terruvim-core-test 0.0.1

package/dist/src/factories/getDeterministicPriority.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getDeterministicPriority = getDeterministicPriority;
+function getDeterministicPriority(id, fallback) {
+    if (fallback)
+        return fallback;
+    let hash = 0;
+    for (let i = 0; i < id.length; i++) {
+        hash = ((hash << 5) - hash) + id.charCodeAt(i);
+        hash |= 0;
+    }
+    return Math.abs(hash % 1000) + 10;
+}

package/dist/src/factories/getOrCreateSshKeyPair.js

@@ -0,0 +1,57 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getOrCreateSshKeyPair = getOrCreateSshKeyPair;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+function getOrCreateSshKeyPair(id, keysDir) {
+    const privKeyPath = path.join(keysDir, `${id}-bastion`);
+    const pubKeyPath = path.join(keysDir, `${id}-bastion.pub`);
+    if (fs.existsSync(privKeyPath) && fs.existsSync(pubKeyPath)) {
+        return {
+            privateKey: fs.readFileSync(privKeyPath, "utf8"),
+            publicKey: fs.readFileSync(pubKeyPath, "utf8"),
+        };
+    }
+    const forge = require("node-forge");
+    const keypair = forge.pki.rsa.generateKeyPair(2048);
+    const privateKey = forge.ssh.privateKeyToOpenSSH(keypair.privateKey);
+    const publicKey = forge.ssh.publicKeyToOpenSSH(keypair.publicKey, `${id}-bastion`);
+    if (!fs.existsSync(keysDir))
+        fs.mkdirSync(keysDir, { recursive: true });
+    fs.writeFileSync(privKeyPath, privateKey, { mode: 0o600 });
+    fs.writeFileSync(pubKeyPath, publicKey, { mode: 0o644 });
+    return { privateKey, publicKey };
+}

