dcl-ops-lib 8.3.3 → 9.1.0

package/createSQSTriggeredFargateTask.js

@@ -0,0 +1,110 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSQSTriggeredFargateTask = void 0;
+const aws = require("@pulumi/aws");
+const pulumi = require("@pulumi/pulumi");
+const stack_1 = require("./stack");
+const scheduledTaskBase_1 = require("./scheduledTaskBase");
+/**
+ * Creates a Fargate task that is triggered by messages in an SQS queue.
+ * Uses EventBridge Pipes to connect the SQS queue to ECS task execution.
+ *
+ * @param taskName A name for this task. For example, "order-processor"
+ * @param dockerImage The docker image to run
+ * @param options Configuration options for the SQS-triggered task
+ *
+ * @example
+ * ```typescript
+ * await createSQSTriggeredFargateTask("order-processor", "myapp/processor:latest", {
+ *   sqsTrigger: {
+ *     queueArn: ordersQueue.arn,
+ *     batchSize: 10,
+ *     maximumBatchingWindowSeconds: 30,
+ *   },
+ *   cpu: 512,
+ *   memory: 1024,
+ *   environment: [{ name: "DB_HOST", value: dbHost }],
+ *   slackChannel: "#order-processing-alerts",
+ *   team: "platform",
+ * });
+ * ```
+ */
+async function createSQSTriggeredFargateTask(taskName, dockerImage, options) {
+    const { sqsTrigger, ...baseOptions } = options;
+    // Create base infrastructure (task definition, security group, IAM roles, etc.)
+    const base = await (0, scheduledTaskBase_1.createBaseTaskInfrastructure)(taskName, dockerImage, baseOptions, ["pipes.amazonaws.com"] // EventBridge Pipes service
+    );
+    // Add SQS permissions to the EventBridge role
+    const sqsPolicy = new aws.iam.RolePolicy(`${base.resourcePrefix}-sqs-policy`, {
+        role: base.eventBridgeRole.id,
+        policy: pulumi.output(sqsTrigger.queueArn).apply((queueArn) => JSON.stringify({
+            Version: "2012-10-17",
+            Statement: [
+                {
+                    Effect: "Allow",
+                    Action: [
+                        // Permissions needed to read from SQS
+                        "sqs:ReceiveMessage",
+                        "sqs:DeleteMessage",
+                        "sqs:GetQueueAttributes",
+                    ],
+                    Resource: queueArn,
+                },
+            ],
+        })),
+    });
+    // Create EventBridge Pipe to connect SQS queue to ECS task
+    const pipe = new aws.pipes.Pipe(`${base.resourcePrefix}-sqs-pipe`, {
+        // Unique name for this pipe
+        name: (0, stack_1.getStackScopedName)(taskName),
+        // IAM role that the pipe assumes to read from source and invoke target
+        roleArn: base.eventBridgeRole.arn,
+        // Source: the SQS queue to read messages from
+        source: sqsTrigger.queueArn,
+        // Source configuration for SQS
+        sourceParameters: {
+            sqsQueueParameters: {
+                // Number of messages to retrieve per batch (1-10000)
+                batchSize: sqsTrigger.batchSize || 1,
+                // Maximum time to wait for a full batch before triggering (0-300 seconds)
+                maximumBatchingWindowInSeconds: sqsTrigger.maximumBatchingWindowSeconds || 0,
+            },
+        },
+        // Target: the ECS cluster to run tasks on
+        target: base.clusterArn,
+        // Target configuration for ECS tasks
+        targetParameters: {
+            ecsTaskParameters: {
+                // The task definition to run
+                taskDefinitionArn: base.taskDefinition.arn,
+                // Number of task instances to launch per invocation
+                taskCount: base.taskCount,
+                // Launch type: FARGATE for serverless containers
+                launchType: "FARGATE",
+                // Network configuration for awsvpc network mode
+                networkConfiguration: {
+                    awsVpcConfiguration: {
+                        // Private subnets where the task will run
+                        subnets: base.subnetIds,
