slococo-uni
/
bsmsapp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix bugs and refactor

This commit is contained in:
Santiago Lo Coco 2022-11-02 09:50:42 -03:00
parent da1cbd2ab4
commit 6aac1882db
20 changed files with 271 additions and 276 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

199
terraform/modules/apigw/main.tf
View File

@ -13,87 +13,29 @@ resource "aws_api_gateway_resource" "this" {
rest_api_id = aws_api_gateway_rest_api.this.id rest_api_id = aws_api_gateway_rest_api.this.id
} }
resource "aws_api_gateway_method" "stock_get" {
rest_api_id = aws_api_gateway_rest_api.this.id
resource_id = aws_api_gateway_resource.this.id
http_method = var.lambda[0].http_method
authorization = "NONE"
}
resource "aws_api_gateway_method" "this" { resource "aws_api_gateway_method" "this" {
for_each = var.method
rest_api_id = aws_api_gateway_rest_api.this.id rest_api_id = aws_api_gateway_rest_api.this.id
resource_id = aws_api_gateway_resource.this.id resource_id = aws_api_gateway_resource.this.id
http_method = "POST" http_method = each.value.http_method
authorization = "NONE" authorization = "NONE"
} }
resource "aws_api_gateway_method" "options" {
rest_api_id = aws_api_gateway_rest_api.this.id
resource_id = aws_api_gateway_resource.this.id
http_method = "OPTIONS"
authorization = "NONE"
}
resource "aws_api_gateway_integration" "stock_get" {
rest_api_id = aws_api_gateway_rest_api.this.id
resource_id = aws_api_gateway_resource.this.id
http_method = aws_api_gateway_method.stock_get.http_method
integration_http_method = "POST"
type = "AWS_PROXY"
uri = var.lambda[0].lambda_function_arn
}
resource "aws_api_gateway_integration" "this" { resource "aws_api_gateway_integration" "this" {
for_each = var.integration
rest_api_id = aws_api_gateway_rest_api.this.id rest_api_id = aws_api_gateway_rest_api.this.id
resource_id = aws_api_gateway_resource.this.id resource_id = aws_api_gateway_resource.this.id
http_method = aws_api_gateway_method.this.http_method http_method = aws_api_gateway_method.this[each.key].http_method
integration_http_method = "POST" integration_http_method = each.value.integration_http_method
type = "AWS" type = each.value.type
credentials = var.role_arn credentials = each.value.credentials
uri = var.sqs_arn uri = each.value.uri
request_parameters = each.value.request_parameters
request_templates = each.value.request_templates
request_parameters = { depends_on = [aws_api_gateway_method.this]
"integration.request.header.Content-Type" = "'application/x-www-form-urlencoded'"
}
request_templates = {
"application/json" = <<EOF
Action=SendMessage&MessageBody={
"method": "$context.httpMethod",
"body-json" : $input.json('$'),
"queryParams": {
#foreach($param in $input.params().querystring.keySet())
"$param": "$util.escapeJavaScript($input.params().querystring.get($param))" #if($foreach.hasNext),#end
#end
},
"pathParams": {
#foreach($param in $input.params().path.keySet())
"$param": "$util.escapeJavaScript($input.params().path.get($param))" #if($foreach.hasNext),#end
#end
}
}
EOF
}
depends_on = [aws_api_gateway_method.options]
}
resource "aws_api_gateway_integration" "options" {
rest_api_id = aws_api_gateway_rest_api.this.id
resource_id = aws_api_gateway_resource.this.id
http_method = aws_api_gateway_method.options.http_method
type = "MOCK"
request_parameters = {}
request_templates = {
"application/json" = jsonencode(
{
statusCode = 200
}
)
}
depends_on = [aws_api_gateway_method.options]
} }
resource "aws_api_gateway_stage" "this" { resource "aws_api_gateway_stage" "this" {
@ -102,88 +44,31 @@ resource "aws_api_gateway_stage" "this" {
stage_name = "production" stage_name = "production"
} }
resource "aws_api_gateway_method_response" "http200" { resource "aws_api_gateway_method_response" "this" {
for_each = var.method_response
rest_api_id = aws_api_gateway_rest_api.this.id rest_api_id = aws_api_gateway_rest_api.this.id
resource_id = aws_api_gateway_resource.this.id resource_id = aws_api_gateway_resource.this.id
http_method = aws_api_gateway_method.this.http_method http_method = aws_api_gateway_method.this[each.key].http_method
status_code = 200 status_code = 200
response_parameters = { response_models = each.value.response_models
"method.response.header.Access-Control-Allow-Origin" = "true" response_parameters = each.value.response_parameters
}
depends_on = [aws_api_gateway_method.this] depends_on = [aws_api_gateway_method.this]
} }
resource "aws_api_gateway_method_response" "stock200" { resource "aws_api_gateway_integration_response" "this" {
rest_api_id = aws_api_gateway_rest_api.this.id for_each = var.integration_response
resource_id = aws_api_gateway_resource.this.id
http_method = aws_api_gateway_method.stock_get.http_method
status_code = 200
response_parameters = { rest_api_id = aws_api_gateway_rest_api.this.id
