn","streamArn","functionName","startingPosition","maximumRetryAttempts","batchSize","maximumBatchingWindowInSeconds","addOutputs","elasticsearchDomainArn","elasticsearchDomainEndpoint","elasticsearchDynamodbTableArn","elasticsearchDynamodbTableName","dynamoToElastic","Policy","Sid","interpolate"],"sources":["CoreOpenSearch.ts"],"sourcesContent":["/**\n * Important documents to read:\n *\n * https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#network-limits\n */\nimport path from \"path\";\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as random from \"@pulumi/random\";\nimport {\n createAppModule,\n PulumiApp,\n PulumiAppRemoteResource,\n PulumiAppResource,\n PulumiAppResourceConstructor\n} from \"@webiny/pulumi\";\n\nimport { getAwsAccountId } from \"../awsUtils\";\nimport { CoreVpc } from \"./CoreVpc\";\nimport { DEFAULT_PROD_ENV_NAMES, LAMBDA_RUNTIME } from \"~/constants\";\nimport { LogDynamo } from \"~/apps/core/LogDynamo\";\n\nexport interface OpenSearchParams {\n protect: boolean;\n}\n\nfunction getDevClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n instanceType: \"t3.small.search\"\n };\n}\n\nfunction getProdClusterConfig(): aws.types.input.opensearch.DomainClusterConfig {\n return {\n // For production deployments, we create 2 instances and configure multi-AZ.\n instanceType: \"t3.medium.search\",\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n zoneAwarenessConfig: {\n availabilityZoneCount: 2\n }\n };\n}\n\nconst OS_ENGINE_VERSION = \"OpenSearch_2.11\";\n\nexport const OpenSearch = createAppModule({\n name: \"OpenSearch\",\n config(app, params: OpenSearchParams) {\n const productionEnvironments =\n app.params.create.productionEnvironments || DEFAULT_PROD_ENV_NAMES;\n const isProduction = productionEnvironments.includes(app.params.run.env);\n\n const vpc = app.getModule(CoreVpc, { optional: true });\n\n const logDynamoDbTable = app.getModule(LogDynamo);\n\n // This needs to be implemented in order to be able to use a shared OpenSearch cluster.\n let domain:\n | PulumiAppResource<PulumiAppResourceConstructor<aws.opensearch.Domain>>\n | PulumiAppRemoteResource<aws.opensearch.GetDomainResult>;\n\n let domainPolicy;\n\n if (process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME) {\n const domainName = String(process.env.AWS_ELASTIC_SEARCH_DOMAIN_NAME);\n // This can be useful for testing purposes in ephemeral environments. More information here:\n // https://www.webiny.com/docs/key-topics/ci-cd/testing/slow-ephemeral-environments\n domain = app.addRemoteResource(domainName, () => {\n return aws.opensearch.getDomain({ domainName }, { async: true });\n });\n } else {\n const randomId = new random.RandomId(\"osDomainRandomId\", { byteLength: 8 });\n const namePrefix = app.getParam(app.params.create.pulumiResourceNamePrefix) || \"\";\n\n const domainLogicalName = \"webiny-js\";\n const domainPhysicalName = randomId.hex.apply((hex: string) => {\n return `${namePrefix}${domainLogicalName}-${hex.slice(-7)}`;\n });\n\n domain = app.addResource(aws.opensearch.Domain, {\n name: domainLogicalName,\n config: {\n domainName: domainPhysicalName,\n engineVersion: OS_ENGINE_VERSION,\n clusterConfig: isProduction ? getProdClusterConfig() : getDevClusterConfig(),\n vpcOptions: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined,\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n volumeType: \"gp2\"\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\"\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23\n }\n },\n opts: { protect: params.protect }\n });\n\n /**\n * Domain policy defines who can access your OpenSearch Domain.\n * For details on OpenSearch security, read the official documentation:\n * https://docs.aws.amazon.com/openSearch-service/latest/developerguide/security.html\n */\n const accountId = getAwsAccountId(app);\n\n domainPolicy = app.addResource(aws.opensearch.DomainPolicy, {\n name: `${domainLogicalName}-policy`,\n config: {\n domainName: domain.output.domainName,\n accessPolicies: pulumi\n .all([accountId, domain.output.arn])\n .apply(([accountId, domainArn]) => {\n return JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [\n /**\n * Allow requests signed with current account\n */\n {\n Effect: \"Allow\",\n Principal: {\n AWS: accountId\n },\n Action: \"es:*\",\n Resource: `${domainArn}/*`\n }\n ]\n });\n })\n },\n opts: { protect: params.protect }\n });\n }\n\n /**\n * Create a table for OpenSearch records. All ES records are stored in this table to dramatically improve\n * performance and stability on write operations (especially massive data imports). This table also serves as a backup and\n * a single source of truth for your OpenSearch domain. Streaming is enabled on this table, and it will\n * allow asynchronous synchronization of data with OpenSearch domain.\n */\n const table = app.addResource(aws.dynamodb.Table, {\n name: \"webiny-es\",\n config: {\n attributes: [\n { name: \"PK\", type: \"S\" },\n { name: \"SK\", type: \"S\" }\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"PK\",\n rangeKey: \"SK\"\n },\n opts: { protect: params.protect }\n });\n\n const roleName = \"dynamo-to-elastic-lambda-role\";\n\n const role = app.addResource(aws.iam.Role, {\n name: roleName,\n config: {\n assumeRolePolicy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Action: \"sts:AssumeRole\",\n Principal: {\n Service: \"lambda.amazonaws.com\"\n },\n Effect: \"Allow\"\n }\n ]\n }\n },\n meta: { isLambdaFunctionRole: true }\n });\n\n const policy = getDynamoDbToElasticLambdaPolicy(app, domain.output);\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-DynamoDbToElasticLambdaPolicy`,\n config: {\n role: role.output,\n policyArn: policy.output.arn\n }\n });\n\n // Only use `AWSLambdaVPCAccessExecutionRole` policy if VPC feature is enabled.