+                        // Security groups controlling inbound/outbound traffic
+                        securityGroups: base.securityGroups,
+                        // Whether to assign a public IP (ENABLED/DISABLED)
+                        assignPublicIp: base.assignPublicIp ? "ENABLED" : "DISABLED",
+                    },
+                },
+            },
+        },
+        tags: { ServiceName: taskName, Team: base.team },
+    }, { dependsOn: [base.eventBridgePolicy, sqsPolicy, base.taskDefinition] });
+    return {
+        taskDefinition: base.taskDefinition,
+        taskSecurityGroup: base.taskSecurityGroup,
+        logGroup: base.logGroup,
+        executionRole: base.executionRole,
+        taskRole: base.taskRole,
+        eventBridgeRole: base.eventBridgeRole,
+        pipe,
+    };
+}
+exports.createSQSTriggeredFargateTask = createSQSTriggeredFargateTask;
+//# sourceMappingURL=createSQSTriggeredFargateTask.js.map

package/createScheduledFargateTask.d.ts

@@ -0,0 +1,75 @@
+import * as pulumi from "@pulumi/pulumi";
+import { BaseFargateTaskOptions, RetryPolicyConfig } from "./scheduledTaskBase";
+/**
+ * Schedule configuration for the task
+ */
+export type ScheduleConfig = {
+    /**
+     * Schedule expression in cron or rate format
+     * Cron: "cron(0 12 * * ? *)" - runs daily at noon UTC
+     * Rate: "rate(1 hour)" - runs every hour
+     */
+    expression: string;
+    /**
+     * Timezone for the schedule (default: "UTC")
+     * Example: "America/New_York", "Europe/London"
+     */
+    timezone?: string;
+    /**
+     * Whether the schedule is enabled (default: true)
+     */
+    enabled?: boolean;
+    /**
+     * Optional start date for the schedule (ISO 8601 format)
+     */
+    startDate?: string;
+    /**
+     * Optional end date for the schedule (ISO 8601 format)
+     */
+    endDate?: string;
+};
+/**
+ * Options for creating a scheduled Fargate task
+ */
+export type ScheduledFargateTaskOptions = BaseFargateTaskOptions & {
+    /**
+     * Schedule configuration (cron/rate expression) - required
+     */
+    schedule: ScheduleConfig;
+    /**
+     * Retry policy for failed task invocations
+     */
+    retryPolicy?: RetryPolicyConfig;
+};
+/**
+ * Creates a scheduled Fargate task that runs on a cron/rate schedule.
+ *
+ * @param taskName A name for this task. For example, "daily-cleanup"
+ * @param dockerImage The docker image to run
+ * @param options Configuration options for the scheduled task
+ *
+ * @example
+ * ```typescript
+ * await createScheduledFargateTask("daily-cleanup", "myapp/cleanup:latest", {
+ *   schedule: {
+ *     expression: "cron(0 2 * * ? *)", // Daily at 2 AM
+ *     timezone: "America/New_York",
+ *   },
+ *   cpu: 512,
+ *   memory: 1024,
+ *   environment: [{ name: "DB_HOST", value: dbHost }],
+ *   slackChannel: "#scheduled-tasks-alerts",
+ *   team: "platform",
+ * });
+ * ```
+ */
+export declare function createScheduledFargateTask(taskName: string, dockerImage: string | Promise<string> | pulumi.OutputInstance<string>, options: ScheduledFargateTaskOptions): Promise<{
+    taskDefinition: import("@pulumi/aws/ecs/taskDefinition").TaskDefinition;
+    taskSecurityGroup: import("@pulumi/aws/ec2/securityGroup").SecurityGroup;
+    logGroup: import("@pulumi/aws/cloudwatch/logGroup").LogGroup;
+    executionRole: import("@pulumi/aws/iam/role").Role;
+    taskRole: import("@pulumi/aws/iam/role").Role;
+    eventBridgeRole: import("@pulumi/aws/iam/role").Role;
+    scheduler: import("@pulumi/aws/scheduler/schedule").Schedule;
+    scheduleGroup: import("@pulumi/aws/scheduler/scheduleGroup").ScheduleGroup;
+}>;

package/createScheduledFargateTask.js

@@ -0,0 +1,108 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createScheduledFargateTask = void 0;
+const aws = require("@pulumi/aws");
+const stack_1 = require("./stack");
+const scheduledTaskBase_1 = require("./scheduledTaskBase");
+/**
+ * Creates a scheduled Fargate task that runs on a cron/rate schedule.
