slococo-uni
/
bsmsapp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add r53, cognito, sns and ses 

Add SNS because of the academy restrictions
This commit is contained in:
Santiago Lo Coco 2022-11-30 11:17:07 -03:00
parent 7dc78dfa27
commit 1eac1ae789
36 changed files with 801 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
terraform/modules/acm/main.tf Normal file
View File

@ -0,0 +1,40 @@
# ---------------------------------------------------------------------------
# Amazon ACM
# ---------------------------------------------------------------------------
data "aws_route53_zone" "this" {
name = var.domain_name
}
resource "aws_acm_certificate" "this" {
domain_name = var.domain_name
subject_alternative_names = var.subject_alternative_names
validation_method = var.validation_method
tags = var.tags
lifecycle {
create_before_destroy = true
}
}
resource "aws_route53_record" "this" {
allow_overwrite = var.validation_allow_overwrite_records
name = tolist(aws_acm_certificate.this.domain_validation_options)[0].resource_record_name
records = [tolist(aws_acm_certificate.this.domain_validation_options)[0].resource_record_value]
type = tolist(aws_acm_certificate.this.domain_validation_options)[0].resource_record_type
zone_id = data.aws_route53_zone.this.zone_id
ttl = var.dns_ttl
depends_on = [aws_acm_certificate.this]
}
resource "aws_acm_certificate_validation" "this" {
certificate_arn = aws_acm_certificate.this.arn
validation_record_fqdns = [aws_route53_record.this.fqdn]
timeouts {
create = var.validation_timeout
}
}

8
terraform/modules/acm/outputs.tf Normal file
View File

@ -0,0 +1,8 @@
# ---------------------------------------------------------------------------
# Amazon ACM outputs
# ---------------------------------------------------------------------------
output "certificate_arn" {
description = "The ARN of the certificate."
value = aws_acm_certificate.this.arn
}

45
terraform/modules/acm/variables.tf Normal file
View File

@ -0,0 +1,45 @@
# ---------------------------------------------------------------------------
# Amazon ACM variables
# ---------------------------------------------------------------------------
variable "domain_name" {
description = "A domain name for which the certificate should be issued"
type = string
default = ""
}
variable "subject_alternative_names" {
description = "A list of domains that should be SANs in the issued certificate"
type = list(string)
default = []
}
variable "validation_method" {
description = "Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into Terraform."
type = string
default = "DNS"
}
variable "validation_allow_overwrite_records" {
description = "Whether to allow overwrite of Route53 records"
type = bool
default = true
}
variable "tags" {
description = "A mapping of tags to assign to the resource"
type = map(string)
default = {}
}
variable "dns_ttl" {
description = "The TTL of DNS recursive resolvers to cache information about this record."
type = number
default = 60
}
variable "validation_timeout" {
description = "Define maximum timeout to wait for the validation to complete"
type = string
default = null
}

10
terraform/modules/acm/versions.tf Normal file
View File

@ -0,0 +1,10 @@
terraform {
required_version = "1.3.4"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.10.0"
}
}
}

5
terraform/modules/cloudfront/main.tf
View File

@ -8,6 +8,8 @@ resource "aws_cloudfront_distribution" "this" {
enabled = var.enabled
default_root_object = var.default_root_object
aliases = var.aliases
dynamic "origin" {
for_each = var.origin
@ -61,6 +63,7 @@ resource "aws_cloudfront_distribution" "this" {
}
viewer_certificate {
cloudfront_default_certificate = true
acm_certificate_arn = var.acm_certificate_arn
ssl_support_method = "sni-only"
}
}

13
terraform/modules/cloudfront/outputs.tf Normal file
View File

@ -0,0 +1,13 @@
# ---------------------------------------------------------------------------
# Amazon CloudFront outputs
# ---------------------------------------------------------------------------
output "distribution_domain_name" {
description = "The domain name corresponding to the distribution."
value = try(aws_cloudfront_distribution.this.domain_name, "")
}
output "distribution_hosted_zone_id" {
description = "The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to."
value = try(aws_cloudfront_distribution.this.hosted_zone_id, "")
}