\n if (vpc) {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaVPCAccessExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaVPCAccessExecutionRole\n }\n });\n } else {\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaBasicExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaBasicExecutionRole\n }\n });\n }\n\n app.addResource(aws.iam.RolePolicyAttachment, {\n name: `${roleName}-AWSLambdaDynamoDBExecutionRole`,\n config: {\n role: role.output,\n policyArn: aws.iam.ManagedPolicy.AWSLambdaDynamoDBExecutionRole\n }\n });\n\n /**\n * This Lambda will process the stream events from DynamoDB table that contains OpenSearch items.\n * OpenSearch can't take large amount of individual writes in a short period of time, so this way\n * we store data for OpenSearch in a DynamoDB table, and asynchronously insert it into OpenSearch\n * using batching.\n */\n const lambda = app.addResource(aws.lambda.Function, {\n name: \"dynamo-to-elastic\",\n config: {\n role: role.output.arn,\n runtime: LAMBDA_RUNTIME,\n handler: \"handler.handler\",\n timeout: 900,\n memorySize: 1024,\n environment: {\n variables: {\n DEBUG: String(process.env.DEBUG),\n ELASTIC_SEARCH_ENDPOINT: domain.output.endpoint,\n DB_TABLE_LOG: logDynamoDbTable.output.name\n }\n },\n description: \"Process DynamoDB Stream.\",\n code: new pulumi.asset.AssetArchive({\n \".\": new pulumi.asset.FileArchive(\n path.join(app.paths.workspace, \"dynamoToElastic/build\")\n )\n }),\n vpcConfig: vpc\n ? {\n subnetIds: vpc.subnets.private.map(s => s.output.id),\n securityGroupIds: [vpc.vpc.output.defaultSecurityGroupId]\n }\n : undefined\n }\n });\n\n const eventSourceMapping = app.addResource(aws.lambda.EventSourceMapping, {\n name: \"dynamo-to-elastic\",\n config: {\n eventSourceArn: table.output.streamArn,\n functionName: lambda.output.arn,\n startingPosition: \"LATEST\",\n maximumRetryAttempts: 3,\n batchSize: 50,\n maximumBatchingWindowInSeconds: 1\n }\n });\n\n app.addOutputs({\n elasticsearchDomainArn: domain.output.arn,\n elasticsearchDomainEndpoint: domain.output.endpoint,\n elasticsearchDynamodbTableArn: table.output.arn,\n elasticsearchDynamodbTableName: table.output.name\n });\n\n return {\n domain,\n domainPolicy,\n table,\n dynamoToElastic: {\n role,\n policy,\n lambda,\n eventSourceMapping\n }\n };\n }\n});\n\nfunction getDynamoDbToElasticLambdaPolicy(\n app: PulumiApp,\n domain: pulumi.Output<aws.opensearch.Domain | aws.opensearch.GetDomainResult>\n) {\n const logDynamoDbTable = app.getModule(LogDynamo);\n\n return app.addResource(aws.iam.Policy, {\n name: \"DynamoDbToElasticLambdaPolicy-updated\",\n config: {\n description: \"This policy enables access to ES and Dynamodb streams\",\n policy: {\n Version: \"2012-10-17\",\n Statement: [\n {\n Sid: \"PermissionForES\",\n Effect: \"Allow\",\n Action: [\n \"es:ESHttpGet\",\n \"es:ESHttpDelete\",\n \"es:ESHttpPatch\",\n \"es:ESHttpPost\",\n \"es:ESHttpPut\"\n ],\n Resource: [\n pulumi.interpolate`${domain.arn}`,\n pulumi.interpolate`${domain.arn}/*`\n ]\n },\n {\n Sid: \"PermissionForDynamoDbLog\",\n Effect: \"Allow\",\n Action: [\n \"dynamodb:GetItem\",\n \"dynamodb:PutItem\",\n \"dynamodb:UpdateItem\",\n \"dynamodb:DeleteItem\",\n \"dynamodb:BatchGetItem\",\n \"dynamodb:BatchWriteItem\",\n \"dynamodb:Scan\",\n \"dynamodb:Query\"\n ],\n Resource: [\n pulumi.interpolate`${logDynamoDbTable.output.arn}`,\n pulumi.interpolate`${logDynamoDbTable.output.arn}/*`\n ]\n }\n ]\n }\n }\n });\n}\n"],"mappings":";;;;;;;;AAKA,IAAAA,KAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,uBAAA,CAAAF,OAAA;AACA,IAAAG,GAAA,GAAAD,uBAAA,CAAAF,OAAA;AACA,IAAAI,MAAA,GAAAF,uBAAA,CAAAF,OAAA;AACA,IAAAK,QAAA,GAAAL,OAAA;AAQA,IAAAM,SAAA,GAAAN,OAAA;AACA,IAAAO,QAAA,GAAAP,OAAA;AACA,IAAAQ,UAAA,GAAAR,OAAA;AACA,IAAAS,UAAA,GAAAT,OAAA;AApBA;AACA;AACA;AACA;AACA;;AAsBA,SAASU,mBAAmBA,CAAA,EAAmD;EAC3E,OAAO;IACHC,YAAY,EAAE;EAClB,CAAC;AACL;AAEA,SAASC,oBAAoBA,CAAA,EAAmD;EAC5E,OAAO;IACH;IACAD,YAAY,EAAE,kBAAkB;IAChCE,aAAa,EAAE,CAAC;IAChBC,oBAAoB,EAAE,IAAI;IAC1BC,mBAAmB,EAAE;MACjBC,qBAAqB,EAAE;IAC3B;EACJ,CAAC;AACL;AAEA,MAAMC,iBAAiB,GAAG,iBAAiB;AAEpC,MAAMC,UAAU,GAAAC,OAAA,CAAAD,UAAA,GAAG,IAAAE,wBAAe,EAAC;EACtCC,IAAI,EAAE,YAAY;EAClBC,MAAMA,CAACC,GAAG,EAAEC,MAAwB,EAAE;IAClC,MAAMC,sBAAsB,GACxBF,GAAG,CAACC,MAAM,CAACE,MAAM,CAACD,sBAAsB,IAAIE,iCAAsB;IACtE,MAAMC,YAAY,GAAGH,sBAAsB,CAACI,QAAQ,CAACN,GAAG,CAACC,MAAM,CAACM,GAAG,CAACC,GAAG,CAAC;IAExE,MAAMC,GAAG,GAAGT,GAAG,CAACU,SAAS,CAACC,gBAAO,EAAE;MAAEC,QAAQ,EAAE;IAAK,CAAC,CAAC;IAEtD,MAAMC,gBAAgB,GAAGb,GAAG,CAACU,SAAS,CAACI,oBAAS,CAAC;;IAEjD;IACA,IAAIC,MAEyD;IAE7D,IAAIC,YAAY;IAEhB,IAAIC,OAAO,CAACT,GAAG,CAACU,8BAA8B,EAAE;MAC5C,MAAMC,UAAU,GAAGC,MAAM,CAACH,OAAO,CAACT,GAAG,CAACU,8BAA8B,CAAC;MACrE;MACA;MACAH,MAAM,GAAGf,GAAG,CAACqB,iBAAiB,CAACF,UAAU,EAAE,MAAM;QAC7C,OAAOvC,GAAG,CAAC0C,UAAU,CAACC,SAAS,CAAC;UAAEJ;QAAW,CAAC,EAAE;UAAEK,KAAK,EAAE;QAAK,CAAC,CAAC;MACpE,CAAC,CAAC;IACN,CAAC,MAAM;MACH,MAAMC,QAAQ,GAAG,IAAI5C,MAAM,CAAC6C,QAAQ,CAAC,kBAAkB,EAAE;QAAEC,UAAU,EAAE;MAAE,CAAC,CAAC;MAC3E,MAAMC,UAAU,GAAG5B,GAAG,CAAC6B,QAAQ,CAAC7B,GAAG,CAACC,MAAM,CAACE,MAAM,CAAC2B,wBAAwB,CAAC,IAAI,EAAE;MAEjF,MAAMC,iBAAiB,GAAG,WAAW;MACrC,MAAMC,kBAAkB,GAAGP,QAAQ,CAACQ,GAAG,CAACC,KAAK,CAAED,GAAW,IAAK;QAC3D,OAAO,GAAGL,UAAU,GAAGG,iBAAiB,IAAIE,GAAG,CAACE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;MAC/D,CAAC,CAAC;MAEFpB,MAAM,GAAGf,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC0C,UAAU,CAACe,MAAM,EAAE;QAC5CvC,IAAI,EAAEiC,iBAAiB;QACvBhC,MAAM,EAAE;UACJoB,UAAU,EAAEa,kBAAkB;UAC9BM,aAAa,EAAE5C,iBAAiB;UAChC6C,aAAa,EAAElC,YAAY,GAAGhB,oBAAoB,CAAC,CAAC,GAAGF,mBAAmB,CAAC,CAAC;UAC5EqD,UAAU,EAAE/B,GAAG,GACT;YACIgC,SAAS,EAAEhC,GAAG,CAACiC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;YACpDC,gBAAgB,EAAE,CAACvC,GAAG,CAACA,GAAG,CAACqC,MAAM,CAACG,sBAAsB;UAC5D,CAAC,GACDC,SAAS;UACfC,UAAU,EAAE;YACRC,UAAU,EAAE,IAAI;YAChBC,UAAU,EAAE,EAAE;YACdC,UAAU,EAAE;UAChB,CAAC;UACDC,eAAe,EAAE;YACb,wCAAwC,EAAE;UAC9C,CAAC;UACDC,eAAe,EAAE;YACbC,0BAA0B,EAAE;UAChC;QACJ,CAAC;QACDC,IAAI,EAAE;UAAEC,OAAO,EAAE1D,MAAM,CAAC0D;QAAQ;MACpC,CAAC,CAAC;;MAEF;AACZ;AACA;AACA;AACA;MACY,MAAMC,SAAS,GAAG,IAAAC,yBAAe,EAAC7D,GAAG,CAAC;MAEtCgB,YAAY,GAAGhB,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC0C,UAAU,CAACwC,YAAY,EAAE;QACxDhE,IAAI,EAAE,GAAGiC,iBAAiB,SAAS;QACnChC,MAAM,EAAE;UACJoB,UAAU,EAAEJ,MAAM,CAAC+B,MAAM,CAAC3B,UAAU;UACpC4C,cAAc,EAAErF,MAAM,CACjBsF,GAAG,CAAC,CAACJ,SAAS,EAAE7C,MAAM,CAAC+B,MAAM,CAACmB,GAAG,CAAC,CAAC,CACnC/B,KAAK,CAAC,CAAC,CAAC0B,SAAS,EAAEM,SAAS,CAAC,KAAK;YAC/B,OAAOC,IAAI,CAACC,SAAS,CAAC;cAClBC,OAAO,EAAE,YAAY;cACrBC,SAAS,EAAE;cACP;AACpC;AACA;cACoC;gBACIC,MAAM,EAAE,OAAO;gBACfC,SAAS,EAAE;kBACPC,GAAG,EAAEb;gBACT,CAAC;gBACDc,MAAM,EAAE,MAAM;gBACdC,QAAQ,EAAE,GAAGT,SAAS;cAC1B,CAAC;YAET,CAAC,CAAC;UACN,CAAC;QACT,CAAC;QACDR,IAAI,EAAE;UAAEC,OAAO,EAAE1D,MAAM,CAAC0D;QAAQ;MACpC,CAAC,CAAC;IACN;;IAEA;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMiB,KAAK,GAAG5E,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAACiG,QAAQ,CAACC,KAAK,EAAE;MAC9ChF,IAAI,EAAE,WAAW;MACjBC,MAAM,EAAE;QACJgF,UAAU,EAAE,CACR;UAAEjF,IAAI,EAAE,IAAI;UAAEkF,IAAI,EAAE;QAAI,CAAC,EACzB;UAAElF,IAAI,EAAE,IAAI;UAAEkF,IAAI,EAAE;QAAI,CAAC,CAC5B;QACDC,aAAa,EAAE,IAAI;QACnBC,cAAc,EAAE,oBAAoB;QACpCC,WAAW,EAAE,iBAAiB;QAC9BC,OAAO,EAAE,IAAI;QACbC,QAAQ,EAAE;MACd,CAAC;MACD3B,IAAI,EAAE;QAAEC,OAAO,EAAE1D,MAAM,CAAC0D;MAAQ;IACpC,CAAC,CAAC;IAEF,MAAM2B,QAAQ,GAAG,+BAA+B;IAEhD,MAAMC,IAAI,GAAGvF,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC4G,GAAG,CAACC,IAAI,EAAE;MACvC3F,IAAI,EAAEwF,QAAQ;MACdvF,MAAM,EAAE;QACJ2F,gBAAgB,EAAE;UACdrB,OAAO,EAAE,YAAY;UACrBC,SAAS,EAAE,CACP;YACII,MAAM,EAAE,gBAAgB;YACxBF,SAAS,EAAE;cACPmB,OAAO,EAAE;YACb,CAAC;YACDpB,MAAM,EAAE;UACZ,CAAC;QAET;MACJ,CAAC;MACDqB,IAAI,EAAE;QAAEC,oBAAoB,EAAE;MAAK;IACvC,CAAC,CAAC;IAEF,MAAMC,MAAM,GAAGC,gCAAgC,CAAC/F,GAAG,EAAEe,MAAM,CAAC+B,MAAM,CAAC;IAEnE9C,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC4G,GAAG,CAACQ,oBAAoB,EAAE;MAC1ClG,IAAI,EAAE,GAAGwF,QAAQ,gCAAgC;MACjDvF,MAAM,EAAE;QACJwF,IAAI,EAAEA,IAAI,CAACzC,MAAM;QACjBmD,SAAS,EAAEH,MAAM,CAAChD,MAAM,CAACmB;MAC7B;IACJ,CAAC,CAAC;;IAEF;IACA,IAAIxD,GAAG,EAAE;MACLT,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC4G,GAAG,CAACQ,oBAAoB,EAAE;QAC1ClG,IAAI,EAAE,GAAGwF,QAAQ,kCAAkC;QACnDvF,MAAM,EAAE;UACJwF,IAAI,EAAEA,IAAI,CAACzC,MAAM;UACjBmD,SAAS,EAAErH,GAAG,CAAC4G,GAAG,CAACU,aAAa,CAACC;QACrC;MACJ,CAAC,CAAC;IACN,CAAC,MAAM;MACHnG,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC4G,GAAG,CAACQ,oBAAoB,EAAE;QAC1ClG,IAAI,EAAE,GAAGwF,QAAQ,8BAA8B;QAC/CvF,MAAM,EAAE;UACJwF,IAAI,EAAEA,IAAI,CAACzC,MAAM;UACjBmD,SAAS,EAAErH,GAAG,CAAC4G,GAAG,CAACU,aAAa,CAACE;QACrC;MACJ,CAAC,CAAC;IACN;IAEApG,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC4G,GAAG,CAACQ,oBAAoB,EAAE;MAC1ClG,IAAI,EAAE,GAAGwF,QAAQ,iCAAiC;MAClDvF,MAAM,EAAE;QACJwF,IAAI,EAAEA,IAAI,CAACzC,MAAM;QACjBmD,SAAS,EAAErH,GAAG,CAAC4G,GAAG,CAACU,aAAa,CAACG;MACrC;IACJ,CAAC,CAAC;;IAEF;AACR;AACA;AACA;AACA;AACA;IACQ,MAAMC,MAAM,GAAGtG,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC0H,MAAM,CAACC,QAAQ,EAAE;MAChDzG,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJwF,IAAI,EAAEA,IAAI,CAACzC,MAAM,CAACmB,GAAG;QACrBuC,OAAO,EAAEC,yBAAc;QACvBC,OAAO,EAAE,iBAAiB;QAC1BC,OAAO,EAAE,GAAG;QACZC,UAAU,EAAE,IAAI;QAChBC,WAAW,EAAE;UACTC,SAAS,EAAE;YACPC,KAAK,EAAE3F,MAAM,CAACH,OAAO,CAACT,GAAG,CAACuG,KAAK,CAAC;YAChCC,uBAAuB,EAAEjG,MAAM,CAAC+B,MAAM,CAACmE,QAAQ;YAC/CC,YAAY,EAAErG,gBAAgB,CAACiC,MAAM,CAAChD;UAC1C;QACJ,CAAC;QACDqH,WAAW,EAAE,0BAA0B;QACvCC,IAAI,EAAE,IAAI1I,MAAM,CAAC2I,KAAK,CAACC,YAAY,CAAC;UAChC,GAAG,EAAE,IAAI5I,MAAM,CAAC2I,KAAK,CAACE,WAAW,CAC7BC,aAAI,CAACC,IAAI,CAACzH,GAAG,CAAC0H,KAAK,CAACC,SAAS,EAAE,uBAAuB,CAC1D;QACJ,CAAC,CAAC;QACFC,SAAS,EAAEnH,GAAG,GACR;UACIgC,SAAS,EAAEhC,GAAG,CAACiC,OAAO,CAACC,OAAO,CAACC,GAAG,CAACC,CAAC,IAAIA,CAAC,CAACC,MAAM,CAACC,EAAE,CAAC;UACpDC,gBAAgB,EAAE,CAACvC,GAAG,CAACA,GAAG,CAACqC,MAAM,CAACG,sBAAsB;QAC5D,CAAC,GACDC;MACV;IACJ,CAAC,CAAC;IAEF,MAAM2E,kBAAkB,GAAG7H,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC0H,MAAM,CAACwB,kBAAkB,EAAE;MACtEhI,IAAI,EAAE,mBAAmB;MACzBC,MAAM,EAAE;QACJgI,cAAc,EAAEnD,KAAK,CAAC9B,MAAM,CAACkF,SAAS;QACtCC,YAAY,EAAE3B,MAAM,CAACxD,MAAM,CAACmB,GAAG;QAC/BiE,gBAAgB,EAAE,QAAQ;QAC1BC,oBAAoB,EAAE,CAAC;QACvBC,SAAS,EAAE,EAAE;QACbC,8BAA8B,EAAE;MACpC;IACJ,CAAC,CAAC;IAEFrI,GAAG,CAACsI,UAAU,CAAC;MACXC,sBAAsB,EAAExH,MAAM,CAAC+B,MAAM,CAACmB,GAAG;MACzCuE,2BAA2B,EAAEzH,MAAM,CAAC+B,MAAM,CAACmE,QAAQ;MACnDwB,6BAA6B,EAAE7D,KAAK,CAAC9B,MAAM,CAACmB,GAAG;MAC/CyE,8BAA8B,EAAE9D,KAAK,CAAC9B,MAAM,CAAChD;IACjD,CAAC,CAAC;IAEF,OAAO;MACHiB,MAAM;MACNC,YAAY;MACZ4D,KAAK;MACL+D,eAAe,EAAE;QACbpD,IAAI;QACJO,MAAM;QACNQ,MAAM;QACNuB;MACJ;IACJ,CAAC;EACL;AACJ,CAAC,CAAC;AAEF,SAAS9B,gCAAgCA,CACrC/F,GAAc,EACde,MAA6E,EAC/E;EACE,MAAMF,gBAAgB,GAAGb,GAAG,CAACU,SAAS,CAACI,oBAAS,CAAC;EAEjD,OAAOd,GAAG,CAACoC,WAAW,CAACxD,GAAG,CAAC4G,GAAG,CAACoD,MAAM,EAAE;IACnC9I,IAAI,EAAE,uCAAuC;IAC7CC,MAAM,EAAE;MACJoH,WAAW,EAAE,uDAAuD;MACpErB,MAAM,EAAE;QACJzB,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIuE,GAAG,EAAE,iBAAiB;UACtBtE,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,cAAc,EACd,iBAAiB,EACjB,gBAAgB,EAChB,eAAe,EACf,cAAc,CACjB;UACDC,QAAQ,EAAE,CACNjG,MAAM,CAACoK,WAAW,GAAG/H,MAAM,CAACkD,GAAG,EAAE,EACjCvF,MAAM,CAACoK,WAAW,GAAG/H,MAAM,CAACkD,GAAG,IAAI;QAE3C,CAAC,EACD;UACI4E,GAAG,EAAE,0BAA0B;UAC/BtE,MAAM,EAAE,OAAO;UACfG,MAAM,EAAE,CACJ,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,eAAe,EACf,gBAAgB,CACnB;UACDC,QAAQ,EAAE,CACNjG,MAAM,CAACoK,WAAW,GAAGjI,gBAAgB,CAACiC,MAAM,CAACmB,GAAG,EAAE,EAClDvF,MAAM,CAACoK,WAAW,GAAGjI,gBAAgB,CAACiC,MAAM,CAACmB,GAAG,IAAI;QAE5D,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;AACN","ignoreList":[]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@webiny/pulumi-aws",
|
|
3
|
-
"version": "5.43.1-beta.
