From 65ca4fcb3e6e34edd5f9823b0c0f3bb1b166134d Mon Sep 17 00:00:00 2001
From: falsycat <me@falsy.cat>
Date: Sat, 14 Jun 2025 13:07:32 +0900
Subject: [PATCH] implement pulumi stack base

---
 .gitignore       |  2 +
 Pulumi.dev.yaml  |  2 +
 Pulumi.yaml      | 11 ++++++
 README.md        | 92 +++++++++++++++++++++++++++++++++++++++++++++
 __main__.py      | 98 ++++++++++++++++++++++++++++++++++++++++++++++++
 requirements.txt |  2 +
 www/index.html   |  2 +
 7 files changed, 209 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 Pulumi.dev.yaml
 create mode 100644 Pulumi.yaml
 create mode 100644 README.md
 create mode 100644 __main__.py
 create mode 100644 requirements.txt
 create mode 100644 www/index.html

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a3807e5
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+*.pyc
+venv/
diff --git a/Pulumi.dev.yaml b/Pulumi.dev.yaml
new file mode 100644
index 0000000..09396b3
--- /dev/null
+++ b/Pulumi.dev.yaml
@@ -0,0 +1,2 @@
+config:
+  aws:region: ap-northeast-3
diff --git a/Pulumi.yaml b/Pulumi.yaml
new file mode 100644
index 0000000..f505850
--- /dev/null
+++ b/Pulumi.yaml
@@ -0,0 +1,11 @@
+name: imbusy
+description: task management app
+runtime:
+  name: python
+  options:
+    toolchain: pip
+    virtualenv: venv
+config:
+  pulumi:tags:
+    value:
+      pulumi:template: aws-python
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..7b0b6d1
--- /dev/null
+++ b/README.md
@@ -0,0 +1,92 @@
+ # AWS Python S3 Bucket Pulumi Template
+
+ A minimal Pulumi template for provisioning a single AWS S3 bucket using Python.
+
+ ## Overview
+
+ This template provisions an S3 bucket (`pulumi_aws.s3.BucketV2`) in your AWS account and exports its ID as an output. It’s an ideal starting point when:
+  - You want to learn Pulumi with AWS in Python.
+  - You need a barebones S3 bucket deployment to build upon.
+  - You prefer a minimal template without extra dependencies.
+
+ ## Prerequisites
+
+ - An AWS account with permissions to create S3 buckets.
+ - AWS credentials configured in your environment (for example via AWS CLI or environment variables).
+ - Python 3.6 or later installed.
+ - Pulumi CLI already installed and logged in.
+
+ ## Getting Started
+
+ 1. Generate a new project from this template:
+    ```bash
+    pulumi new aws-python
+    ```
+ 2. Follow the prompts to set your project name and AWS region (default: `us-east-1`).
+ 3. Change into your project directory:
+    ```bash
+    cd <project-name>
+    ```
+ 4. Preview the planned changes:
+    ```bash
+    pulumi preview
+    ```
+ 5. Deploy the stack:
+    ```bash
+    pulumi up
+    ```
+ 6. Tear down when finished:
+    ```bash
+    pulumi destroy
+    ```
+
+ ## Project Layout
+
+ After running `pulumi new`, your directory will look like:
+ ```
+ ├── __main__.py         # Entry point of the Pulumi program
+ ├── Pulumi.yaml         # Project metadata and template configuration
+ ├── requirements.txt    # Python dependencies
+ └── Pulumi.<stack>.yaml # Stack-specific configuration (e.g., Pulumi.dev.yaml)
+ ```
+
+ ## Configuration
+
+ This template defines the following config value:
+
+ - `aws:region` (string)
+   The AWS region to deploy resources into.
+   Default: `us-east-1`
+
+ View or update configuration with:
+ ```bash
+ pulumi config get aws:region
+ pulumi config set aws:region us-west-2
+ ```
+
+ ## Outputs
+
+ Once deployed, the stack exports:
+
+ - `bucket_name` — the ID of the created S3 bucket.
+
+ Retrieve outputs with:
+ ```bash
+ pulumi stack output bucket_name
+ ```
+
+ ## Next Steps
+
+ - Customize `__main__.py` to add or configure additional resources.
+ - Explore the Pulumi AWS SDK: https://www.pulumi.com/registry/packages/aws/
+ - Break your infrastructure into modules for better organization.