12
terraform/modules/cloudfront/variables.tf
View File

@ -37,3 +37,15 @@ variable "enabled" {
type = bool
default = true
}
variable "aliases" {
description = "Domain aliases."
type = any
nullable = false
}
variable "acm_certificate_arn" {
description = "ACM certificate."
type = string
nullable = false
}

109
terraform/modules/cognito/main.tf Normal file
View File

@ -0,0 +1,109 @@
# ---------------------------------------------------------------------------
# Amazon Cognito
# ---------------------------------------------------------------------------
resource "aws_cognito_user_pool" "this" {
name = var.name
alias_attributes = var.alias_attributes
auto_verified_attributes = var.auto_verified_attributes
password_policy {
minimum_length = var.password_minimum_length
require_lowercase = var.password_require_lowercase
require_numbers = var.password_require_numbers
require_symbols = var.password_require_symbols
require_uppercase = var.password_require_uppercase
temporary_password_validity_days = var.temporary_password_validity_days
}
dynamic "schema" {
for_each = var.schema_attributes
iterator = attribute
content {
name = attribute.value.name
required = try(attribute.value.required, false)
attribute_data_type = attribute.value.type
developer_only_attribute = try(attribute.value.developer_only_attribute, false)
mutable = try(attribute.value.mutable, true)
dynamic "number_attribute_constraints" {
for_each = attribute.value.type == "Number" ? [true] : []
content {
min_value = lookup(attribute.value, "min_value", null)
max_value = lookup(attribute.value, "max_value", null)
}
}
dynamic "string_attribute_constraints" {
for_each = attribute.value.type == "String" ? [true] : []
content {
min_length = lookup(attribute.value, "min_length", 0)
max_length = lookup(attribute.value, "max_length", 2048)
}
}
}
}
username_configuration {
case_sensitive = var.enable_username_case_sensitivity
}
verification_message_template {
default_email_option = "CONFIRM_WITH_CODE"
}
dynamic "account_recovery_setting" {
for_each = length(var.account_recovery_mechanisms) > 0 ? [true] : []
content {
dynamic "recovery_mechanism" {
for_each = var.account_recovery_mechanisms
iterator = recovery
content {
name = recovery.value.name
priority = recovery.value.priority
}
}
}
}
email_configuration {
email_sending_account = "COGNITO_DEFAULT"
}
# auto_verified_attributes = ["email"]
}
resource "aws_cognito_user_pool_client" "this" {
name = var.client_name
user_pool_id = aws_cognito_user_pool.this.id
callback_urls = ["https://${var.redirect_url}"]
allowed_oauth_flows_user_pool_client = true
allowed_oauth_flows = ["code"]
allowed_oauth_scopes = ["email", "openid", "phone"]
supported_identity_providers = ["COGNITO"]
id_token_validity = "60"
access_token_validity = "60"
explicit_auth_flows = ["ALLOW_CUSTOM_AUTH", "ALLOW_REFRESH_TOKEN_AUTH", "ALLOW_USER_SRP_AUTH"]
prevent_user_existence_errors = "ENABLED"
read_attributes = ["address", "birthdate", "email", "email_verified", "family_name", "gender", "given_name", "locale", "middle_name", "name", "nickname", "phone_number", "phone_number_verified", "picture", "preferred_username", "profile", "updated_at", "website", "zoneinfo"]
write_attributes = ["address", "birthdate", "email", "family_name", "gender", "given_name", "locale", "middle_name", "name", "nickname", "phone_number", "picture", "preferred_username", "profile", "updated_at", "website", "zoneinfo"]
token_validity_units {
access_token = "minutes"
id_token = "minutes"
refresh_token = "days"
}
}
resource "aws_cognito_user_pool_domain" "this" {
domain = var.domain
user_pool_id = aws_cognito_user_pool.this.id
# certificate_arn = var.certificate_arn
}

