dcl-ops-lib 5.17.0

package/README.md

@@ -0,0 +1,6 @@
+# dcl-ops-lib
+
+Used to compile pulumi projects
+
+# License
+Published under Apache-2.0

package/StaticWebsite.d.ts

@@ -0,0 +1,24 @@
+export declare type StaticWebsite = {
+    domain: string;
+    certificateArn?: string;
+    additionalDomains?: string[];
+    defaultPath?: string;
+    corsRules?: {
+        allowedHeaders: string[];
+        allowedMethods: string[];
+        allowedOrigins: string[];
+        exposeHeaders: string[];
+        maxAgeSeconds: number;
+    }[];
+    cloudflareDomain?: {
+        proxied?: boolean;
+    };
+    /**
+     * Unprotect buckets before safe deletion, leave always in false until
+     * deletion of buckets is required.
+     *
+     * Default: false
+     */
+    unprotect?: boolean;
+    priceClass?: "PriceClass_All" | "PriceClass_200" | "PriceClass_100";
+};

package/StaticWebsite.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=StaticWebsite.js.map

package/acceptAlb.d.ts

@@ -0,0 +1,4 @@
+import * as awsx from "@pulumi/awsx";
+export declare const acceptAlbSecurityGroup: () => Promise<awsx.ec2.SecurityGroup>;
+export declare function acceptAlbSecurityGroupId(): Promise<import("@pulumi/pulumi").Output<string>>;
+export default acceptAlbSecurityGroup;

package/acceptAlb.js

@@ -0,0 +1,27 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.acceptAlbSecurityGroupId = exports.acceptAlbSecurityGroup = void 0;
+const awsx = require("@pulumi/awsx");
+const values_1 = require("./values");
+const withCache_1 = require("./withCache");
+exports.acceptAlbSecurityGroup = (0, withCache_1.default)(() => __awaiter(void 0, void 0, void 0, function* () {
+    const config = yield (0, values_1.getEnvConfiguration)();
+    return awsx.ec2.SecurityGroup.fromExistingId(`accept-alb-sg-reference`, config.acceptAlb);
+}));
+function acceptAlbSecurityGroupId() {
+    return __awaiter(this, void 0, void 0, function* () {
+        return (yield (0, exports.acceptAlbSecurityGroup)()).id;
+    });
+}
+exports.acceptAlbSecurityGroupId = acceptAlbSecurityGroupId;
+exports.default = exports.acceptAlbSecurityGroup;
+//# sourceMappingURL=acceptAlb.js.map

package/acceptBastion.d.ts

@@ -0,0 +1,4 @@
+import * as awsx from "@pulumi/awsx";
+export declare const acceptBastionSecurityGroup: () => Promise<awsx.ec2.SecurityGroup>;
+export declare function acceptBastionSecurityGroupId(): Promise<import("@pulumi/pulumi").Output<string>>;
+export default acceptBastionSecurityGroup;

package/acceptBastion.js

@@ -0,0 +1,27 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.acceptBastionSecurityGroupId = exports.acceptBastionSecurityGroup = void 0;
+const awsx = require("@pulumi/awsx");
+const values_1 = require("./values");
+const withCache_1 = require("./withCache");
+exports.acceptBastionSecurityGroup = (0, withCache_1.default)(() => __awaiter(void 0, void 0, void 0, function* () {
+    const config = yield (0, values_1.getEnvConfiguration)();
+    return awsx.ec2.SecurityGroup.fromExistingId(`accept-bastion-sg-reference`, config.acceptBastion);
+}));
+function acceptBastionSecurityGroupId() {
+    return __awaiter(this, void 0, void 0, function* () {
+        return (yield (0, exports.acceptBastionSecurityGroup)()).id;
+    });
+}
+exports.acceptBastionSecurityGroupId = acceptBastionSecurityGroupId;
+exports.default = exports.acceptBastionSecurityGroup;
+//# sourceMappingURL=acceptBastion.js.map

package/acceptDb.d.ts

@@ -0,0 +1,4 @@
+import * as awsx from "@pulumi/awsx";
+export declare const acceptDbSecurityGroup: () => Promise<awsx.ec2.SecurityGroup>;
+export declare function acceptDbSecurityGroupId(): Promise<import("@pulumi/pulumi").Output<string>>;
+export default acceptDbSecurityGroup;

