From f57b223b8635a3433dda5c0ff1f511f5802bda95 Mon Sep 17 00:00:00 2001
From: mandryllo <frano.sincic@gostudion.com>
Date: Tue, 2 Dec 2025 15:54:30 +0100
Subject: [PATCH 01/14] Create db v2 component

---
 src/v2/components/database/index.ts | 281 ++++++++++++++++++++++++++++
 1 file changed, 281 insertions(+)
 create mode 100644 src/v2/components/database/index.ts

diff --git a/src/v2/components/database/index.ts b/src/v2/components/database/index.ts
new file mode 100644
index 0000000..24802c3
--- /dev/null
+++ b/src/v2/components/database/index.ts
@@ -0,0 +1,281 @@
+import * as aws from '@pulumi/aws';
+import * as awsNative from '@pulumi/aws-native';
+import * as awsx from '@pulumi/awsx';
+import * as pulumi from '@pulumi/pulumi';
+import { Password } from '../../../components/password';
+import { commonTags } from '../../../constants';
+
+export namespace Database {
+  export type Args = {
+    dbName?: pulumi.Input<string>;
+    username?: pulumi.Input<string>;
+    password?: pulumi.Input<string>;
+    vpc: pulumi.Input<awsx.ec2.Vpc>;
+    multiAz?: pulumi.Input<boolean>;
+    applyImmediately?: pulumi.Input<boolean>;
+    allocatedStorage?: pulumi.Input<string>;
+    maxAllocatedStorage?: pulumi.Input<number>;
+    instanceClass?: pulumi.Input<string>;
+    allowMajorVersionUpgrade?: pulumi.Input<boolean>;
+    autoMinorVersionUpgrade?: pulumi.Input<boolean>;
+    kmsKeyId?: pulumi.Input<string>;
+    parameterGroupName?: pulumi.Input<string>;
+    customParameterGroupArgs?: pulumi.Input<aws.rds.ParameterGroupArgs>;
+    snapshotIdentifier?: pulumi.Input<string>;
+    enableMonitoring?: pulumi.Input<boolean>;
+    engineVersion?: pulumi.Input<string>;
+    tags?: pulumi.Input<{
+      [key: string]: pulumi.Input<string>;
+    }>;
+  };
+}
+
+const defaults = {
+  multiAz: false,
+  applyImmediately: false,
+  allocatedStorage: '20',
+  maxAllocatedStorage: 100,
+  instanceClass: 'db.t4g.micro',
+  enableMonitoring: false,
+  allowMajorVersionUpgrade: false,
+  autoMinorVersionUpgrade: true,
+  engineVersion: '17.2',
+};
+
+export class Database extends pulumi.ComponentResource {
+  name: string;
+  instance: awsNative.rds.DbInstance;
+  dbSubnetGroup: aws.rds.SubnetGroup;
+  dbSecurityGroup: aws.ec2.SecurityGroup;
+  password: Password;
+  encryptedSnapshotCopy?: aws.rds.SnapshotCopy;
+  monitoringRole?: aws.iam.Role;
+  kmsKeyId: pulumi.Input<string>;
+  parameterGroupName?: pulumi.Input<string>;
+
+  constructor(
+    name: string,
+    args: Database.Args,
+    opts: pulumi.ComponentResourceOptions = {},
+  ) {
+    super('studion:Database', name, {}, opts);
+
+    this.name = name;
+
+    const argsWithDefaults = Object.assign({}, defaults, args);
+    const {
+      kmsKeyId,
+      snapshotIdentifier,
+      enableMonitoring,
+      parameterGroupName,
+      customParameterGroupArgs,
+    } = argsWithDefaults;
+
+    const vpc = pulumi.output(argsWithDefaults.vpc);
+    this.dbSubnetGroup = this.createSubnetGroup(vpc.isolatedSubnetIds);
+    this.dbSecurityGroup = this.createSecurityGroup(
+      vpc.vpcId,
+      vpc.vpc.cidrBlock,
+    );
+
+    this.password = new Password(
+      `${this.name}-database-password`,
+      { value: args.password },
+      { parent: this },
+    );
+
+    this.kmsKeyId = kmsKeyId || this.createEncryptionKey().arn;
+
+    this.parameterGroupName = customParameterGroupArgs
+      ? this.createParameterGroup(customParameterGroupArgs).name
+      : parameterGroupName;
+
+    if (enableMonitoring) {
+      this.monitoringRole = this.createMonitoringRole();
+    }
+
+    if (snapshotIdentifier) {
+      this.encryptedSnapshotCopy =
+        this.createEncryptedSnapshotCopy(snapshotIdentifier);
+    }
+
+    this.instance = this.createDatabaseInstance(args);
+
+    this.registerOutputs();
+  }
+
+  private createSubnetGroup(
+    isolatedSubnetIds: awsx.ec2.Vpc['isolatedSubnetIds'],
+  ) {
+    const dbSubnetGroup = new aws.rds.SubnetGroup(
+      `${this.name}-subnet-group`,
+      {
+        subnetIds: isolatedSubnetIds,
+        tags: commonTags,
+      },
+      { parent: this },
+    );
+    return dbSubnetGroup;
+  }
+
+  private createSecurityGroup(
+    vpcId: awsx.ec2.Vpc['vpcId'],
+    vpcCidrBlock: pulumi.Input<string>,
+  ) {
+    const dbSecurityGroup = new aws.ec2.SecurityGroup(
+      `${this.name}-security-group`,
+      {
+        vpcId,
+        ingress: [
+          {
+            protocol: 'tcp',
+            fromPort: 5432,
+            toPort: 5432,
+            cidrBlocks: [vpcCidrBlock],
+          },