+ - Integrate into CI/CD pipelines for automated deployments.
+
+ ## Help and Community
+
+ If you have questions or need assistance:
+ - Pulumi Documentation: https://www.pulumi.com/docs/
+ - Community Slack: https://slack.pulumi.com/
+ - GitHub Issues: https://github.com/pulumi/pulumi/issues
+
+ Contributions and feedback are always welcome!
\ No newline at end of file
diff --git a/__main__.py b/__main__.py
new file mode 100644
index 0000000..5aa5d26
--- /dev/null
+++ b/__main__.py
@@ -0,0 +1,98 @@
+"""An AWS Python Pulumi program"""
+
+import mimetypes
+import os
+import pulumi
+import pulumi_aws as aws
+
+project = pulumi.get_project()
+stack   = pulumi.get_stack()
+prefix  = f"{project}-{stack}"
+
+TAGS = {
+  "project": project,
+  "env": stack,
+}
+
+bucket = aws.s3.Bucket(
+  f"{prefix}-site-bucket",
+  tags = TAGS,
+  website = aws.s3.BucketWebsiteArgs(
+    index_document = "index.html"
+  ),
+)
+
+oai = aws.cloudfront.OriginAccessIdentity(
+  f"{prefix}-oai",
+)
+
+bucket_policy = aws.s3.BucketPolicy(
+  f"{prefix}-site-bucket-policy",
+  bucket = bucket.id,
+  policy = pulumi.Output.all(oai.iam_arn, bucket.id).apply(lambda args: f"""{{
+    "Version": "2012-10-17",
+    "Statement": [
+      {{
+        "Effect": "Allow",
+        "Principal": {{
+          "AWS": "{args[0]}"
+        }},
+        "Action": "s3:GetObject",
+        "Resource": "arn:aws:s3:::{args[1]}/*"
+      }}
+    ]
+  }}""")
+)
+
+cdn = aws.cloudfront.Distribution(
+  f"{prefix}-cdn-distribution",
+  tags = TAGS,
+  origins=[{
+    "domain_name": bucket.bucket_regional_domain_name,
+    "origin_id": bucket.arn,
+    "s3_origin_config": {
+      "origin_access_identity": oai.cloudfront_access_identity_path,
+    }
+  }],
+  enabled=True,
+  default_root_object="index.html",
+  default_cache_behavior=aws.cloudfront.DistributionDefaultCacheBehaviorArgs(
+    allowed_methods=["GET", "HEAD"],
+    cached_methods=["GET", "HEAD"],
+    target_origin_id=bucket.arn,
+    viewer_protocol_policy="redirect-to-https",
+    forwarded_values=aws.cloudfront.DistributionDefaultCacheBehaviorForwardedValuesArgs(
+      query_string=False,
+      cookies=aws.cloudfront.DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs(
+        forward="none",
+      ),
+    ),
+  ),
+  price_class="PriceClass_100",
+  restrictions=aws.cloudfront.DistributionRestrictionsArgs(
+    geo_restriction=aws.cloudfront.DistributionRestrictionsGeoRestrictionArgs(
+      restriction_type="none",
+    ),
+  ),
+  viewer_certificate=aws.cloudfront.DistributionViewerCertificateArgs(
+    cloudfront_default_certificate=True,
+  ),
+)
+ 
+def upload_directory(directory_path, bucket_name):
+    for root, dirs, files in os.walk(directory_path):
+        for file in files:
+            file_path = os.path.join(root, file)
+            relative_path = os.path.relpath(file_path, directory_path)
+            content_type, _ = mimetypes.guess_type(file_path)
+            aws.s3.BucketObject(
+                relative_path,
+                bucket=bucket_name,
+                source=pulumi.FileAsset(file_path),
+                content_type=content_type or "application/octet-stream",
+                key=relative_path,
+            )
+upload_directory("./www", bucket.id)
+
+pulumi.export("bucketName", bucket.bucket)
+pulumi.export("cloudFrontDomain", cdn.domain_name)
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..72aee79
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,2 @@
+pulumi>=3.0.0,<4.0.0
+pulumi-aws>=6.0.2,<7.0.0
diff --git a/www/index.html b/www/index.html
new file mode 100644
index 0000000..d26710f
--- /dev/null
+++ b/www/index.html
@@ -0,0 +1,2 @@
+helloworld
+foobazbar