chore: wip

chore: wip

chore: wip

Author: chrisbbreuer

.stacks/core/cloud/src/cloud/deploy.ts renamed to .stacks/core/cloud/src/cloud/deployment.ts

@@ -1,17 +1,22 @@
 /* eslint-disable no-new */
-import { NestedStack, RemovalPolicy, Tags, aws_backup as backup, aws_iam as iam, aws_s3 as s3, aws_s3_deployment as s3deploy } from 'aws-cdk-lib'
+import { NestedStack, aws_s3_deployment as s3deploy } from 'aws-cdk-lib'
 import type { Construct } from 'constructs'
-import type { NestedCloudProps } from './index'
+import type { NestedCloudProps } from '../types'
 
 export class StorageStack extends NestedStack {
   constructor(scope: Construct, props: NestedCloudProps) {
     super(scope, 'Deploy', props)
 
-    new s3deploy.BucketDeployment(this, 'DeployWebsite', {
+    new s3deploy.BucketDeployment(this, 'Website', {
       sources: [s3deploy.Source.asset(this.websiteSource)],
       destinationBucket: props.publicBucket,
       distribution: props.cdn,
       distributionPaths: ['/*'],
     })
+
+    new s3deploy.BucketDeployment(this, 'PrivateFiles', {
+      sources: [s3deploy.Source.asset(this.privateSource)],
+      destinationBucket: props.privateBucket,
+    })
   }
 }

.stacks/core/cloud/src/cloud/docs.ts

@@ -1,6 +1,6 @@
-import type { NestedStackProps } from 'aws-cdk-lib'
 import { NestedStack } from 'aws-cdk-lib'
 import type { Construct } from 'constructs'
+import type { NestedCloudProps } from '../types'
 
 export class DocsStack extends NestedStack {
   constructor(scope: Construct, props: NestedStackProps) {

.stacks/core/cloud/src/cloud/index.ts

@@ -1,56 +1,18 @@
 /* eslint-disable no-new */
 import type { Construct } from 'constructs'
 import { Stack } from 'aws-cdk-lib'
-import type { NestedStackProps, StackProps, aws_certificatemanager as acm, aws_cloudfront as cloudfront, aws_route53 as route53, aws_s3 as s3, aws_wafv2 as wafv2 } from 'aws-cdk-lib'
+import type { CloudProps } from '../types'
 import { CdnStack } from './cdn'
 import { DocsStack } from './docs'
 import { StorageStack } from './storage'
-
-export interface CloudProps extends StackProps {
-  env: {
-    account: string
-    region: string
-  }
-  appName: string
-  appEnv: string
-  domain: string
-  partialAppKey: string
-  zone: route53.HostedZone
-  certificate: acm.Certificate
-  logBucket: s3.Bucket
-  firewall: wafv2.CfnWebACL
-  storage: {
-    publicBucket: s3.Bucket
-    accessPoint: s3.CfnAccessPoint | undefined
-  }
-  cdn: cloudfront.Distribution
-}
-
-export interface NestedCloudProps extends NestedStackProps {
-  env: {
-    account: string
-    region: string
-  }
-  appName: string
-  appEnv: string
-  domain: string
-  partialAppKey: string
-  zone: route53.HostedZone
-  certificate: acm.Certificate
-  logBucket: s3.Bucket
-  firewall: wafv2.CfnWebACL
-  storage: {
-    publicBucket: s3.Bucket
-    accessPoint: s3.CfnAccessPoint | undefined
-  }
-  cdn: cloudfront.Distribution
-}
+import { SecurityStack } from './security'
 
 export class Cloud extends Stack {
   constructor(scope: Construct, id: string, props: CloudProps) {
     super(scope, id, props)
 
     // please beware: be careful changing the order of the stacks creation below
+    new SecurityStack(this, props)
     new StorageStack(this, props)
     new CdnStack(this, props)
     new DocsStack(this, props)

.stacks/core/cloud/src/cloud/permissions.ts

@@ -0,0 +1,11 @@
+// waf and encryption
+import { NestedStack } from 'aws-cdk-lib'
+import type { Construct } from 'constructs'
+import type { NestedCloudProps } from '../types'
+
+export class SecurityStack extends NestedStack {
+  constructor(scope: Construct, props: NestedStackProps) {
+    super(scope, 'Security', props)
+    // ...
+  }
+}