+        ],
+        tags: commonTags,
+      },
+      { parent: this },
+    );
+    return dbSecurityGroup;
+  }
+
+  private createEncryptionKey() {
+    const kms = new aws.kms.Key(
+      `${this.name}-rds-key`,
+      {
+        description: `${this.name} RDS encryption key`,
+        customerMasterKeySpec: 'SYMMETRIC_DEFAULT',
+        isEnabled: true,
+        keyUsage: 'ENCRYPT_DECRYPT',
+        multiRegion: false,
+        enableKeyRotation: true,
+        tags: commonTags,
+      },
+      { parent: this },
+    );
+    return kms;
+  }
+
+  private createMonitoringRole() {
+    const monitoringRole = new aws.iam.Role(`${this.name}-rds-monitoring`, {
+      assumeRolePolicy: {
+        Version: '2012-10-17',
+        Statement: [
+          {
+            Action: 'sts:AssumeRole',
+            Effect: 'Allow',
+            Principal: {
+              Service: 'monitoring.rds.amazonaws.com',
+            },
+          },
+        ],
+      },
+    });
+
+    new aws.iam.RolePolicyAttachment(
+      `${this.name}-rds-monitoring-role-attachment`,
+      {
+        role: monitoringRole.name,
+        policyArn:
+          'arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole',
+      },
+    );
+
+    return monitoringRole;
+  }
+
+  private createEncryptedSnapshotCopy(
+    snapshotIdentifier: pulumi.Input<string>,
+  ) {
+    const sourceDbSnapshotIdentifier = pulumi
+      .output(snapshotIdentifier)
+      .apply(snapshotIdentifier =>
+        aws.rds.getSnapshot({
+          dbSnapshotIdentifier: snapshotIdentifier,
+        }),
+      )
+      .apply(snapshot => snapshot.dbSnapshotArn);
+
+    const encryptedSnapshotCopy = new aws.rds.SnapshotCopy(
+      `${this.name}-encrypted-snapshot-copy`,
+      {
+        sourceDbSnapshotIdentifier,
+        targetDbSnapshotIdentifier: `${snapshotIdentifier}-encrypted-copy`,
+        kmsKeyId: this.kmsKeyId,
+      },
+      { parent: this },
+    );
+    return encryptedSnapshotCopy;
+  }
+
+  private createParameterGroup(
+    customParameterGroupArgs: pulumi.Input<aws.rds.ParameterGroupArgs>,
+  ) {
+    const parameterGroup = pulumi
+      .output(customParameterGroupArgs)
+      .apply(args => {
+        return new aws.rds.ParameterGroup(
+          `${this.name}-parameter-group`,
+          args,
+          { parent: this },
+        );
+      });
+
+    return parameterGroup;
+  }
+
+  private createDatabaseInstance(args: Database.Args) {
+    const argsWithDefaults = Object.assign({}, defaults, args);
+
+    const monitoringOptions =
+      argsWithDefaults.enableMonitoring && this.monitoringRole
+        ? {
+            monitoringInterval: 60,
+            monitoringRoleArn: this.monitoringRole.arn,
+            enablePerformanceInsights: true,
+            performanceInsightsRetentionPeriod: 7,
+          }
+        : {};
+
+    const instance = new awsNative.rds.DbInstance(
+      `${this.name}-rds`,
+      {
+        dbInstanceIdentifier: `${this.name}-db-instance`,
+        engine: 'postgres',
+        engineVersion: argsWithDefaults.engineVersion,
+        dbInstanceClass: argsWithDefaults.instanceClass,
+        dbName: argsWithDefaults.dbName,
+        masterUsername: argsWithDefaults.username,
+        masterUserPassword: this.password.value,
+        dbSubnetGroupName: this.dbSubnetGroup.name,
+        vpcSecurityGroups: [this.dbSecurityGroup.id],
+        allocatedStorage: argsWithDefaults.allocatedStorage,
+        maxAllocatedStorage: argsWithDefaults.maxAllocatedStorage,
+        multiAz: argsWithDefaults.multiAz,
+        applyImmediately: argsWithDefaults.applyImmediately,
+        allowMajorVersionUpgrade: argsWithDefaults.allowMajorVersionUpgrade,
+        autoMinorVersionUpgrade: argsWithDefaults.autoMinorVersionUpgrade,
+        kmsKeyId: this.kmsKeyId,
+        storageEncrypted: true,
+        publiclyAccessible: false,
+        preferredMaintenanceWindow: 'Mon:07:00-Mon:07:30',
+        preferredBackupWindow: '06:00-06:30',
+        backupRetentionPeriod: 14,
+        caCertificateIdentifier: 'rds-ca-rsa2048-g1',
+        dbParameterGroupName: this.parameterGroupName,
+        dbSnapshotIdentifier:
+          this.encryptedSnapshotCopy?.targetDbSnapshotIdentifier,
+        ...monitoringOptions,
+        tags: [
+          ...Object.entries({ ...commonTags, ...argsWithDefaults.tags }).map(
+            ([key, value]) => ({ key, value }),
+          ),
+        ],
+      },
+      { parent: this, dependsOn: [this.password] },
+    );
+    return instance;
+  }
+}