|
|
3
|
+
"version": "5.43.1-beta.4",
|
|
4
4
|
"repository": {
|
|
5
5
|
"type": "git",
|
|
6
6
|
"url": "https://github.com/webiny/webiny-js.git"
|
|
@@ -16,22 +16,22 @@
|
|
|
16
16
|
"@pulumi/aws": "6.67.0",
|
|
17
17
|
"@pulumi/pulumi": "3.147.0",
|
|
18
18
|
"@pulumi/random": "4.17.0",
|
|
19
|
-
"@webiny/aws-sdk": "5.43.1-beta.
|
|
20
|
-
"@webiny/cli-plugin-deploy-pulumi": "5.43.1-beta.
|
|
21
|
-
"@webiny/pulumi": "5.43.1-beta.
|
|
22
|
-
"@webiny/utils": "5.43.1-beta.
|
|
23
|
-
"@webiny/wcp": "5.43.1-beta.
|
|
19
|
+
"@webiny/aws-sdk": "5.43.1-beta.4",
|
|
20
|
+
"@webiny/cli-plugin-deploy-pulumi": "5.43.1-beta.4",
|
|
21
|
+
"@webiny/pulumi": "5.43.1-beta.4",
|
|
22
|
+
"@webiny/utils": "5.43.1-beta.4",
|
|
23
|
+
"@webiny/wcp": "5.43.1-beta.4",
|
|
24
24
|
"form-data": "4.0.0",
|
|
25
25
|
"lodash": "4.17.21",
|
|
26
26
|
"node-fetch": "2.6.7",
|
|
27
27
|
"zod": "3.23.8"
|
|
28
28
|
},
|
|
29
29
|
"devDependencies": {
|
|
30
|
-
"@webiny/api-page-builder": "5.43.1-beta.
|
|
31
|
-
"@webiny/aws-layers": "5.43.1-beta.
|
|
32
|
-
"@webiny/cli": "5.43.1-beta.
|
|
33
|
-
"@webiny/feature-flags": "5.43.1-beta.
|
|
34
|
-
"@webiny/project-utils": "5.43.1-beta.
|
|
30
|
+
"@webiny/api-page-builder": "5.43.1-beta.4",
|
|
31
|
+
"@webiny/aws-layers": "5.43.1-beta.4",
|
|
32
|
+
"@webiny/cli": "5.43.1-beta.4",
|
|
33
|
+
"@webiny/feature-flags": "5.43.1-beta.4",
|
|
34
|
+
"@webiny/project-utils": "5.43.1-beta.4",
|
|
35
35
|
"chalk": "4.1.2",
|
|
36
36
|
"mime": "3.0.0",
|
|
37
37
|
"rimraf": "6.0.1",
|
|
@@ -54,5 +54,5 @@
|
|
|
54
54
|
]
|
|
55
55
|
}
|
|
56
56
|
},
|
|
57
|
-
"gitHead": "
|
|
57
|
+
"gitHead": "f5e8c70a9f6a0bebaaa77b66507a44ffd5bd0e36"
|
|
58
58
|
}
|