@webiny/pulumi-aws 6.0.0-alpha.0 → 6.0.0-alpha.2

package/apps/syncSystem/api/attachCognitoPermissions.js

@@ -0,0 +1,67 @@
+"use strict";
+
+var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.attachCognitoPermissions = void 0;
+var aws = _interopRequireWildcard(require("@pulumi/aws"));
+var _createSyncResourceName = require("../createSyncResourceName.js");
+const attachCognitoPermissions = params => {
+  const {
+    app,
+    syncSystem,
+    core
+  } = params;
+  /**
+   * TODO there must be a way to skip this if Cognito is not used in the Webiny deployment.
+   */
+  if (!core.cognitoUserPoolArn) {
+    return null;
+  }
+  const {
+    resolverLambdaRoleName,
+    workerLambdaRoleName
+  } = syncSystem;
+  const resolverLambdaToS3ResourceName = (0, _createSyncResourceName.createSyncResourceName)(`resolver-lambda-to-cognito`);
+  const workerLambdaToS3ResourceName = (0, _createSyncResourceName.createSyncResourceName)(`worker-lambda-to-cognito`);
+  const cognitoPolicy = app.addResource(aws.iam.Policy, {
+    name: `${resolverLambdaToS3ResourceName}-policy`,
+    config: {
+      description: "This policy enables access from Sync System Resolver and Worker Lambda to Webiny Cognito.",
+      policy: {
+        Version: "2012-10-17",
+        Statement: [{
+          Sid: "PermissionForSyncLambdaToCognito",
+          Effect: "Allow",
+          Action: ["cognito-idp:*"],
+          Resource: core.cognitoUserPoolArn.apply(arn => {
+            return [arn, `${arn}/*`];
+          })
+        }]
+      }
+    }
+  });
+  const resolverLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {
+    name: `${resolverLambdaToS3ResourceName}-policy-attachment`,
+    config: {
+      role: resolverLambdaRoleName,
+      policyArn: cognitoPolicy.output.arn
+    }
+  });
+  const workerLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {
+    name: `${workerLambdaToS3ResourceName}-policy-attachment`,
+    config: {
+      role: workerLambdaRoleName,
+      policyArn: cognitoPolicy.output.arn
+    }
+  });
+  return {
+    cognitoPolicy,
+    workerLambdaS3PolicyAttachment,
+    resolverLambdaS3PolicyAttachment
+  };
+};
+exports.attachCognitoPermissions = attachCognitoPermissions;
+
+//# sourceMappingURL=attachCognitoPermissions.js.map

package/apps/syncSystem/api/attachCognitoPermissions.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["aws","_interopRequireWildcard","require","_createSyncResourceName","attachCognitoPermissions","params","app","syncSystem","core","cognitoUserPoolArn","resolverLambdaRoleName","workerLambdaRoleName","resolverLambdaToS3ResourceName","createSyncResourceName","workerLambdaToS3ResourceName","cognitoPolicy","addResource","iam","Policy","name","config","description","policy","Version","Statement","Sid","Effect","Action","Resource","apply","arn","resolverLambdaS3PolicyAttachment","RolePolicyAttachment","role","policyArn","output","workerLambdaS3PolicyAttachment","exports"],"sources":["attachCognitoPermissions.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport type { PulumiApp } from \"@webiny/pulumi\";\nimport type { WithServiceManifest } from \"~/utils/withServiceManifest.js\";\nimport type { IGetSyncSystemOutputResult } from \"~/apps/syncSystem/types.js\";\nimport type { CoreOutput } from \"~/apps/index.js\";\nimport { createSyncResourceName } from \"~/apps/syncSystem/createSyncResourceName.js\";\n\nexport interface IAttachCognitoPermissionsParams {\n    app: PulumiApp & WithServiceManifest;\n    syncSystem: IGetSyncSystemOutputResult;\n    core: CoreOutput;\n}\n\nexport const attachCognitoPermissions = (params: IAttachCognitoPermissionsParams) => {\n    const { app, syncSystem, core } = params;\n    /**\n     * TODO there must be a way to skip this if Cognito is not used in the Webiny deployment.\n     */\n    if (!core.cognitoUserPoolArn) {\n        return null;\n    }\n\n    const { resolverLambdaRoleName, workerLambdaRoleName } = syncSystem;\n\n    const resolverLambdaToS3ResourceName = createSyncResourceName(`resolver-lambda-to-cognito`);\n    const workerLambdaToS3ResourceName = createSyncResourceName(`worker-lambda-to-cognito`);\n\n    const cognitoPolicy = app.addResource(aws.iam.Policy, {\n        name: `${resolverLambdaToS3ResourceName}-policy`,\n        config: {\n            description:\n                \"This policy enables access from Sync System Resolver and Worker Lambda to Webiny Cognito.\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForSyncLambdaToCognito\",\n                        Effect: \"Allow\",\n                        Action: [\"cognito-idp:*\"],\n                        Resource: core.cognitoUserPoolArn.apply(arn => {\n                            return [arn, `${arn}/*`];\n                        })\n                    }\n                ]\n            }\n        }\n    });\n\n    const resolverLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${resolverLambdaToS3ResourceName}-policy-attachment`,\n        config: {\n            role: resolverLambdaRoleName,\n            policyArn: cognitoPolicy.output.arn\n        }\n    });\n\n    const workerLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${workerLambdaToS3ResourceName}-policy-attachment`,\n        config: {\n            role: workerLambdaRoleName,\n            policyArn: cognitoPolicy.output.arn\n        }\n    });\n\n    return {\n        cognitoPolicy,\n        workerLambdaS3PolicyAttachment,\n        resolverLambdaS3PolicyAttachment\n    };\n};\n"],"mappings":";;;;;;;AAAA,IAAAA,GAAA,GAAAC,uBAAA,CAAAC,OAAA;AAKA,IAAAC,uBAAA,GAAAD,OAAA;AAQO,MAAME,wBAAwB,GAAIC,MAAuC,IAAK;EACjF,MAAM;IAAEC,GAAG;IAAEC,UAAU;IAAEC;EAAK,CAAC,GAAGH,MAAM;EACxC;AACJ;AACA;EACI,IAAI,CAACG,IAAI,CAACC,kBAAkB,EAAE;IAC1B,OAAO,IAAI;EACf;EAEA,MAAM;IAAEC,sBAAsB;IAAEC;EAAqB,CAAC,GAAGJ,UAAU;EAEnE,MAAMK,8BAA8B,GAAG,IAAAC,8CAAsB,EAAC,4BAA4B,CAAC;EAC3F,MAAMC,4BAA4B,GAAG,IAAAD,8CAAsB,EAAC,0BAA0B,CAAC;EAEvF,MAAME,aAAa,GAAGT,GAAG,CAACU,WAAW,CAAChB,GAAG,CAACiB,GAAG,CAACC,MAAM,EAAE;IAClDC,IAAI,EAAE,GAAGP,8BAA8B,SAAS;IAChDQ,MAAM,EAAE;MACJC,WAAW,EACP,2FAA2F;MAC/FC,MAAM,EAAE;QACJC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,kCAAkC;UACvCC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CAAC,eAAe,CAAC;UACzBC,QAAQ,EAAEpB,IAAI,CAACC,kBAAkB,CAACoB,KAAK,CAACC,GAAG,IAAI;YAC3C,OAAO,CAACA,GAAG,EAAE,GAAGA,GAAG,IAAI,CAAC;UAC5B,CAAC;QACL,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMC,gCAAgC,GAAGzB,GAAG,CAACU,WAAW,CAAChB,GAAG,CAACiB,GAAG,CAACe,oBAAoB,EAAE;IACnFb,IAAI,EAAE,GAAGP,8BAA8B,oBAAoB;IAC3DQ,MAAM,EAAE;MACJa,IAAI,EAAEvB,sBAAsB;MAC5BwB,SAAS,EAAEnB,aAAa,CAACoB,MAAM,CAACL;IACpC;EACJ,CAAC,CAAC;EAEF,MAAMM,8BAA8B,GAAG9B,GAAG,CAACU,WAAW,CAAChB,GAAG,CAACiB,GAAG,CAACe,oBAAoB,EAAE;IACjFb,IAAI,EAAE,GAAGL,4BAA4B,oBAAoB;IACzDM,MAAM,EAAE;MACJa,IAAI,EAAEtB,oBAAoB;MAC1BuB,SAAS,EAAEnB,aAAa,CAACoB,MAAM,CAACL;IACpC;EACJ,CAAC,CAAC;EAEF,OAAO;IACHf,aAAa;IACbqB,8BAA8B;IAC9BL;EACJ,CAAC;AACL,CAAC;AAACM,OAAA,CAAAjC,wBAAA,GAAAA,wBAAA","ignoreList":[]}

