chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

chore: wip

Author: chrisbbreuer

.stacks/core/actions/src/deploy/create-receipt-rule.ts

@@ -0,0 +1,64 @@
+import type { ListBucketsCommandOutput } from '@aws-sdk/client-s3'
+import { S3 } from '@aws-sdk/client-s3'
+import { SES } from '@aws-sdk/client-ses'
+import { ExitCode } from '@stacksjs/types'
+import type { AWSError } from 'aws-sdk'
+import process from 'node:process'
+
+const ses = new SES({ apiVersion: '2010-12-01' })
+const s3 = new S3({ apiVersion: '2006-03-01' })
+
+// oddly, this somehow does not play well within a CDK construct
+// so we need to use the AWS SDK directly to create the rule
+// unsure whether it's an AWS or implementation issue
+
+// need to query S3 to get the bucket name, based on whether the name contains -email-
+// which is indicative of the email bucket created by the CDK construct
+let bucketName: string | undefined
+s3.listBuckets((err: AWSError, data: ListBucketsCommandOutput) => {
+  if (err) {
+    // eslint-disable-next-line no-console
+    console.log('Error', err)
+  }
+  else {
+    console.log('Data', data)
+    if (data.Buckets) {
+      bucketName = data.Buckets.find(bucket => bucket.Name && bucket.Name.includes('-email-'))?.Name
+      // eslint-disable-next-line no-console
+      console.log('Bucket Name:', bucketName)
+
+      if (!bucketName) {
+        // eslint-disable-next-line no-console
+        console.log('Stacks Email Bucket not found')
+        process.exit(ExitCode.FatalError)
+      }
+
+      const params = {
+        Rule: {
+          Actions: [
+            {
+              S3Action: {
+                BucketName: bucketName,
+                ObjectKeyPrefix: 'tmp/email_in',
+              },
+            },
+          ],
+          Enabled: true,
+          Name: 'Inbound',
+          ScanEnabled: true,
+          TlsPolicy: 'Require',
+        },
+        RuleSetName: 'your-rule-set-name',
+      }
+
+      ses.createReceiptRule(params, (err: AWSError, data: any) => {
+        if (err)
+          // eslint-disable-next-line no-console
+          console.log(err, err.stack)
+        else
+          // eslint-disable-next-line no-console
+          console.log(data)
+      })
+    }
+  }
+})

.stacks/core/cloud/package.json

@@ -54,6 +54,21 @@
     "prepublishOnly": "bun run build"
   },
   "peerDependencies": {
+    "@aws-lambda-powertools/logger": "^1.14.0",
+    "@aws-lambda-powertools/metrics": "^1.14.0",
+    "@aws-lambda-powertools/tracer": "^1.14.0",
+    "@aws-sdk/client-cloudformation": "^3.433.0",
+    "@aws-sdk/client-cloudfront": "^3.433.0",
+    "@aws-sdk/client-cloudwatch-logs": "^3.433.0",
+    "@aws-sdk/client-ec2": "^3.433.0",
+    "@aws-sdk/client-efs": "^3.433.0",
+    "@aws-sdk/client-iam": "^3.433.0",
+    "@aws-sdk/client-lambda": "^3.433.0",
+    "@aws-sdk/client-route-53-domains": "^3.433.0",
+    "@aws-sdk/client-s3": "^3.433.0",
+    "@aws-sdk/client-ses": "^3.433.0",
+    "@aws-sdk/client-sesv2": "^3.433.0",
+    "@aws-sdk/client-ssm": "^3.433.0",
     "@stacksjs/config": "workspace:*",
     "@stacksjs/logging": "workspace:*",
     "@stacksjs/path": "workspace:*",
@@ -76,6 +91,7 @@
     "@aws-sdk/client-lambda": "^3.433.0",
     "@aws-sdk/client-route-53-domains": "^3.433.0",
     "@aws-sdk/client-s3": "^3.433.0",
+    "@aws-sdk/client-ses": "^3.433.0",
     "@aws-sdk/client-sesv2": "^3.433.0",
     "@aws-sdk/client-ssm": "^3.433.0",
     "@stacksjs/config": "workspace:*",

.stacks/core/cloud/src/cloud.ts

@@ -17,10 +17,10 @@ import {
   aws_certificatemanager as acm,
   aws_backup as backup,
   aws_cloudfront as cloudfront,
-  // custom_resources,
   aws_ec2 as ec2,
   aws_efs as efs,
   aws_iam as iam,
+  // custom_resources,
   aws_kms as kms,
   aws_lambda as lambda,
   aws_cloudfront_origins as origins,
@@ -577,6 +577,23 @@ export class StacksCloud extends Stack {
     //     },
     //   })
     // }
+    // also add
+    //     }, {
+    //   "name": "AWSManagedRulesAnonymousIpList",
+    //   "priority": 40,
+    //   "overrideAction": "none",
+    //   "excludedRules": []
+    // }, {
+    //   "name": "AWSManagedRulesLinuxRuleSet",
+    //   "priority": 50,
+    //   "overrideAction": "none",
+    //   "excludedRules": []
+    // }, {
+    //   "name": "AWSManagedRulesUnixRuleSet",
+    //   "priority": 60,
+    //   "overrideAction": "none",
+    //   "excludedRules": [],
+    // }];
 