99
terraform/modules/cognito/variables.tf Normal file
View File

@ -0,0 +1,99 @@
variable "name" {
type = string
description = "(Required) The name of the user pool."
}
variable "client_name" {
type = string
description = "(Required) The name of the client user pool."
}
variable "alias_attributes" {
type = set(string)
description = "(Optional) Attributes supported as an alias for this user pool. Possible values: 'phone_number', 'email', or 'preferred_username'. Conflicts with username_attributes."
default = null
}
variable "domain" {
description = "(Optional) Type a domain prefix to use for the sign-up and sign-in pages that are hosted by Amazon Cognito, e.g. 'https://{YOUR_PREFIX}.auth.eu-west-1.amazoncognito.com'. The prefix must be unique across the selected AWS Region. Domain names can only contain lower-case letters, numbers, and hyphens."
type = string
default = null
}
variable "redirect_url" {
description = "Redirect URL."
type = string
default = null
}
variable "account_recovery_mechanisms" {
type = any
description = "(Optional) A list of recovery_mechanisms which are defined by a `name` and its `priority`. Valid values for `name` are veri fied_email, verified_phone_number, and admin_only."
default = []
}
variable "enable_username_case_sensitivity" {
type = bool
description = "(Optional) Specifies whether username case sensitivity will be applied for all users in the user pool through Cognito APIs."
default = false
}
variable "password_minimum_length" {
type = number
description = "(Optional) The minimum length of the password policy that you have set."
default = 20
}
variable "password_require_lowercase" {
type = bool
description = "(Optional) Whether you have required users to use at least one lowercase letter in their password."
default = true
}
variable "password_require_numbers" {
type = bool
description = "(Optional) Whether you have required users to use at least one number in their password."
default = true
}
variable "password_require_symbols" {
type = bool
description = "(Optional) Whether you have required users to use at least one symbol in their password."
default = true
}
variable "password_require_uppercase" {
type = bool
description = "(Optional) Whether you have required users to use at least one uppercase letter in their password."
default = true
}
variable "temporary_password_validity_days" {
type = number
description = "(Optional) In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator."
default = 1
}
variable "schema_attributes" {
description = "(Optional) A list of schema attributes of a user pool. You can add a maximum of 25 custom attributes."
type = any
default = []
}
variable "tags" {
type = map(string)
description = "(Optional) A mapping of tags to assign to the resource."
default = {}
}
variable "auto_verified_attributes" {
type = set(string)
description = "(Optional) The attributes to be auto-verified. Possible values: 'email', 'phone_number'."
default = [
"email"
]
}

10
terraform/modules/cognito/versions.tf Normal file
View File

@ -0,0 +1,10 @@
terraform {
required_version = "1.3.4"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.10.0"
}
}
}

26
terraform/modules/route53/main.tf Normal file
View File

@ -0,0 +1,26 @@
# ------------------------------------------------------------------------------
# Amazon Route 53
# ------------------------------------------------------------------------------
data "aws_route53_zone" "this" {
name = var.zone_name
private_zone = var.private_zone
}
resource "aws_route53_record" "this" {
for_each = var.records
zone_id = data.aws_route53_zone.this.zone_id
name = each.value.name
type = each.value.type
dynamic "alias" {
for_each = length(keys(lookup(each.value, "alias", {}))) == 0 ? [] : [true]
content {
name = each.value.alias.name
zone_id = try(each.value.alias.zone_id, data.aws_route53_zone.this.zone_id)
evaluate_target_health = false
}
}
}

8
terraform/modules/route53/outputs.tf Normal file
View File

@ -0,0 +1,8 @@
# ------------------------------------------------------------------------------
# Amazon Route 53 outputs
# ------------------------------------------------------------------------------
output "zone_id" {
description = "The route 53 zone ID."
value = data.aws_route53_zone.this.zone_id
}