From 16c063b46ebf05e1169d31ad16384c754a1eff79 Mon Sep 17 00:00:00 2001
From: mandryllo <frano.sincic@gostudion.com>
Date: Tue, 2 Dec 2025 17:38:12 +0100
Subject: [PATCH 02/14] Install missing package

---
 package-lock.json | 11 +++++++++++
 package.json      |  1 +
 2 files changed, 12 insertions(+)

diff --git a/package-lock.json b/package-lock.json
index bb33cf3..981c5df 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,6 +10,7 @@
       "license": "MIT",
       "dependencies": {
         "@pulumi/aws": "^6.66.3",
+        "@pulumi/aws-native": "^1.38.0",
         "@pulumi/awsx": "^2.21.0",
         "@pulumi/pulumi": "^3.146.0",
         "@pulumi/random": "^4.17.0",
@@ -4806,6 +4807,16 @@
         "mime": "^2.0.0"
       }
     },
+    "node_modules/@pulumi/aws-native": {
+      "version": "1.38.0",
+      "resolved": "https://registry.npmjs.org/@pulumi/aws-native/-/aws-native-1.38.0.tgz",
+      "integrity": "sha512-XvxGif8qkZethAaVivsD+TmCsal22Ws8f9zkj+sz03KdsCX7gnjs4WcqYCCdh6e1vmD0kn9v751BD2eFRWUVJQ==",
+      "hasInstallScript": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@pulumi/pulumi": "^3.142.0"
+      }
+    },
     "node_modules/@pulumi/awsx": {
       "version": "2.22.0",
       "resolved": "https://registry.npmjs.org/@pulumi/awsx/-/awsx-2.22.0.tgz",
diff --git a/package.json b/package.json
index a0cd057..90fd019 100644
--- a/package.json
+++ b/package.json
@@ -36,6 +36,7 @@
   "prettier": "@studion/prettier-config",
   "dependencies": {
     "@pulumi/aws": "^6.66.3",
+    "@pulumi/aws-native": "^1.38.0",
     "@pulumi/awsx": "^2.21.0",
     "@pulumi/pulumi": "^3.146.0",
     "@pulumi/random": "^4.17.0",

From 3436aed508844f2ec5b89ee9c9ab510f71adc6e3 Mon Sep 17 00:00:00 2001
From: mandryllo <frano.sincic@gostudion.com>
Date: Fri, 5 Dec 2025 10:31:48 +0100
Subject: [PATCH 03/14] Remove ability to create custom parameter group

---
 src/v2/components/database/index.ts | 26 +-------------------------
 1 file changed, 1 insertion(+), 25 deletions(-)

diff --git a/src/v2/components/database/index.ts b/src/v2/components/database/index.ts
index 24802c3..8e037af 100644
--- a/src/v2/components/database/index.ts
+++ b/src/v2/components/database/index.ts
@@ -20,7 +20,6 @@ export namespace Database {
     autoMinorVersionUpgrade?: pulumi.Input<boolean>;
     kmsKeyId?: pulumi.Input<string>;
     parameterGroupName?: pulumi.Input<string>;
-    customParameterGroupArgs?: pulumi.Input<aws.rds.ParameterGroupArgs>;
     snapshotIdentifier?: pulumi.Input<string>;
     enableMonitoring?: pulumi.Input<boolean>;
     engineVersion?: pulumi.Input<string>;
@@ -51,7 +50,6 @@ export class Database extends pulumi.ComponentResource {
   encryptedSnapshotCopy?: aws.rds.SnapshotCopy;
   monitoringRole?: aws.iam.Role;
   kmsKeyId: pulumi.Input<string>;
-  parameterGroupName?: pulumi.Input<string>;
 
   constructor(
     name: string,
@@ -67,8 +65,6 @@ export class Database extends pulumi.ComponentResource {
       kmsKeyId,
       snapshotIdentifier,
       enableMonitoring,
-      parameterGroupName,
-      customParameterGroupArgs,
     } = argsWithDefaults;
 
     const vpc = pulumi.output(argsWithDefaults.vpc);
@@ -86,10 +82,6 @@ export class Database extends pulumi.ComponentResource {
 
     this.kmsKeyId = kmsKeyId || this.createEncryptionKey().arn;
 
-    this.parameterGroupName = customParameterGroupArgs
-      ? this.createParameterGroup(customParameterGroupArgs).name
-      : parameterGroupName;
-
     if (enableMonitoring) {
       this.monitoringRole = this.createMonitoringRole();
     }
@@ -210,22 +202,6 @@ export class Database extends pulumi.ComponentResource {
     return encryptedSnapshotCopy;
   }
 