package/apps/syncSystem/api/attachDynamoDbPermissions.d.ts

@@ -0,0 +1,13 @@
+import type { PulumiApp } from "@webiny/pulumi";
+import type { IGetSyncSystemOutputResult } from "../types.js";
+import type { CoreOutput } from "../../common/CoreOutput.js";
+import type { WithServiceManifest } from "../../../utils/withServiceManifest.js";
+export interface IAttachDynamoDbPermissionsParams {
+    app: PulumiApp & WithServiceManifest;
+    syncSystem: IGetSyncSystemOutputResult;
+    core: CoreOutput;
+}
+export declare const attachDynamoDbPermissions: (params: IAttachDynamoDbPermissionsParams) => {
+    dynamoDbPolicy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/policy").Policy>;
+    lambdaRolePolicyAttachment: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/rolePolicyAttachment").RolePolicyAttachment>;
+};

package/apps/syncSystem/api/attachDynamoDbPermissions.js

@@ -0,0 +1,53 @@
+"use strict";
+
+var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.attachDynamoDbPermissions = void 0;
+var aws = _interopRequireWildcard(require("@pulumi/aws"));
+var _createSyncResourceName = require("../createSyncResourceName.js");
+/**
+ * We need to attach Sync System Lambda policy to access DynamoDB in the Webiny system.
+ */
+
+const attachDynamoDbPermissions = params => {
+  const {
+    app,
+    syncSystem,
+    core
+  } = params;
+  const {
+    resolverLambdaRoleName
+  } = syncSystem;
+  const lambdaToDynamoDbResourceName = (0, _createSyncResourceName.createSyncResourceName)(`resolver-lambda-to-dynamodb`);
+  const dynamoDbPolicy = app.addResource(aws.iam.Policy, {
+    name: `${lambdaToDynamoDbResourceName}-policy`,
+    config: {
+      description: "This policy enables access from Sync System Lambda to Webiny DynamoDB.",
+      policy: {
+        Version: "2012-10-17",
+        Statement: [{
+          Sid: "PermissionForSyncLambdaToDynamoDb",
+          Effect: "Allow",
+          Action: ["dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:ConditionCheckItem", "dynamodb:CreateBackup", "dynamodb:CreateTable", "dynamodb:CreateTableReplica", "dynamodb:DeleteBackup", "dynamodb:DeleteItem", "dynamodb:DeleteTable", "dynamodb:DeleteTableReplica", "dynamodb:DescribeBackup", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeContributorInsights", "dynamodb:DescribeExport", "dynamodb:DescribeKinesisStreamingDestination", "dynamodb:DescribeLimits", "dynamodb:DescribeReservedCapacity", "dynamodb:DescribeReservedCapacityOfferings", "dynamodb:DescribeStream", "dynamodb:DescribeTable", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "dynamodb:DisableKinesisStreamingDestination", "dynamodb:EnableKinesisStreamingDestination", "dynamodb:ExportTableToPointInTime", "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListBackups", "dynamodb:ListContributorInsights", "dynamodb:ListExports", "dynamodb:ListStreams", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "dynamodb:PartiQLDelete", "dynamodb:PartiQLInsert", "dynamodb:PartiQLSelect", "dynamodb:PartiQLUpdate", "dynamodb:PurchaseReservedCapacityOfferings", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:RestoreTableFromBackup", "dynamodb:RestoreTableToPointInTime", "dynamodb:Scan", "dynamodb:UpdateContinuousBackups", "dynamodb:UpdateContributorInsights", "dynamodb:UpdateItem", "dynamodb:UpdateTable", "dynamodb:UpdateTableReplicaAutoScaling", "dynamodb:UpdateTimeToLive"],
+          Resource: [core.primaryDynamodbTableArn.apply(arn => arn), core.primaryDynamodbTableArn.apply(arn => `${arn}/*`)]
+        }]
+      }
+    }
+  });
+  const lambdaRolePolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {
+    name: `${lambdaToDynamoDbResourceName}-role-policy-attachment`,
+    config: {
+      role: resolverLambdaRoleName,
+      policyArn: dynamoDbPolicy.output.arn
+    }
+  });
+  return {
+    dynamoDbPolicy,
+    lambdaRolePolicyAttachment
+  };
+};
+exports.attachDynamoDbPermissions = attachDynamoDbPermissions;
+
+//# sourceMappingURL=attachDynamoDbPermissions.js.map

