diff --git a/README.md b/README.md
index bed73bd..f95f05d 100644
--- a/README.md
+++ b/README.md
@@ -2,11 +2,130 @@
Best Stock Management System application.
-## Diagrama de arquitectura
+## Descripción de los módulos
-
+### Api gateway
-
+Recibe pedidos HTTPS. Pueden ser POST o GET. EN el caso de GET, va directo a la lambda de lectura de la tabla. En el caso de POST, se encola en el SQS para luego ir a la lambda.
+
+### Cloudfront
+
+Realiza cache de la API y del S3.
+
+### Dynamo DB
+
+Guarda los datos de los stocks de los usuarios.
+
+### Lambda
+
+Definimos 2 lambdas.
+Una se encarga de realizar escrituras al DynamoDB y la otra de realizar lecturas.
+
+### S3
+
+Definimos 3 buckets. Uno para logs y dos para front.
+
+### SQS
+
+Se encarga de encolar POSTs recibidos por la API. Luego dispara la lambda correspondiente
+
+### VPC
+
+Este módulo es [externo](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest).
+
+## Descripción y referencia de funciones y meta-argumentos
+
+*Los links solo hacen referencia a la primera aparición en cada archivo.*
+
+### Funciones
+Junto a cada función se especifica para qué se usa.
+
+> **file**: devuelve como string el contenido del archivo `index.html`. Esto es utilizado para luego poder modificarlo (pues actúa como un template ya que tiene la variable `ENDPOINT` parametrizada) y usarlo.
+ > - [organization/datasources.tf](terraform/organization/datasources.tf#L14)
+
+> **flatten**: retorna una lista de una dimensión con los elementos de una lista de listas pues así lo espera el módulo.
+ > - [organization/vpc.tf](terraform/organization/vpc.tf#L78)
+
+> **format**: arma el `path` para un filename dado.
+ > - [modules/s3/main.tf](terraform/modules/s3/main.tf#L39)
+
+> **jsonencode**: arma un string con un objeto JSON.
+ > - [modules/apigw/main.tf](terraform/modules/apigw/main.tf#L89)
+
+> **length**: calcula el largo de `custom_origin_config` para saber si debe hacer un `for_each` sobre sus elementos, es decir, para saber si se lo definieron en el archivo que usa el módulo en cuestión.
+ > - [modules/cloudfront/main.tf](terraform/modules/cloudfront/main.tf#L20)
+
+> **lookup**: obtiene el valor de un mapa para una key.
+ > - [modules/cloudfront/main.tf](terraform/modules/cloudfront/main.tf#L16)
+
+> **replace**: modifica el `path` para hacerlo válido.
+ > - [modules/s3/main.tf](terraform/modules/s3/main.tf#L38)
+ > - [organization/cloudfront.tf](terraform/organization/cloudfront.tf#L13)
+
+> **sha1**: computa el `SHA1` del string de la configuración del apigw para saber si se necesita forzar el redeploy del módulo.
+ > - [modules/apigw/main.tf](terraform/modules/apigw/main.tf#L103)
+
+> **try**: en caso de que no haya objetos, se utiliza un objeto vacío.