package/dist/src/factories/guardDutyFactory.js

@@ -0,0 +1,151 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GuardDutyFactory = void 0;
+const aws = __importStar(require("@pulumi/aws"));
+const resourceFactory_1 = require("./resourceFactory");
+const createAwsGuardDutyDetectorFeature_1 = require("./createAwsGuardDutyDetectorFeature");
+const createAwsGuardDutyFilter_1 = require("./createAwsGuardDutyFilter");
+const createAwsGuardDutyPublishingDestination_1 = require("./createAwsGuardDutyPublishingDestination");
+class GuardDutyFactory extends resourceFactory_1.ResourceFactory {
+    async createResource(config) {
+        if (config.hooks?.beforeCreateResources)
+            await config.hooks.beforeCreateResources(config);
+        const resources = {};
+        const detectorConfig = {
+            enable: config.configuration.detector?.enable ?? true,
+            tags: { ...config.configuration.tags, ...config.configuration.detector?.tags }
+        };
+        if (config.configuration.detector?.findingPublishingFrequency) {
+            detectorConfig.findingPublishingFrequency = config.configuration.detector.findingPublishingFrequency;
+        }
+        if (config.configuration.detector?.datasources) {
+            detectorConfig.datasources = {};
+            if (config.configuration.detector.datasources.s3Logs) {
+                detectorConfig.datasources.s3Logs = config.configuration.detector.datasources.s3Logs;
+            }
+            if (config.configuration.detector.datasources.kubernetes) {
+                detectorConfig.datasources.kubernetes = config.configuration.detector.datasources.kubernetes;
+            }
+        }
+        resources.detector = new aws.guardduty.Detector(config.id, detectorConfig);
+        if (config.configuration.features) {
+            resources.features = config.configuration.features.map(f => (0, createAwsGuardDutyDetectorFeature_1.createAwsGuardDutyDetectorFeature)(resources.detector.id, f));
+        }
+        if (config.configuration.filters) {
+            resources.filters = config.configuration.filters.map(filter => (0, createAwsGuardDutyFilter_1.createAwsGuardDutyFilter)(resources.detector.id, filter));
+        }
+        if (config.configuration.publishingDestinations) {
+            resources.publishingDestinations = config.configuration.publishingDestinations.map(dest => {
+                if (dest.destinationType === "S3" && !dest.kmsKeyArn) {
+                    throw new Error(`GuardDuty PublishingDestination of type S3 requires kmsKeyArn (destination: ${dest.name})`);
+                }
+                return (0, createAwsGuardDutyPublishingDestination_1.createAwsGuardDutyPublishingDestination)(resources.detector.id, dest);
+            });
+        }
+        if (config.hooks?.afterCreateResources)
+            await config.hooks.afterCreateResources(resources, config);
+        return resources;
+    }
+    getOutputs(resources) {
+        const outputs = {};
+        if (resources.detector) {
+            outputs.detectorId = resources.detector.id;
+            outputs.detectorArn = resources.detector.arn;
+        }
+        if (resources.features && resources.features.length > 0) {
+            outputs.featureNames = resources.features.map((feature) => feature.name);
+        }
+        if (resources.filters && resources.filters.length > 0) {
+            outputs.filterNames = resources.filters.map((filter) => filter.name);
+            outputs.filterArns = resources.filters.map((filter) => filter.arn);
+        }
+        if (resources.publishingDestinations && resources.publishingDestinations.length > 0) {
+            outputs.publishingDestinationIds = resources.publishingDestinations.map((dest) => dest.id);
+        }
+        return outputs;
+    }
+    validateConfig(config) {
+        if (!config.id) {
+            throw new Error("GuardDuty factory configuration must include an 'id'");
+        }
+        if (!config.configuration) {
+            throw new Error("GuardDuty factory configuration must include a 'configuration' object");
+        }
+        if (config.configuration.features) {
+            config.configuration.features.forEach((feature, index) => {
+                if (!feature.name) {
+                    throw new Error(`GuardDuty feature at index ${index} must specify name`);
+                }
+                if (!feature.status || !["ENABLED", "DISABLED"].includes(feature.status)) {
+                    throw new Error(`GuardDuty feature '${feature.name}' must have status of 'ENABLED' or 'DISABLED'`);
+                }
+            });
+        }
+        if (config.configuration.filters) {
+            config.configuration.filters.forEach((filter, index) => {
+                if (!filter.name) {
+                    throw new Error(`GuardDuty filter at index ${index} must specify name`);
+                }
+                if (!filter.action || !["ARCHIVE", "NOOP"].includes(filter.action)) {
+                    throw new Error(`GuardDuty filter '${filter.name}' must have action of 'ARCHIVE' or 'NOOP'`);
+                }
+                if (typeof filter.rank !== 'number') {
+                    throw new Error(`GuardDuty filter '${filter.name}' must specify numeric rank`);
+                }
+                if (!filter.findingCriteria) {
+                    throw new Error(`GuardDuty filter '${filter.name}' must include findingCriteria`);
+                }
+            });
+        }
+        if (config.configuration.publishingDestinations) {
+            config.configuration.publishingDestinations.forEach((dest, index) => {
+                if (!dest.name) {
+                    throw new Error(`GuardDuty publishing destination at index ${index} must specify name`);
+                }
+                if (!dest.destinationType || !["S3", "SNS"].includes(dest.destinationType)) {
+                    throw new Error(`GuardDuty publishing destination '${dest.name}' must have destinationType of 'S3' or 'SNS'`);
+                }
+                if (!dest.destinationArn) {
+                    throw new Error(`GuardDuty publishing destination '${dest.name}' must specify destinationArn`);
+                }
+                if (dest.destinationType === "S3" && !dest.kmsKeyArn) {
+                    throw new Error(`GuardDuty publishing destination '${dest.name}' of type S3 requires kmsKeyArn`);
+                }
+            });
+        }
+    }
+}
+exports.GuardDutyFactory = GuardDutyFactory;

