From 68cf8092bf6d9465e643a99822eab6e18e90e200 Mon Sep 17 00:00:00 2001 From: Vineel Sai Date: Sun, 22 Sep 2024 19:30:07 +0530 Subject: [PATCH] organize pulumi project better --- pulumi/AWS/Prod/main.go | 425 ++++++++---------- pulumi/AWS/Prod/{ => modules}/acm.go | 2 +- pulumi/AWS/Prod/modules/cloudfront.go | 80 ++++ pulumi/AWS/Prod/{ => modules}/lambda.go | 5 +- .../Prod/{ => modules}/lambda_permission.go | 5 +- 5 files changed, 288 insertions(+), 229 deletions(-) rename pulumi/AWS/Prod/{ => modules}/acm.go (99%) create mode 100644 pulumi/AWS/Prod/modules/cloudfront.go rename pulumi/AWS/Prod/{ => modules}/lambda.go (98%) rename pulumi/AWS/Prod/{ => modules}/lambda_permission.go (98%) diff --git a/pulumi/AWS/Prod/main.go b/pulumi/AWS/Prod/main.go index abd461e..49b232a 100644 --- a/pulumi/AWS/Prod/main.go +++ b/pulumi/AWS/Prod/main.go @@ -9,252 +9,225 @@ import ( "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" + + "Prod/modules" ) -func main() { - pulumi.Run(func(ctx *pulumi.Context) error { - repoAcm, err := NewAcm(ctx, "repoAcm", &AcmArgs{ - DomainName: pulumi.String("repo.vineelsai.com"), - ValidationMethod: pulumi.String("DNS"), - }) - if err != nil { - return err - } - repoBucketV2, err := s3.NewBucketV2(ctx, "repo", &s3.BucketV2Args{ - Bucket: pulumi.String("repo.vineelsai.com"), - Tags: pulumi.StringMap{ - "Name": pulumi.String("S3 Bucket for repo"), - "Environment": pulumi.String("Terraform"), - }, - }) - if err != nil { - return err - } - repo, err := cloudfront.NewOriginAccessControl(ctx, "repo", &cloudfront.OriginAccessControlArgs{ - Name: pulumi.String("repo_access_control"), - Description: pulumi.String("Access control for blog S3 bucket"), - OriginAccessControlOriginType: pulumi.String("s3"), - SigningBehavior: pulumi.String("always"), - SigningProtocol: pulumi.String("sigv4"), - }) - if err != nil { - return err - } - s3OriginId := "S3Origin" - dlViewerRequestLambda, err := archive.LookupFile(ctx, &archive.LookupFileArgs{ - Type: "zip", - SourceFile: pulumi.StringRef("lambda/dl-viewer-request/main.py"), - OutputPath: "dl_viewer_request_lambda.zip", - }, nil) - if err != nil { - return err - } - // ############################################################################## - // Default Lambda IAM Role and Policy # - // ############################################################################## - lambdaAssumeRoleDoc, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ - Statements: []iam.GetPolicyDocumentStatement{ - { - Effect: pulumi.StringRef("Allow"), - Principals: []iam.GetPolicyDocumentStatementPrincipal{ - { - Type: "Service", - Identifiers: []string{ - "lambda.amazonaws.com", - "edgelambda.amazonaws.com", - }, +func dlViewerRequestLambda(ctx *pulumi.Context, awsProvider *aws.Provider) (*modules.Lambda, error) { + dlViewerRequestLambda, err := archive.LookupFile(ctx, &archive.LookupFileArgs{ + Type: "zip", + SourceFile: pulumi.StringRef("lambda/dl-viewer-request/main.py"), + OutputPath: "dl_viewer_request_lambda.zip", + }, nil) + if err != nil { + return nil, err + } + + lambdaAssumeRoleDoc, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ + Statements: []iam.GetPolicyDocumentStatement{ + { + Effect: pulumi.StringRef("Allow"), + Principals: []iam.GetPolicyDocumentStatementPrincipal{ + { + Type: "Service", + Identifiers: []string{ + "lambda.amazonaws.com", + "edgelambda.amazonaws.com", }, }, - Actions: []string{ - "sts:AssumeRole", - }, }, - }, - }, nil) - if err != nil { - return err - } - defaultIamForLambda, err := iam.NewRole(ctx, "default_iam_for_lambda", &iam.RoleArgs{ - Name: pulumi.String("default_iam_for_lambda"), - AssumeRolePolicy: pulumi.String(lambdaAssumeRoleDoc.Json), - }) - if err != nil { - return err - } - awsEast1, err := aws.NewProvider(ctx, "us-east-1", &aws.ProviderArgs{ - Region: pulumi.String("us-east-1"), - }) - if err != nil { - return err - } - dlViewerRequestLambdaComponent, err := NewLambda(ctx, "dl_viewer_request_lambda", &LambdaArgs{ - Filename: "dl_viewer_request_lambda.zip", - FunctionName: pulumi.String("dl_viewer_request_lambda"), - Handler: pulumi.String("main.lambda_handler"), - SourceCodeHash: pulumi.String(dlViewerRequestLambda.OutputBase64sha256), - Runtime: pulumi.String("python3.12"), - Publish: pulumi.Bool(true), - Role: defaultIamForLambda.Arn, - Provider: awsEast1, - }) - if err != nil { - return err - } - repoS3Distribution, err := cloudfront.NewDistribution(ctx, "repo_s3_distribution", &cloudfront.DistributionArgs{ - Origins: cloudfront.DistributionOriginArray{ - &cloudfront.DistributionOriginArgs{ - DomainName: repoBucketV2.BucketRegionalDomainName, - OriginAccessControlId: repo.ID(), - OriginId: pulumi.String(s3OriginId), + Actions: []string{ + "sts:AssumeRole", }, }, - Enabled: pulumi.Bool(true), - IsIpv6Enabled: pulumi.Bool(true), - Comment: pulumi.String("Repo Distribution"), - Aliases: pulumi.StringArray{ - pulumi.String("repo.vineelsai.com"), - }, - DefaultCacheBehavior: &cloudfront.DistributionDefaultCacheBehaviorArgs{ - CachePolicyId: pulumi.String("658327ea-f89d-4fab-a63d-7e88639e58f6"), - CachedMethods: pulumi.StringArray{ - pulumi.String("GET"), - pulumi.String("HEAD"), - }, - AllowedMethods: pulumi.StringArray{ - pulumi.String("GET"), - pulumi.String("HEAD"), - pulumi.String("OPTIONS"), + }, + }, nil) + if err != nil { + return nil, err + } + + defaultIamForLambda, err := iam.NewRole(ctx, "default_iam_for_lambda", &iam.RoleArgs{ + Name: pulumi.String("default_iam_for_lambda"), + AssumeRolePolicy: pulumi.String(lambdaAssumeRoleDoc.Json), + }) + if err != nil { + return nil, err + } + + dlViewerRequestLambdaComponent, err := modules.NewLambda(ctx, "dl_viewer_request_lambda", &modules.LambdaArgs{ + Filename: "dl_viewer_request_lambda.zip", + FunctionName: pulumi.String("dl_viewer_request_lambda"), + Handler: pulumi.String("main.lambda_handler"), + SourceCodeHash: pulumi.String(dlViewerRequestLambda.OutputBase64sha256), + Runtime: pulumi.String("python3.12"), + Publish: pulumi.Bool(true), + Role: defaultIamForLambda.Arn, + Provider: awsProvider, + }) + if err != nil { + return nil, err + } + + lambdaRoleDoc, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ + Statements: []iam.GetPolicyDocumentStatement{ + { + Effect: pulumi.StringRef("Allow"), + Actions: []string{ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", }, - TargetOriginId: pulumi.String(s3OriginId), - ViewerProtocolPolicy: pulumi.String("redirect-to-https"), - LambdaFunctionAssociations: cloudfront.DistributionDefaultCacheBehaviorLambdaFunctionAssociationArray{ - &cloudfront.DistributionDefaultCacheBehaviorLambdaFunctionAssociationArgs{ - EventType: pulumi.String("viewer-request"), - LambdaArn: pulumi.StringOutput(dlViewerRequestLambdaComponent.QualifiedArn), - }, + Resources: []string{ + "arn:aws:logs:*:*:*", }, }, - Restrictions: &cloudfront.DistributionRestrictionsArgs{ - GeoRestriction: &cloudfront.DistributionRestrictionsGeoRestrictionArgs{ - RestrictionType: pulumi.String("none"), + { + Effect: pulumi.StringRef("Allow"), + Actions: []string{ + "s3:GetObject", + "s3:ListObjects", + "s3:ListBucket", }, - }, - Tags: pulumi.StringMap{ - "Environment": pulumi.String("Terraform"), - }, - ViewerCertificate: &cloudfront.DistributionViewerCertificateArgs{ - AcmCertificateArn: pulumi.String("arn:aws:acm:us-east-1:176796084758:certificate/87d3d721-6ba0-4336-b985-666851241399"), - MinimumProtocolVersion: pulumi.String("TLSv1.2_2019"), - SslSupportMethod: pulumi.String("sni-only"), - }, - }) - if err != nil { - return err - } - _, err = NewLambdaPermission(ctx, "defaultCloudfrontLambda", &LambdaPermissionArgs{ - StatementId: pulumi.String("AllowExecutionFromCloudFront"), - Action: pulumi.String("lambda:InvokeFunction"), - FunctionName: dlViewerRequestLambdaComponent.FunctionName, - Principal: pulumi.String("edgelambda.amazonaws.com"), - Qualifier: dlViewerRequestLambdaComponent.Version, - SourceArn: repoS3Distribution.Arn, - Provider: awsEast1, - }) - if err != nil { - return err - } - ctx.Export("repoCloudfrontDistributionId", repoS3Distribution.ID()) - ctx.Export("repoCloudfrontDistributionArn", repoS3Distribution.Arn) - ctx.Export("repoCloudfrontDistributionDomainName", repoS3Distribution.DomainName) - ctx.Export("repoAcmResourceRecordName", repoAcm.ResourceRecordName) - ctx.Export("repoAcmResourceRecordType", repoAcm.ResourceRecordType) - ctx.Export("repoAcmResourceRecordValue", repoAcm.ResourceRecordValue) - readRepoBucket := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{ - Statements: iam.GetPolicyDocumentStatementArray{ - &iam.GetPolicyDocumentStatementArgs{ - Actions: pulumi.StringArray{ - pulumi.String("s3:GetObject"), - }, - Resources: pulumi.StringArray{ - repoBucketV2.Arn.ApplyT(func(arn string) (string, error) { - return fmt.Sprintf("%v/*", arn), nil - }).(pulumi.StringOutput), - }, - Effect: pulumi.String("Allow"), - Conditions: iam.GetPolicyDocumentStatementConditionArray{ - &iam.GetPolicyDocumentStatementConditionArgs{ - Test: pulumi.String("StringEquals"), - Variable: pulumi.String("AWS:SourceArn"), - Values: pulumi.StringArray{ - repoS3Distribution.Arn, - }, - }, - }, - Principals: iam.GetPolicyDocumentStatementPrincipalArray{ - &iam.GetPolicyDocumentStatementPrincipalArgs{ - Type: pulumi.String("Service"), - Identifiers: pulumi.StringArray{ - pulumi.String("cloudfront.amazonaws.com"), - }, - }, - }, + Resources: []string{ + "*", }, }, - }, nil) - _, err = s3.NewBucketPolicy(ctx, "repo", &s3.BucketPolicyArgs{ - Bucket: repoBucketV2.ID(), - Policy: readRepoBucket.ApplyT(func(readRepoBucket iam.GetPolicyDocumentResult) (*string, error) { - return &readRepoBucket.Json, nil - }).