20
terraform/modules/route53/variables.tf Normal file
View File

@ -0,0 +1,20 @@
# ------------------------------------------------------------------------------
# Amazon Route 53 variables
# ------------------------------------------------------------------------------
variable "zone_name" {
description = "Name of DNS zone"
type = string
}
variable "private_zone" {
description = "Whether Route53 zone is private or public"
type = bool
default = false
}
variable "records" {
description = "List of objects of DNS records"
type = any
default = {}
}

10
terraform/modules/route53/versions.tf Normal file
View File

@ -0,0 +1,10 @@
terraform {
required_version = "1.3.4"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.10.0"
}
}
}

54
terraform/modules/ses/main.tf Normal file
View File

@ -0,0 +1,54 @@
# ------------------------------------------------------------------------------
# Amazon SES
# ------------------------------------------------------------------------------
resource "aws_ses_domain_identity" "this" {
domain = var.domain
}
resource "aws_ses_domain_mail_from" "this" {
domain = aws_ses_domain_identity.this.domain
mail_from_domain = "mail.${var.domain}"
}
# hacer for_each
# resource "aws_route53_record" "amazonses_verification_record" {
# zone_id = data.aws_route53_zone.main.zone_id
# name = "_amazonses.${var.domain}"
# type = "TXT"
# ttl = "600"
# records = [join("", aws_ses_domain_identity.ses_domain.*.verification_token)]
# }
# resource "aws_ses_domain_dkim" "ses_domain_dkim" {
# domain = join("", aws_ses_domain_identity.ses_domain.*.domain)
# }
# resource "aws_route53_record" "amazonses_dkim_record" {
# count = 3
# zone_id = data.aws_route53_zone.main.zone_id
# name = "${element(aws_ses_domain_dkim.ses_domain_dkim.dkim_tokens, count.index)}._domainkey.${var.domain}"
# type = "CNAME"
# ttl = "600"
# records = ["${element(aws_ses_domain_dkim.ses_domain_dkim.dkim_tokens, count.index)}.dkim.amazonses.com"]
# }
# resource "aws_route53_record" "spf_mail_from" {
# zone_id = data.aws_route53_zone.main.zone_id
# name = aws_ses_domain_mail_from.main.mail_from_domain
# type = "TXT"
# ttl = "600"
# records = ["v=spf1 include:amazonses.com -all"]
# }
# creo que solo con este spf estamos
resource "aws_route53_record" "this" {
# zone_id = data.aws_route53_zone.this.zone_id
zone_id = var.zone_id
name = var.domain
type = "TXT"
ttl = "600"
records = ["v=spf1 include:amazonses.com -all"]
}

13
terraform/modules/ses/variables.tf Normal file
View File

@ -0,0 +1,13 @@
# ------------------------------------------------------------------------------
# Amazon SES variables
# ------------------------------------------------------------------------------
variable "domain" {
description = "The domain to use."
type = string
}
variable "zone_id" {
description = "ID of DNS zone"
type = string
}

10
terraform/modules/ses/versions.tf Normal file
View File

@ -0,0 +1,10 @@
terraform {
required_version = "1.3.4"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.10.0"
}
}
}

16
terraform/modules/sns/main.tf Normal file
View File

@ -0,0 +1,16 @@
# ------------------------------------------------------------------------------
# Amazon SNS
# ------------------------------------------------------------------------------
resource "aws_sns_topic" "this" {
name = var.name
delivery_policy = jsonencode(var.delivery)
}
resource "aws_sns_topic_subscription" "this" {
count = length(var.emails)
topic_arn = aws_sns_topic.this.arn
protocol = var.protocol
endpoint = var.emails[count.index]
}

8
terraform/modules/sns/outputs.tf Normal file
View File

@ -0,0 +1,8 @@
# --------------------------------------------------------------------
# Amazon SNS output
# --------------------------------------------------------------------
output "name" {
description = "The topic name."
value = aws_sns_topic.this.name
}