package/apps/syncSystem/api/attachDynamoDbPermissions.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["aws","_interopRequireWildcard","require","_createSyncResourceName","attachDynamoDbPermissions","params","app","syncSystem","core","resolverLambdaRoleName","lambdaToDynamoDbResourceName","createSyncResourceName","dynamoDbPolicy","addResource","iam","Policy","name","config","description","policy","Version","Statement","Sid","Effect","Action","Resource","primaryDynamodbTableArn","apply","arn","lambdaRolePolicyAttachment","RolePolicyAttachment","role","policyArn","output","exports"],"sources":["attachDynamoDbPermissions.ts"],"sourcesContent":["/**\n * We need to attach Sync System Lambda policy to access DynamoDB in the Webiny system.\n */\nimport * as aws from \"@pulumi/aws\";\nimport type { PulumiApp } from \"@webiny/pulumi\";\nimport type { IGetSyncSystemOutputResult } from \"~/apps/syncSystem/types.js\";\nimport { createSyncResourceName } from \"~/apps/syncSystem/createSyncResourceName.js\";\nimport type { CoreOutput } from \"~/apps/common/CoreOutput.js\";\nimport type { WithServiceManifest } from \"~/utils/withServiceManifest.js\";\n\nexport interface IAttachDynamoDbPermissionsParams {\n    app: PulumiApp & WithServiceManifest;\n    syncSystem: IGetSyncSystemOutputResult;\n    core: CoreOutput;\n}\n\nexport const attachDynamoDbPermissions = (params: IAttachDynamoDbPermissionsParams) => {\n    const { app, syncSystem, core } = params;\n\n    const { resolverLambdaRoleName } = syncSystem;\n\n    const lambdaToDynamoDbResourceName = createSyncResourceName(`resolver-lambda-to-dynamodb`);\n\n    const dynamoDbPolicy = app.addResource(aws.iam.Policy, {\n        name: `${lambdaToDynamoDbResourceName}-policy`,\n        config: {\n            description: \"This policy enables access from Sync System Lambda to Webiny DynamoDB.\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForSyncLambdaToDynamoDb\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"dynamodb:BatchGetItem\",\n                            \"dynamodb:BatchWriteItem\",\n                            \"dynamodb:ConditionCheckItem\",\n                            \"dynamodb:CreateBackup\",\n                            \"dynamodb:CreateTable\",\n                            \"dynamodb:CreateTableReplica\",\n                            \"dynamodb:DeleteBackup\",\n                            \"dynamodb:DeleteItem\",\n                            \"dynamodb:DeleteTable\",\n                            \"dynamodb:DeleteTableReplica\",\n                            \"dynamodb:DescribeBackup\",\n                            \"dynamodb:DescribeContinuousBackups\",\n                            \"dynamodb:DescribeContributorInsights\",\n                            \"dynamodb:DescribeExport\",\n                            \"dynamodb:DescribeKinesisStreamingDestination\",\n                            \"dynamodb:DescribeLimits\",\n                            \"dynamodb:DescribeReservedCapacity\",\n                            \"dynamodb:DescribeReservedCapacityOfferings\",\n                            \"dynamodb:DescribeStream\",\n                            \"dynamodb:DescribeTable\",\n                            \"dynamodb:DescribeTableReplicaAutoScaling\",\n                            \"dynamodb:DescribeTimeToLive\",\n                            \"dynamodb:DisableKinesisStreamingDestination\",\n                            \"dynamodb:EnableKinesisStreamingDestination\",\n                            \"dynamodb:ExportTableToPointInTime\",\n                            \"dynamodb:GetItem\",\n                            \"dynamodb:GetRecords\",\n                            \"dynamodb:GetShardIterator\",\n                            \"dynamodb:ListBackups\",\n                            \"dynamodb:ListContributorInsights\",\n                            \"dynamodb:ListExports\",\n                            \"dynamodb:ListStreams\",\n                            \"dynamodb:ListTables\",\n                            \"dynamodb:ListTagsOfResource\",\n                            \"dynamodb:PartiQLDelete\",\n                            \"dynamodb:PartiQLInsert\",\n                            \"dynamodb:PartiQLSelect\",\n                            \"dynamodb:PartiQLUpdate\",\n                            \"dynamodb:PurchaseReservedCapacityOfferings\",\n                            \"dynamodb:PutItem\",\n                            \"dynamodb:Query\",\n                            \"dynamodb:RestoreTableFromBackup\",\n                            \"dynamodb:RestoreTableToPointInTime\",\n                            \"dynamodb:Scan\",\n                            \"dynamodb:UpdateContinuousBackups\",\n                            \"dynamodb:UpdateContributorInsights\",\n                            \"dynamodb:UpdateItem\",\n                            \"dynamodb:UpdateTable\",\n                            \"dynamodb:UpdateTableReplicaAutoScaling\",\n                            \"dynamodb:UpdateTimeToLive\"\n                        ],\n                        Resource: [\n                            core.primaryDynamodbTableArn.apply(arn => arn),\n                            core.primaryDynamodbTableArn.apply(arn => `${arn}/*`)\n                        ]\n                    }\n                ]\n            }\n        }\n    });\n\n    const lambdaRolePolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${lambdaToDynamoDbResourceName}-role-policy-attachment`,\n        config: {\n            role: resolverLambdaRoleName,\n            policyArn: dynamoDbPolicy.output.arn\n        }\n    });\n\n    return {\n        dynamoDbPolicy,\n        lambdaRolePolicyAttachment\n    };\n};\n"],"mappings":";;;;;;;AAGA,IAAAA,GAAA,GAAAC,uBAAA,CAAAC,OAAA;AAGA,IAAAC,uBAAA,GAAAD,OAAA;AANA;AACA;AACA;;AAcO,MAAME,yBAAyB,GAAIC,MAAwC,IAAK;EACnF,MAAM;IAAEC,GAAG;IAAEC,UAAU;IAAEC;EAAK,CAAC,GAAGH,MAAM;EAExC,MAAM;IAAEI;EAAuB,CAAC,GAAGF,UAAU;EAE7C,MAAMG,4BAA4B,GAAG,IAAAC,8CAAsB,EAAC,6BAA6B,CAAC;EAE1F,MAAMC,cAAc,GAAGN,GAAG,CAACO,WAAW,CAACb,GAAG,CAACc,GAAG,CAACC,MAAM,EAAE;IACnDC,IAAI,EAAE,GAAGN,4BAA4B,SAAS;IAC9CO,MAAM,EAAE;MACJC,WAAW,EAAE,wEAAwE;MACrFC,MAAM,EAAE;QACJC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,mCAAmC;UACxCC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,uBAAuB,EACvB,yBAAyB,EACzB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,EACtB,6BAA6B,EAC7B,uBAAuB,EACvB,qBAAqB,EACrB,sBAAsB,EACtB,6BAA6B,EAC7B,yBAAyB,EACzB,oCAAoC,EACpC,sCAAsC,EACtC,yBAAyB,EACzB,8CAA8C,EAC9C,yBAAyB,EACzB,mCAAmC,EACnC,4CAA4C,EAC5C,yBAAyB,EACzB,wBAAwB,EACxB,0CAA0C,EAC1C,6BAA6B,EAC7B,6CAA6C,EAC7C,4CAA4C,EAC5C,mCAAmC,EACnC,kBAAkB,EAClB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,kCAAkC,EAClC,sBAAsB,EACtB,sBAAsB,EACtB,qBAAqB,EACrB,6BAA6B,EAC7B,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,wBAAwB,EACxB,4CAA4C,EAC5C,kBAAkB,EAClB,gBAAgB,EAChB,iCAAiC,EACjC,oCAAoC,EACpC,eAAe,EACf,kCAAkC,EAClC,oCAAoC,EACpC,qBAAqB,EACrB,sBAAsB,EACtB,wCAAwC,EACxC,2BAA2B,CAC9B;UACDC,QAAQ,EAAE,CACNjB,IAAI,CAACkB,uBAAuB,CAACC,KAAK,CAACC,GAAG,IAAIA,GAAG,CAAC,EAC9CpB,IAAI,CAACkB,uBAAuB,CAACC,KAAK,CAACC,GAAG,IAAI,GAAGA,GAAG,IAAI,CAAC;QAE7D,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMC,0BAA0B,GAAGvB,GAAG,CAACO,WAAW,CAACb,GAAG,CAACc,GAAG,CAACgB,oBAAoB,EAAE;IAC7Ed,IAAI,EAAE,GAAGN,4BAA4B,yBAAyB;IAC9DO,MAAM,EAAE;MACJc,IAAI,EAAEtB,sBAAsB;MAC5BuB,SAAS,EAAEpB,cAAc,CAACqB,MAAM,CAACL;IACrC;EACJ,CAAC,CAAC;EAEF,OAAO;IACHhB,cAAc;IACdiB;EACJ,CAAC;AACL,CAAC;AAACK,OAAA,CAAA9B,yBAAA,GAAAA,yBAAA","ignoreList":[]}