.stacks/core/cloud/src/cloud/security.ts

@@ -1,7 +1,7 @@
 /* eslint-disable no-new */
-import { NestedStack, RemovalPolicy, Tags, aws_backup as backup, aws_iam as iam, aws_s3 as s3, aws_s3_deployment as s3deploy } from 'aws-cdk-lib'
+import { NestedStack, RemovalPolicy, Tags, aws_backup as backup, aws_iam as iam, aws_s3 as s3 } from 'aws-cdk-lib'
 import type { Construct } from 'constructs'
-import type { NestedCloudProps } from './index'
+import type { NestedCloudProps } from '../types'
 
 export class StorageStack extends NestedStack {
   websiteSource: string
@@ -15,15 +15,13 @@ export class StorageStack extends NestedStack {
     super(scope, 'Storage', props)
     this.websiteSource = config.app.docMode ? this.docsSource : '../../../storage/public'
     this.bucketPrefix = `${props.appName}-${props.appEnv}`
-
-
   }
 
   async manageStorage() {
     // the bucketName should not contain the domainName because when the APP_URL is changed,
     // we want it to deploy properly, and this way we would not force a recreation of the
     // resources that contain the domain name
-    this.storage.publicBucket = await this.getOrCreateBucket()
+    this.publicBucket = await this.getOrCreateBucket()
     // for each redirect, create a bucket & redirect it to the APP_URL
     config.dns.redirects?.forEach((redirect) => {
       // TODO: use string-ts function here instead
@@ -45,11 +43,11 @@ export class StorageStack extends NestedStack {
       })
     })
 
-    this.storage.privateBucket = await this.getOrCreateBucket('private')
-    const bucketPrefix = `${this.appName}-${appEnv}`
+    this.privateBucket = await this.getOrCreateBucket('private')
+    const bucketPrefix = `${props.appName}-${props.appEnv}`
 
-    this.storage.logBucket = new s3.Bucket(this, 'LogsBucket', {
-      bucketName: `${bucketPrefix}-logs-${partialAppKey}`,
+    this.logBucket = new s3.Bucket(this, 'LogsBucket', {
+      bucketName: `${bucketPrefix}-logs-${props.partialAppKey}`,
       removalPolicy: RemovalPolicy.DESTROY,
       autoDeleteObjects: true,
       blockPublicAccess: new s3.BlockPublicAccess({
@@ -60,13 +58,13 @@ export class StorageStack extends NestedStack {
       }),
       objectOwnership: s3.ObjectOwnership.BUCKET_OWNER_PREFERRED,
     })
-    Tags.of(this.storage.logBucket).add('daily-backup', 'true')
+    Tags.of(this.logBucket).add('daily-backup', 'true')
 
     const backupRole = this.createBackupRole()
 
     // Daily 35 day retention
     const vault = new backup.BackupVault(this, 'BackupVault', {
-      backupVaultName: `${this.appName}-${appEnv}-daily-backup-vault`,
+      backupVaultName: `${props.appName}-${appEnv}-daily-backup-vault`,
       encryptionKey: this.encryptionKey,
       removalPolicy: RemovalPolicy.DESTROY,
     })

.stacks/core/cloud/src/cloud/storage.ts

@@ -4,25 +4,46 @@ import { config } from '@stacksjs/config'
 import { env } from '@stacksjs/env'
 import * as cdk from 'aws-cdk-lib'
 import { Cloud } from './cloud/'
+import type { CloudOptions } from './types'
 
 const app = new cdk.App()
 const appEnv = config.app.env === 'local' ? 'dev' : config.app.env
-const cloudName = `stacks-cloud-${appEnv}`
+const appKey = config.app.key
+const domain = config.app.url
+const name = `stacks-cloud-${appEnv}`
 const account = env.AWS_ACCOUNT_ID
 const region = env.AWS_DEFAULT_REGION
 
-if (!account || !region) {
-  console.error('Missing accountId or region in config.')
-  process.exit(1)
+if (!appKey) {
+  log.info('Please set an application key. `buddy key:generate` is your friend, in this case.')
+  process.exit(ExitCode.InvalidArgument)
 }
 
+const parts = appKey.split(':')
+if (parts && parts.length < 2)
+  throw new Error('Invalid format application key format. Expected a colon-separated string. You may need to run `buddy key:generate`.')
+
+const partialAppKey = parts[1] ? parts[1].substring(0, 10).toLowerCase() : undefined
+
+if (!partialAppKey)
+  throw new Error('The application key seems to be missing. Please set it before deploying. `buddy key:generate` is your friend, in this case.')
+
+if (!account || !region)
+  throw new Error('Missing accountId or region in config.')
+
 const usEnv = {
   account,
   region,
 }
 
-new Cloud(app, cloudName, {
+export const options = {
   env: usEnv,
-})
+  name,
+  appEnv,
+  domain,
+  partialAppKey,
+} satisfies CloudOptions
+
+new Cloud(app, name, options)
 
 app.synth()