23
terraform/modules/sns/variables.tf Normal file
View File

@ -0,0 +1,23 @@
# ------------------------------------------------------------------------------
# Amazon SES variables
# ------------------------------------------------------------------------------
variable "name" {
description = "The topic name."
type = string
}
variable "delivery" {
description = "The topic delivery json."
type = any
}
variable "protocol" {
description = "The subscription protocol."
type = string
}
variable "emails" {
description = "The subscription emails."
type = any
}

10
terraform/modules/sns/versions.tf Normal file
View File

@ -0,0 +1,10 @@
terraform {
required_version = "1.3.4"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 4.10.0"
}
}
}

21
terraform/organization/acm.tf Normal file
View File

@ -0,0 +1,21 @@
module "acm" {
source = "../modules/acm"
providers = {
aws = aws.aws
}
# depends_on = [
# module.route53
# ]
# zone_id = module.route53.zone_id
domain_name = local.domain
subject_alternative_names = [
"*.${local.domain}"
]
tags = {
name = local.domain
}
}

8
terraform/organization/cloudfront.tf
View File

@ -7,11 +7,17 @@ module "cloudfront" {
depends_on = [
module.s3,
module.apigw
module.apigw,
module.acm
]
enabled = true
web_acl_id = module.waf.web_acl_arn
aliases = [
local.domain
]
acm_certificate_arn = module.acm.certificate_arn
origin = {
api-gateway = {

49
terraform/organization/cognito.tf Normal file
View File

@ -0,0 +1,49 @@
module "cognito" {
source = "../modules/cognito"
providers = {
aws = aws.aws
}
redirect_url = local.domain
name = "cognito-userpool"
domain = "santilococo"
client_name = "cognito-client"
alias_attributes = [
"email",
# "phone_number",
"preferred_username",
]
auto_verified_attributes = [
"email"
]
account_recovery_mechanisms = [
{
name = "verified_email"
priority = 1
}
]
password_minimum_length = 10
password_require_lowercase = true
password_require_numbers = true
password_require_uppercase = true
password_require_symbols = true
temporary_password_validity_days = 3
enable_username_case_sensitivity = false
schema_attributes = [
{
type = "String"
developer_only_attribute = false
mutable = true
name = "email"
required = true
}
]
}

20
terraform/organization/datasources.tf
View File

@ -17,7 +17,7 @@ data "template_file" "userdata" {
}
}
data "aws_iam_policy_document" "this" {
data "aws_iam_policy_document" "dynamodb" {
statement {
effect = "Allow"
actions = [
@ -33,3 +33,21 @@ data "aws_iam_policy_document" "this" {
resources = ["arn:aws:dynamodb:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:table/${module.dynamodb.name}"]
}
}
data "aws_iam_policy_document" "sns" {
statement {
effect = "Allow"
actions = [
"sns:Publish",
"sns:Subscribe",
"sns:CreateTopic",
"sns:GetTopicAttributes",
"sns:SetTopicAttributes",
]
principals {
type = "AWS"
identifiers = ["*"]
}
resources = ["arn:aws:sns:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${module.sns.name}"]
}
}

2
terraform/organization/lambda.tf
View File

@ -17,5 +17,5 @@ module "lambda" {
iam_role = each.value.role
vpc_subnet_ids = module.vpc.private_subnets
vpc_security_group_ids = [aws_security_group.dynamodb_sg.id]
vpc_security_group_ids = [each.value.security_group_ids]
}