+ > - [modules/s3/main.tf](terraform/modules/s3/main.tf#L35)
+ > - [organization/s3.tf](terraform/organization/s3.tf#L10)
+
+
+### Meta-argumentos
+
+> **count**
+ > - [modules/s3/main.tf](terraform/modules/s3/main.tf#L18)
+
+> **depends_on**
+ > - [modules/apigw/main.tf](terraform/modules/apigw/main.tf#L78)
+ > - [organization/apigw.tf](terraform/organization/apigw.tf#L8)
+ > - [organization/cloudfront.tf](terraform/organization/cloudfront.tf#L3)
+ > - [organization/lambda.tf](terraform/organization/lambda.tf#L9)
+ > - [organization/sqs.tf](terraform/organization/sqs.tf#L8)
+
+> **for_each**
+ > - [modules/cloudfront/main.tf](terraform/modules/cloudfront/main.tf#L12)
+ > - [modules/dynamodb/main.tf](terraform/modules/dynamodb/main.tf#L12)
+ > - [modules/lambda/main.tf](terraform/modules/lambda/main.tf#L15)
+ > - [modules/s3/main.tf](terraform/modules/s3/main.tf#L35)
+ > - [organization/lambda.tf](terraform/organization/lambda.tf#L2)
+ > - [organization/s3.tf](terraform/organization/s3.tf#L2)
+
+> **lifecycle**
+ > - [modules/apigw/main.tf](terraform/modules/apigw/main.tf#L114)
+
+## Diagrama de arquitectura deployada
+
+
+
+## Rúbrica
+
+
+
+ | Alumno |
+ Legajo |
+ Participación |
+
+
+ | Bellver, Ezequiel |
+ 61268 |
+ 25% |
+
+
+ | Burgos, Satiago Eduardo |
+ 55193 |
+ 25% |
+
+
+ | Lo Coco, Santiago |
+ 61301 |
+ 25% |
+
+
+ | Oillataguerre, Amparo |
+ 58714 |
+ 25% |
+
+
## Autores
- Bellver, Ezequiel (61268)
diff --git a/docs/architecture.png b/docs/architecture.png
new file mode 100644
index 0000000..22dadb7
Binary files /dev/null and b/docs/architecture.png differ
diff --git a/terraform/modules/apigw/main.tf b/terraform/modules/apigw/main.tf
index ed2906a..5d3399f 100644
--- a/terraform/modules/apigw/main.tf
+++ b/terraform/modules/apigw/main.tf
@@ -3,9 +3,8 @@
# ---------------------------------------------------------------------------
resource "aws_api_gateway_rest_api" "this" {
- name = var.name
- description = var.description
- tags = var.tags
+ name = var.name
+ tags = var.tags
}
resource "aws_api_gateway_resource" "this" {
@@ -17,7 +16,7 @@ resource "aws_api_gateway_resource" "this" {
resource "aws_api_gateway_method" "stock_get" {
rest_api_id = aws_api_gateway_rest_api.this.id
resource_id = aws_api_gateway_resource.this.id
- http_method = "GET"
+ http_method = var.lambda[0].http_method
authorization = "NONE"
}
@@ -41,7 +40,7 @@ resource "aws_api_gateway_integration" "stock_get" {
http_method = aws_api_gateway_method.stock_get.http_method
integration_http_method = "POST"
type = "AWS_PROXY"
- uri = var.lambda[1].lambda_function_arn
+ uri = var.lambda[0].lambda_function_arn
}
resource "aws_api_gateway_integration" "this" {
@@ -80,10 +79,10 @@ EOF
}
resource "aws_api_gateway_integration" "options" {
- rest_api_id = aws_api_gateway_rest_api.this.id
- resource_id = aws_api_gateway_resource.this.id
- http_method = aws_api_gateway_method.options.http_method
- type = "MOCK"
+ rest_api_id = aws_api_gateway_rest_api.this.id
+ resource_id = aws_api_gateway_resource.this.id
+ http_method = aws_api_gateway_method.options.http_method
+ type = "MOCK"
request_parameters = {}
request_templates = {
@@ -225,7 +224,7 @@ resource "aws_api_gateway_integration_response" "options200" {
resource "aws_lambda_permission" "this" {
statement_id = "AllowExecutionFromAPIGateway"
action = "lambda:InvokeFunction"
- function_name = var.lambda[1].lambda_function_name
+ function_name = var.lambda[0].lambda_function_name
principal = "apigateway.amazonaws.com"
- source_arn = "${var.lambda[1].lambda_source_arn}:${aws_api_gateway_rest_api.this.id}/*/${aws_api_gateway_method.stock_get.http_method}${aws_api_gateway_resource.this.path}"
+ source_arn = "${var.lambda[0].lambda_source_arn}:${aws_api_gateway_rest_api.this.id}/*/${aws_api_gateway_method.stock_get.http_method}${aws_api_gateway_resource.this.path}"
}
diff --git a/terraform/modules/apigw/variables.tf b/terraform/modules/apigw/variables.tf
index b4b9cc0..f7e61c0 100644
--- a/terraform/modules/apigw/variables.tf
+++ b/terraform/modules/apigw/variables.tf
@@ -8,12 +8,6 @@ variable "name" {
default = ""
}
-variable "description" {
- description = "The description of the API."