(pulumi.StringPtrOutput), - }) - if err != nil { - return err - } - lambdaRoleDoc, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ - Statements: []iam.GetPolicyDocumentStatement{ - { - Effect: pulumi.StringRef("Allow"), - Actions: []string{ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - }, - Resources: []string{ - "arn:aws:logs:*:*:*", - }, + }, + }, nil) + if err != nil { + return nil, err + } + + defaultPolicyForLambda, err := iam.NewPolicy(ctx, "default_policy_for_lambda", &iam.PolicyArgs{ + Name: pulumi.String("lambda_default_policy"), + Path: pulumi.String("/"), + Description: pulumi.String("Default IAM policy for lambda"), + Policy: pulumi.String(lambdaRoleDoc.Json), + }) + if err != nil { + return nil, err + } + + _, err = iam.NewRolePolicyAttachment(ctx, "default_role_for_lambda", &iam.RolePolicyAttachmentArgs{ + Role: defaultIamForLambda.Name, + PolicyArn: defaultPolicyForLambda.Arn, + }) + if err != nil { + return nil, err + } + + return dlViewerRequestLambdaComponent, nil +} + +func repoWebsite(ctx *pulumi.Context) error { + awsEast1, err := aws.NewProvider(ctx, "us-east-1", &aws.ProviderArgs{ + Region: pulumi.String("us-east-1"), + }) + if err != nil { + return err + } + + dlViewerRequestLambdaComponent, err := dlViewerRequestLambda(ctx, awsEast1) + if err != nil { + return err + } + + repoBucketV2, err := s3.NewBucketV2(ctx, "repo", &s3.BucketV2Args{ + Bucket: pulumi.String("repo.vineelsai.com"), + Tags: pulumi.StringMap{ + "Name": pulumi.String("S3 Bucket for repo"), + "Environment": pulumi.String("Terraform"), + }, + }) + if err != nil { + return err + } + + lambdaAssociationArray := cloudfront.DistributionDefaultCacheBehaviorLambdaFunctionAssociationArray{ + &cloudfront.DistributionDefaultCacheBehaviorLambdaFunctionAssociationArgs{ + EventType: pulumi.String("viewer-request"), + LambdaArn: pulumi.StringOutput(dlViewerRequestLambdaComponent.QualifiedArn), + }, + } + + domainNames := pulumi.StringArray{ + pulumi.String("repo.vineelsai.com"), + } + + repoS3Distribution, err := modules.NewCloudfront(ctx, "repo", domainNames, repoBucketV2, lambdaAssociationArray, awsEast1) + if err != nil { + return err + } + + ctx.Export("repoCloudfrontDistributionId", repoS3Distribution.ID()) + ctx.Export("repoCloudfrontDistributionArn", repoS3Distribution.Arn) + ctx.Export("repoCloudfrontDistributionDomainName", repoS3Distribution.DomainName) + + readRepoBucket := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{ + Statements: iam.GetPolicyDocumentStatementArray{ + &iam.GetPolicyDocumentStatementArgs{ + Actions: pulumi.StringArray{ + pulumi.String("s3:GetObject"), + }, + Resources: pulumi.StringArray{ + repoBucketV2.Arn.ApplyT(func(arn string) (string, error) { + return fmt.Sprintf("%v/*", arn), nil + }).(pulumi.StringOutput), }, - { - Effect: pulumi.StringRef("Allow"), - Actions: []string{ - "s3:GetObject", - "s3:ListObjects", - "s3:ListBucket", + Effect: pulumi.String("Allow"), + Conditions: iam.GetPolicyDocumentStatementConditionArray{ + &iam.GetPolicyDocumentStatementConditionArgs{ + Test: pulumi.String("StringEquals"), + Variable: pulumi.String("AWS:SourceArn"), + Values: pulumi.StringArray{ + repoS3Distribution.Arn, + }, }, - Resources: []string{ - "*", + }, + Principals: iam.GetPolicyDocumentStatementPrincipalArray{ + &iam.GetPolicyDocumentStatementPrincipalArgs{ + Type: pulumi.String("Service"), + Identifiers: pulumi.StringArray{ + pulumi.String("cloudfront.amazonaws.com"), + }, }, }, }, - }, nil) - if err != nil { - return err - } - defaultPolicyForLambda, err := iam.NewPolicy(ctx, "default_policy_for_lambda", &iam.PolicyArgs{ - Name: pulumi.String("lambda_default_policy"), - Path: pulumi.String("/"), - Description: pulumi.String("Default