package/acceptDb.js

@@ -0,0 +1,27 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.acceptDbSecurityGroupId = exports.acceptDbSecurityGroup = void 0;
+const awsx = require("@pulumi/awsx");
+const values_1 = require("./values");
+const withCache_1 = require("./withCache");
+exports.acceptDbSecurityGroup = (0, withCache_1.default)(() => __awaiter(void 0, void 0, void 0, function* () {
+    const config = yield (0, values_1.getEnvConfiguration)();
+    return awsx.ec2.SecurityGroup.fromExistingId(`accept-db-sg-reference`, config.dbSecurity);
+}));
+function acceptDbSecurityGroupId() {
+    return __awaiter(this, void 0, void 0, function* () {
+        return (yield (0, exports.acceptDbSecurityGroup)()).id;
+    });
+}
+exports.acceptDbSecurityGroupId = acceptDbSecurityGroupId;
+exports.default = exports.acceptDbSecurityGroup;
+//# sourceMappingURL=acceptDb.js.map

package/accessTheInternet.d.ts

@@ -0,0 +1,6 @@
+import * as awsx from "@pulumi/awsx";
+export declare const accessCloudflareSecurityGroup: () => Promise<awsx.ec2.SecurityGroup>;
+export declare const accessTheInternetSecurityGroup: () => Promise<awsx.ec2.SecurityGroup>;
+export declare function accessTheInternetSecurityGroupId(): Promise<import("@pulumi/pulumi").Output<string>>;
+export default accessTheInternetSecurityGroup;
+export declare function accessFromCloudflareSecurityGroup(): Promise<import("@pulumi/pulumi").Output<string>>;

package/accessTheInternet.js

@@ -0,0 +1,38 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.accessFromCloudflareSecurityGroup = exports.accessTheInternetSecurityGroupId = exports.accessTheInternetSecurityGroup = exports.accessCloudflareSecurityGroup = void 0;
+const awsx = require("@pulumi/awsx");
+const supra_1 = require("./supra");
+const values_1 = require("./values");
+const withCache_1 = require("./withCache");
+exports.accessCloudflareSecurityGroup = (0, withCache_1.default)(() => __awaiter(void 0, void 0, void 0, function* () {
+    const config = yield (0, values_1.getEnvConfiguration)(); // ?
+    return awsx.ec2.SecurityGroup.fromExistingId(`accept-cloudflare-web-sg-reference`, supra_1.supra.getOutputValue(`cloudflareAcceptWeb`));
+}));
+exports.accessTheInternetSecurityGroup = (0, withCache_1.default)(() => __awaiter(void 0, void 0, void 0, function* () {
+    const config = yield (0, values_1.getEnvConfiguration)(); // ?
+    return awsx.ec2.SecurityGroup.fromExistingId(`access-the-internet-sg-reference`, supra_1.supra.getOutputValue(`accessTheInternet`));
+}));
+function accessTheInternetSecurityGroupId() {
+    return __awaiter(this, void 0, void 0, function* () {
+        return (yield (0, exports.accessTheInternetSecurityGroup)()).id;
+    });
+}
+exports.accessTheInternetSecurityGroupId = accessTheInternetSecurityGroupId;
+exports.default = exports.accessTheInternetSecurityGroup;
+function accessFromCloudflareSecurityGroup() {
+    return __awaiter(this, void 0, void 0, function* () {
+        return (yield (0, exports.accessCloudflareSecurityGroup)()).id;
+    });
+}
+exports.accessFromCloudflareSecurityGroup = accessFromCloudflareSecurityGroup;
+//# sourceMappingURL=accessTheInternet.js.map

package/alb.d.ts

@@ -0,0 +1,14 @@
+import * as aws from "@pulumi/aws";
+import * as awsx from "@pulumi/awsx";
+export declare type ElbValues = {
+    dns: string;
+    elbArn: string;
+    elbUrn: string;
+    listenerArn: string;
+    logs: string;
+};
+export declare const getAlb: () => Promise<{
+    dns: string;
+    alb: awsx.elasticloadbalancingv2.ApplicationLoadBalancer;
+    listener: aws.lb.GetListenerResult;
+}>;

