Skip to content

Commit

Permalink
Feat/lambda sqs (#11)
Browse files Browse the repository at this point in the history
  • Loading branch information
g-otn authored Mar 29, 2024
2 parents 166d389 + 59ae8bd commit 42839b2
Show file tree
Hide file tree
Showing 20 changed files with 362 additions and 137 deletions.
94 changes: 48 additions & 46 deletions .terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .tflint.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@ plugin "terraform" {

plugin "aws" {
enabled = true
version = "0.27.0"
version = "0.30.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}
21 changes: 21 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,27 @@
# terraform-computing

[![Terraform Apply](https://github.com/soat-tech-challenge/terraform-computing/actions/workflows/main.yml/badge.svg)](https://github.com/soat-tech-challenge/terraform-computing/actions/workflows/main.yml)

Part of a group course project of a self service and kitchen management system for a fictional fast food restaurant.

Currently responsible for managing computing-related resources of the project.

### Service

#### ECS Exec

Requires: AWS CLI, Session Manager plugin

Enter ECS task container shell using ECS Exec:

```
aws ecs execute-command \
--region us-east-1 \
--cluster SOAT_Tech_Challenge_ECS_Cluster \
--task task-id \
--container SOAT-TC_ECS_<service>_SVC_Main_Container \
--interactive \
--command "/usr/bin/sh"
```

Read more: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html#ecs-exec-enabling-and-using
60 changes: 60 additions & 0 deletions api_gateway.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
locals {
api_id = data.tfe_outputs.network.values.api_gw_gateway_api.id
proxy_to_alb_id = data.tfe_outputs.network.values.api_gw_integration_proxy_to_alb.id
}

// ----- Authorizers -----

resource "aws_apigatewayv2_authorizer" "lambda_authorizer_client" {
api_id = local.api_id
authorizer_type = "REQUEST"
authorizer_uri = aws_lambda_function.authorizer_client.invoke_arn
identity_sources = ["$request.header.Authorization"]
name = "SOAT-TC_API_Gateway_Authorizer__Lambda_Authorizer_Client"

authorizer_payload_format_version = "2.0"
enable_simple_responses = true
}

// ----- Integrations -----

resource "aws_apigatewayv2_integration" "lambda_identification_nationalid" {
api_id = local.api_id
integration_type = "AWS_PROXY"

description = "Intercept identification request for token generation flow"
integration_method = "POST"
integration_uri = aws_lambda_function.identification_nationalid.invoke_arn

payload_format_version = "2.0"
}

// ----- Routes -----
// Routes should be declared on terraform-network whenever possible. The routes below
// depend on terraform-computing resources, they are declared here to avoid cyclic dependencies.

resource "aws_apigatewayv2_route" "client_identification" {
api_id = local.api_id
route_key = "POST /identification/clients/identification"

target = "integrations/${aws_apigatewayv2_integration.lambda_identification_nationalid.id}"
}

resource "aws_apigatewayv2_route" "order_checkout_and_listing" {
api_id = local.api_id
route_key = "ANY /order/orders" // due to Servlet Filter urlPatterns not supporting specific HTTP methods

authorizer_id = aws_apigatewayv2_authorizer.lambda_authorizer_client.id
authorization_type = "CUSTOM"
target = "integrations/${local.proxy_to_alb_id}"
}

resource "aws_apigatewayv2_route" "order_confirmation" {
api_id = local.api_id
route_key = "POST /payment/payments/initialize"

authorizer_id = aws_apigatewayv2_authorizer.lambda_authorizer_client.id
authorization_type = "CUSTOM"
target = "integrations/${local.proxy_to_alb_id}"

}
19 changes: 19 additions & 0 deletions cloudwatch.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#tfsec:ignore:aws-cloudwatch-log-group-customer-key
resource "aws_cloudwatch_log_group" "lambda_authorizer_client" {
name = "/aws/lambda/SOAT-TC_Lambda_Authorizer_Client_Logs"
retention_in_days = 30

tags = {
Name : "SOAT-TC Lambda Authorizer Client Cloudwatch Log Group"
}
}

#tfsec:ignore:aws-cloudwatch-log-group-customer-key
resource "aws_cloudwatch_log_group" "lambda_identification_nationalid" {
name = "/aws/lambda/SOAT-TC_Lambda_Identification_NationalID_Logs"
retention_in_days = 30

