updates

Author: cfeenstra67

.github/workflows/release.yaml

@@ -30,7 +30,8 @@ jobs:
           cache: 'pnpm'
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
-      - uses: changesets/action@v1
+      - name: Create Release Pull Request
+        uses: changesets/action@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - id: flag
@@ -97,7 +98,7 @@ jobs:
         run: pnpm -r build
       - name: Copy root README to aws
         run: cp README.md packages/aws/README.md
-      - name: Create Release Pull Request
+      - name: Publish Packages
         uses: changesets/action@v1
         with:
           publish: pnpm release

packages/aws/src/components/cluster.ts

@@ -478,7 +478,7 @@ export interface ClusterCapacityConfig {
   onDemandBase?: number;
   /** Percentage of on-demand instances above base capacity */
   onDemandPercentage?: number;
-  /** Strategy for allocating spot instances */
+  /** Strategy for allocating spot instances; defaults to `price-capacity-optimized`. */
   spotAllocationStrategy?: string;
   /** Security group ID that should be allowed SSH access to the instances */
   sourceSecurityGroupId?: pulumi.Input<string>;
@@ -670,6 +670,7 @@ export function clusterCapacity(ctx: Context, args: ClusterCapacityArgs) {
     {
       vpcZoneIdentifiers: args.network.subnetIds,
       minSize: sizes.min,
+      desiredCapacity: sizes.min,
       maxSize: sizes.max,
       mixedInstancesPolicy: {
         instancesDistribution: {
@@ -678,7 +679,7 @@ export function clusterCapacity(ctx: Context, args: ClusterCapacityArgs) {
             ? 100
             : (args.onDemandPercentage ?? 0),
           spotAllocationStrategy:
-            args.spotAllocationStrategy ?? "capacity-optimized",
+            args.spotAllocationStrategy ?? "price-capacity-optimized",
         },
         launchTemplate: {
           launchTemplateSpecification: {