package/apps/syncSystem/api/attachEventBusPermissions.d.ts

@@ -0,0 +1,18 @@
+import type { PulumiApp } from "@webiny/pulumi/types";
+import type { IGetSyncSystemOutputResult } from "../types";
+import type { WithServiceManifest } from "../../../utils/withServiceManifest.js";
+export interface IAttachEventBusPermissionsParam {
+    app: PulumiApp & WithServiceManifest;
+    syncSystem: IGetSyncSystemOutputResult;
+}
+/**
+ * We need to attach the policy to:
+ * * GraphQL Lambda Role
+ * * File Manager Manage Lambda Role
+ * TODO determine if any other are required
+ */
+export declare const attachEventBusPermissions: (params: IAttachEventBusPermissionsParam) => {
+    eventBridgePolicy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/policy").Policy>;
+    graphQlPolicyAttachment: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/rolePolicyAttachment").RolePolicyAttachment>;
+    fileManagerManagePolicyAttachment: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/rolePolicyAttachment").RolePolicyAttachment>;
+};

package/apps/syncSystem/api/attachEventBusPermissions.js

@@ -0,0 +1,66 @@
+"use strict";
+
+var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.attachEventBusPermissions = void 0;
+var aws = _interopRequireWildcard(require("@pulumi/aws"));
+var _createSyncResourceName = require("../createSyncResourceName");
+var _ApiGraphql = require("../../api/ApiGraphql.js");
+var _ApiFileManager = require("../../api/ApiFileManager.js");
+/**
+ * We need to attach the policy to:
+ * * GraphQL Lambda Role
+ * * File Manager Manage Lambda Role
+ * TODO determine if any other are required
+ */
+const attachEventBusPermissions = params => {
+  const {
+    app,
+    syncSystem
+  } = params;
+  const {
+    eventBusArn
+  } = syncSystem;
+  const graphql = app.getModule(_ApiGraphql.ApiGraphql);
+  const fileManager = app.getModule(_ApiFileManager.ApiFileManager);
+  const lambdaToEventBridgeResourceName = (0, _createSyncResourceName.createSyncResourceName)(`lambda-to-event-bridge`);
+  const eventBridgePolicy = app.addResource(aws.iam.Policy, {
+    name: `${lambdaToEventBridgeResourceName}-policy`,
+    config: {
+      description: "This policy enables access from Webiny Lambdas to Sync System EventBridge.",
+      policy: {
+        Version: "2012-10-17",
+        Statement: [{
+          Sid: "PermissionForSyncLambdaToEventBridge",
+          Effect: "Allow",
+          Action: "events:PutEvents",
+          Resource: [eventBusArn]
+        }]
+      }
+    }
+  });
+  const graphQlPolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {
+    name: `${lambdaToEventBridgeResourceName}-graphql-role-policy-attachment`,
+    config: {
+      role: graphql.role.output.name,
+      policyArn: eventBridgePolicy.output.arn
+    }
+  });
+  const fileManagerManagePolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {
+    name: `${lambdaToEventBridgeResourceName}-fm-role-policy-attachment`,
+    config: {
+      role: fileManager.roles.manage.output.name,
+      policyArn: eventBridgePolicy.output.arn
+    }
+  });
+  return {
+    eventBridgePolicy,
+    graphQlPolicyAttachment,
+    fileManagerManagePolicyAttachment
+  };
+};
+exports.attachEventBusPermissions = attachEventBusPermissions;
+
+//# sourceMappingURL=attachEventBusPermissions.js.map