-  private createParameterGroup(
-    customParameterGroupArgs: pulumi.Input<aws.rds.ParameterGroupArgs>,
-  ) {
-    const parameterGroup = pulumi
-      .output(customParameterGroupArgs)
-      .apply(args => {
-        return new aws.rds.ParameterGroup(
-          `${this.name}-parameter-group`,
-          args,
-          { parent: this },
-        );
-      });
-
-    return parameterGroup;
-  }
-
   private createDatabaseInstance(args: Database.Args) {
     const argsWithDefaults = Object.assign({}, defaults, args);
 
@@ -264,7 +240,7 @@ export class Database extends pulumi.ComponentResource {
         preferredBackupWindow: '06:00-06:30',
         backupRetentionPeriod: 14,
         caCertificateIdentifier: 'rds-ca-rsa2048-g1',
-        dbParameterGroupName: this.parameterGroupName,
+        dbParameterGroupName: argsWithDefaults.parameterGroupName,
         dbSnapshotIdentifier:
           this.encryptedSnapshotCopy?.targetDbSnapshotIdentifier,
         ...monitoringOptions,

From bc8978982772e5ae3eec49249ec013d84eb26261 Mon Sep 17 00:00:00 2001
From: mandryllo <frano.sincic@gostudion.com>
Date: Fri, 5 Dec 2025 10:34:46 +0100
Subject: [PATCH 04/14] Cleanup

---
 src/v2/components/database/index.ts | 30 ++++++++++++++---------------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/src/v2/components/database/index.ts b/src/v2/components/database/index.ts
index 8e037af..297227d 100644
--- a/src/v2/components/database/index.ts
+++ b/src/v2/components/database/index.ts
@@ -91,7 +91,7 @@ export class Database extends pulumi.ComponentResource {
         this.createEncryptedSnapshotCopy(snapshotIdentifier);
     }
 
-    this.instance = this.createDatabaseInstance(args);
+    this.instance = this.createDatabaseInstance(argsWithDefaults);
 
     this.registerOutputs();
   }
@@ -203,10 +203,8 @@ export class Database extends pulumi.ComponentResource {
   }
 
   private createDatabaseInstance(args: Database.Args) {
-    const argsWithDefaults = Object.assign({}, defaults, args);
-
     const monitoringOptions =
-      argsWithDefaults.enableMonitoring && this.monitoringRole
+      args.enableMonitoring && this.monitoringRole
         ? {
             monitoringInterval: 60,
             monitoringRoleArn: this.monitoringRole.arn,
@@ -220,19 +218,19 @@ export class Database extends pulumi.ComponentResource {
       {
         dbInstanceIdentifier: `${this.name}-db-instance`,
         engine: 'postgres',
-        engineVersion: argsWithDefaults.engineVersion,
-        dbInstanceClass: argsWithDefaults.instanceClass,
-        dbName: argsWithDefaults.dbName,
-        masterUsername: argsWithDefaults.username,
+        engineVersion: args.engineVersion,
+        dbInstanceClass: args.instanceClass,
+        dbName: args.dbName,
+        masterUsername: args.username,
         masterUserPassword: this.password.value,
         dbSubnetGroupName: this.dbSubnetGroup.name,
         vpcSecurityGroups: [this.dbSecurityGroup.id],
-        allocatedStorage: argsWithDefaults.allocatedStorage,
-        maxAllocatedStorage: argsWithDefaults.maxAllocatedStorage,
-        multiAz: argsWithDefaults.multiAz,
-        applyImmediately: argsWithDefaults.applyImmediately,
-        allowMajorVersionUpgrade: argsWithDefaults.allowMajorVersionUpgrade,
-        autoMinorVersionUpgrade: argsWithDefaults.autoMinorVersionUpgrade,
+        allocatedStorage: args.allocatedStorage,
+        maxAllocatedStorage: args.maxAllocatedStorage,
+        multiAz: args.multiAz,
+        applyImmediately: args.applyImmediately,
+        allowMajorVersionUpgrade: args.allowMajorVersionUpgrade,
+        autoMinorVersionUpgrade: args.autoMinorVersionUpgrade,
         kmsKeyId: this.kmsKeyId,
         storageEncrypted: true,
         publiclyAccessible: false,
@@ -240,12 +238,12 @@ export class Database extends pulumi.ComponentResource {
         preferredBackupWindow: '06:00-06:30',
         backupRetentionPeriod: 14,
         caCertificateIdentifier: 'rds-ca-rsa2048-g1',
-        dbParameterGroupName: argsWithDefaults.parameterGroupName,
+        dbParameterGroupName: args.parameterGroupName,
         dbSnapshotIdentifier:
           this.encryptedSnapshotCopy?.targetDbSnapshotIdentifier,
         ...monitoringOptions,
         tags: [
-          ...Object.entries({ ...commonTags, ...argsWithDefaults.tags }).map(
+          ...Object.entries({ ...commonTags, ...args.tags }).map(
             ([key, value]) => ({ key, value }),
           ),
         ],

From 28e6a93799afd74795641e485479d64df8801a7c Mon Sep 17 00:00:00 2001
From: mandryllo <frano.sincic@gostudion.com>
Date: Fri, 5 Dec 2025 10:36:28 +0100
Subject: [PATCH 05/14] Fix kms key id type