+ *
+ * @param taskName A name for this task. For example, "daily-cleanup"
+ * @param dockerImage The docker image to run
+ * @param options Configuration options for the scheduled task
+ *
+ * @example
+ * ```typescript
+ * await createScheduledFargateTask("daily-cleanup", "myapp/cleanup:latest", {
+ *   schedule: {
+ *     expression: "cron(0 2 * * ? *)", // Daily at 2 AM
+ *     timezone: "America/New_York",
+ *   },
+ *   cpu: 512,
+ *   memory: 1024,
+ *   environment: [{ name: "DB_HOST", value: dbHost }],
+ *   slackChannel: "#scheduled-tasks-alerts",
+ *   team: "platform",
+ * });
+ * ```
+ */
+async function createScheduledFargateTask(taskName, dockerImage, options) {
+    const { schedule, retryPolicy, ...baseOptions } = options;
+    // Create base infrastructure (task definition, security group, IAM roles, etc.)
+    const base = await (0, scheduledTaskBase_1.createBaseTaskInfrastructure)(taskName, dockerImage, baseOptions, ["scheduler.amazonaws.com"] // EventBridge Scheduler service
+    );
+    // Schedule groups allow organizing related schedules together
+    // and applying resource-based policies at the group level
+    const scheduleGroup = new aws.scheduler.ScheduleGroup(`${base.resourcePrefix}-schedule-group`, {
+        name: (0, stack_1.getStackScopedName)(taskName),
+        tags: { ServiceName: taskName, Team: base.team },
+    });
+    const scheduler = new aws.scheduler.Schedule(`${base.resourcePrefix}-schedule`, {
+        // Unique name for this schedule within the AWS account and region
+        name: (0, stack_1.getStackScopedName)(taskName),
+        // Associate with the schedule group for organization
+        groupName: scheduleGroup.name,
+        // Schedule expression: supports cron() and rate() formats
+        // Examples: "cron(0 12 * * ? *)" for daily at noon, "rate(1 hour)" for hourly
+        scheduleExpression: schedule.expression,
+        // Timezone for interpreting cron expressions (default: UTC)
+        // Examples: "America/New_York", "Europe/London", "UTC"
+        scheduleExpressionTimezone: schedule.timezone || "UTC",
+        // Whether the schedule is active (ENABLED) or paused (DISABLED)
+        state: schedule.enabled !== false ? "ENABLED" : "DISABLED",
+        // Optional: Schedule won't trigger before this date (ISO 8601 format)
+        startDate: schedule.startDate,
+        // Optional: Schedule won't trigger after this date (ISO 8601 format)
+        endDate: schedule.endDate,
+        // Flexible time window allows EventBridge to invoke the target within a window
+        // OFF = invoke at exact scheduled time, FLEXIBLE = invoke within specified window
+        flexibleTimeWindow: {
+            mode: "OFF",
+        },
+        target: {
+            // Target is the ECS cluster that will run the task
+            arn: base.clusterArn,
+            // IAM role that EventBridge assumes to invoke the target
+            roleArn: base.eventBridgeRole.arn,
+            // ECS-specific parameters for running Fargate tasks
+            ecsParameters: {
+                // The task definition to run
+                taskDefinitionArn: base.taskDefinition.arn,
+                // Number of task instances to launch (default: 1)
+                taskCount: base.taskCount,
+                // Launch type: FARGATE for serverless, EC2 for container instances
+                launchType: "FARGATE",
+                // Network configuration for tasks using awsvpc network mode
+                networkConfiguration: {
+                    // Private subnets where the task will run
+                    subnets: base.subnetIds,
+                    // Security groups controlling inbound/outbound traffic
+                    securityGroups: base.securityGroups,
+                    // Whether to assign a public IP (needed for ECR pulls without NAT)
+                    assignPublicIp: base.assignPublicIp,
+                },
+            },
+            // Retry policy if the scheduler fails to invoke the target
+            retryPolicy: retryPolicy