package/alb.js

@@ -0,0 +1,34 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAlb = void 0;
+const aws = require("@pulumi/aws");
+const awsx = require("@pulumi/awsx");
+const domain_1 = require("./domain");
+const supra_1 = require("./supra");
+const withCache_1 = require("./withCache");
+const cache = {
+    elbArn: null,
+    listenerArn: null,
+    elb: null,
+    alb: null,
+    dns: undefined,
+    listener: null
+};
+exports.getAlb = (0, withCache_1.default)(() => __awaiter(void 0, void 0, void 0, function* () {
+    const dns = yield supra_1.supra.getOutputValue("dns");
+    const loadBalancer = yield supra_1.supra.getOutputValue("albInstance");
+    const elbValues = yield supra_1.supra.getOutputValue("elbValues");
+    const alb = new awsx.lb.ApplicationLoadBalancer(`${domain_1.env}-alb-all`, { loadBalancer });
+    const listener = yield aws.lb.getListener({ arn: elbValues.listenerArn });
+    return { dns, alb, listener };
+}));
+//# sourceMappingURL=alb.js.map

package/buildStatic.d.ts

@@ -0,0 +1,15 @@
+import * as pulumi from "@pulumi/pulumi";
+import { StaticWebsite } from "./StaticWebsite";
+export declare function buildStatic(staticSite: StaticWebsite): {
+    cloudfrontDistribution: pulumi.Output<string>;
+    cloudfrontHostedZoneId: pulumi.Output<string>;
+    logsBucket: {
+        bucket: pulumi.Output<string>;
+        arn: pulumi.Output<string>;
+    };
+    contentBucketUri: pulumi.Output<string>;
+    contentBucket: pulumi.Output<string>;
+    contentBucketWebsiteEndpoint: pulumi.Output<string>;
+    cloudFrontDomain: pulumi.Output<string>;
+    targetDomainEndpoint: string;
+};