---
 src/v2/components/database/index.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/v2/components/database/index.ts b/src/v2/components/database/index.ts
index 297227d..689be95 100644
--- a/src/v2/components/database/index.ts
+++ b/src/v2/components/database/index.ts
@@ -49,7 +49,7 @@ export class Database extends pulumi.ComponentResource {
   password: Password;
   encryptedSnapshotCopy?: aws.rds.SnapshotCopy;
   monitoringRole?: aws.iam.Role;
-  kmsKeyId: pulumi.Input<string>;
+  kmsKeyId: pulumi.Output<string>;
 
   constructor(
     name: string,
@@ -80,7 +80,9 @@ export class Database extends pulumi.ComponentResource {
       { parent: this },
     );
 
-    this.kmsKeyId = kmsKeyId || this.createEncryptionKey().arn;
+    this.kmsKeyId = kmsKeyId
+      ? pulumi.output(kmsKeyId)
+      : this.createEncryptionKey().arn;
 
     if (enableMonitoring) {
       this.monitoringRole = this.createMonitoringRole();

From afb4f9764c1c1cc0335446490271e341d397c86b Mon Sep 17 00:00:00 2001
From: mandryllo <frano.sincic@gostudion.com>
Date: Fri, 5 Dec 2025 18:16:19 +0100
Subject: [PATCH 06/14] Cleanup

---
 src/v2/components/database/index.ts | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/v2/components/database/index.ts b/src/v2/components/database/index.ts
index 689be95..4f53246 100644
--- a/src/v2/components/database/index.ts
+++ b/src/v2/components/database/index.ts
@@ -101,7 +101,7 @@ export class Database extends pulumi.ComponentResource {
   private createSubnetGroup(
     isolatedSubnetIds: awsx.ec2.Vpc['isolatedSubnetIds'],
   ) {
-    const dbSubnetGroup = new aws.rds.SubnetGroup(
+    return new aws.rds.SubnetGroup(
       `${this.name}-subnet-group`,
       {
         subnetIds: isolatedSubnetIds,
@@ -109,14 +109,13 @@ export class Database extends pulumi.ComponentResource {
       },
       { parent: this },
     );
-    return dbSubnetGroup;
   }
 
   private createSecurityGroup(
     vpcId: awsx.ec2.Vpc['vpcId'],
     vpcCidrBlock: pulumi.Input<string>,
   ) {
-    const dbSecurityGroup = new aws.ec2.SecurityGroup(
+    return new aws.ec2.SecurityGroup(
       `${this.name}-security-group`,
       {
         vpcId,
@@ -132,11 +131,10 @@ export class Database extends pulumi.ComponentResource {
       },
       { parent: this },
     );
-    return dbSecurityGroup;
   }
 
   private createEncryptionKey() {
-    const kms = new aws.kms.Key(
+    return new aws.kms.Key(
       `${this.name}-rds-key`,
       {
         description: `${this.name} RDS encryption key`,
@@ -149,7 +147,6 @@ export class Database extends pulumi.ComponentResource {
       },
       { parent: this },
     );
-    return kms;
   }
 
   private createMonitoringRole() {
@@ -166,7 +163,9 @@ export class Database extends pulumi.ComponentResource {
           },
         ],
       },
-    });
+    },
+    { parent: this },
+  );
 
     new aws.iam.RolePolicyAttachment(
       `${this.name}-rds-monitoring-role-attachment`,
@@ -175,6 +174,7 @@ export class Database extends pulumi.ComponentResource {
         policyArn:
           'arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole',
       },
+      { parent: this },
     );
 
     return monitoringRole;
@@ -189,8 +189,7 @@ export class Database extends pulumi.ComponentResource {
         aws.rds.getSnapshot({
           dbSnapshotIdentifier: snapshotIdentifier,
         }),
-      )
-      .apply(snapshot => snapshot.dbSnapshotArn);
+      ).dbSnapshotArn;
 
     const encryptedSnapshotCopy = new aws.rds.SnapshotCopy(
       `${this.name}-encrypted-snapshot-copy`,

From d65c818c367f9303b2d64eacac94132a57429853 Mon Sep 17 00:00:00 2001
From: mandryllo <frano.sincic@gostudion.com>
Date: Fri, 5 Dec 2025 18:23:04 +0100
Subject: [PATCH 07/14] Cleanup vpc parameters

---
 src/v2/components/database/index.ts | 32 ++++++++++++-----------------
 1 file changed, 13 insertions(+), 19 deletions(-)

diff --git a/src/v2/components/database/index.ts b/src/v2/components/database/index.ts
index 4f53246..e121cd5 100644
--- a/src/v2/components/database/index.ts
+++ b/src/v2/components/database/index.ts
@@ -44,12 +44,13 @@ const defaults = {
 export class Database extends pulumi.ComponentResource {
   name: string;
   instance: awsNative.rds.DbInstance;
+  vpc: pulumi.Output<awsx.ec2.Vpc>;
   dbSubnetGroup: aws.rds.SubnetGroup;
   dbSecurityGroup: aws.ec2.SecurityGroup;
   password: Password;
-  encryptedSnapshotCopy?: aws.rds.SnapshotCopy;
-  monitoringRole?: aws.iam.Role;
   kmsKeyId: pulumi.Output<string>;
+  monitoringRole?: aws.iam.Role;
+  encryptedSnapshotCopy?: aws.rds.SnapshotCopy;
 
   constructor(
     name: string,
@@ -62,17 +63,15 @@ export class Database extends pulumi.ComponentResource {
 
     const argsWithDefaults = Object.assign({}, defaults, args);
     const {
+      vpc,
       kmsKeyId,
-      snapshotIdentifier,
       enableMonitoring,
+      snapshotIdentifier,
     } = argsWithDefaults;
 