     return rules
   }
@@ -756,32 +773,14 @@ export class StacksCloud extends Stack {
     this.storage.emailBucket = this.createBucket('email')
 
     const sesPrincipal = new iam.ServicePrincipal('ses.amazonaws.com')
-    const ruleSetName = `${this.appName}-${appEnv}-email`
+    const ruleSetName = `${this.appName}-${appEnv}-email-receipt-rule-set-${timestamp}`
+    const receiptRuleName = `${this.appName}-${appEnv}-email-receipt-rule-${timestamp}`
+
     const ruleSet = new ses.CfnReceiptRuleSet(this, 'SESReceiptRuleSet', {
       ruleSetName,
     })
 
-    const ruleName = 'Inbound'
-    // const receiptRule = new ses.CfnReceiptRule(this, 'SESReceiptRule', {
-    new ses.CfnReceiptRule(this, 'SESReceiptRule', {
-      ruleSetName: ruleSet.ref,
-      rule: {
-        name: ruleName,
-        enabled: true,
-        actions: [
-          {
-            s3Action: {
-              bucketName: this.storage.emailBucket.bucketName,
-              kmsKeyArn: this.encryptionKey.keyArn,
-              objectKeyPrefix: 'tmp/email_in',
-            },
-          },
-        ],
-        scanEnabled: config.email.server?.scan || true,
-        tlsPolicy: 'Require',
-      },
-    })
-
+    // add a policy to the S3 bucket to allow the SES service to put objects into it
     this.storage.emailBucket.addToResourcePolicy(
       new iam.PolicyStatement({
         sid: `AllowSESToPutObject`,
@@ -792,39 +791,38 @@ export class StacksCloud extends Stack {
           's3:PutObjectAcl',
         ],
         resources: [
+          this.storage.emailBucket.bucketArn,
           `${this.storage.emailBucket.bucketArn}/*`,
         ],
         conditions: {
           StringEquals: {
             'aws:SourceAccount': Stack.of(this).account,
           },
           ArnLike: {
-            'aws:SourceArn': `arn:aws:ses:${this.region}:${Stack.of(this).account}:receipt-rule-set/${ruleSetName}:receipt-rule/${ruleName}`,
+            'aws:SourceArn': `arn:aws:ses:${this.region}:${Stack.of(this).account}:receipt-rule-set/${ruleSet.ref}:receipt-rule/${receiptRuleName}`,
           },
         },
       }),
     )
 
-    this.storage.emailBucket.addToResourcePolicy(
-      new iam.PolicyStatement({
-        sid: `AllowSESToEncryptMessagesBelongingToThisAccount`,
-        effect: iam.Effect.ALLOW,
-        principals: [sesPrincipal],
-        actions: [
-          'kms:Decrypt',
-          'kms:GenerateDataKey*',
-        ],
-        resources: ['*'],
-        conditions: {
-          StringEquals: {
-            'aws:SourceAccount': Stack.of(this).account,
-          },
-          ArnLike: {
-            'aws:SourceArn': `arn:aws:ses:${this.region}:${Stack.of(this).account}:receipt-rule-set/${ruleSetName}:receipt-rule/${ruleName}`,
-          },
-        },
-      }),
-    )
+    new ses.CfnReceiptRule(this, 'SESReceiptRule', {
+      ruleSetName: ruleSet.ref,
+      rule: {
+        name: receiptRuleName,
+        enabled: true,
+        // actions: [
+        //   {
+        //     s3Action: {
+        //       bucketName: this.storage.emailBucket.bucketName,
+        //       kmsKeyArn: this.encryptionKey.keyArn,
+        //       objectKeyPrefix: 'tmp/email_in',
+        //     },
+        //   },
+        // ],
+        scanEnabled: config.email.server?.scan || true,
+        tlsPolicy: 'Require',
+      },
+    })
 
     const iamGroup = new iam.Group(this, 'IAMGroup', {
       groupName: `${this.appName}-${appEnv}-email-management-s3-group`,
@@ -849,7 +847,7 @@ export class StacksCloud extends Stack {
         's3:PutObjectVersionAcl',
       ],
       resources: [
-        `${this.storage.emailBucket.bucketArn}`,
+        this.storage.emailBucket.bucketArn,
         `${this.storage.emailBucket.bucketArn}/*`,
       ],
     })
@@ -859,9 +857,6 @@ export class StacksCloud extends Stack {
       statements: [policyStatement, listBucketsPolicyStatement],
     })
 