34
terraform/organization/locals.tf
View File

@ -52,18 +52,28 @@ locals {
lambdas = {
lambdaSQS = {
package = "${local.path}/lambda/lambdaSQS.zip"
function_name = "AWSLambdaHandlerAPISQSDBg3"
role = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole"
handler = "lambda_handler.main"
runtime = "python3.9"
package = "${local.path}/lambda/lambdaSQS.zip"
function_name = "AWSLambdaHandlerAPISQSDBg3"
role = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole"
handler = "lambda_handler.main"
runtime = "python3.9",
security_group_ids = aws_security_group.dynamodb_sg.id
},
lambdaDB = {
package = "${local.path}/lambda/lambdaDB.zip"
function_name = "AWSLambdaHandlerAPIDBg3"
role = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole"
handler = "lambda_handler.main"
runtime = "python3.9"
package = "${local.path}/lambda/lambdaDB.zip"
function_name = "AWSLambdaHandlerAPIDBg3"
role = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole"
handler = "lambda_handler.main"
runtime = "python3.9",
security_group_ids = aws_security_group.dynamodb_sg.id
}
lambdaSNS = {
package = "${local.path}/lambda/lambdaSNS.zip"
function_name = "AWSLambdaHandlerAPISNSg3"
role = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole"
handler = "lambda_handler.main"
runtime = "python3.9",
security_group_ids = aws_security_group.sns_sg.id
}
}
@ -87,4 +97,8 @@ locals {
cidr_block = "0.0.0.0/0"
}
]
domain = "santilococo.com.ar"
emails = ["slococo@itba.edu.ar"]
}

24
terraform/organization/route53.tf Normal file
View File

@ -0,0 +1,24 @@
module "route53" {
source = "../modules/route53"
providers = {
aws = aws.aws
}
depends_on = [
module.cloudfront
]
zone_name = local.domain
records = {
record = {
name = local.domain
type = "A"
alias = {
name = module.cloudfront.distribution_domain_name
zone_id = module.cloudfront.distribution_hosted_zone_id
}
}
}
}

14
terraform/organization/ses.tf Normal file
View File

@ -0,0 +1,14 @@
module "ses" {
source = "../modules/ses"
providers = {
aws = aws.aws
}
depends_on = [
module.route53
]
domain = local.domain
zone_id = module.route53.zone_id
}

28
terraform/organization/sns.tf Normal file
View File

@ -0,0 +1,28 @@
module "sns" {
source = "../modules/sns"
providers = {
aws = aws.aws
}
name = "slococo"
delivery = {
http = {
defaultHealthyRetryPolicy = {
minDelayTarget = 20,
maxDelayTarget = 20,
numRetries = 3,
numMaxDelayRetries = 0,
numNoDelayRetries = 0,
numMinDelayRetries = 0,
backoffFunction = "linear"
},
disableSubscriptionOverrides = false,
defaultThrottlePolicy = {
maxReceivesPerSecond = 1
}
}
}
protocol = "email"
emails = local.emails
}

45
terraform/organization/vpc.tf
View File

@ -36,10 +36,6 @@ module "vpc" {
enable_nat_gateway = true
single_nat_gateway = true
tags = {
Name = "vpc-g3-bsmsapp"
}
}
module "vpc_endpoints" {
@ -57,16 +53,20 @@ module "vpc_endpoints" {
service = "dynamodb"
service_type = "Gateway"
route_table_ids = flatten([module.vpc.private_route_table_ids])
policy = data.aws_iam_policy_document.this.json
policy = data.aws_iam_policy_document.dynamodb.json
tags = { Name = "dynamodb-vpc-endpoint" }
security_group_ids = [aws_security_group.dynamodb_sg.id]
},
sns = {
service = "sns"
service_type = "Interface"
route_table_ids = flatten([module.vpc.private_route_table_ids])
policy = data.aws_iam_policy_document.sns.json
tags = { Name = "sns-vpc-endpoint" }
subnet_ids = module.vpc.private_subnets
security_group_ids = [aws_security_group.sns_sg.id]
}
}
tags = {
Name = "vpc-g3-bsmsapp"
Endpoint = "true"
}
}
resource "aws_vpc_endpoint" "dynamodb_endpoint" {
@ -91,26 +91,17 @@ resource "aws_security_group" "dynamodb_sg" {
protocol = "tcp"
prefix_list_ids = [aws_vpc_endpoint.dynamodb_endpoint.prefix_list_id]
}
tags = {
Name = "vpc-g3-bsmsapp"
}
}
resource "aws_security_group" "vpc_tls" {
name_prefix = "vpc-g3-bsmsapp-vpc_tls"
description = "Allow TLS inbound traffic"
resource "aws_security_group" "sns_sg" {
name_prefix = "vpc-g3-bsmsapp-ssg"
description = "Allow outbound traffic"
vpc_id = module.vpc.vpc_id
ingress {
description = "TLS from VPC"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [module.vpc.vpc_cidr_block]
}
tags = {
Name = "vpc-g3-bsmsapp"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}