-    const vpc = pulumi.output(argsWithDefaults.vpc);
-    this.dbSubnetGroup = this.createSubnetGroup(vpc.isolatedSubnetIds);
-    this.dbSecurityGroup = this.createSecurityGroup(
-      vpc.vpcId,
-      vpc.vpc.cidrBlock,
-    );
+    this.vpc = pulumi.output(vpc);
+    this.dbSubnetGroup = this.createSubnetGroup();
+    this.dbSecurityGroup = this.createSecurityGroup();
 
     this.password = new Password(
       `${this.name}-database-password`,
@@ -98,33 +97,28 @@ export class Database extends pulumi.ComponentResource {
     this.registerOutputs();
   }
 
-  private createSubnetGroup(
-    isolatedSubnetIds: awsx.ec2.Vpc['isolatedSubnetIds'],
-  ) {
+  private createSubnetGroup() {
     return new aws.rds.SubnetGroup(
       `${this.name}-subnet-group`,
       {
-        subnetIds: isolatedSubnetIds,
+        subnetIds: this.vpc.isolatedSubnetIds,
         tags: commonTags,
       },
       { parent: this },
     );
   }
 
-  private createSecurityGroup(
-    vpcId: awsx.ec2.Vpc['vpcId'],
-    vpcCidrBlock: pulumi.Input<string>,
-  ) {
+  private createSecurityGroup() {
     return new aws.ec2.SecurityGroup(
       `${this.name}-security-group`,
       {
-        vpcId,
+        vpcId: this.vpc.vpcId,
         ingress: [
           {
             protocol: 'tcp',
             fromPort: 5432,
             toPort: 5432,
-            cidrBlocks: [vpcCidrBlock],
+            cidrBlocks: [this.vpc.vpc.cidrBlock],
           },
         ],
         tags: commonTags,

From f4826643c7cce35135b9560fc8ec3cf1d2afe812 Mon Sep 17 00:00:00 2001
From: mandryllo <frano.sincic@gostudion.com>
Date: Fri, 5 Dec 2025 18:31:58 +0100
Subject: [PATCH 08/14] Cleanup types

---
 src/v2/components/database/index.ts | 36 +++++++++++++++++++++--------
 1 file changed, 27 insertions(+), 9 deletions(-)

diff --git a/src/v2/components/database/index.ts b/src/v2/components/database/index.ts
index e121cd5..7ab620c 100644
--- a/src/v2/components/database/index.ts
+++ b/src/v2/components/database/index.ts
@@ -6,23 +6,41 @@ import { Password } from '../../../components/password';
 import { commonTags } from '../../../constants';
 
 export namespace Database {
-  export type Args = {
+  export type Instance = {
     dbName?: pulumi.Input<string>;
-    username?: pulumi.Input<string>;
-    password?: pulumi.Input<string>;
+    engineVersion?: pulumi.Input<string>;
+    instanceClass?: pulumi.Input<string>;
+    allowMajorVersionUpgrade?: pulumi.Input<boolean>;
+    autoMinorVersionUpgrade?: pulumi.Input<boolean>;
+  };
+
+  export type Networking = {
     vpc: pulumi.Input<awsx.ec2.Vpc>;
     multiAz?: pulumi.Input<boolean>;
-    applyImmediately?: pulumi.Input<boolean>;
+  };
+
+  export type Credentials = {
+    username?: pulumi.Input<string>;
+    password?: pulumi.Input<string>;
+  };
+
+  export type Storage = {
     allocatedStorage?: pulumi.Input<string>;
     maxAllocatedStorage?: pulumi.Input<number>;
-    instanceClass?: pulumi.Input<string>;
-    allowMajorVersionUpgrade?: pulumi.Input<boolean>;
-    autoMinorVersionUpgrade?: pulumi.Input<boolean>;
     kmsKeyId?: pulumi.Input<string>;
-    parameterGroupName?: pulumi.Input<string>;
     snapshotIdentifier?: pulumi.Input<string>;
+  };
+
+  export type Monitoring = {
     enableMonitoring?: pulumi.Input<boolean>;
-    engineVersion?: pulumi.Input<string>;
+    applyImmediately?: pulumi.Input<boolean>;
+  };
+
+  export type ParameterGroup = {
+    parameterGroupName?: pulumi.Input<string>;
+  };
+
+  export type Args = Instance & Networking & Credentials & Storage & Monitoring & ParameterGroup & {
     tags?: pulumi.Input<{
       [key: string]: pulumi.Input<string>;
     }>;

From 9f2290e232a988b162abe9c83edbcdb3caa1ccc4 Mon Sep 17 00:00:00 2001
From: mandryllo <frano.sincic@gostudion.com>
Date: Fri, 5 Dec 2025 18:32:30 +0100
Subject: [PATCH 09/14] Fix formatting