package/apps/syncSystem/api/attachEventBusPermissions.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["aws","_interopRequireWildcard","require","_createSyncResourceName","_ApiGraphql","_ApiFileManager","attachEventBusPermissions","params","app","syncSystem","eventBusArn","graphql","getModule","ApiGraphql","fileManager","ApiFileManager","lambdaToEventBridgeResourceName","createSyncResourceName","eventBridgePolicy","addResource","iam","Policy","name","config","description","policy","Version","Statement","Sid","Effect","Action","Resource","graphQlPolicyAttachment","RolePolicyAttachment","role","output","policyArn","arn","fileManagerManagePolicyAttachment","roles","manage","exports"],"sources":["attachEventBusPermissions.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport type { PulumiApp } from \"@webiny/pulumi/types\";\nimport type { IGetSyncSystemOutputResult } from \"../types\";\nimport { createSyncResourceName } from \"../createSyncResourceName\";\nimport { ApiGraphql } from \"~/apps/api/ApiGraphql.js\";\nimport { ApiFileManager } from \"~/apps/api/ApiFileManager.js\";\nimport type { WithServiceManifest } from \"~/utils/withServiceManifest.js\";\n\nexport interface IAttachEventBusPermissionsParam {\n    app: PulumiApp & WithServiceManifest;\n    syncSystem: IGetSyncSystemOutputResult;\n}\n\n/**\n * We need to attach the policy to:\n * * GraphQL Lambda Role\n * * File Manager Manage Lambda Role\n * TODO determine if any other are required\n */\nexport const attachEventBusPermissions = (params: IAttachEventBusPermissionsParam) => {\n    const { app, syncSystem } = params;\n\n    const { eventBusArn } = syncSystem;\n\n    const graphql = app.getModule(ApiGraphql);\n    const fileManager = app.getModule(ApiFileManager);\n\n    const lambdaToEventBridgeResourceName = createSyncResourceName(`lambda-to-event-bridge`);\n    const eventBridgePolicy = app.addResource(aws.iam.Policy, {\n        name: `${lambdaToEventBridgeResourceName}-policy`,\n        config: {\n            description:\n                \"This policy enables access from Webiny Lambdas to Sync System EventBridge.\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForSyncLambdaToEventBridge\",\n                        Effect: \"Allow\",\n                        Action: \"events:PutEvents\",\n                        Resource: [eventBusArn]\n                    }\n                ]\n            }\n        }\n    });\n\n    const graphQlPolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${lambdaToEventBridgeResourceName}-graphql-role-policy-attachment`,\n        config: {\n            role: graphql.role.output.name,\n            policyArn: eventBridgePolicy.output.arn\n        }\n    });\n    const fileManagerManagePolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${lambdaToEventBridgeResourceName}-fm-role-policy-attachment`,\n        config: {\n            role: fileManager.roles.manage.output.name,\n            policyArn: eventBridgePolicy.output.arn\n        }\n    });\n\n    return {\n        eventBridgePolicy,\n        graphQlPolicyAttachment,\n        fileManagerManagePolicyAttachment\n    };\n};\n"],"mappings":";;;;;;;AAAA,IAAAA,GAAA,GAAAC,uBAAA,CAAAC,OAAA;AAGA,IAAAC,uBAAA,GAAAD,OAAA;AACA,IAAAE,WAAA,GAAAF,OAAA;AACA,IAAAG,eAAA,GAAAH,OAAA;AAQA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMI,yBAAyB,GAAIC,MAAuC,IAAK;EAClF,MAAM;IAAEC,GAAG;IAAEC;EAAW,CAAC,GAAGF,MAAM;EAElC,MAAM;IAAEG;EAAY,CAAC,GAAGD,UAAU;EAElC,MAAME,OAAO,GAAGH,GAAG,CAACI,SAAS,CAACC,sBAAU,CAAC;EACzC,MAAMC,WAAW,GAAGN,GAAG,CAACI,SAAS,CAACG,8BAAc,CAAC;EAEjD,MAAMC,+BAA+B,GAAG,IAAAC,8CAAsB,EAAC,wBAAwB,CAAC;EACxF,MAAMC,iBAAiB,GAAGV,GAAG,CAACW,WAAW,CAACnB,GAAG,CAACoB,GAAG,CAACC,MAAM,EAAE;IACtDC,IAAI,EAAE,GAAGN,+BAA+B,SAAS;IACjDO,MAAM,EAAE;MACJC,WAAW,EACP,4EAA4E;MAChFC,MAAM,EAAE;QACJC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,sCAAsC;UAC3CC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,kBAAkB;UAC1BC,QAAQ,EAAE,CAACrB,WAAW;QAC1B,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMsB,uBAAuB,GAAGxB,GAAG,CAACW,WAAW,CAACnB,GAAG,CAACoB,GAAG,CAACa,oBAAoB,EAAE;IAC1EX,IAAI,EAAE,GAAGN,+BAA+B,iCAAiC;IACzEO,MAAM,EAAE;MACJW,IAAI,EAAEvB,OAAO,CAACuB,IAAI,CAACC,MAAM,CAACb,IAAI;MAC9Bc,SAAS,EAAElB,iBAAiB,CAACiB,MAAM,CAACE;IACxC;EACJ,CAAC,CAAC;EACF,MAAMC,iCAAiC,GAAG9B,GAAG,CAACW,WAAW,CAACnB,GAAG,CAACoB,GAAG,CAACa,oBAAoB,EAAE;IACpFX,IAAI,EAAE,GAAGN,+BAA+B,4BAA4B;IACpEO,MAAM,EAAE;MACJW,IAAI,EAAEpB,WAAW,CAACyB,KAAK,CAACC,MAAM,CAACL,MAAM,CAACb,IAAI;MAC1Cc,SAAS,EAAElB,iBAAiB,CAACiB,MAAM,CAACE;IACxC;EACJ,CAAC,CAAC;EAEF,OAAO;IACHnB,iBAAiB;IACjBc,uBAAuB;IACvBM;EACJ,CAAC;AACL,CAAC;AAACG,OAAA,CAAAnC,yBAAA,GAAAA,yBAAA","ignoreList":[]}

package/apps/syncSystem/api/attachS3Permissions.d.ts

@@ -0,0 +1,14 @@
+import type { PulumiApp } from "@webiny/pulumi";
+import type { IGetSyncSystemOutputResult } from "../types.js";
+import type { CoreOutput } from "../../common/CoreOutput.js";
+import type { WithServiceManifest } from "../../../utils/withServiceManifest.js";
+export interface IAttachS3PermissionsParams {
+    app: PulumiApp & WithServiceManifest;
+    syncSystem: IGetSyncSystemOutputResult;
+    core: CoreOutput;
+}
+export declare const attachS3Permissions: (params: IAttachS3PermissionsParams) => {
+    s3Policy: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/policy").Policy>;
+    workerLambdaS3PolicyAttachment: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/rolePolicyAttachment").RolePolicyAttachment>;
+    resolverLambdaS3PolicyAttachment: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/iam/rolePolicyAttachment").RolePolicyAttachment>;
+};

package/apps/syncSystem/api/attachS3Permissions.js

@@ -0,0 +1,59 @@
+"use strict";
+
+var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard").default;
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.attachS3Permissions = void 0;
+var aws = _interopRequireWildcard(require("@pulumi/aws"));
+var _createSyncResourceName = require("../createSyncResourceName.js");
+const attachS3Permissions = params => {
+  const {
+    app,
+    syncSystem,
+    core
+  } = params;
+  const {
+    resolverLambdaRoleName,
+    workerLambdaRoleName
+  } = syncSystem;
+  const resolverLambdaToS3ResourceName = (0, _createSyncResourceName.createSyncResourceName)(`resolver-lambda-to-s3-fm`);
+  const workerLambdaToS3ResourceName = (0, _createSyncResourceName.createSyncResourceName)(`worker-lambda-to-s3-fm`);
+  const s3Policy = app.addResource(aws.iam.Policy, {
+    name: `${resolverLambdaToS3ResourceName}-policy`,
+    config: {
+      description: "This policy enables access from Sync System Resolver and Worker Lambda to Webiny S3.",
+      policy: {
+        Version: "2012-10-17",
+        Statement: [{
+          Sid: "PermissionForSyncLambdaToS3",
+          Effect: "Allow",
+          Action: ["s3:DeleteObject", "s3:PutObject", "s3:GetObject", "s3:ListBucket"],
+          Resource: [core.fileManagerBucketArn.apply(arn => arn), core.fileManagerBucketArn.apply(arn => `${arn}/*`)]
+        }]
+      }
+    }
+  });
+  const resolverLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {
+    name: `${resolverLambdaToS3ResourceName}-policy-attachment`,
+    config: {
+      role: resolverLambdaRoleName,
+      policyArn: s3Policy.output.arn
+    }
+  });
+  const workerLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {
+    name: `${workerLambdaToS3ResourceName}-policy-attachment`,
+    config: {
+      role: workerLambdaRoleName,
+      policyArn: s3Policy.output.arn
+    }
+  });
+  return {
+    s3Policy,
+    workerLambdaS3PolicyAttachment,
+    resolverLambdaS3PolicyAttachment
+  };
+};
+exports.attachS3Permissions = attachS3Permissions;
+
+//# sourceMappingURL=attachS3Permissions.js.map

