This document describes how Webiny can be configured to be deployed into an existing Amazon VPC.

Before we continue, note that these features are part of Webiny’s enterprise offering, as relevant code that we need to use falls under Webiny’s enterprise license.

Configuration

In order to deploy Webiny into an existing VPC, we need to apply four configuration changes to four default project applications that are included in every Webiny project:

Core (apps/core)
API (apps/api)
Admin (apps/admin)
Website (apps/website)

For all applications, changes will be applied in application’s respective webiny.application.ts file. Note that all of the changes are essentially the same: we use the vpc.existingVpc option, and, via it, pass existing VPC-related configuration: private subnet IDs and security group IDs.

Let’s take a look at the changes that need to be made.

1. Core (`apps/core`)

The Core’s webiny.application.ts file should look like the following:

// apps/core/webiny.application.ts
import { createCoreApp } from "@webiny/serverless-cms-aws/enterprise";

const ELASTICSEARCH_PRIVATE_SUBNETS = ["private-subnet-id-1", "private-subnet-id-2"];
const ELASTICSEARCH_SECURITY_GROUPS = ["security-group-id-1"];

const LAMBDA_FUNCTIONS_PRIVATE_SUBNETS = ["private-subnet-id-1", "private-subnet-id-2"];
const LAMBDA_FUNCTIONS_SECURITY_GROUPS = ["security-group-id-1"];

export default createCoreApp({
    pulumiResourceNamePrefix: "wby-",
    elasticSearch: true,
    vpc: {
        useExistingVpc: {
            elasticSearchDomainVpcConfig: {
                subnetIds: ELASTICSEARCH_PRIVATE_SUBNETS,
                securityGroupIds: ELASTICSEARCH_SECURITY_GROUPS
            },
            lambdaFunctionsVpcConfig: {
                subnetIds: LAMBDA_FUNCTIONS_PRIVATE_SUBNETS,
                securityGroupIds: LAMBDA_FUNCTIONS_SECURITY_GROUPS
            }
        }
    }
});

Note that, if the Webiny project is being deployed into the production environment, two private subnets need to specified via ELASTICSEARCH_PRIVATE_SUBNETS and LAMBDA_FUNCTIONS_PRIVATE_SUBNETS arrays. This is because the ElasticSearch cluster that Webiny deploys relies on two instances that are deployed into two different private subnets. For environments other than production, specifying a single private subnet will suffice.

Production deployment means deploying your Webiny project into prod environment, via the [webiny deploy](<https://www.webiny.com/docs/core-development-concepts/basics/project-deployment>) command: yarn webiny deploy --env prod. More on the development and production modes can be found here: https://www.webiny.com/docs/architecture/deployment-modes/introduction

In the above code, we can also utilize the process.env.WEBINY_ENV environment variable in order to determine into which environment a Webiny project is being deployed. This can enable us to specify private subnets conditionally, using different values depending on the environment.

Webiny comes with 2 database setups - DynamoDB-only and DynamoDB+ElasticSearch. For more information on these, check: https://www.webiny.com/docs/architecture/introduction#different-database-setups

To further customize ElasticSearch cluster settings, check out this article: https://www.webiny.com/docs/infrastructure/basics/modify-cloud-infrastructure#adjusting-amazon-elasticsearch-open-search-configuration

Configuration

1. Core (apps/core)

1. Core (`apps/core`)