package/dist/src/factories/hostedZoneFactory.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HostedZoneFactory = void 0;
+const resourceFactory_1 = require("./resourceFactory");
+const validateHostedZoneConfig_1 = require("./validateHostedZoneConfig");
+const createAwsHostedZone_1 = require("./createAwsHostedZone");
+class HostedZoneFactory extends resourceFactory_1.ResourceFactory {
+    async createResource(config, provider) {
+        (0, validateHostedZoneConfig_1.validateHostedZoneConfig)(config);
+        return (0, createAwsHostedZone_1.createAwsHostedZone)(config.configuration.name, {
+            name: config.configuration.name,
+            comment: config.configuration.comment,
+            tags: config.configuration.tags,
+            forceDestroy: config.configuration.forceDestroy,
+            vpcs: config.configuration.vpc ? [config.configuration.vpc] : undefined,
+            delegationSetId: config.configuration.delegationSetId,
+            queryLoggingConfig: config.configuration.queryLoggingConfig,
+        }, provider);
+    }
+    getOutputs(resource) {
+        return {
+            zoneId: resource.zoneId,
+            name: resource.name,
+        };
+    }
+    validateConfig(config) {
+        (0, validateHostedZoneConfig_1.validateHostedZoneConfig)(config);
+    }
+}
+exports.HostedZoneFactory = HostedZoneFactory;

package/dist/src/factories/iamRoleFactory.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IamRoleFactory = void 0;
+const resourceFactory_1 = require("./resourceFactory");
+const validateIamRoleConfig_1 = require("./validateIamRoleConfig");
+const createAwsIamRole_1 = require("./createAwsIamRole");
+const createAwsIamRoleInlinePolicies_1 = require("./createAwsIamRoleInlinePolicies");
+class IamRoleFactory extends resourceFactory_1.ResourceFactory {
+    async createResource(config) {
+        (0, validateIamRoleConfig_1.validateIamRoleConfig)(config);
+        const cfg = config.configuration;
+        if (cfg.permissionsBoundaryPolicy && typeof cfg.permissionsBoundaryPolicy === "object") {
+            console.warn("[IamRoleFactory] 'permissionsBoundaryPolicy' as object is not supported by Pulumi and will be ignored. Use 'permissionsBoundary' ARN instead.");
+        }
+        const role = (0, createAwsIamRole_1.createAwsIamRole)(cfg);
+        (0, createAwsIamRoleInlinePolicies_1.createAwsIamRoleInlinePolicies)(role, cfg.inlinePolicies);
+        return role;
+    }
+    getOutputs(resource) {
+        return {
+            arn: resource.arn,
+            name: resource.name,
+        };
+    }
+    validateConfig(config) {
+        (0, validateIamRoleConfig_1.validateIamRoleConfig)(config);
+    }
+}
+exports.IamRoleFactory = IamRoleFactory;