+                ? {
+                    // Maximum number of retry attempts (0-185)
+                    maximumRetryAttempts: retryPolicy.maxRetries,
+                    // Maximum time to keep retrying before giving up (in seconds)
+                    maximumEventAgeInSeconds: retryPolicy.maxAgeSeconds,
+                }
+                : undefined,
+        },
+    }, { dependsOn: [base.eventBridgePolicy, base.taskDefinition] });
+    return {
+        taskDefinition: base.taskDefinition,
+        taskSecurityGroup: base.taskSecurityGroup,
+        logGroup: base.logGroup,
+        executionRole: base.executionRole,
+        taskRole: base.taskRole,
+        eventBridgeRole: base.eventBridgeRole,
+        scheduler,
+        scheduleGroup,
+    };
+}
+exports.createScheduledFargateTask = createScheduledFargateTask;
+//# sourceMappingURL=createScheduledFargateTask.js.map

package/exposePublicService.js

@@ -1,13 +1,4 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.exposePublicService = void 0;
 const aws = require("@pulumi/aws");
@@ -38,87 +29,85 @@ function isUnProxiedDomain(v) {
  * @param domain
  * @param port
  */
-function exposePublicService(name, domain, port, healthCheck = {}, vpcId, extraOptions, deregistrationDelay) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const { alb, listener } = yield (0, alb_1.getAlb)();
-        const healthCheckValue = Object.assign({}, DEFAULT_HEALTHCHECK_VALUES, healthCheck);
-        const isProxied = isProxiedDomain(extraOptions);
-        const isUnproxied = isUnProxiedDomain(extraOptions);
-        const createCloudflareRecord = isProxied || isUnproxied || domain.endsWith(`.${domain_1.publicDomain}`);
-        const onlyCloudflare = (extraOptions && extraOptions.skipInternalDomain) || false;
-        const createInternalDomain = !onlyCloudflare;
-        const certificate = (0, certificate_1.getCertificateFor)(domain);
-        const slug = name;
-        const targetVpcId = vpcId ? vpcId : (yield aws.ec2.getVpc({ default: true }, { async: true })).id;
-        const targetDeregistrationDelay = deregistrationDelay ? deregistrationDelay : 300;
-        const targetGroup = new aws.alb.TargetGroup("tg-" + slug.substr(-32 + 12), {
-            protocol: "HTTP",
-            targetType: "ip",
-            port,
-            healthCheck: healthCheckValue,
-            vpcId: targetVpcId,
-            deregistrationDelay: targetDeregistrationDelay,
+async function exposePublicService(name, domain, port, healthCheck = {}, vpcId, extraOptions, deregistrationDelay) {
+    const { alb, listener } = await (0, alb_1.getAlb)();
+    const healthCheckValue = Object.assign({}, DEFAULT_HEALTHCHECK_VALUES, healthCheck);
+    const isProxied = isProxiedDomain(extraOptions);
+    const isUnproxied = isUnProxiedDomain(extraOptions);
+    const createCloudflareRecord = isProxied || isUnproxied || domain.endsWith(`.${domain_1.publicDomain}`);
+    const onlyCloudflare = (extraOptions && extraOptions.skipInternalDomain) || false;
+    const createInternalDomain = !onlyCloudflare;
+    const certificate = (0, certificate_1.getCertificateFor)(domain);
+    const slug = name;
+    const targetVpcId = vpcId ? vpcId : (await aws.ec2.getVpc({ default: true }, { async: true })).id;
+    const targetDeregistrationDelay = deregistrationDelay ? deregistrationDelay : 300;
+    const targetGroup = new aws.alb.TargetGroup("tg-" + slug.substr(-32 + 12), {
+        protocol: "HTTP",
+        targetType: "ip",
+        port,
+        healthCheck: healthCheckValue,
+        vpcId: targetVpcId,
+        deregistrationDelay: targetDeregistrationDelay,
+    });
+    const domainParts = (0, getDomainAndSubdomain_1.getDomainAndSubdomain)(domain);
+    const enabledHostnames = [];
+    let record;
+    let cloudflareRecord;
+    if (createInternalDomain) {
+        const hostedZone = await aws.route53.getZone({ name: domainParts.parentDomain }, { async: true });
+        record = new aws.route53.Record(domain, {
+            name: domainParts.subdomain,
