How to use the aws-cdk-pure.iaac function in aws-cdk-pure

function SiteGateway(props: StaticSiteProps, certificate: acm.ICertificate): pure.IPure {
  const iaac = pure.iaac(api.RestApi)
  const fqdn = site(props)
  const GW = {
    [fqdn]: (): api.RestApiProps => ({
      binaryMediaTypes: MediaTypes(props),
      deploy: true,
      deployOptions: {
        stageName: (props.sites && props.sites.length > 0) ? props.sites[0].site.split('/')[0] : 'api'
      },
      domainName: {
        certificate,
        domainName: site(props),
      },
      endpointTypes: [api.EndpointType.REGIONAL],
      failOnWarnings: true,
    })
  }

function CDN(props: StaticSiteProps, acmCertRef: string, s3BucketSource: s3.IBucket): pure.IPure {
  const iaac = pure.iaac(cdn.CloudFrontWebDistribution)
  const SiteCDN = (): cdn.CloudFrontWebDistributionProps => ({
    aliasConfiguration: {
      acmCertRef,
      names: [ site(props) ],
      securityPolicy: cdn.SecurityPolicyProtocol.TLS_V1_2_2018,
      sslMethod: cdn.SSLMethod.SNI,
    },
    httpVersion: cdn.HttpVersion.HTTP1_1,
    originConfigs: [
      {
        behaviors : [
          {
            defaultTtl: cdk.Duration.hours(24),
            forwardedValues: {queryString: true},
            isDefaultBehavior: true,
            maxTtl: cdk.Duration.hours(24),

function GatewayDNS(props: GatewayProps, zone: dns.IHostedZone, restapi: api.RestApi): pure.IPure {
  const iaac = pure.iaac(dns.ARecord)
  const ApiDNS  = (): dns.ARecordProps => ({
    recordName: site(props),
    target: {aliasTarget: new target.ApiGateway(restapi)},
    ttl: cdk.Duration.seconds(60),
    zone,
  })
  return iaac(ApiDNS)
}

function Origin(props: StaticSiteProps, publicReadAccess: boolean = true): pure.IPure {
  const iaac = pure.iaac(s3.Bucket)
  const SiteS3 = () => ({
    bucketName: site(props),
    publicReadAccess,
    removalPolicy: cdk.RemovalPolicy.DESTROY,
    websiteErrorDocument: 'error.html',
    websiteIndexDocument: 'index.html',
  })
  return iaac(SiteS3)
}

function OriginAccessPolicy(origin: s3.IBucket): pure.IaaC {
  const role = pure.iaac(iam.Role)
  const SiteRole = (): iam.RoleProps => ({
    assumedBy: new iam.ServicePrincipal('apigateway.amazonaws.com')
  })

  const ReadOnly = (): iam.PolicyStatement => (
    new iam.PolicyStatement({
      actions: ['s3:GetObject'],
      resources: [`${origin.bucketArn}/*`],
    })
  )

  return role(SiteRole).effect(x => x.addToPolicy(ReadOnly()))
}

export function Certificate(site: string, hostedZone: dns.IHostedZone, arn?: string): pure.IPure {
  if (arn) {
    const wrap = pure.include(acm.Certificate.fromCertificateArn)
    const SiteCA = (): string => arn
    return wrap(SiteCA)
  } else {
    const iaac = pure.iaac(acm.DnsValidatedCertificate)
    const SiteCA = (): acm.DnsValidatedCertificateProps => ({ domainName: site, hostedZone })
    return iaac(SiteCA)
  }
}

function GatewayDNS(props: StaticSiteProps, zone: dns.IHostedZone, restapi: api.RestApi): pure.IPure {
  const iaac = pure.iaac(dns.ARecord)
  const SiteDNS  = (): dns.ARecordProps => ({
    recordName: site(props),
    target: {aliasTarget: new target.ApiGateway(restapi)},
    ttl: cdk.Duration.seconds(60),
    zone,
  })
  return iaac(SiteDNS)
}