-    const cfnBucketPolicy = this.storage.emailBucket.node.findChild('Policy').node.findChild('Resource')
-    ruleSet.node.addDependency(cfnBucketPolicy)
-
     iamGroup.attachInlinePolicy(policy)
 
     // Create a SES domain identity
@@ -1051,22 +1046,6 @@ export class StacksCloud extends Stack {
 
     lambdaEmailConverterRole.addToPolicy(converterS3PolicyStatement)
 
-    this.storage.emailBucket.addToResourcePolicy(new iam.PolicyStatement({
-      sid: `AllowSESToInvokeLambda`,
-      principals: [sesPrincipal],
-      actions: [
-        'lambda:InvokeFunction',
-      ],
-      conditions: {
-        StringEquals: {
-          'aws:SourceAccount': Stack.of(this).account,
-        },
-        ArnLike: {
-          'aws:SourceArn': `arn:aws:ses:${this.region}:${Stack.of(this).account}:receipt-rule-set/${ruleSetName}:receipt-rule/${ruleName}`,
-        },
-      },
-    }))
-
     this.storage.emailBucket.addEventNotification(s3.EventType.OBJECT_CREATED_PUT, new s3n.LambdaDestination(lambdaEmailInbound), { prefix: 'tmp/email_in' })
     this.storage.emailBucket.addEventNotification(s3.EventType.OBJECT_CREATED_PUT, new s3n.LambdaDestination(lambdaEmailOutbound), { prefix: 'tmp/email_out/json' })
     this.storage.emailBucket.addEventNotification(s3.EventType.OBJECT_CREATED_COPY, new s3n.LambdaDestination(lambdaEmailConverter), { prefix: 'sent/' })
@@ -1202,6 +1181,7 @@ export class StacksCloud extends Stack {
         versioned: true,
         removalPolicy: RemovalPolicy.DESTROY,
         autoDeleteObjects: true,
+        encryption: s3.BucketEncryption.KMS,
         encryptionKey: this.encryptionKey,
         enforceSSL: true,
         publicReadAccess: false,
@@ -1231,13 +1211,14 @@ export class StacksCloud extends Stack {
         removalPolicy: RemovalPolicy.DESTROY,
         autoDeleteObjects: true,
         encryptionKey: this.encryptionKey,
+        encryption: s3.BucketEncryption.KMS,
         lifecycleRules: [
           {
             id: '24h',
+            enabled: true,
             expiration: Duration.days(1),
             noncurrentVersionExpiration: Duration.days(1),
             prefix: 'today/',
-            enabled: true,
           },
           {
             id: 'Intelligent transition for Inbox',
@@ -1280,6 +1261,8 @@ export class StacksCloud extends Stack {
       versioned: true,
       autoDeleteObjects: true,
       removalPolicy: RemovalPolicy.DESTROY,
+      // encryption: s3.BucketEncryption.KMS, // does encryption for public files make sense?
+      // encryptionKey: this.encryptionKey,
     })
 
     Tags.of(bucket).add('daily-backup', 'true')

README.md

@@ -10,7 +10,7 @@
 
 _Beta coming soon._
 
-The goal of the framework is to _help you_ create & maintain frontends, backends, and clouds—without having to worry about the boilerplate. Stacks is a rapid application development framework, meeting all your full stack needs.
+The goal of the framework is to _help you_ create & maintain frontends, backends, and clouds—without having to worry about the boilerplate. Stacks is a rapid development framework, meeting all your full stack needs.
 
 - Web & Desktop applications
 - Serverless & traditional APIs

bun.lockb

@@ -160,8 +160,8 @@ const sidebar = {
         {
           text: 'Let’s Build',
           items: [
-            { text: 'Build an API', link: '/bootcamp/api' },
             { text: 'Build a Frontend', link: '/bootcamp/frontend' },
+            { text: 'Build an API', link: '/bootcamp/api' },
             { text: 'Build a Documentation', link: '/bootcamp/docs' },
             {
               text: 'Build a Library',
@@ -175,6 +175,7 @@ const sidebar = {
             { text: 'Build a CLI', link: '/bootcamp/cli' },
             { text: 'Build a Desktop App', link: '/bootcamp/desktop' },
             { text: 'Extend the Dashboard', link: '/bootcamp/dashboard' },
+            { text: 'Extend the Cloud', link: '/bootcamp/cloud' },
           ],
         },
         { text: 'Linting & Formatting', link: '/bootcamp/linting' },

config/docs.ts

@@ -0,0 +1,3 @@
+# How to build an API?
+
+wip

docs/bootcamp/api.md

@@ -0,0 +1,3 @@
+# How to build an CLI?
+
+wip

docs/bootcamp/cli.md

@@ -0,0 +1,3 @@
+# Extending the Cloud
+
+wip

docs/bootcamp/cloud.md

@@ -0,0 +1,3 @@
+# Extending the Dashboard
+
+wip