package/dist/src/factories/inspectorFactory.js

@@ -0,0 +1,109 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InspectorFactory = void 0;
+const resourceFactory_1 = require("./resourceFactory");
+const createAwsInspectorEnabler_1 = require("./createAwsInspectorEnabler");
+const createAwsInspectorAssessmentTarget_1 = require("./createAwsInspectorAssessmentTarget");
+const createAwsInspectorOrganizationConfiguration_1 = require("./createAwsInspectorOrganizationConfiguration");
+const createAwsInspectorDelegatedAdminAccount_1 = require("./createAwsInspectorDelegatedAdminAccount");
+class InspectorFactory extends resourceFactory_1.ResourceFactory {
+    async createResource(config) {
+        if (config.hooks?.beforeCreateResources)
+            await config.hooks.beforeCreateResources(config);
+        const resources = {};
+        if (config.configuration.resourceTypes && config.configuration.resourceTypes.length > 0) {
+            const enabledTypes = config.configuration.resourceTypes
+                .filter((rt) => rt.enabled)
+                .map((rt) => rt.type);
+            if (enabledTypes.length > 0) {
+                resources.inspectorEnabler = (0, createAwsInspectorEnabler_1.createAwsInspectorEnabler)(`${config.id}-enabler`, {
+                    resourceTypes: enabledTypes,
+                    tags: config.configuration.tags,
+                });
+            }
+        }
+        if (config.configuration.organizationConfiguration) {
+            resources.organizationConfiguration = (0, createAwsInspectorOrganizationConfiguration_1.createAwsInspectorOrganizationConfiguration)(`${config.id}-org-config`, {
+                autoEnable: config.configuration.organizationConfiguration.autoEnable,
+            });
+        }
+        if (config.configuration.delegatedAdminAccount) {
+            resources.delegatedAdminAccount = (0, createAwsInspectorDelegatedAdminAccount_1.createAwsInspectorDelegatedAdminAccount)(`${config.id}-delegated-admin`, {
+                accountId: config.configuration.delegatedAdminAccount.accountId,
+            });
+        }
+        if (config.configuration.assessmentTargets) {
+            resources.assessmentTargets = [];
+            for (let i = 0; i < config.configuration.assessmentTargets.length; i++) {
+                const target = config.configuration.assessmentTargets[i];
+                const assessmentTarget = (0, createAwsInspectorAssessmentTarget_1.createAwsInspectorAssessmentTarget)(`${config.id}-target-${i}`, {
+                    name: target.name,
+                    tags: config.configuration.tags,
+                });
+                resources.assessmentTargets.push(assessmentTarget);
+            }
+        }
+        if (config.hooks?.afterCreateResources) {
+            await config.hooks.afterCreateResources(resources, config);
+        }
+        return resources;
+    }
+    getOutputs(resources) {
+        const outputs = {};
+        if (resources.inspectorEnabler) {
+            outputs.accountId = resources.inspectorEnabler.accountId;
+            outputs.enabledResourceTypes = resources.inspectorEnabler.enabledResourceTypes;
+        }
+        if (resources.organizationConfiguration) {
+            outputs.autoEnableEc2 = resources.organizationConfiguration.autoEnableEc2;
+            outputs.autoEnableEcr = resources.organizationConfiguration.autoEnableEcr;
+            outputs.autoEnableLambda = resources.organizationConfiguration.autoEnableLambda;
+            outputs.autoEnableLambdaCode = resources.organizationConfiguration.autoEnableLambdaCode;
+            outputs.maxAccountLimitReached = resources.organizationConfiguration.maxAccountLimitReached;
+        }
+        if (resources.delegatedAdminAccount) {
+            outputs.delegatedAdminAccountId = resources.delegatedAdminAccount.accountId;
+            outputs.delegatedAdminRelationshipStatus = resources.delegatedAdminAccount.relationshipStatus;
+        }
+        if (resources.assessmentTargets && resources.assessmentTargets.length > 0) {
+            outputs.assessmentTargetArns = resources.assessmentTargets.map((target) => target.arn);
+            outputs.assessmentTargetNames = resources.assessmentTargets.map((target) => target.name);
+        }
+        return outputs;
+    }
+    validateConfig(config) {
+        if (!config.id) {
+            throw new Error("Inspector factory configuration must include an 'id'");
+        }
+        if (!config.configuration) {
+            throw new Error("Inspector factory configuration must include a 'configuration' object");
+        }
+        if (config.configuration.resourceTypes) {
+            const validTypes = ["ECR", "EC2", "LAMBDA", "LAMBDA_CODE"];
+            for (const resourceType of config.configuration.resourceTypes) {
+                if (!validTypes.includes(resourceType.type)) {
+                    throw new Error(`Invalid resource type: ${resourceType.type}. Must be one of: ${validTypes.join(", ")}`);
+                }
+            }
+        }
+        if (config.configuration.organizationConfiguration) {
+            const autoEnable = config.configuration.organizationConfiguration.autoEnable;
+            if (typeof autoEnable.ec2 !== 'boolean' || typeof autoEnable.ecr !== 'boolean') {
+                throw new Error("Organization auto-enable configuration for EC2 and ECR must be boolean values");
+            }
+        }
+        if (config.configuration.delegatedAdminAccount) {
+            if (!config.configuration.delegatedAdminAccount.accountId || !config.configuration.delegatedAdminAccount.accountId.match(/^\d{12}$/)) {
+                throw new Error("Delegated admin account ID must be a valid 12-digit AWS account ID");
+            }
+        }
+        if (config.configuration.assessmentTargets) {
+            for (const target of config.configuration.assessmentTargets) {
+                if (!target.name || target.name.trim().length === 0) {
+                    throw new Error("Assessment target name cannot be empty");
+                }
+            }
+        }
+    }
+}
+exports.InspectorFactory = InspectorFactory;