+            zoneId: hostedZone.zoneId,
+            type: "A",
+            aliases: [
+                {
+                    name: alb.dnsName,
+                    zoneId: alb.zoneId,
+                    evaluateTargetHealth: false,
+                },
+            ],
         });
-        const domainParts = (0, getDomainAndSubdomain_1.getDomainAndSubdomain)(domain);
-        const enabledHostnames = [];
-        let record;
-        let cloudflareRecord;
-        if (createInternalDomain) {
-            const hostedZone = yield aws.route53.getZone({ name: domainParts.parentDomain }, { async: true });
-            record = new aws.route53.Record(domain, {
-                name: domainParts.subdomain,
-                zoneId: hostedZone.zoneId,
-                type: "A",
-                aliases: [
-                    {
-                        name: alb.dnsName,
-                        zoneId: alb.zoneId,
-                        evaluateTargetHealth: false,
-                    },
-                ],
+        enabledHostnames.push(domain);
+    }
+    if (createCloudflareRecord) {
+        enabledHostnames.push(domainParts.subdomain + "." + domain_1.publicDomain);
+        if (isUnProxiedDomain(extraOptions)) {
+            cloudflareRecord = await (0, cloudflare_1.setRecord)({
+                recordName: domainParts.subdomain,
+                type: "CNAME",
+                value: alb.dnsName,
+                proxied: false,
+                ttl: extraOptions.ttl || 600,
             });
-            enabledHostnames.push(domain);
         }
-        if (createCloudflareRecord) {
-            enabledHostnames.push(domainParts.subdomain + "." + domain_1.publicDomain);
-            if (isUnProxiedDomain(extraOptions)) {
-                cloudflareRecord = yield (0, cloudflare_1.setRecord)({
-                    recordName: domainParts.subdomain,
-                    type: "CNAME",
-                    value: alb.dnsName,
-                    proxied: false,
-                    ttl: extraOptions.ttl || 600,
-                });
-            }
-            else {
-                cloudflareRecord = yield (0, cloudflare_1.setRecord)({
-                    recordName: domainParts.subdomain,
-                    type: "CNAME",
-                    value: alb.dnsName,
-                    proxied: true,
-                });
-            }
-        }
-        if (enabledHostnames.length) {
-            new aws.alb.ListenerRule(`${domain_1.env}-ls-${slug}`, {
-                listenerArn: listener.arn,
-                conditions: [{ hostHeader: { values: enabledHostnames } }, ...((extraOptions === null || extraOptions === void 0 ? void 0 : extraOptions.targetGroupConditions) || [])],
-                actions: [
-                    {
-                        type: "forward",
-                        targetGroupArn: targetGroup.arn,
-                    },
-                ],
+        else {
+            cloudflareRecord = await (0, cloudflare_1.setRecord)({
+                recordName: domainParts.subdomain,
+                type: "CNAME",
+                value: alb.dnsName,
+                proxied: true,
             });
         }
-        return {
-            domain,
-            certificate,
-            record,
-            targetGroup,
-            cloudflareRecord,
-        };
-    });
+    }
+    if (enabledHostnames.length) {
+        new aws.alb.ListenerRule(`${domain_1.env}-ls-${slug}`, {
+            listenerArn: listener.arn,
+            conditions: [{ hostHeader: { values: enabledHostnames } }, ...(extraOptions?.targetGroupConditions || [])],
+            actions: [
+                {
+                    type: "forward",
+                    targetGroupArn: targetGroup.arn,
+                },
+            ],
+        });
+    }
+    return {
+        domain,
+        certificate,
+        record,
+        targetGroup,
+        cloudflareRecord,
+    };
 }
 exports.exposePublicService = exposePublicService;
 //# sourceMappingURL=exposePublicService.js.map