package/apps/syncSystem/api/attachS3Permissions.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["aws","_interopRequireWildcard","require","_createSyncResourceName","attachS3Permissions","params","app","syncSystem","core","resolverLambdaRoleName","workerLambdaRoleName","resolverLambdaToS3ResourceName","createSyncResourceName","workerLambdaToS3ResourceName","s3Policy","addResource","iam","Policy","name","config","description","policy","Version","Statement","Sid","Effect","Action","Resource","fileManagerBucketArn","apply","arn","resolverLambdaS3PolicyAttachment","RolePolicyAttachment","role","policyArn","output","workerLambdaS3PolicyAttachment","exports"],"sources":["attachS3Permissions.ts"],"sourcesContent":["import * as aws from \"@pulumi/aws\";\nimport type { PulumiApp } from \"@webiny/pulumi\";\nimport type { IGetSyncSystemOutputResult } from \"~/apps/syncSystem/types.js\";\nimport type { CoreOutput } from \"~/apps/common/CoreOutput.js\";\nimport { createSyncResourceName } from \"~/apps/syncSystem/createSyncResourceName.js\";\nimport type { WithServiceManifest } from \"~/utils/withServiceManifest.js\";\n\nexport interface IAttachS3PermissionsParams {\n    app: PulumiApp & WithServiceManifest;\n    syncSystem: IGetSyncSystemOutputResult;\n    core: CoreOutput;\n}\n\nexport const attachS3Permissions = (params: IAttachS3PermissionsParams) => {\n    const { app, syncSystem, core } = params;\n\n    const { resolverLambdaRoleName, workerLambdaRoleName } = syncSystem;\n\n    const resolverLambdaToS3ResourceName = createSyncResourceName(`resolver-lambda-to-s3-fm`);\n    const workerLambdaToS3ResourceName = createSyncResourceName(`worker-lambda-to-s3-fm`);\n\n    const s3Policy = app.addResource(aws.iam.Policy, {\n        name: `${resolverLambdaToS3ResourceName}-policy`,\n        config: {\n            description:\n                \"This policy enables access from Sync System Resolver and Worker Lambda to Webiny S3.\",\n            policy: {\n                Version: \"2012-10-17\",\n                Statement: [\n                    {\n                        Sid: \"PermissionForSyncLambdaToS3\",\n                        Effect: \"Allow\",\n                        Action: [\n                            \"s3:DeleteObject\",\n                            \"s3:PutObject\",\n                            \"s3:GetObject\",\n                            \"s3:ListBucket\"\n                        ],\n                        Resource: [\n                            core.fileManagerBucketArn.apply(arn => arn),\n                            core.fileManagerBucketArn.apply(arn => `${arn}/*`)\n                        ]\n                    }\n                ]\n            }\n        }\n    });\n\n    const resolverLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${resolverLambdaToS3ResourceName}-policy-attachment`,\n        config: {\n            role: resolverLambdaRoleName,\n            policyArn: s3Policy.output.arn\n        }\n    });\n\n    const workerLambdaS3PolicyAttachment = app.addResource(aws.iam.RolePolicyAttachment, {\n        name: `${workerLambdaToS3ResourceName}-policy-attachment`,\n        config: {\n            role: workerLambdaRoleName,\n            policyArn: s3Policy.output.arn\n        }\n    });\n\n    return {\n        s3Policy,\n        workerLambdaS3PolicyAttachment,\n        resolverLambdaS3PolicyAttachment\n    };\n};\n"],"mappings":";;;;;;;AAAA,IAAAA,GAAA,GAAAC,uBAAA,CAAAC,OAAA;AAIA,IAAAC,uBAAA,GAAAD,OAAA;AASO,MAAME,mBAAmB,GAAIC,MAAkC,IAAK;EACvE,MAAM;IAAEC,GAAG;IAAEC,UAAU;IAAEC;EAAK,CAAC,GAAGH,MAAM;EAExC,MAAM;IAAEI,sBAAsB;IAAEC;EAAqB,CAAC,GAAGH,UAAU;EAEnE,MAAMI,8BAA8B,GAAG,IAAAC,8CAAsB,EAAC,0BAA0B,CAAC;EACzF,MAAMC,4BAA4B,GAAG,IAAAD,8CAAsB,EAAC,wBAAwB,CAAC;EAErF,MAAME,QAAQ,GAAGR,GAAG,CAACS,WAAW,CAACf,GAAG,CAACgB,GAAG,CAACC,MAAM,EAAE;IAC7CC,IAAI,EAAE,GAAGP,8BAA8B,SAAS;IAChDQ,MAAM,EAAE;MACJC,WAAW,EACP,sFAAsF;MAC1FC,MAAM,EAAE;QACJC,OAAO,EAAE,YAAY;QACrBC,SAAS,EAAE,CACP;UACIC,GAAG,EAAE,6BAA6B;UAClCC,MAAM,EAAE,OAAO;UACfC,MAAM,EAAE,CACJ,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,eAAe,CAClB;UACDC,QAAQ,EAAE,CACNnB,IAAI,CAACoB,oBAAoB,CAACC,KAAK,CAACC,GAAG,IAAIA,GAAG,CAAC,EAC3CtB,IAAI,CAACoB,oBAAoB,CAACC,KAAK,CAACC,GAAG,IAAI,GAAGA,GAAG,IAAI,CAAC;QAE1D,CAAC;MAET;IACJ;EACJ,CAAC,CAAC;EAEF,MAAMC,gCAAgC,GAAGzB,GAAG,CAACS,WAAW,CAACf,GAAG,CAACgB,GAAG,CAACgB,oBAAoB,EAAE;IACnFd,IAAI,EAAE,GAAGP,8BAA8B,oBAAoB;IAC3DQ,MAAM,EAAE;MACJc,IAAI,EAAExB,sBAAsB;MAC5ByB,SAAS,EAAEpB,QAAQ,CAACqB,MAAM,CAACL;IAC/B;EACJ,CAAC,CAAC;EAEF,MAAMM,8BAA8B,GAAG9B,GAAG,CAACS,WAAW,CAACf,GAAG,CAACgB,GAAG,CAACgB,oBAAoB,EAAE;IACjFd,IAAI,EAAE,GAAGL,4BAA4B,oBAAoB;IACzDM,MAAM,EAAE;MACJc,IAAI,EAAEvB,oBAAoB;MAC1BwB,SAAS,EAAEpB,QAAQ,CAACqB,MAAM,CAACL;IAC/B;EACJ,CAAC,CAAC;EAEF,OAAO;IACHhB,QAAQ;IACRsB,8BAA8B;IAC9BL;EACJ,CAAC;AACL,CAAC;AAACM,OAAA,CAAAjC,mBAAA,GAAAA,mBAAA","ignoreList":[]}