- type = string
- default = null
-}
-
variable "tags" {
description = "A mapping of tags to assign to API gateway resources."
type = map(string)
@@ -21,13 +15,16 @@ variable "tags" {
}
variable "sqs_arn" {
- type = string
+ description = "ARN of the SQS."
+ type = string
}
variable "role_arn" {
- type = string
+ description = "ARN of the IAM role (credentials)."
+ type = string
}
variable "lambda" {
- type = list(any)
+ description = "List of lambdas the API will execute."
+ type = list(any)
}
diff --git a/terraform/modules/dynamodb/main.tf b/terraform/modules/dynamodb/main.tf
index 93fbc78..f29373d 100644
--- a/terraform/modules/dynamodb/main.tf
+++ b/terraform/modules/dynamodb/main.tf
@@ -17,6 +17,7 @@ resource "aws_dynamodb_table" "this" {
}
}
- hash_key = var.hash_key
- tags = var.tags
+ hash_key = var.hash_key
+ range_key = var.range_key
+ tags = var.tags
}
diff --git a/terraform/modules/s3/main.tf b/terraform/modules/s3/main.tf
index 3c41d74..cb72424 100644
--- a/terraform/modules/s3/main.tf
+++ b/terraform/modules/s3/main.tf
@@ -14,15 +14,41 @@ resource "aws_s3_bucket_policy" "this" {
policy = data.aws_iam_policy_document.this.json
}
+resource "aws_s3_bucket_logging" "this" {
+ count = var.type == 2 ? 1 : 0
+ bucket = trimsuffix(var.bucket_name, "-logs")
+
+ target_bucket = aws_s3_bucket.this.id
+ target_prefix = "log/"
+}
+
resource "aws_s3_bucket_website_configuration" "this" {
+ count = var.type == 1 ? 1 : 0
bucket = aws_s3_bucket.this.id
- index_document {
- suffix = "index.html"
+ dynamic "index_document" {
+ for_each = try([var.website["index_document"]], [])
+
+ content {
+ suffix = index_document.value
+ }
}
- error_document {
- key = "error.html"
+ dynamic "error_document" {
+ for_each = try([var.website["error_document"]], [])
+
+ content {
+ key = error_document.value
+ }
+ }
+
+ dynamic "redirect_all_requests_to" {
+ for_each = try([var.website["redirect_all_requests_to"]], [])
+
+ content {
+ host_name = redirect_all_requests_to.value.host_name
+ protocol = try(redirect_all_requests_to.value.protocol, null)
+ }
}
}
diff --git a/terraform/modules/s3/outputs.tf b/terraform/modules/s3/outputs.tf
index 335f10e..160efc2 100644
--- a/terraform/modules/s3/outputs.tf
+++ b/terraform/modules/s3/outputs.tf
@@ -14,5 +14,5 @@ output "arn" {
output "website_endpoint" {
description = "The website endpoint, if the bucket is configured with a website. If not, this will be an empty string."