package/dist/src/factories/kmsKeyFactory.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KmsKeyFactory = void 0;
+const resourceFactory_1 = require("./resourceFactory");
+const validateKmsKeyConfig_1 = require("./validateKmsKeyConfig");
+const createAwsKmsKey_1 = require("./createAwsKmsKey");
+const createAwsKmsAliases_1 = require("./createAwsKmsAliases");
+class KmsKeyFactory extends resourceFactory_1.ResourceFactory {
+    async createResource(config) {
+        (0, validateKmsKeyConfig_1.validateKmsKeyConfig)(config);
+        const cfg = config.configuration;
+        if (cfg.grantTokens) {
+            console.warn("[KmsKeyFactory] 'grantTokens' is not supported by Pulumi and will be ignored.");
+        }
+        if (cfg.meta || cfg.notes) {
+            console.warn("[KmsKeyFactory] 'meta' and 'notes' are for documentation only and will not be passed to the resource.");
+        }
+        const key = (0, createAwsKmsKey_1.createAwsKmsKey)(cfg);
+        (0, createAwsKmsAliases_1.createAwsKmsAliases)(key, cfg.aliases);
+        return key;
+    }
+    getOutputs(resource) {
+        return {
+            arn: resource.arn,
+            keyId: resource.keyId,
+        };
+    }
+    validateConfig(config) {
+        (0, validateKmsKeyConfig_1.validateKmsKeyConfig)(config);
+    }
+}
+exports.KmsKeyFactory = KmsKeyFactory;

