From b06d8cc82f153670fbb0cbbc7fe69af35da383bd Mon Sep 17 00:00:00 2001 From: "Miroslav Chomut (CZ)" Date: Fri, 23 Aug 2024 15:01:54 +0200 Subject: [PATCH] #1 Make deployable by terraform to AWS --- prepare.deplyoment.sh | 6 ++ src/requirements.txt | 6 ++ terraform/api_gateway.tf | 136 +++++++++++++++++++++++++++++++++++++++ terraform/lambda.tf | 26 ++++++++ terraform/provider.tf | 3 + terraform/variables.tf | 5 ++ 6 files changed, 182 insertions(+) create mode 100644 prepare.deplyoment.sh create mode 100644 src/requirements.txt create mode 100644 terraform/api_gateway.tf create mode 100644 terraform/lambda.tf create mode 100644 terraform/provider.tf create mode 100644 terraform/variables.tf diff --git a/prepare.deplyoment.sh b/prepare.deplyoment.sh new file mode 100644 index 0000000..0e0a35b --- /dev/null +++ b/prepare.deplyoment.sh @@ -0,0 +1,6 @@ +pip3 install -r src/requirements.txt -t dependencies/ --platform manylinux2014_x86_64 --python-version 3.12 --only-binary=:all: +zip -r lambda_function.zip conf +cd src +zip -r ../lambda_function.zip . +cd ../dependencies +zip -r ../lambda_function.zip . diff --git a/src/requirements.txt b/src/requirements.txt new file mode 100644 index 0000000..30abd9f --- /dev/null +++ b/src/requirements.txt @@ -0,0 +1,6 @@ +urllib3 +cryptography +jsonschema +PyJWT +requests +confluent_kafka \ No newline at end of file diff --git a/terraform/api_gateway.tf b/terraform/api_gateway.tf new file mode 100644 index 0000000..a0fa86d --- /dev/null +++ b/terraform/api_gateway.tf @@ -0,0 +1,136 @@ +resource "aws_api_gateway_rest_api" "event_gate_api" { + name = "${var.resource_prefix}event-gate-api" + description = "API for EventGate" + tags = {"BuiltBy" = "Terraform"} + endpoint_configuration { + types = ["PRIVATE"] + } + policy = jsonencode({ + Version = "2012-10-17", + Statement = [ + { + Effect = "Allow", + Action = "execute-api:Invoke", + Resource = "*", + Principal = "*" + } + ] + }) +} + +resource "aws_api_gateway_resource" "event_gate_api_token" { + rest_api_id = aws_api_gateway_rest_api.event_gate_api.id + parent_id = aws_api_gateway_rest_api.event_gate_api.root_resource_id + path_part = "Token" +} + +resource "aws_api_gateway_method" "event_gate_api_token_get" { + rest_api_id = aws_api_gateway_rest_api.event_gate_api.id + resource_id = aws_api_gateway_resource.event_gate_api_token.id + authorization = "NONE" + http_method = "GET" +} + +resource "aws_api_gateway_integration" "event_gate_api_token_get_integration" { + rest_api_id = aws_api_gateway_rest_api.event_gate_api.id + resource_id = aws_api_gateway_resource.event_gate_api_token.id + http_method = aws_api_gateway_method.event_gate_api_token_get.http_method + integration_http_method = "POST" + type = "AWS_PROXY" + uri = aws_lambda_function.event_gate_lambda.invoke_arn +} + +resource "aws_api_gateway_resource" "event_gate_api_topics" { + rest_api_id = aws_api_gateway_rest_api.event_gate_api.id + parent_id = aws_api_gateway_rest_api.event_gate_api.root_resource_id + path_part = "Topics" +} + +resource "aws_api_gateway_method" "event_gate_api_topics_get" { + rest_api_id = aws_api_gateway_rest_api.event_gate_api.id + resource_id = aws_api_gateway_resource.event_gate_api_topics.id + authorization = "NONE" + http_method = "GET" +} + +resource "aws_api_gateway_integration" "event_gate_api_topics_get_integration" { + rest_api_id = aws_api_gateway_rest_api.event_gate_api.id + resource_id = aws_api_gateway_resource.event_gate_api_topics.id + http_method = aws_api_gateway_method.event_gate_api_topics_get.http_method + integration_http_method = "POST" + type = "AWS_PROXY" + uri = aws_lambda_function.event_gate_lambda.invoke_arn +} + +resource "aws_api_gateway_resource" "event_gate_api_topic_name" { + rest_api_id = aws_api_gateway_rest_api.event_gate_api.id + parent_id = aws_api_gateway_resource.event_gate_api_topics.id + path_part = "{topicName}" +} + +resource "aws_api_gateway_method" "event_gate_api_topic_name_get" { + rest_api_id = aws_api_gateway_rest_api.event_gate_api.id + resource_id = aws_api_gateway_resource.event_gate_api_topic_name.id + authorization = "NONE" + http_method = "GET" + request_parameters = { + "method.request.path.topicName" = true + } +} + +resource "aws_api_gateway_integration" "event_gate_api_topic_name_get_integration" { + rest_api_id = aws_api_gateway_rest_api.event_gate_api.id + resource_id = aws_api_gateway_resource.event_gate_api_topic_name.id + http_method = aws_api_gateway_method.event_gate_api_topic_name_get.http_method + integration_http_method = "POST" + type = "AWS_PROXY" + uri = aws_lambda_function.event_gate_lambda.invoke_arn +} + +resource "aws_api_gateway_method" "event_gate_api_topic_name_post" { + rest_api_id = aws_api_gateway_rest_api.event_gate_api.id + resource_id = aws_api_gateway_resource.event_gate_api_topic_name.id + authorization = "NONE" + http_method = "POST" + request_parameters = { + "method.request.path.topicName" = true + } +} + +resource "aws_api_gateway_integration" "event_gate_api_topic_name_post_integration" { + rest_api_id = aws_api_gateway_rest_api.event_gate_api.id + resource_id = aws_api_gateway_resource.event_gate_api_topic_name.id + http_method = aws_api_gateway_method.event_gate_api_topic_name_post.http_method + integration_http_method = "POST" + type = "AWS_PROXY" + uri = aws_lambda_function.event_gate_lambda.invoke_arn +} + +resource "aws_lambda_permission" "event_gate_api_lambda_permissions" { + action = "lambda:InvokeFunction" + function_name = aws_lambda_function.event_gate_lambda.function_name + principal = "apigateway.amazonaws.com" + source_arn = "${aws_api_gateway_rest_api.event_gate_api.execution_arn}/*" +} + +resource "aws_api_gateway_deployment" "event_gate_api_deployment" { + rest_api_id = aws_api_gateway_rest_api.event_gate_api.id + triggers = { + redeployment = sha1(jsonencode([ + aws_api_gateway_integration.event_gate_api_token_get_integration, + aws_api_gateway_integration.event_gate_api_topics_get_integration, + aws_api_gateway_integration.event_gate_api_topic_name_get_integration, + aws_api_gateway_integration.event_gate_api_topic_name_post_integration + ])) + } + lifecycle { + create_before_destroy = true + } +} + +resource "aws_api_gateway_stage" "event_gate_api_stage" { + rest_api_id = aws_api_gateway_rest_api.event_gate_api.id + deployment_id = aws_api_gateway_deployment.event_gate_api_deployment.id + stage_name = "DEV" + tags = {"BuiltBy" = "Terraform"} +} diff --git a/terraform/lambda.tf b/terraform/lambda.tf new file mode 100644 index 0000000..03bb64b --- /dev/null +++ b/terraform/lambda.tf @@ -0,0 +1,26 @@ +resource "aws_security_group" "event_gate_sg" { + name = "${var.resource_prefix}event-gate-sg" + description = "SG for Event Gate" + vpc_id = var.vpc_id + tags = {"BuiltBy" = "Terraform"} +} + +resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" { + security_group_id = aws_security_group.event_gate_sg.id + cidr_ipv4 = "0.0.0.0/0" + ip_protocol = "-1" +} + +resource "aws_lambda_function" "event_gate_lambda" { + filename = "../lambda_function.zip" + function_name = "${var.resource_prefix}event-gate-lambda" + role = var.lambda_role_arn + handler = "event_gate_lambda.lambda_handler" + source_code_hash = filebase64sha256("../lambda_function.zip") + runtime = "python3.12" + vpc_config { + subnet_ids = var.lambda_vpc_subnet_ids + security_group_ids = [aws_security_group.event_gate_sg.id] + } + tags = {"BuiltBy" = "Terraform"} +} diff --git a/terraform/provider.tf b/terraform/provider.tf new file mode 100644 index 0000000..a0668b1 --- /dev/null +++ b/terraform/provider.tf @@ -0,0 +1,3 @@ +provider "aws" { + region = var.aws_region +} diff --git a/terraform/variables.tf b/terraform/variables.tf new file mode 100644 index 0000000..0cbb4c0 --- /dev/null +++ b/terraform/variables.tf @@ -0,0 +1,5 @@ +variable "aws_region" {} +variable "vpc_id" {} +variable "resource_prefix" {} +variable "lambda_role_arn" {} +variable "lambda_vpc_subnet_ids" {}