package/apps/syncSystem/api/index.d.ts

@@ -0,0 +1,9 @@
+import type { PulumiApp } from "@webiny/pulumi/types";
+import type { CoreOutput } from "../../common/CoreOutput.js";
+import type { WithServiceManifest } from "../../../utils/withServiceManifest.js";
+export interface IAttachSyncSystemParams {
+    app: PulumiApp & WithServiceManifest;
+    env: string;
+    core: CoreOutput;
+}
+export declare const attachSyncSystem: (params: IAttachSyncSystemParams) => void;

package/apps/syncSystem/api/index.js

@@ -0,0 +1,65 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.attachSyncSystem = void 0;
+var _getSyncSystemOutput = require("../getSyncSystemOutput.js");
+var _attachEventBusPermissions = require("./attachEventBusPermissions.js");
+var _attachDynamoDbPermissions = require("./attachDynamoDbPermissions.js");
+var _attachS3Permissions = require("./attachS3Permissions.js");
+var _addServiceManifest = require("./addServiceManifest.js");
+var _attachCognitoPermissions = require("./attachCognitoPermissions.js");
+const attachSyncSystem = params => {
+  const {
+    app,
+    core,
+    env
+  } = params;
+  const syncSystem = (0, _getSyncSystemOutput.getSyncSystemOutput)({
+    env
+  });
+  /**
+   * Possibly no sync system deployed - no need to do anything at that point.
+   * At this point, if sync system was deployed, and it is not anymore, all resources after this check will disappear.
+   */
+  if (!syncSystem) {
+    console.log(`No Sync System deployed in env "${env}". Skipping...`);
+    return;
+  }
+  /**
+   * Permissions for Webiny system to access Sync System resources.
+   */
+  (0, _attachEventBusPermissions.attachEventBusPermissions)({
+    app,
+    syncSystem
+  });
+  /**
+   * Permissions for Sync System to access Webiny system resources.
+   */
+  (0, _attachCognitoPermissions.attachCognitoPermissions)({
+    app,
+    syncSystem,
+    core
+  });
+  (0, _attachDynamoDbPermissions.attachDynamoDbPermissions)({
+    app,
+    syncSystem,
+    core
+  });
+  (0, _attachS3Permissions.attachS3Permissions)({
+    app,
+    syncSystem,
+    core
+  });
+  /**
+   * Add the Service Manifest item to the Webiny system.
+   */
+  (0, _addServiceManifest.addServiceManifest)({
+    app,
+    syncSystem
+  });
+};
+exports.attachSyncSystem = attachSyncSystem;
+
+//# sourceMappingURL=index.js.map

package/apps/syncSystem/api/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_getSyncSystemOutput","require","_attachEventBusPermissions","_attachDynamoDbPermissions","_attachS3Permissions","_addServiceManifest","_attachCognitoPermissions","attachSyncSystem","params","app","core","env","syncSystem","getSyncSystemOutput","console","log","attachEventBusPermissions","attachCognitoPermissions","attachDynamoDbPermissions","attachS3Permissions","addServiceManifest","exports"],"sources":["index.ts"],"sourcesContent":["import { getSyncSystemOutput } from \"~/apps/syncSystem/getSyncSystemOutput.js\";\nimport { attachEventBusPermissions } from \"./attachEventBusPermissions.js\";\nimport { attachDynamoDbPermissions } from \"~/apps/syncSystem/api/attachDynamoDbPermissions.js\";\nimport { attachS3Permissions } from \"~/apps/syncSystem/api/attachS3Permissions.js\";\nimport { addServiceManifest } from \"~/apps/syncSystem/api/addServiceManifest.js\";\nimport type { PulumiApp } from \"@webiny/pulumi/types\";\nimport type { CoreOutput } from \"~/apps/common/CoreOutput.js\";\nimport type { WithServiceManifest } from \"~/utils/withServiceManifest.js\";\nimport { attachCognitoPermissions } from \"~/apps/syncSystem/api/attachCognitoPermissions.js\";\n\nexport interface IAttachSyncSystemParams {\n    app: PulumiApp & WithServiceManifest;\n    env: string;\n    core: CoreOutput;\n}\n\nexport const attachSyncSystem = (params: IAttachSyncSystemParams) => {\n    const { app, core, env } = params;\n\n    const syncSystem = getSyncSystemOutput({\n        env\n    });\n    /**\n     * Possibly no sync system deployed - no need to do anything at that point.\n     * At this point, if sync system was deployed, and it is not anymore, all resources after this check will disappear.\n     */\n    if (!syncSystem) {\n        console.log(`No Sync System deployed in env \"${env}\". Skipping...`);\n        return;\n    }\n    /**\n     * Permissions for Webiny system to access Sync System resources.\n     */\n    attachEventBusPermissions({\n        app,\n        syncSystem\n    });\n    /**\n     * Permissions for Sync System to access Webiny system resources.\n     */\n    attachCognitoPermissions({\n        app,\n        syncSystem,\n        core\n    });\n    attachDynamoDbPermissions({\n        app,\n        syncSystem,\n        core\n    });\n    attachS3Permissions({\n        app,\n        syncSystem,\n        core\n    });\n    /**\n     * Add the Service Manifest item to the Webiny system.\n     */\n    addServiceManifest({\n        app,\n        syncSystem\n    });\n};\n"],"mappings":";;;;;;AAAA,IAAAA,oBAAA,GAAAC,OAAA;AACA,IAAAC,0BAAA,GAAAD,OAAA;AACA,IAAAE,0BAAA,GAAAF,OAAA;AACA,IAAAG,oBAAA,GAAAH,OAAA;AACA,IAAAI,mBAAA,GAAAJ,OAAA;AAIA,IAAAK,yBAAA,GAAAL,OAAA;AAQO,MAAMM,gBAAgB,GAAIC,MAA+B,IAAK;EACjE,MAAM;IAAEC,GAAG;IAAEC,IAAI;IAAEC;EAAI,CAAC,GAAGH,MAAM;EAEjC,MAAMI,UAAU,GAAG,IAAAC,wCAAmB,EAAC;IACnCF;EACJ,CAAC,CAAC;EACF;AACJ;AACA;AACA;EACI,IAAI,CAACC,UAAU,EAAE;IACbE,OAAO,CAACC,GAAG,CAAC,mCAAmCJ,GAAG,gBAAgB,CAAC;IACnE;EACJ;EACA;AACJ;AACA;EACI,IAAAK,oDAAyB,EAAC;IACtBP,GAAG;IACHG;EACJ,CAAC,CAAC;EACF;AACJ;AACA;EACI,IAAAK,kDAAwB,EAAC;IACrBR,GAAG;IACHG,UAAU;IACVF;EACJ,CAAC,CAAC;EACF,IAAAQ,oDAAyB,EAAC;IACtBT,GAAG;IACHG,UAAU;IACVF;EACJ,CAAC,CAAC;EACF,IAAAS,wCAAmB,EAAC;IAChBV,GAAG;IACHG,UAAU;IACVF;EACJ,CAAC,CAAC;EACF;AACJ;AACA;EACI,IAAAU,sCAAkB,EAAC;IACfX,GAAG;IACHG;EACJ,CAAC,CAAC;AACN,CAAC;AAACS,OAAA,CAAAd,gBAAA,GAAAA,gBAAA","ignoreList":[]}