2
terraform/organization/waf.tf
View File

@ -5,7 +5,7 @@ module "waf" {
aws = aws.aws
}
name = "AWS-WAF-g3"
name = "AWS-WAF-bsmsapp"
scope = "CLOUDFRONT"
rule = {

33
terraform/resources/lambda/lambdaDB/lambda_handler.py
View File

@ -2,25 +2,26 @@ import json
import boto3
from decimal import *
class DecimalEncoder(json.JSONEncoder):
def default(self, obj):
if isinstance(obj, Decimal):
return str(obj)
return json.JSONEncoder.default(self, obj)
def default(self, obj):
if isinstance(obj, Decimal):
return str(obj)
return json.JSONEncoder.default(self, obj)
def main (event, context):
client = boto3.resource('dynamodb', region_name="us-east-1")
table = client.Table("AWSDynamoDB-g3")
def main(event, context):
client = boto3.resource('dynamodb', region_name="us-east-1")
table = client.Table("AWSDynamoDB-g3")
data = table.scan()["Items"]
data = table.scan()["Items"]
resp = {
"statusCode": 200,
"headers": {
"Access-Control-Allow-Origin": "*",
},
"body": json.dumps(data, cls=DecimalEncoder)
}
resp = {
"statusCode": 200,
"headers": {
"Access-Control-Allow-Origin": "*",
},
"body": json.dumps(data, cls=DecimalEncoder)
}
return resp
return resp

BIN
terraform/resources/lambda/lambdaSNS.zip Normal file
View File

Binary file not shown.

10
terraform/resources/lambda/lambdaSNS/lambda_handler.py Normal file
View File

@ -0,0 +1,10 @@
import json
import boto3
def main(event, context):
message = "Probando SNS desde lambda..."
subject = "BSMSapp"
client = boto3.client("sns")
topic_arn = "arn:aws:sns:us-east-1:025685231147:slococo"
client.publish(TopicArn=topic_arn, Message=message, Subject=subject)

36
terraform/resources/lambda/lambdaSQS/lambda_handler.py
View File

@ -2,25 +2,25 @@ import json
import boto3
def main (event, context):
payload = event
payload = payload["Records"][0]
body = payload["body"]
body = body.replace('\n', '')
body = json.loads(body)
query = body["body-json"]
def main(event, context):
payload = event
payload = payload["Records"][0]
body = payload["body"]
body = body.replace('\n', '')
body = json.loads(body)
query = body["body-json"]
client = boto3.resource('dynamodb', region_name="us-east-1")
table = client.Table("AWSDynamoDB-g3")
client = boto3.resource('dynamodb', region_name="us-east-1")
table = client.Table("AWSDynamoDB-g3")
table.put_item(Item=query)
table.put_item(Item=query)
resp = {
"statusCode": 200,
"headers": {
"Access-Control-Allow-Origin": "*",
},
"body": "El elemento fue agregado."
}
resp = {
"statusCode": 200,
"headers": {
"Access-Control-Allow-Origin": "*",
},
"body": "El elemento fue agregado."
}
return resp
return resp