Reference > Extensions > Infra
Infra Extensions Reference
Reference for all Infra.* extensions available in webiny.config.tsx.
- every
Infra.*extension and the props it accepts
Overview
Infra.* extensions configure cloud infrastructure: AWS settings, encryption, networking, conditional rendering, and lifecycle hooks for each application (Admin, Api, Core).
Infra.Encryption
Configures AES-GCM encryption for the API’s EncryptionService, used for encrypting sensitive data stored in the database.
| Prop | Type | Required | Description |
|---|---|---|---|
passphrase | string | Yes | Passphrase used to derive the AES key via scrypt |
salt | string | No | scrypt salt. Ensures different keys for the same passphrase across environments. |
algorithm | "aes-128-gcm" \| "aes-192-gcm" \| "aes-256-gcm" | No | AES-GCM variant. Defaults to aes-256-gcm. |
Infra.OpenSearch
Enables and configures Amazon OpenSearch for the project.
| Prop | Type | Required | Description |
|---|---|---|---|
enabled | boolean | No | Whether to enable OpenSearch. Defaults to false. |
domainName | string | No | Existing OpenSearch domain name. When set, Webiny uses that domain instead of deploying a new one. |
indexPrefix | string | No | Prefix added to all OpenSearch index names. |
sharedIndexes | boolean | No | When true, a single set of indexes is shared across all environments. Defaults to false. |
endpoint | string | No | Endpoint of an existing OpenSearch cluster (useful when using a custom domain). |
username | string | No | Username for OpenSearch authentication. |
password | string | No | Password for OpenSearch authentication. |
Infra.Vpc
Deploys Webiny Lambda functions and OpenSearch into a VPC, or connects them to an existing one.
| Prop | Type | Required | Description |
|---|---|---|---|
enabled | boolean | Yes | Whether to enable VPC integration. |
useVpcEndpoints | boolean | No | Whether to create VPC endpoints for AWS services. |
useExistingVpc | object | No | Connect to an existing VPC instead of creating one. See shape below. |
useExistingVpc shape:
Infra.BlueGreenDeployments
Enables blue/green deployment support, routing traffic between two parallel environments via weighted CloudFront distributions.
| Prop | Type | Required | Description |
|---|---|---|---|
enabled | boolean | Yes | Whether to enable blue/green deployments. |
domains | object | Yes | Custom domain and certificate configuration. See shape below. |
deployments | [deployment, deployment] | Yes | Exactly two deployment descriptors. See shape below. |
domains shape:
Each deployment object:
Infra.PulumiResourceNamePrefix
Overrides the default wby- prefix applied to all Pulumi resource names.
| Prop | Type | Required | Description |
|---|---|---|---|
prefix | string | Yes | Custom prefix for all Pulumi-managed resource names |
Infra.ProductionEnvironments
Declares which environment names are treated as production. Affects Infra.Env.IsProd and Infra.Env.IsNotProd.
| Prop | Type | Required | Description |
|---|---|---|---|
environments | string[] | Yes | Environment names to treat as production (letters, numbers, dashes, and underscores only) |
Infra.EnvVar
Sets an environment variable available during builds and deployments.
| Prop | Type | Required | Description |
|---|---|---|---|
varName | string | Yes | Environment variable name |
value | string | Yes | Environment variable value |
Can be used multiple times.
Infra.Aws
Infra.Aws.DefaultRegion
Sets the default AWS region for all deployments.
| Prop | Type | Required | Description |
|---|---|---|---|
name | string | Yes | AWS region name (e.g. "us-east-1") |
Infra.Aws.Tags
Applies AWS resource tags to all Pulumi-managed resources. Can be used multiple times — tags from multiple instances are merged.
| Prop | Type | Required | Description |
|---|---|---|---|
tags | Record<string, string> | Yes | Key-value map of AWS tags to apply |
Infra.Env
Conditionally renders child extensions based on the current environment, variant, or AWS region.
Infra.Env.Is / Infra.Env.IsNot
Infra.Env.Is renders children when conditions match; Infra.Env.IsNot renders when they do not. Multiple props are AND-ed.
| Prop | Type | Required | Description |
|---|---|---|---|
env | string \| string[] | No | Environment name(s) to match |
variant | string \| string[] | No | Variant name(s) to match |
region | string \| string[] | No | AWS region(s) to match |
children | ReactNode | Yes | Extensions to render when the condition is met |
Infra.Env.IsProd / Infra.Env.IsNotProd
Shorthand for Infra.Env.Is / Infra.Env.IsNot matched against the environments declared in Infra.ProductionEnvironments.
| Prop | Type | Required | Description |
|---|---|---|---|
children | ReactNode | Yes | Extensions to render |
Infra.Ci
Conditionally renders child extensions based on whether the process is running in a CI environment.