package/buildStatic.js

@@ -0,0 +1,169 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildStatic = void 0;
+const aws = require("@pulumi/aws");
+const pulumi = require("@pulumi/pulumi");
+const certificate_1 = require("./certificate");
+const cloudflare_1 = require("./cloudflare");
+const domain_1 = require("./domain");
+const getDomainAndSubdomain_1 = require("./getDomainAndSubdomain");
+function buildStatic(staticSite) {
+    var _a;
+    const protect = !staticSite.unprotect;
+    // Load the Pulumi program configuration. These act as the "parameters" to the Pulumi program,
+    // so that different Pulumi Stacks can be brought up using the same code.
+    const tenMinutes = 60 * 10;
+    const aYear = 60 * 60 * 24 * 365;
+    const certificateArn = staticSite.certificateArn || (0, certificate_1.getCertificateFor)(staticSite.domain);
+    const config = {
+        targetDomain: staticSite.domain,
+        certificateArn,
+        additionalDomains: staticSite.additionalDomains ? staticSite.additionalDomains : [],
+    };
+    const slug = staticSite.domain.replace(/\./g, "-") + "-";
+    // contentBucket is the S3 bucket that the website's contents will be stored in.
+    const bucketInfo = {
+        acl: "public-read",
+        // Configure S3 to serve bucket contents as a website. This way S3 will automatically convert
+        // requests for "foo/" to "foo/index.html".
+        website: {
+            indexDocument: "index.html",
+            errorDocument: (_a = staticSite.defaultPath) !== null && _a !== void 0 ? _a : "404.html",
+        },
+    };
+    if (staticSite.corsRules !== undefined) {
+        Object.assign(bucketInfo, { corsRules: staticSite.corsRules });
+    }
+    const contentBucket = new aws.s3.Bucket(slug + "contentBucket", bucketInfo, {
+        protect,
+    });
+    // logsBucket is an S3 bucket that will contain the CDN's request logs.
+    const logsBucket = new aws.s3.Bucket(slug + "logs", {
+        acl: "private",
+    }, {
+        protect,
+    });
+    const distributionArgs = {
+        enabled: true,
+        // Alternate aliases the CloudFront distribution can be reached at, in addition to https://xxxx.cloudfront.net.
+        // Required if you want to access the distribution via config.targetDomain as well.
+        aliases: [config.targetDomain, ...config.additionalDomains],
+        // We only specify one origin for this distribution, the S3 content bucket.
+        origins: [
+            {
+                originId: contentBucket.arn,
+                domainName: contentBucket.websiteEndpoint,
+                customOriginConfig: {
+                    // Amazon S3 doesn't support HTTPS connections when using an S3 bucket configured as a website endpoint.
+                    // https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginProtocolPolicy
+                    originProtocolPolicy: "http-only",
+                    httpPort: 80,
+                    httpsPort: 443,
+                    originSslProtocols: ["TLSv1.2"],
+                },
+            },
+        ],
+        defaultRootObject: "index.html",
+        // A CloudFront distribution can configure different cache behaviors based on the request path.
+        // Here we just specify a single, default cache behavior which is just read-only requests to S3.
+        defaultCacheBehavior: {
+            targetOriginId: contentBucket.arn,
+            viewerProtocolPolicy: "redirect-to-https",
+            allowedMethods: ["GET", "HEAD", "OPTIONS"],
+            cachedMethods: ["GET", "HEAD", "OPTIONS"],
+            forwardedValues: {
+                cookies: { forward: "none" },
+                // https://aws.amazon.com/premiumsupport/knowledge-center/no-access-control-allow-origin-error/
+                headers: ["Access-Control-Request-Headers", "Access-Control-Request-Method", "Origin", "ETag"],
+                queryString: false,
+            },
+            minTtl: 0,
+            defaultTtl: tenMinutes,
+            maxTtl: aYear,
+            compress: true,
+        },
+        // "All" is the most broad distribution, and also the most expensive.
+        // "100" is the least broad, and also the least expensive.
+        priceClass: staticSite.priceClass || "PriceClass_100",
+        // You can customize error responses. When CloudFront recieves an error from the origin (e.g. S3 or some other
+        // web service) it can return a different error code, and return the response for a different resource.
+        customErrorResponses: [{ errorCode: 404, responseCode: 404, responsePagePath: "/404.html" }],
+        restrictions: {
+            geoRestriction: {
+                restrictionType: "none",
+            },
+        },
+        viewerCertificate: {
+            acmCertificateArn: certificateArn,
+            sslSupportMethod: "sni-only",
+        },
+        loggingConfig: {
+            bucket: logsBucket.bucketDomainName,
+            includeCookies: false,
+            prefix: `${config.targetDomain}/`,
+        },
+    };
+    const cdn = new aws.cloudfront.Distribution(slug + "cdn", distributionArgs);
+    // Creates a new Route53 DNS record pointing the domain to the CloudFront distribution.
+    function createAliasRecord(targetDomain, distribution) {
+        const domainParts = (0, getDomainAndSubdomain_1.getDomainAndSubdomain)(targetDomain);
+        const hostedZoneId = aws.route53
+            .getZone({ name: domainParts.parentDomain }, { async: true })
+            .then((zone) => zone.zoneId);
+        return new aws.route53.Record(targetDomain, {
+            name: domainParts.subdomain,
+            zoneId: hostedZoneId,
+            type: "A",
+            aliases: [
+                {
+                    name: distribution.domainName,
+                    zoneId: distribution.hostedZoneId,
+                    evaluateTargetHealth: true,
+                },
+            ],
+        });
+    }
+    const cloudflare = staticSite.cloudflareDomain;
+    const domainParts = (0, getDomainAndSubdomain_1.getDomainAndSubdomain)(config.targetDomain);
+    if (domainParts.parentDomain.replace(/\.$/, '') == domain_1.publicDomain) {
+        if (cloudflare && cloudflare.proxied) {
+            (0, cloudflare_1.setRecord)({
+                proxied: true,
+                recordName: domainParts.subdomain,
+                type: "CNAME",
+                value: cdn.domainName,
+            });
+        }
+        else {
+            (0, cloudflare_1.setRecord)({
+                proxied: false,
+                ttl: 120,
+                recordName: domainParts.subdomain,
+                type: "CNAME",
+                value: cdn.domainName,
+            });
+        }
+    }
+    const aRecord = createAliasRecord(config.targetDomain, cdn);
+    // Export properties from this stack. This prints them at the end of `pulumi up` and
+    // makes them easier to access from the pulumi.com.
+    const contentBucketUri = pulumi.interpolate `s3://${contentBucket.bucket}`;
+    const contentBucketWebsiteEndpoint = contentBucket.websiteEndpoint;
+    const cloudFrontDomain = cdn.domainName;
+    const targetDomainEndpoint = `https://${config.targetDomain}/`;
+    return {
+        cloudfrontDistribution: cdn.id,
+        cloudfrontHostedZoneId: cdn.hostedZoneId,
+        logsBucket: {
+            bucket: logsBucket.bucket,
+            arn: logsBucket.arn,
+        },
+        contentBucketUri,
+        contentBucket: contentBucket.bucket,
+        contentBucketWebsiteEndpoint,
+        cloudFrontDomain,
+        targetDomainEndpoint,
+    };
+}
+exports.buildStatic = buildStatic;
+//# sourceMappingURL=buildStatic.js.map