package/dist/src/factories/lambdaFactory.js

@@ -0,0 +1,133 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LambdaFactory = void 0;
+const aws = __importStar(require("@pulumi/aws"));
+const pulumi = __importStar(require("@pulumi/pulumi"));
+const resourceFactory_1 = require("./resourceFactory");
+const createLambdaFunction_1 = require("./createLambdaFunction");
+class LambdaFactory extends resourceFactory_1.ResourceFactory {
+    async createResource(config, provider) {
+        let vpcConfig = config.configuration.vpcConfig;
+        if (config.inputs) {
+            if (config.inputs.vpcConfig) {
+                vpcConfig = config.inputs.vpcConfig;
+            }
+            else if (config.inputs.securityGroupIds || config.inputs.subnetIds) {
+                vpcConfig = vpcConfig || {};
+                if (config.inputs.securityGroupIds)
+                    vpcConfig.securityGroupIds = config.inputs.securityGroupIds;
+                if (config.inputs.subnetIds)
+                    vpcConfig.subnetIds = config.inputs.subnetIds;
+            }
+        }
+        let codeBucket = config.configuration.codeBucket;
+        if (config.inputs && config.inputs.codeBucket) {
+            codeBucket = config.inputs.codeBucket;
+        }
+        let roleArn = config.configuration.roleArn;
+        if (!roleArn && config.configuration.iamPolicyStatements) {
+            const role = new aws.iam.Role(`${config.meta.environment}-${config.id}-role`, {
+                assumeRolePolicy: JSON.stringify({
+                    Version: "2012-10-17",
+                    Statement: [{
+                            Action: "sts:AssumeRole",
+                            Effect: "Allow",
+                            Principal: {
+                                Service: "lambda.amazonaws.com"
+                            }
+                        }]
+                }),
+                tags: config.configuration.tags
+            }, provider ? { provider } : undefined);
+            new aws.iam.RolePolicyAttachment(`${config.meta.environment}-${config.id}-basic`, {
+                role: role.name,
+                policyArn: "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+            }, provider ? { provider } : undefined);
+            if (vpcConfig) {
+                new aws.iam.RolePolicyAttachment(`${config.meta.environment}-${config.id}-vpc`, {
+                    role: role.name,
+                    policyArn: "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
+                }, provider ? { provider } : undefined);
+            }
+            if (config.configuration.iamPolicyStatements && config.configuration.iamPolicyStatements.length > 0) {
+                const policyDocument = {
+                    Version: "2012-10-17",
+                    Statement: config.configuration.iamPolicyStatements
+                };
+                new aws.iam.RolePolicy(`${config.meta.environment}-${config.id}-policy`, {
+                    role: role.name,
+                    policy: pulumi.output(policyDocument).apply(doc => JSON.stringify(doc))
+                }, provider ? { provider } : undefined);
+            }
+            roleArn = role.arn;
+        }
+        return (0, createLambdaFunction_1.createLambdaFunction)({
+            name: config.configuration.functionName || `${config.meta.environment}-${config.id}`,
+            handler: config.configuration.handler,
+            runtime: config.configuration.runtime,
+            codePath: config.configuration.codePath,
+            codeBucket: codeBucket,
+            roleArn: roleArn,
+            environment: config.configuration.environment ? {
+                variables: config.configuration.environment
+            } : undefined,
+            tags: config.configuration.tags,
+            vpcConfig,
+            timeout: config.configuration.timeout,
+            memorySize: config.configuration.memorySize,
+            description: config.configuration.description,
+            provider,
+        });
+    }
+    getOutputs(resource) {
+        return {
+            arn: resource.arn,
+            name: resource.name,
+            functionArn: resource.arn,
+            functionName: resource.name,
+            invokeUrl: resource.arn.apply(arn => {
+                const region = arn.split(':')[3];
+                return `https://lambda.${region}.amazonaws.com/2015-03-31/functions/${resource.name}/invocations`;
+            }),
+        };
+    }
+    validateConfig(config) {
+        if (!config.configuration || !config.configuration.handler || !config.configuration.runtime || !config.configuration.codePath) {
+            throw new Error("Lambda config must include configuration with handler, runtime, codePath");
+        }
+    }
+}
+exports.LambdaFactory = LambdaFactory;

package/dist/src/factories/lambdaPermissionFactory.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LambdaPermissionFactory = void 0;
+const resourceFactory_1 = require("./resourceFactory");
+const createLambdaPermission_1 = require("./createLambdaPermission");
+class LambdaPermissionFactory extends resourceFactory_1.ResourceFactory {
+    async createResource(config, provider) {
+        return (0, createLambdaPermission_1.TcreateLambdaPermission)({
+            name: config.id,
+            action: config.configuration.action,
+            lambdaArn: config.configuration.function,
+            principal: config.configuration.principal,
+            sourceArn: config.configuration.sourceArn,
+            qualifier: config.inputs?.qualifier,
+            eventSourceToken: config.inputs?.eventSourceToken,
+            condition: config.inputs?.condition,
+            parent: provider,
+        });
+    }
+    getOutputs(resource) {
+        return {
+            id: resource.id,
+            statementId: resource.statementId,
+        };
+    }
+    validateConfig(config) {
+        if (!config.configuration || !config.configuration.action || !config.configuration.function || !config.configuration.principal || !config.configuration.sourceArn) {
+            throw new Error("LambdaPermissionFactory: action, function, principal, and sourceArn are required");
+        }
+    }
+}
+exports.LambdaPermissionFactory = LambdaPermissionFactory;