Infra.Ci.Is / Infra.Ci.IsNot
| Prop | Type | Required | Description |
|---|---|---|---|
children | ReactNode | Yes | Extensions to render |
Infra.Admin
Extensions that target the Admin application’s build, deployment, and cloud infrastructure.
Lifecycle Hooks
All six extensions accept a single src prop pointing to an implementation file. All can be used multiple times.
| Extension | Triggered |
|---|---|
Infra.Admin.BeforeBuild | Before the Admin app is built |
Infra.Admin.AfterBuild | After the Admin app is built |
Infra.Admin.BeforeDeploy | Before the Admin app is deployed |
Infra.Admin.AfterDeploy | After the Admin app is deployed |
Infra.Admin.BeforeWatch | Before webiny watch starts for Admin |
Infra.Admin.Pulumi | During Pulumi deployment — modify Admin cloud infrastructure |
| Prop | Type | Required | Description |
|---|---|---|---|
src | string | Yes | Path to the implementation file |
Infra.Admin.CustomDomains
Connects a custom domain to the Admin CloudFront distribution. See Connect Custom Domain for a full guide.
| Prop | Type | Required | Description |
|---|---|---|---|
domains | string[] | Yes | One or more custom domain names |
certificateArn | string | Yes | ARN of the ACM certificate (must be in us-east-1) |
sslMethod | "sni-only" \| "vip" | No | SSL/TLS method. Defaults to "sni-only". |
Infra.Admin.StackOutputValue
Adds a custom key-value entry to the Admin Pulumi stack outputs. Can be used multiple times.
| Prop | Type | Required | Description |
|---|---|---|---|
key | string | Yes | Output key name |
value | any | Yes | Output value |
Infra.Api
Extensions that target the API application’s build, deployment, and cloud infrastructure.
Lifecycle Hooks
All six extensions accept a single src prop pointing to an implementation file. All can be used multiple times.
| Extension | Triggered |
|---|---|
Infra.Api.BeforeBuild | Before the API app is built |
Infra.Api.AfterBuild | After the API app is built |
Infra.Api.BeforeDeploy | Before the API app is deployed |
Infra.Api.AfterDeploy | After the API app is deployed |
Infra.Api.BeforeWatch | Before webiny watch starts for API |
Infra.Api.Pulumi | During Pulumi deployment — modify API cloud infrastructure |
| Prop | Type | Required | Description |
|---|---|---|---|
src | string | Yes | Path to the implementation file |
Infra.Api.CustomDomains
Connects a custom domain to the API CloudFront distribution. See Connect Custom Domain for a full guide.
| Prop | Type | Required | Description |
|---|---|---|---|
domains | string[] | Yes | One or more custom domain names |
certificateArn | string | Yes | ARN of the ACM certificate (must be in us-east-1) |
sslMethod | "sni-only" \| "vip" | No | SSL/TLS method. Defaults to "sni-only". |
Infra.Api.LambdaFunction
Adds a fully custom Lambda function to the API application, with both an application handler and Pulumi infrastructure code. Can be used multiple times.
| Prop | Type | Required | Description |
|---|---|---|---|
functionSrc | string | Yes | Path to the Lambda handler source file |
pulumiSrc | string | Yes | Path to the Pulumi infrastructure file (must follow ApiPulumi abstraction) |
Infra.Api.StackOutputValue
Adds a custom key-value entry to the API Pulumi stack outputs. Can be used multiple times.
| Prop | Type | Required | Description |
|---|---|---|---|
key | string | Yes | Output key name |
value | any | Yes | Output value |
Infra.Core
Extensions that target the Core application — the shared infrastructure layer (DynamoDB tables, Cognito user pool, S3 buckets).
Lifecycle Hooks
All six extensions accept a single src prop pointing to an implementation file. All can be used multiple times.
| Extension | Triggered |
|---|---|
Infra.Core.BeforeBuild | Before the Core app is built |
Infra.Core.AfterBuild | After the Core app is built |
Infra.Core.BeforeDeploy | Before the Core app is deployed |
Infra.Core.AfterDeploy | After the Core app is deployed |
Infra.Core.BeforeWatch | Before webiny watch starts for Core |
Infra.Core.Pulumi | During Pulumi deployment — modify Core cloud infrastructure |
| Prop | Type | Required | Description |
|---|---|---|---|
src | string | Yes | Path to the implementation file |
Infra.Core.StackOutputValue
Adds a custom key-value entry to the Core Pulumi stack outputs. Can be used multiple times.
| Prop | Type | Required | Description |
|---|---|---|---|
key | string | Yes | Output key name |
value | any | Yes | Output value |