- value = aws_s3_bucket_website_configuration.this.website_endpoint
+ value = var.type == 1 ? aws_s3_bucket_website_configuration.this[0].website_endpoint : ""
}
diff --git a/terraform/modules/s3/variables.tf b/terraform/modules/s3/variables.tf
index 5afbd1a..0e718d1 100644
--- a/terraform/modules/s3/variables.tf
+++ b/terraform/modules/s3/variables.tf
@@ -13,14 +13,26 @@ variable "objects" {
default = {}
}
+variable "website" {
+ type = map(any)
+ description = ""
+ default = {}
+}
+
variable "block_public_access" {
type = bool
default = true
- description = "Determines the S3 account-level Public Access Block configuration. For more information about these settings, see the AWS S3 documentation: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html"
+ description = "Determines the S3 account-level Public Access Block configuration."
}
variable "bucket_acl" {
type = string
default = "private"
- description = "The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. For more information about these settings, see the AWS S3 documentation: https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl"
+ description = "The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private."
+}
+
+variable "type" {
+ type = number
+ default = 1
+ description = "Determines the type of the bucket. 1 for static website. 2 for logs."
}
diff --git a/terraform/modules/sqs/main.tf b/terraform/modules/sqs/main.tf
index cf91fa1..37cb50d 100644
--- a/terraform/modules/sqs/main.tf
+++ b/terraform/modules/sqs/main.tf
@@ -24,7 +24,7 @@ resource "aws_lambda_permission" "allows_sqs_to_trigger_lambda" {
resource "aws_lambda_event_source_mapping" "event_source_mapping" {
batch_size = 1
- event_source_arn = aws_sqs_queue.this.arn
+ event_source_arn = aws_sqs_queue.this.arn
enabled = true
- function_name = var.lambda_name
-}
\ No newline at end of file
+ function_name = var.lambda_name
+}
diff --git a/terraform/organization/apigw.tf b/terraform/organization/apigw.tf
index f51485f..cea18da 100644
--- a/terraform/organization/apigw.tf
+++ b/terraform/organization/apigw.tf
@@ -9,25 +9,21 @@ module "apigw" {
module.lambda, module.sqs
]
- name = "AWSAPIGateway-g3"
- description = "..."
+ name = "AWSAPIGateway-g3"
+
lambda = [
{
- lambda_function_arn = module.lambda["lambdaSQS"].lambda_function_arn
- lambda_function_name = module.lambda["lambdaSQS"].lambda_function_name
- lambda_source_arn = "arn:aws:execute-api:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}"
- },
- {
+ http_method = "GET"
lambda_function_arn = module.lambda["lambdaDB"].lambda_function_arn
lambda_function_name = module.lambda["lambdaDB"].lambda_function_name
lambda_source_arn = "arn:aws:execute-api:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}"
}
]
-
- role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole"
- sqs_arn = "arn:aws:apigateway:${data.aws_region.current.name}:sqs:path/AWS-SQS-g3"
+
+ role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole"
+ sqs_arn = "arn:aws:apigateway:${data.aws_region.current.name}:sqs:path/AWS-SQS-g3"
tags = {
- name = "Api Gateway"
+ name = "api-gateway-g3"
}
}
diff --git a/terraform/organization/html/index.html b/terraform/organization/html/index.html
index 6eed00e..ecc4a6c 100644
--- a/terraform/organization/html/index.html
+++ b/terraform/organization/html/index.html
@@ -245,15 +245,6 @@
color: #D2E2FF;
}
- /* .style {
- max-width: 400px;
- margin: 50px auto;
- background: #fff;
- border-radius: 2px;
- padding: 20px;