IAM policy for lambda"), - Policy: pulumi.String(lambdaRoleDoc.Json), - }) - if err != nil { - return err - } - _, err = iam.NewRolePolicyAttachment(ctx, "default_role_for_lambda", &iam.RolePolicyAttachmentArgs{ - Role: defaultIamForLambda.Name, - PolicyArn: defaultPolicyForLambda.Arn, - }) - if err != nil { + }, + }, nil) + + _, err = s3.NewBucketPolicy(ctx, "repo", &s3.BucketPolicyArgs{ + Bucket: repoBucketV2.ID(), + Policy: readRepoBucket.ApplyT(func(readRepoBucket iam.GetPolicyDocumentResult) (*string, error) { + return &readRepoBucket.Json, nil + }).(pulumi.StringPtrOutput), + }) + if err != nil { + return err + } + + _, err = modules.NewLambdaPermission(ctx, "defaultCloudfrontLambda", &modules.LambdaPermissionArgs{ + StatementId: pulumi.String("AllowExecutionFromCloudFront"), + Action: pulumi.String("lambda:InvokeFunction"), + FunctionName: dlViewerRequestLambdaComponent.FunctionName, + Principal: pulumi.String("edgelambda.amazonaws.com"), + Qualifier: dlViewerRequestLambdaComponent.Version, + SourceArn: repoS3Distribution.Arn, + Provider: awsEast1, + }) + if err != nil { + return err + } + + return nil +} + +func main() { + pulumi.Run(func(ctx *pulumi.Context) error { + if err := repoWebsite(ctx); err != nil { return err } + return nil }) } diff --git a/pulumi/AWS/Prod/acm.go b/pulumi/AWS/Prod/modules/acm.go similarity index 99% rename from pulumi/AWS/Prod/acm.go rename to pulumi/AWS/Prod/modules/acm.go index adb3ed6..596c278 100644 --- a/pulumi/AWS/Prod/acm.go +++ b/pulumi/AWS/Prod/modules/acm.go @@ -1,4 +1,4 @@ -package main +package modules import ( "fmt" diff --git a/pulumi/AWS/Prod/modules/cloudfront.go b/pulumi/AWS/Prod/modules/cloudfront.go new file mode 100644 index 0000000..49e4de5 --- /dev/null +++ b/pulumi/AWS/Prod/modules/cloudfront.go @@ -0,0 +1,80 @@ +package modules + +import ( + "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" + "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront" + "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +func NewCloudfront(ctx *pulumi.Context, name string, domainNames pulumi.StringArrayInput, s3Bucket *s3.BucketV2, defaultLambdaAssociationArray cloudfront.DistributionDefaultCacheBehaviorLambdaFunctionAssociationArray, awsProvider *aws.Provider) (*cloudfront.Distribution, error) { + cloudfrontAcm, err := NewAcm(ctx, name+"Acm", &AcmArgs{ + DomainName: domainNames.ToStringArrayOutput().Index(pulumi.Int(0)), + ValidationMethod: pulumi.String("DNS"), + }, pulumi.Provider(awsProvider)) + if err != nil { + return nil, err + } + + cloudfrontOriginAccessControl, err := cloudfront.NewOriginAccessControl(ctx, "s3_access_control", &cloudfront.OriginAccessControlArgs{ + Name: pulumi.String("s3_access_control"), + Description: pulumi.String("Access control for blog S3 bucket"), + OriginAccessControlOriginType: pulumi.String("s3"), + SigningBehavior: pulumi.String("always"), + SigningProtocol: pulumi.String("sigv4"), + }) + if err != nil { + return nil, err + } + + cloudfrontS3Distribution, err := cloudfront.NewDistribution(ctx, name+"_s3_distribution", &cloudfront.DistributionArgs{ + Origins: cloudfront.DistributionOriginArray{ + &cloudfront.DistributionOriginArgs{ + DomainName: s3Bucket.BucketRegionalDomainName, + OriginAccessControlId: cloudfrontOriginAccessControl.ID(), + OriginId: pulumi.String("S3Origin"), + }, + }, + Enabled: pulumi.Bool(true), + IsIpv6Enabled: pulumi.Bool(true), + Comment: pulumi.String("Cloudfront Distribution for S3 bucket"), + Aliases: domainNames, + DefaultCacheBehavior: &cloudfront.DistributionDefaultCacheBehaviorArgs{ + CachePolicyId: pulumi.String("658327ea-f89d-4fab-a63d-7e88639e58f6"), + CachedMethods: pulumi.StringArray{ + pulumi.String("GET"), + pulumi.String("HEAD"), + }, + AllowedMethods: pulumi.StringArray{ + pulumi.String("GET"), + pulumi.String("HEAD"), + pulumi.String("OPTIONS"), + }, + TargetOriginId: pulumi.String("S3Origin"), + ViewerProtocolPolicy: pulumi.String("redirect-to-https"), + LambdaFunctionAssociations: defaultLambdaAssociationArray, + }, + Restrictions: &cloudfront.DistributionRestrictionsArgs{ + GeoRestriction: &cloudfront.DistributionRestrictionsGeoRestrictionArgs{ + RestrictionType: pulumi.String("none"), + }, + }, + Tags: pulumi.StringMap{ + "Environment": pulumi.String("Pulumi"), + }, + ViewerCertificate: &cloudfront.DistributionViewerCertificateArgs{ + AcmCertificateArn: cloudfrontAcm.Arn, + MinimumProtocolVersion: pulumi.String("TLSv1.2_2019"), + SslSupportMethod: pulumi.String("sni-only"), + }, + }) + if err != nil { + return nil, err + } + + ctx.Export("repoAcmResourceRecordName", cloudfrontAcm.ResourceRecordName) + ctx.Export("repoAcmResourceRecordType", cloudfrontAcm.ResourceRecordType) + ctx.Export("repoAcmResourceRecordValue", cloudfrontAcm.ResourceRecordValue) + + return cloudfrontS3Distribution, nil +} diff --git a/pulumi/AWS/Prod/lambda.go b/pulumi/AWS/Prod/modules/lambda.go similarity index 98% rename from pulumi/AWS/Prod/lambda.go rename to pulumi/AWS/Prod/modules/lambda.go index 88df6b9..1e45131 100644 --- a/pulumi/AWS/Prod/lambda.go +++ b/pulumi/AWS/Prod/modules/lambda.go @@ -1,4 +1,4 @@ -package main +package modules import ( "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda" @@ -35,6 +35,7 @@ func NewLambda( if err != nil { return nil, err } + lambda, err := lambda.NewFunction(ctx, name, &lambda.FunctionArgs{ Code: pulumi.NewFileArchive(args.Filename), Name: args.FunctionName, @@ -50,6 +51,7 @@ func NewLambda( if err != nil { return nil, err } + err = ctx.RegisterResourceOutputs(&componentResource, pulumi.Map{ "arn": lambda.Arn, "qualifiedArn": lambda.QualifiedArn, @@ -59,6 +61,7 @@ func NewLambda( if err != nil { return nil, err } + componentResource.Arn = lambda.Arn componentResource.QualifiedArn = lambda.QualifiedArn componentResource.FunctionName = lambda.Name diff --git a/pulumi/AWS/Prod/lambda_permission.go b/pulumi/AWS/Prod/modules/lambda_permission.go similarity index 98% rename from pulumi/AWS/Prod/lambda_permission.go rename to pulumi/AWS/Prod/modules/lambda_permission.go index 4db30a4..55efe9c 100644 --- a/pulumi/AWS/Prod/lambda_permission.go +++ b/pulumi/AWS/Prod/modules/lambda_permission.go @@ -1,4 +1,4 @@ -package main +package modules import ( "fmt" @@ -32,6 +32,7 @@ func NewLambdaPermission( if err != nil { return nil, err } + _, err = lambda.NewPermission(ctx, fmt.Sprintf("%s-default_cloudfront_lambda", name), &lambda.PermissionArgs{ StatementId: args.StatementId, Action: args.Action, @@ -43,9 +44,11 @@ func NewLambdaPermission( if err != nil { return nil, err } + err = ctx.RegisterResourceOutputs(&componentResource, pulumi.Map{}) if err != nil { return nil, err } + return &componentResource, nil }