handsome-secretary-30352
05/08/2024, 6:56 AMearly-lunch-81292
05/10/2024, 8:56 PMearly-lunch-81292
05/10/2024, 8:57 PMbitter-cat-65329
05/14/2024, 11:21 PMearly-lunch-81292
05/15/2024, 4:14 AMconst myWebInstance = new gcp.appengine.Application(`myapp-${config.env}`, {
project: config.project.id,
locationId: config.location,
authDomain: config.www.domain
});
/**
* Cloud Build user requires proper permissions as well
*/
const svcAccountIamBindingappEngine = new gcp.projects.IAMBinding(`svcAcct-iamBinding-appEngine-${config.env}`, {
role: "roles/appengine.deployer",
project: config.project.id,
members: [pulumi.interpolate`serviceAccount:${config.appEngine.deployUser}`]
});
const svcAccountIamBindingServiceAdmin = new gcp.projects.IAMBinding(`svcAcct-iamBinding-serviceAdmin-${config.env}`, {
role: "roles/appengine.serviceAdmin",
project: config.project.id,
members: [pulumi.interpolate`serviceAccount:${config.appEngine.deployUser}`]
});
const svcAccountIamBindingStorageAdmin = new gcp.projects.IAMBinding(`svcAcct-iamBinding-storageAdmin-${config.env}`, {
role: "roles/compute.storageAdmin",
project: config.project.id,
members: [pulumi.interpolate`serviceAccount:${config.appEngine.deployUser}`]
});
const svcAccountIamBindingsCloudBuild = new gcp.projects.IAMBinding(`svcAcct-iamBinding-cloudBuild-${config.env}`, {
role: "roles/cloudbuild.builds.builder",
project: config.project.id,
members: [pulumi.interpolate`serviceAccount:${config.appEngine.deployUser}`]
});
const cbIAMPolicyBindingStorage = new gcp.projects.IAMBinding(`svcCloudBuild-storage-binding-${config.env}`, {
role: "roles/storage.objectUser",
project: config.project.id,
members: [pulumi.interpolate`serviceAccount:${config.appEngine.deployUser}`]
});
// Add a custom domain mapping to the App Engine application.
const AE_domainMapping = new gcp.appengine.DomainMapping(`appengine-domain-mapping-${config.env}`, {
domainName: config.www.domain, // your custom domain
project: gcp.config.project, // your GCP project ID
// SSL configurations if necessary, otherwise App Engine will provide a managed certificate
sslSettings: {
= sslManagementType: "AUTOMATIC"
}
}, {dependsOn: myWebInstance});