tags = {
Name : "SOAT-TC Lambda Identification National ID Cloudwatch Log Group"
}
}
4 changes: 0 additions & 4 deletions container_definitions/identification.json
Original file line number Diff line number Diff line change
Expand Up @@ -27,10 +27,6 @@
{
"name": "AWS_DYNAMODB_ENDPOINT",
"value": "${aws_dynamodb_endpoint}"
},
{
"name": "JWT_PUBLIC_KEY",
"value": "${client_jwt_pub_key}"
}
],
"logConfiguration": {
Expand Down
16 changes: 16 additions & 0 deletions container_definitions/payment.json
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,22 @@
{
"name": "API_URL_PRODUCTION",
"value": "${api_url_production}"
},
{
"name": "AWS_ACCESS_KEY",
"value": "${aws_access_key}"
},
{
"name": "AWS_SECRET_KEY",
"value": "${aws_secret_key}"
},
{
"name": "AWS_SESSION_TOKEN",
"value": "${aws_session_token}"
},
{
"name": "AWS_SQS_ENDPOINT",
"value": "${aws_sqs_endpoint}"
}
],
"logConfiguration": {
Expand Down
8 changes: 6 additions & 2 deletions container_definitions/production.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@
}
],
"environment": [
{
"name": "JWT_PUBLIC_KEY",
"value": "${client_jwt_pub_key}"
},
{
"name": "AWS_ACCESS_KEY",
"value": "${aws_access_key}"
Expand All @@ -29,8 +33,8 @@
"value": "${aws_dynamodb_endpoint}"
},
{
"name": "JWT_PUBLIC_KEY",
"value": "${client_jwt_pub_key}"
"name": "AWS_SQS_ENDPOINT",
"value": "${aws_sqs_endpoint}"
}
],
"logConfiguration": {
Expand Down
4 changes: 2 additions & 2 deletions database_variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ variable "order_svc_db_password" {
variable "order_svc_db_name" {
description = "Order Service RDS Database instance name"
type = string
default = "postgres"
default = "order_db"
}

// ---
Expand All @@ -31,5 +31,5 @@ variable "payment_svc_db_password" {
variable "payment_svc_db_name" {
description = "Payment Service RDS Database instance name"
type = string
default = "postgres"
default = "payment_db"
}
54 changes: 0 additions & 54 deletions datasources.tf
Original file line number Diff line number Diff line change
Expand Up @@ -12,58 +12,4 @@ data "tfe_outputs" "database" {
organization = "soat-tech-challenge"
workspace = "database-staging"
}
data "template_file" "identification_svc_container_definition" {
template = file("./container_definitions/identification.json")
vars = {
id = "identification"
aws_access_key = var.aws_access_key
aws_secret_key = var.aws_secret_key
aws_session_token = var.aws_session_token
aws_dynamodb_endpoint = "dynamodb.${var.aws_region}.amazonaws.com"
client_jwt_pub_key = var.client_jwt_public_key
aws_region = var.aws_region
}
}


data "template_file" "order_svc_container_definition" {
template = file("./container_definitions/order.json")
vars = {
id = "order"
db_username = var.order_svc_db_username
db_password = var.order_svc_db_password
db_name = var.order_svc_db_name
db_host = data.tfe_outputs.database.values.order_svc_db.endpoint
client_jwt_pub_key = var.client_jwt_public_key
api_url_identification = "${data.tfe_outputs.network.values.lb_lb.dns_name}/identification"
aws_region = var.aws_region
}
}

data "template_file" "payment_svc_container_definition" {
template = file("./container_definitions/payment.json")
vars = {
id = "payment"
db_username = var.payment_svc_db_username
db_password = var.payment_svc_db_password
db_name = var.payment_svc_db_name
db_host = data.tfe_outputs.database.values.payment_svc_db.endpoint
client_jwt_pub_key = var.client_jwt_public_key
api_url_order = "${data.tfe_outputs.network.values.lb_lb.dns_name}/order"
api_url_production = "${data.tfe_outputs.network.values.lb_lb.dns_name}/production"
aws_region = var.aws_region
}
}

data "template_file" "production_svc_container_definition" {
template = file("./container_definitions/production.json")
vars = {
id = "production"
aws_access_key = var.aws_access_key
aws_secret_key = var.aws_secret_key
aws_session_token = var.aws_session_token
aws_dynamodb_endpoint = "dynamodb.${var.aws_region}.amazonaws.com"
client_jwt_pub_key = var.client_jwt_public_key
aws_region = var.aws_region
}
}
4 changes: 0 additions & 4 deletions ecs_variables.tf

This file was deleted.

Loading

0 comments on commit 42839b2

Please sign in to comment.