---
 src/v2/components/database/index.ts | 53 +++++++++++++++--------------
 1 file changed, 28 insertions(+), 25 deletions(-)

diff --git a/src/v2/components/database/index.ts b/src/v2/components/database/index.ts
index 7ab620c..07b0d54 100644
--- a/src/v2/components/database/index.ts
+++ b/src/v2/components/database/index.ts
@@ -40,11 +40,16 @@ export namespace Database {
     parameterGroupName?: pulumi.Input<string>;
   };
 
-  export type Args = Instance & Networking & Credentials & Storage & Monitoring & ParameterGroup & {
-    tags?: pulumi.Input<{
-      [key: string]: pulumi.Input<string>;
-    }>;
-  };
+  export type Args = Instance &
+    Networking &
+    Credentials &
+    Storage &
+    Monitoring &
+    ParameterGroup & {
+      tags?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+      }>;
+    };
 }
 
 const defaults = {
@@ -80,12 +85,8 @@ export class Database extends pulumi.ComponentResource {
     this.name = name;
 
     const argsWithDefaults = Object.assign({}, defaults, args);
-    const {
-      vpc,
-      kmsKeyId,
-      enableMonitoring,
-      snapshotIdentifier,
-    } = argsWithDefaults;
+    const { vpc, kmsKeyId, enableMonitoring, snapshotIdentifier } =
+      argsWithDefaults;
 
     this.vpc = pulumi.output(vpc);
     this.dbSubnetGroup = this.createSubnetGroup();
@@ -162,22 +163,24 @@ export class Database extends pulumi.ComponentResource {
   }
 
   private createMonitoringRole() {
-    const monitoringRole = new aws.iam.Role(`${this.name}-rds-monitoring`, {
-      assumeRolePolicy: {
-        Version: '2012-10-17',
-        Statement: [
-          {
-            Action: 'sts:AssumeRole',
-            Effect: 'Allow',
-            Principal: {
-              Service: 'monitoring.rds.amazonaws.com',
+    const monitoringRole = new aws.iam.Role(
+      `${this.name}-rds-monitoring`,
+      {
+        assumeRolePolicy: {
+          Version: '2012-10-17',
+          Statement: [
+            {
+              Action: 'sts:AssumeRole',
+              Effect: 'Allow',
+              Principal: {
+                Service: 'monitoring.rds.amazonaws.com',
+              },
             },
-          },
-        ],
+          ],
+        },
       },
-    },
-    { parent: this },
-  );
+      { parent: this },
+    );
 
     new aws.iam.RolePolicyAttachment(
       `${this.name}-rds-monitoring-role-attachment`,

From c856876d69a47723713ef7fde4b6d2335b27ee45 Mon Sep 17 00:00:00 2001
From: mandryllo <frano.sincic@gostudion.com>
Date: Mon, 8 Dec 2025 10:55:58 +0100
Subject: [PATCH 10/14] Cleanup

---
 src/v2/components/database/index.ts | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/v2/components/database/index.ts b/src/v2/components/database/index.ts
index 07b0d54..ff48e7a 100644
--- a/src/v2/components/database/index.ts
+++ b/src/v2/components/database/index.ts
@@ -206,7 +206,7 @@ export class Database extends pulumi.ComponentResource {
         }),
       ).dbSnapshotArn;
 
-    const encryptedSnapshotCopy = new aws.rds.SnapshotCopy(
+    return new aws.rds.SnapshotCopy(
       `${this.name}-encrypted-snapshot-copy`,
       {
         sourceDbSnapshotIdentifier,
@@ -215,7 +215,6 @@ export class Database extends pulumi.ComponentResource {
       },
       { parent: this },
     );
-    return encryptedSnapshotCopy;
   }
 
   private createDatabaseInstance(args: Database.Args) {

From 81a970da8100c04bc48bd4ebb95bd78d9c381cfe Mon Sep 17 00:00:00 2001
From: mandryllo <frano.sincic@gostudion.com>
Date: Wed, 10 Dec 2025 10:22:54 +0100
Subject: [PATCH 11/14] Cleanup database types

---
 src/v2/components/database/index.ts | 26 +++++++-------------------
 1 file changed, 7 insertions(+), 19 deletions(-)

diff --git a/src/v2/components/database/index.ts b/src/v2/components/database/index.ts
index ff48e7a..76c7af0 100644
--- a/src/v2/components/database/index.ts
+++ b/src/v2/components/database/index.ts
@@ -9,16 +9,12 @@ export namespace Database {
   export type Instance = {
     dbName?: pulumi.Input<string>;
     engineVersion?: pulumi.Input<string>;
+    multiAz?: pulumi.Input<boolean>;
     instanceClass?: pulumi.Input<string>;
     allowMajorVersionUpgrade?: pulumi.Input<boolean>;
     autoMinorVersionUpgrade?: pulumi.Input<boolean>;
   };
 