packages/aws/src/components/load-balancer-logs-table.ts

@@ -0,0 +1,240 @@
+/**
+ * @packageDocumentation
+ *
+ * Load balancers in AWS write access logs to an S3 bucket. This component can be used to create an AWS Glue table configured to query those logs with Athena. This component can be used on its own or automatically created by passing `accessLogsTable` parameter to the {@link loadBalancer} component.
+ *
+ * ```typescript
+ * import * as saws from '@stackattack/aws';
+ *
+ * const ctx = saws.context();
+ * const vpc = saws.vpc(ctx);
+ * const logsBucket = saws.bucket(ctx);
+ * const loadBalancer = saws.loadBalancer(ctx, {
+ *   network: vpc.network("public")
+ * });
+ *
+ * ```
+ *
+ */
+
+import * as aws from "@pulumi/aws";
+import * as pulumi from "@pulumi/pulumi";
+import type { Context } from "../context.js";
+import { type BucketInput, getBucketId } from "./bucket.js";
+
+/**
+ * Configuration options for create a load balancer logs table
+ */
+export interface LoadBalancerLogsTableArgs {
+  /** Name of the table used for query logs */
+  name: pulumi.Input<string>;
+  /** Database name to create the table in; default to "default" */
+  database?: pulumi.Input<string>;
+  /** Bucket where load balancer logs are stored */
+  bucket: pulumi.Input<BucketInput>;
+  /** Prefix within the bucket where load balancer logs are stored. Note that all load balancer logs are stored with a prefix like "AWSLogs/<account_id>/elasticloadbalancing/<region>/". That will be appended automatically--if specified this should only include the prefix _before_ "AWSLogs/...". */
+  prefix?: pulumi.Input<string>;
+  /** Whether to skip adding a prefix to the context */
+  noPrefix?: boolean;
+}
+
+export function loadBalancerLogsTable(
+  ctx: Context,
+  args: LoadBalancerLogsTableArgs,
+): aws.glue.CatalogTable {
+  if (!args.noPrefix) {
+    ctx = ctx.prefix("lb-logs-table");
+  }
+
+  const region = aws.getRegionOutput();
+  const identity = aws.getCallerIdentityOutput();
+  const bucketName = getBucketId(args.bucket);
+
+  const prefix = pulumi
+    .output(args.prefix)
+    .apply((prefix) =>
+      prefix ? (prefix.endsWith("/") ? prefix : `${prefix}/`) : "",
+    );
+
+  const accessLogsStorageLocation = pulumi.interpolate`s3://${bucketName}/${prefix}/AWSLogs/${identity.accountId}/elasticloadbalancing/${region.name}/`;
+
+  // Based on instructions here:
+  // https://docs.aws.amazon.com/athena/latest/ug/application-load-balancer-logs.html#create-alb-table-partition-projection
+  return new aws.glue.CatalogTable(ctx.id(), {
+    databaseName: args.database ?? "default",
+    name: args.name,
+    tableType: "EXTERNAL_TABLE",
+    parameters: {
+      EXTERNAL: "TRUE",
+      "projection.enabled": "true",
+      "projection.day.type": "date",
+      "projection.day.range": "2024/01/01,NOW",
+      "projection.day.format": "yyyy/MM/dd",
+      "projection.day.interval": "1",
+      "projection.day.interval.unit": "DAYS",
+      "storage.location.template": pulumi.interpolate`${accessLogsStorageLocation}\${day}`,
+    },
+    storageDescriptor: {
+      location: accessLogsStorageLocation,
+      inputFormat: "org.apache.hadoop.mapred.TextInputFormat",
+      outputFormat:
+        "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat",
+      serDeInfo: {
+        parameters: {
+          "serialization.format": "1",
+          "input.regex":
+            '([^ ]*) ([^ ]*) ([^ ]*) ([^ ]*):([0-9]*) ([^ ]*)[:-]([0-9]*) ([-.0-9]*) ([-.0-9]*) ([-.0-9]*) (|[-0-9]*) (-|[-0-9]*) ([-0-9]*) ([-0-9]*) "([^ ]*) (.*) (- |[^ ]*)" "([^"]*)" ([A-Z0-9-_]+) ([A-Za-z0-9.-]*) ([^ ]*) "([^"]*)" "([^"]*)" "([^"]*)" ([-.0-9]*) ([^ ]*) "([^"]*)" "([^"]*)" "([^ ]*)" "([^s]+?)" "([^s]+)" "([^ ]*)" "([^ ]*)" ([^ ]*)(.*?)',
+        },
+        serializationLibrary: "org.apache.hadoop.hive.serde2.RegexSerDe",
+      },
+      columns: [
+        {
+          name: "type",
+          type: "string",
+        },
+        {
+          name: "time",
+          type: "string",
+        },
+        {
+          name: "elb",
+          type: "string",
+        },
+        {
+          name: "client_ip",
+          type: "string",
+        },
+        {
+          name: "client_port",
+          type: "int",
+        },
+        {
+          name: "target_ip",
+          type: "string",
+        },
+        {
+          name: "target_port",
+          type: "int",
+        },
+        {
+          name: "requesting_processing_time",
+          type: "double",
+        },
+        {
+          name: "target_processing_time",
+          type: "double",
+        },
+        {
+          name: "response_processing_time",
+          type: "double",
+        },
+        {
+          name: "elb_status_code",
+          type: "int",
+        },
+        {
+          name: "target_status_code",
+          type: "int",
+        },
+        {
+          name: "received_bytes",
+          type: "bigint",
+        },
+        {
+          name: "sent_bytes",
+          type: "bigint",
+        },
+        {
+          name: "request_verb",
+          type: "string",
+        },
+        {
+          name: "request_url",
+          type: "string",
+        },
+        {
+          name: "request_proto",
+          type: "string",
+        },
+        {
+          name: "user_agent",
+          type: "string",
+        },
+        {
+          name: "ssl_cipher",
+          type: "string",
+        },
+        {
+          name: "ssl_protocol",
+          type: "string",
+        },
+        {
+          name: "target_group_arn",
+          type: "string",
+        },
+        {
+          name: "trace_id",
+          type: "string",
+        },
+        {
+          name: "domain_name",
+          type: "string",
+        },
+        {
+          name: "chosen_cert_arn",
+          type: "string",
+        },
+        {
+          name: "matched_rule_priority",
+          type: "string",
+        },
+        {
+          name: "request_creation_time",
+          type: "string",
+        },
+        {
+          name: "actions_executed",
+          type: "string",
+        },
+        {
+          name: "redirect_url",
+          type: "string",
+        },
+        {
+          name: "lambda_error_reason",
+          type: "string",
+        },
+        {
+          name: "target_port_list",
+          type: "string",
+        },
+        {
+          name: "target_status_code_list",
+          type: "string",
+        },
+        {
+          name: "classification",
+          type: "string",
+        },
+        {
+          name: "classification_reason",
+          type: "string",
+        },
+        {
+          name: "conn_trace_id",
+          type: "string",
+        },
+        {
+          name: "unhandled_postfix",
+          type: "string",
+        },
+      ],
+    },
+    partitionKeys: [
+      {
+        name: "day",
+        type: "string",
+      },
+    ],
+  });
+}