package/certificate.d.ts

@@ -0,0 +1,2 @@
+import * as pulumi from "@pulumi/pulumi";
+export declare function getCertificateFor(domain: string, arn?: pulumi.Input<string>): pulumi.Input<string>;

package/certificate.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getCertificateFor = void 0;
+const getDomainAndSubdomain_1 = require("./getDomainAndSubdomain");
+const CERTIFICATE_ARNS = {
+    // Development
+    "decentraland.io": "arn:aws:acm:us-east-1:564327678575:certificate/0e9bc16e-6a3c-4e2d-a93c-314bdab51261",
+    "decentraland.zone": "arn:aws:acm:us-east-1:564327678575:certificate/8123afb1-a8b5-415f-996e-37b099cc3baa",
+    // Staging
+    "decentraland.net": "arn:aws:acm:us-east-1:000333518097:certificate/3f48065d-dfb4-4488-88e3-3bd5fe9bd69d",
+    "decentraland.today": "arn:aws:acm:us-east-1:000333518097:certificate/a7c45839-cf2d-452d-b161-97925361e0fe",
+    // Pre-production (redirect .org here)
+    "decentraland.co": "arn:aws:acm:us-east-1:619079673649:certificate/f767fa77-369a-4559-b5a0-545e1b823c57",
+    // Not used
+    "decentraland.network": "arn:aws:acm:us-east-1:493726167017:certificate/e4438720-6069-40b1-9736-05f0e4740171",
+    // Business
+    "decentraland.systems": "arn:aws:acm:us-east-1:110762453957:certificate/eaef9c69-e8e5-4705-b3aa-a04a4bc41501",
+    // Business
+    "dcl.tools": "arn:aws:acm:us-east-1:493726167017:certificate/c1ae3e9a-7cd2-4561-915e-3c09ae7c0bd6",
+    // Production
+    "dcl.gg": "arn:aws:acm:us-east-1:619079673649:certificate/657dd8ab-4251-471d-99ce-cc6a7ef87b77",
+    // Production
+    "mana.network": "arn:aws:acm:us-east-1:493726167017:certificate/2cac1242-fe97-45d6-b80e-9405923bd84d",
+    // Production
+    "decentraland.org": "arn:aws:acm:us-east-1:619079673649:certificate/64b31250-8656-4bf3-ad74-dc5def47476d",
+};
+function getCertificateFor(domain, arn) {
+    if (arn) {
+        return arn;
+    }
+    const domainParts = (0, getDomainAndSubdomain_1.getDomainAndSubdomain)(domain);
+    const parent = domainParts.parentDomain.endsWith(".")
+        ? domainParts.parentDomain.slice(0, domainParts.parentDomain.length - 1)
+        : domainParts.parentDomain;
+    const result = CERTIFICATE_ARNS[parent];
+    if (!result) {
+        throw new Error(`No certificate found for ${parent}`);
+    }
+    return result;
+}
+exports.getCertificateFor = getCertificateFor;
+//# sourceMappingURL=certificate.js.map

package/cloudflare.d.ts

@@ -0,0 +1,24 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as cloudflare from "@pulumi/cloudflare";
+export declare type DeployWorkerConfig = {
+    jsWorkerFileName: string;
+    routes: pulumi.Input<string>[];
+    env?: Record<string, pulumi.Input<string>>;
+    overrides?: cloudflare.WorkerScriptArgs;
+};
+export declare type SetRecordConfig = {
+    recordName: string;
+    type: "CNAME" | "A" | "TXT";
+    value: pulumi.Input<string>;
+} & ({
+    ttl: number;
+    proxied: false;
+} | {
+    proxied: true;
+});
+export declare function getZoneId(): Promise<string>;
+export declare function deployWorker(workerName: string, config: DeployWorkerConfig): Promise<{
+    [x: string]: pulumi.Output<string> | cloudflare.WorkerScript;
+    worker: cloudflare.WorkerScript;
+}>;
+export declare function setRecord(config: SetRecordConfig): Promise<cloudflare.Record>;