package/apps/syncSystem/constants.d.ts

@@ -0,0 +1 @@
+export declare const APPS_SYNC_SYSTEM_PATH = "apps/sync";

package/apps/syncSystem/constants.js

@@ -0,0 +1,9 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.APPS_SYNC_SYSTEM_PATH = void 0;
+const APPS_SYNC_SYSTEM_PATH = exports.APPS_SYNC_SYSTEM_PATH = "apps/sync";
+
+//# sourceMappingURL=constants.js.map

package/apps/syncSystem/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["APPS_SYNC_SYSTEM_PATH","exports"],"sources":["constants.ts"],"sourcesContent":["export const APPS_SYNC_SYSTEM_PATH = \"apps/sync\";\n"],"mappings":";;;;;;AAAO,MAAMA,qBAAqB,GAAAC,OAAA,CAAAD,qBAAA,GAAG,WAAW","ignoreList":[]}

package/apps/syncSystem/createSyncResourceName.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Need to have standardized resource names.
+ */
+export declare const createSyncResourceName: (name: string) => string;

package/apps/syncSystem/createSyncResourceName.js

@@ -0,0 +1,17 @@
+"use strict";
+
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault").default;
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.createSyncResourceName = void 0;
+var _kebabCase = _interopRequireDefault(require("lodash/kebabCase"));
+/**
+ * Need to have standardized resource names.
+ */
+const createSyncResourceName = name => {
+  return `sync-system-${(0, _kebabCase.default)(name)}`;
+};
+exports.createSyncResourceName = createSyncResourceName;
+
+//# sourceMappingURL=createSyncResourceName.js.map

package/apps/syncSystem/createSyncResourceName.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_kebabCase","_interopRequireDefault","require","createSyncResourceName","name","kebabCase","exports"],"sources":["createSyncResourceName.ts"],"sourcesContent":["import kebabCase from \"lodash/kebabCase\";\n\n/**\n * Need to have standardized resource names.\n */\nexport const createSyncResourceName = (name: string) => {\n    return `sync-system-${kebabCase(name)}`;\n};\n"],"mappings":";;;;;;;AAAA,IAAAA,UAAA,GAAAC,sBAAA,CAAAC,OAAA;AAEA;AACA;AACA;AACO,MAAMC,sBAAsB,GAAIC,IAAY,IAAK;EACpD,OAAO,eAAe,IAAAC,kBAAS,EAACD,IAAI,CAAC,EAAE;AAC3C,CAAC;AAACE,OAAA,CAAAH,sBAAA,GAAAA,sBAAA","ignoreList":[]}

package/apps/syncSystem/createSyncSystemPulumiApp.d.ts

@@ -1,4 +1,5 @@
-import { PulumiAppParam } from "@webiny/pulumi";
+import * as pulumi from "@pulumi/pulumi";
+import type { PulumiAppParam } from "@webiny/pulumi";
 export type SyncSystemPulumiApp = ReturnType<typeof createSyncSystemPulumiApp>;
 export interface ElasticsearchConfig {
     domainName: string;
@@ -47,17 +48,25 @@ export interface CreateSyncSystemPulumiAppParams {
      */
     productionEnvironments?: PulumiAppParam<string[]>;
 }
-export declare function createSyncSystemPulumiApp(projectAppParams?: CreateSyncSystemPulumiAppParams): import("@webiny/pulumi").PulumiApp<{
+export declare function createSyncSystemPulumiApp(projectAppParams: CreateSyncSystemPulumiAppParams): import("@webiny/pulumi").PulumiApp<{
+    sqs: pulumi.Output<import("@pulumi/aws/sqs/queue.js").Queue>;
+    dynamoDb: pulumi.Output<import("@pulumi/aws/dynamodb/table.js").Table>;
+    eventBus: pulumi.Output<import("@pulumi/aws/cloudwatch/eventBus.js").EventBus>;
+    eventBusRule: pulumi.Output<import("@pulumi/aws/cloudwatch/eventRule.js").EventRule>;
+    eventBusTarget: pulumi.Output<import("@pulumi/aws/cloudwatch/eventTarget.js").EventTarget>;
+    eventBusPolicy: pulumi.Output<import("@pulumi/aws/sqs/queuePolicy.js").QueuePolicy>;
     /**
-     * Sync System resources.
+     * Worker Lambda - used to resolve actions triggered by the resolver Lambda.
      */
-    dynamodbTable: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/dynamodb/table").Table>;
-    dynamodbTableArn: import("@pulumi/pulumi").Output<string>;
-    dynamodbTableName: import("@pulumi/pulumi").Output<string>;
-    dynamodbTableHashKey: import("@pulumi/pulumi").Output<string>;
-    dynamodbTableRangeKey: import("@pulumi/pulumi").Output<string | undefined>;
-    sqs: import("@webiny/pulumi").PulumiAppResource<typeof import("@pulumi/aws/sqs/queue").Queue>;
-    sqsArn: import("@pulumi/pulumi").Output<string>;
+    workerLambda: pulumi.Output<import("@pulumi/aws/lambda/function.js").Function>;
+    workerLambdaRole: pulumi.Output<import("@pulumi/aws/iam/role.js").Role>;
+    /**
+     * Resolver Lambda - gets hit by SQS and resolves the data.
+     */
+    resolverLambda: pulumi.Output<import("@pulumi/aws/lambda/function.js").Function>;
+    resolverLambdaRole: pulumi.Output<import("@pulumi/aws/iam/role.js").Role>;
+    resolverLambdaPolicy: pulumi.Output<import("@pulumi/aws/iam/policy.js").Policy>;
+    resolverLambdaEventSourceMapping: pulumi.Output<import("@pulumi/aws/lambda/eventSourceMapping.js").EventSourceMapping>;
     /**
      * Systems we are connecting together.
      */