-  export type Networking = {
-    vpc: pulumi.Input<awsx.ec2.Vpc>;
-    multiAz?: pulumi.Input<boolean>;
-  };
-
   export type Credentials = {
     username?: pulumi.Input<string>;
     password?: pulumi.Input<string>;
@@ -28,24 +24,16 @@ export namespace Database {
     allocatedStorage?: pulumi.Input<string>;
     maxAllocatedStorage?: pulumi.Input<number>;
     kmsKeyId?: pulumi.Input<string>;
-    snapshotIdentifier?: pulumi.Input<string>;
-  };
-
-  export type Monitoring = {
-    enableMonitoring?: pulumi.Input<boolean>;
-    applyImmediately?: pulumi.Input<boolean>;
-  };
-
-  export type ParameterGroup = {
-    parameterGroupName?: pulumi.Input<string>;
   };
 
   export type Args = Instance &
-    Networking &
     Credentials &
-    Storage &
-    Monitoring &
-    ParameterGroup & {
+    Storage & {
+      vpc: pulumi.Input<awsx.ec2.Vpc>;
+      enableMonitoring?: pulumi.Input<boolean>;
+      applyImmediately?: pulumi.Input<boolean>;
+      snapshotIdentifier?: pulumi.Input<string>;
+      parameterGroupName?: pulumi.Input<string>;
       tags?: pulumi.Input<{
         [key: string]: pulumi.Input<string>;
       }>;

From cb08ae350b493ef77de56b24dfb60083e7c25fda Mon Sep 17 00:00:00 2001
From: mandryllo <frano.sincic@gostudion.com>
Date: Wed, 10 Dec 2025 15:00:28 +0100
Subject: [PATCH 12/14] Revert allocatedStorage type to number

---
 src/v2/components/database/index.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/v2/components/database/index.ts b/src/v2/components/database/index.ts
index 76c7af0..388740d 100644
--- a/src/v2/components/database/index.ts
+++ b/src/v2/components/database/index.ts
@@ -21,7 +21,7 @@ export namespace Database {
   };
 
   export type Storage = {
-    allocatedStorage?: pulumi.Input<string>;
+    allocatedStorage?: pulumi.Input<number>;
     maxAllocatedStorage?: pulumi.Input<number>;
     kmsKeyId?: pulumi.Input<string>;
   };
@@ -43,7 +43,7 @@ export namespace Database {
 const defaults = {
   multiAz: false,
   applyImmediately: false,
-  allocatedStorage: '20',
+  allocatedStorage: 20,
   maxAllocatedStorage: 100,
   instanceClass: 'db.t4g.micro',
   enableMonitoring: false,
@@ -228,7 +228,7 @@ export class Database extends pulumi.ComponentResource {
         masterUserPassword: this.password.value,
         dbSubnetGroupName: this.dbSubnetGroup.name,
         vpcSecurityGroups: [this.dbSecurityGroup.id],
-        allocatedStorage: args.allocatedStorage,
+        allocatedStorage: args.allocatedStorage?.toString(),
         maxAllocatedStorage: args.maxAllocatedStorage,
         multiAz: args.multiAz,
         applyImmediately: args.applyImmediately,

From d984d7301459bb805d15749b02356b95ca4a4a0b Mon Sep 17 00:00:00 2001
From: mandryllo <frano.sincic@gostudion.com>
Date: Wed, 10 Dec 2025 16:55:39 +0100
Subject: [PATCH 13/14] fix tags

---
 src/v2/components/database/index.ts | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/v2/components/database/index.ts b/src/v2/components/database/index.ts
index 388740d..93549d8 100644
--- a/src/v2/components/database/index.ts
+++ b/src/v2/components/database/index.ts
@@ -245,11 +245,13 @@ export class Database extends pulumi.ComponentResource {
         dbSnapshotIdentifier:
           this.encryptedSnapshotCopy?.targetDbSnapshotIdentifier,
         ...monitoringOptions,
-        tags: [
-          ...Object.entries({ ...commonTags, ...args.tags }).map(
-            ([key, value]) => ({ key, value }),
-          ),
-        ],
+        tags: pulumi
+          .output(args.tags)
+          .apply(tags => [
+            ...Object.entries({ ...commonTags, ...tags }).map(
+              ([key, value]) => ({ key, value }),
+            ),
+          ]),
       },
       { parent: this, dependsOn: [this.password] },
     );

From 5f26f45941e8998ddcc8debf9ad46d788b09c3a7 Mon Sep 17 00:00:00 2001
From: mandryllo <frano.sincic@gostudion.com>
Date: Wed, 10 Dec 2025 16:55:51 +0100
Subject: [PATCH 14/14] Fix snapshot id

---
 src/v2/components/database/index.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/v2/components/database/index.ts b/src/v2/components/database/index.ts
index 93549d8..695d12a 100644
--- a/src/v2/components/database/index.ts
+++ b/src/v2/components/database/index.ts
@@ -184,7 +184,7 @@ export class Database extends pulumi.ComponentResource {
   }
 
   private createEncryptedSnapshotCopy(
-    snapshotIdentifier: pulumi.Input<string>,
+    snapshotIdentifier: Database.Args['snapshotIdentifier'],
   ) {
     const sourceDbSnapshotIdentifier = pulumi
       .output(snapshotIdentifier)
@@ -198,7 +198,7 @@ export class Database extends pulumi.ComponentResource {
       `${this.name}-encrypted-snapshot-copy`,
       {
         sourceDbSnapshotIdentifier,
-        targetDbSnapshotIdentifier: `${snapshotIdentifier}-encrypted-copy`,
+        targetDbSnapshotIdentifier: pulumi.interpolate`${snapshotIdentifier}-encrypted-copy`,
         kmsKeyId: this.kmsKeyId,
       },
       { parent: this },