package/cloudflare.js

@@ -0,0 +1,72 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setRecord = exports.deployWorker = exports.getZoneId = void 0;
+const pulumi = require("@pulumi/pulumi");
+const cloudflare = require("@pulumi/cloudflare");
+const domain_1 = require("./domain");
+const fs_1 = require("fs");
+function getZoneId() {
+    return __awaiter(this, void 0, void 0, function* () {
+        const res = yield cloudflare.getZones({ filter: { name: domain_1.publicDomain } });
+        if (res.zones.length == 0)
+            throw new Error(`Zone ${domain_1.publicDomain} not found`);
+        return res.zones[0].id;
+    });
+}
+exports.getZoneId = getZoneId;
+function deployWorker(workerName, config) {
+    return __awaiter(this, void 0, void 0, function* () {
+        // get file contents
+        const content = (0, fs_1.readFileSync)(config.jsWorkerFileName).toString();
+        // build array of global variables for the workers
+        const plainTextBindings = [];
+        Object.entries(config.env || {}).forEach(([name, text]) => {
+            plainTextBindings.push({ name, text });
+        });
+        // create the worker
+        const worker = new cloudflare.WorkerScript(`${workerName}-${domain_1.publicTLD}`, Object.assign({ name: `${workerName}-${domain_1.publicTLD}`, content,
+            plainTextBindings }, (config.overrides || {})));
+        const ret = { [workerName + "-" + domain_1.publicTLD]: worker.id, worker };
+        // create the routes
+        let count = 0;
+        for (let pattern of config.routes) {
+            const contentRoute = new cloudflare.WorkerRoute(`${workerName}-route-${count}`, {
+                pattern,
+                scriptName: worker.name,
+                zoneId: getZoneId(),
+            }, { aliases: [pulumi.interpolate `${workerName}-route-${pattern}`] });
+            count++;
+            ret[workerName + "-" + domain_1.publicTLD + "-route"] = contentRoute.id;
+        }
+        return ret;
+    });
+}
+exports.deployWorker = deployWorker;
+function setRecord(config) {
+    return __awaiter(this, void 0, void 0, function* () {
+        if (!config.proxied && config.ttl < 120) {
+            throw new Error("Min TTL is 120");
+        }
+        // create the record
+        const record = new cloudflare.Record(`${config.recordName}-${config.type}-${domain_1.publicTLD}`, {
+            type: config.type,
+            name: config.recordName,
+            value: config.value,
+            ttl: config.proxied ? 1 : config.ttl,
+            zoneId: getZoneId(),
+            proxied: config.proxied,
+        });
+        return record;
+    });
+}
+exports.setRecord = setRecord;
+//# sourceMappingURL=cloudflare.js.map

package/cloudwatchLogs.d.ts

@@ -0,0 +1,2 @@
+export declare const ec2BasicCloudwatchProfileName = "EC2CloudwatchBasicProfile";
+export declare const cloudwatchSetup: (logGroupName: string, filePath?: string) => string;

package/cloudwatchLogs.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cloudwatchSetup = exports.ec2BasicCloudwatchProfileName = void 0;
+exports.ec2BasicCloudwatchProfileName = 'EC2CloudwatchBasicProfile';
+const cloudwatchSetup = (logGroupName, filePath = '/var/log/syslog') => {
+    return `wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb
+dpkg -i -E ./amazon-cloudwatch-agent.deb
+rm amazon-cloudwatch-agent.deb
+
+cat << EOF > /opt/aws/amazon-cloudwatch-agent/bin/config.json
+{
+    "agent": {
+        "run_as_user": "root"
+    },
+    "logs": {
+        "logs_collected": {
+            "files": {
+                "collect_list": [
+                    {
+                        "file_path": "${filePath}",
+                        "log_group_name": "${logGroupName}",
+                        "log_stream_name": "{instance_id}"
+                    }
+                ]
+            }
+        }
+    }
+}
+EOF
+/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json -s
+`;
+};
+exports.cloudwatchSetup = cloudwatchSetup;
+//# sourceMappingURL=cloudwatchLogs.js.map

package/createBucketWithUser.d.ts

@@ -0,0 +1,11 @@
+import * as aws from "@pulumi/aws";
+import { BucketArgs } from "@pulumi/aws/s3/bucket";
+import * as pulumi from "@pulumi/pulumi";
+export declare function createBucketWithUser(name: string, bucketArgs?: BucketArgs): {
+    role: aws.iam.Role;
+    user: pulumi.Output<string>;
+    bucket: pulumi.Output<string>;
+    bucketPolicyId: pulumi.Output<string>;
+    accessKeyId: pulumi.Output<string>;
+    secretAccessKey: pulumi.Output<string>;
+};