packages/aws/src/components/load-balancer.ts

@@ -7,9 +7,9 @@
  * import * as saws from "@stackattack/aws";
  *
  * const ctx = saws.context();
- * const network = saws.vpc(ctx);
+ * const vpc = saws.vpc(ctx);
  * const lb = saws.loadBalancer(ctx, {
- *   network: network.network("public")
+ *   network: vpc.network("public")
  * });
  *
  * export const loadBalancerUrl = lb.url;
@@ -90,6 +90,7 @@
 import * as aws from "@pulumi/aws";
 import * as pulumi from "@pulumi/pulumi";
 import type { Context } from "../context.js";
+import { type BucketInput, bucket, getBucketId } from "./bucket.js";
 import {
   getVpcAttributes,
   getVpcDefaultSecurityGroup,
@@ -416,6 +417,14 @@ export interface LoadBalancerArgs {
   certificate?: pulumi.Input<string>;
   /** Connection idle timeout in seconds */
   idleTimeout?: pulumi.Input<number>;
+  /** Specify a bucket where access logs should be stored. If not passed, a new bucket will be created. If `null` is passed, no access logs will be stored. */
+  accessLogsBucket?: null | pulumi.Input<BucketInput>;
+  /** Prefix for load balancer access logs within the S3 bucket */
+  accessLogsPrefix?: pulumi.Input<string>;
+  /** Name of the Athena table to create to query access logs. If not passed, no table will be created. */
+  accessLogsTable?: pulumi.Input<string>;
+  /** Name of the Athena database to create the access logs table in. Only relevant if `accessLogsTable` is passed. If not passed, the default database will be used. */
+  accessLogsDatabase?: pulumi.Input<string>;
   /** Whether to skip adding a prefix to the context */
   noPrefix?: boolean;
 }
@@ -474,14 +483,32 @@ export function loadBalancer(
     vpc: args.network.vpc,
   });
 
+  let accessLogsBucket: pulumi.Input<string> | undefined;
+  if (args.accessLogsBucket) {
+    accessLogsBucket = getBucketId(args.accessLogsBucket);
+  } else if (args.accessLogsBucket === undefined) {
+    accessLogsBucket = bucket(ctx).bucket;
+  }
+
   const loadBalancer = new aws.lb.LoadBalancer(ctx.id(), {
     namePrefix: "lb-",
     subnets: args.network.subnetIds,
     securityGroups: [securityGroup.id],
     idleTimeout: args.idleTimeout,
+    accessLogs:
+      accessLogsBucket === undefined
+        ? undefined
+        : {
+            enabled: true,
+            bucket: accessLogsBucket,
+            prefix: args.accessLogsPrefix,
+          },
     tags: ctx.tags(),
   });
 
+  if (args.accessLogsTable) {
+  }
+
   const { listener } = loadBalancerListener(ctx, {
     loadBalancer,
     certificate: args.certificate,