- font-family: Georgia, "Times New Roman", Times, serif;
- } */
-
.style {
background: #2471FF;
border: none;
diff --git a/terraform/organization/locals.tf b/terraform/organization/locals.tf
index 6563032..f9208b5 100644
--- a/terraform/organization/locals.tf
+++ b/terraform/organization/locals.tf
@@ -4,9 +4,16 @@ locals {
s3 = {
website = {
+ type = 1
bucket_name = local.bucket_name
+ bucket_acl = "public-read"
path = "../resources"
+ website = {
+ index_document = "index.html"
+ error_document = "error.html"
+ }
+
objects = {
error = {
filename = "html/error.html"
@@ -24,11 +31,22 @@ locals {
}
www-website = {
+ type = 1
+ website = {
+ redirect_all_requests_to = {
+ host_name = "${local.bucket_name}.s3-website-${data.aws_region.current.name}.amazonaws.com"
+ protocol = "http"
+ }
+ }
+
bucket_name = "www.${local.bucket_name}"
+ bucket_acl = "public-read"
}
logs = {
+ type = 2
bucket_name = "${local.bucket_name}-logs"
+ bucket_acl = "log-delivery-write"
}
}
diff --git a/terraform/organization/s3.tf b/terraform/organization/s3.tf
index d410ae4..5d25006 100644
--- a/terraform/organization/s3.tf
+++ b/terraform/organization/s3.tf
@@ -7,8 +7,10 @@ module "s3" {
}
bucket_name = each.value.bucket_name
+ type = each.value.type
+ website = try(each.value.website, {})
objects = try(each.value.objects, {})
- bucket_acl = "public-read"
+ bucket_acl = each.value.bucket_acl
}
resource "aws_s3_object" "this" {
diff --git a/terraform/organization/vpc.tf b/terraform/organization/vpc.tf
index ea71b4b..e578349 100644
--- a/terraform/organization/vpc.tf
+++ b/terraform/organization/vpc.tf
@@ -75,21 +75,15 @@ module "vpc_endpoints" {
dynamodb = {
service = "dynamodb"
service_type = "Gateway"
- route_table_ids = flatten([module.vpc.intra_route_table_ids, module.vpc.private_route_table_ids, module.vpc.public_route_table_ids])
+ route_table_ids = flatten([module.vpc.private_route_table_ids])
policy = data.aws_iam_policy_document.this.json
tags = { Name = "dynamodb-vpc-endpoint" }
security_group_ids = [aws_security_group.dynamodb_sg.id]
- },
- lambda = {
- service = "lambda"
- private_dns_enabled = true
- subnet_ids = module.vpc.private_subnets
- },
+ }
}
tags = {
Name = "vpc-g3-bsmsapp"
- Project = "Secret"
Endpoint = "true"
}
}
@@ -126,46 +120,6 @@ resource "aws_security_group" "dynamodb_sg" {
}
}
-data "aws_iam_policy_document" "dynamodb_endpoint_policy" {
- statement {
- effect = "Deny"
- actions = ["dynamodb:*"]
- resources = ["*"]
-
- principals {
- type = "*"
- identifiers = ["*"]
- }
-
- condition {
- test = "StringNotEquals"
- variable = "aws:sourceVpce"
-
- values = [module.vpc.vpc_id]
- }
- }
-}
-
-data "aws_iam_policy_document" "generic_endpoint_policy" {
- statement {
- effect = "Deny"
- actions = ["*"]
- resources = ["*"]
-
- principals {
- type = "*"
- identifiers = ["*"]
- }
-
- condition {
- test = "StringNotEquals"
- variable = "aws:SourceVpc"
-
- values = [module.vpc.vpc_id]
- }
- }
-}
-
resource "aws_security_group" "vpc_tls" {
name_prefix = "vpc-g3-bsmsapp-vpc_tls"
description = "Allow TLS inbound traffic"
@@ -183,7 +137,3 @@ resource "aws_security_group" "vpc_tls" {
Name = "vpc-g3-bsmsapp"
}
}
-
-# output "aws_security_group_dynamodb" {
-# value = aws_security_group.dynamodb_sg.id
-# }
diff --git a/terraform/resources/lambda/lambdaDB.zip b/terraform/resources/lambda/lambdaDB.zip
index b897c88..d75ac68 100644
Binary files a/terraform/resources/lambda/lambdaDB.zip and b/terraform/resources/lambda/lambdaDB.zip differ