"method.response.header.Access-Control-Allow-Origin" = "true" resource_id = aws_api_gateway_resource.this.id
} http_method = aws_api_gateway_method.this[each.key].http_method
status_code = aws_api_gateway_method_response.this[each.key].status_code
selection_pattern = each.value.selection_pattern
response_parameters = each.value.response_parameters
depends_on = [aws_api_gateway_method.stock_get] depends_on = [aws_api_gateway_method_response.this]
}
resource "aws_api_gateway_method_response" "options200" {
rest_api_id = aws_api_gateway_rest_api.this.id
resource_id = aws_api_gateway_resource.this.id
http_method = aws_api_gateway_method.options.http_method
status_code = 200
response_models = {
"application/json" = "Empty"
}
response_parameters = {
"method.response.header.Access-Control-Allow-Headers" = true,
"method.response.header.Access-Control-Allow-Methods" = true,
"method.response.header.Access-Control-Allow-Origin" = true
}
depends_on = [aws_api_gateway_method.options]
}
resource "aws_api_gateway_integration_response" "http200" {
rest_api_id = aws_api_gateway_rest_api.this.id
resource_id = aws_api_gateway_resource.this.id
http_method = aws_api_gateway_method.this.http_method
status_code = aws_api_gateway_method_response.http200.status_code
selection_pattern = "^2[0-9][0-9]"
response_parameters = {
"method.response.header.Access-Control-Allow-Origin" = "'*'"
}
depends_on = [aws_api_gateway_method_response.http200]
}
resource "aws_api_gateway_integration_response" "stock200" {
rest_api_id = aws_api_gateway_rest_api.this.id
resource_id = aws_api_gateway_resource.this.id
http_method = aws_api_gateway_method.stock_get.http_method
status_code = aws_api_gateway_method_response.stock200.status_code
selection_pattern = "^2[0-9][0-9]"
response_parameters = {
"method.response.header.Access-Control-Allow-Origin" = "'*'"
}
depends_on = [aws_api_gateway_method_response.stock200]
}
resource "aws_api_gateway_integration_response" "options200" {
rest_api_id = aws_api_gateway_rest_api.this.id
resource_id = aws_api_gateway_resource.this.id
http_method = aws_api_gateway_method.options.http_method
status_code = aws_api_gateway_method_response.http200.status_code
response_parameters = {
"method.response.header.Access-Control-Allow-Headers" = "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'",
"method.response.header.Access-Control-Allow-Methods" = "'GET,OPTIONS,POST'",
"method.response.header.Access-Control-Allow-Origin" = "'*'"
}
depends_on = [aws_api_gateway_method_response.options200]
} }
resource "aws_api_gateway_deployment" "this" { resource "aws_api_gateway_deployment" "this" {
@ -192,12 +77,12 @@ resource "aws_api_gateway_deployment" "this" {
triggers = { triggers = {
redeployment = sha1(jsonencode([ redeployment = sha1(jsonencode([
aws_api_gateway_resource.this.id, aws_api_gateway_resource.this.id,
aws_api_gateway_method.this.id, aws_api_gateway_method.this["get"].id,
aws_api_gateway_method.options.id, aws_api_gateway_method.this["post"].id,
aws_api_gateway_method.stock_get.id, aws_api_gateway_method.this["options"].id,
aws_api_gateway_integration.this.id, aws_api_gateway_integration.this["get"].id,
aws_api_gateway_integration.options.id, aws_api_gateway_integration.this["post"].id,
aws_api_gateway_integration.stock_get.id, aws_api_gateway_integration.this["options"].id,
])) ]))
} }
@ -206,25 +91,17 @@ resource "aws_api_gateway_deployment" "this" {
} }
depends_on = [ depends_on = [
aws_api_gateway_integration.options,
aws_api_gateway_integration.this, aws_api_gateway_integration.this,
aws_api_gateway_integration.stock_get,
aws_api_gateway_method.options,
aws_api_gateway_method.this, aws_api_gateway_method.this,
aws_api_gateway_method.stock_get, aws_api_gateway_method_response.this,
aws_api_gateway_method_response.options200, aws_api_gateway_integration_response.this
aws_api_gateway_method_response.http200,
aws_api_gateway_method_response.stock200,
aws_api_gateway_integration_response.options200,
aws_api_gateway_integration_response.http200,
aws_api_gateway_integration_response.stock200,
] ]
} }
resource "aws_lambda_permission" "this" { resource "aws_lambda_permission" "this" {
statement_id = "AllowExecutionFromAPIGateway" statement_id = "AllowExecutionFromAPIGateway"
action = "lambda:InvokeFunction" action = "lambda:InvokeFunction"
function_name = var.lambda[0].lambda_function_name function_name = var.lambda[0].function_name
principal = "apigateway.amazonaws.com" principal = "apigateway.amazonaws.com"
source_arn = "${var.lambda[0].lambda_source_arn}:${aws_api_gateway_rest_api.this.id}/*/${aws_api_gateway_method.stock_get.http_method}${aws_api_gateway_resource.this.path}" source_arn = "${var.lambda[0].source_arn}:${aws_api_gateway_rest_api.this.id}/*/${aws_api_gateway_method.this["get"].http_method}${aws_api_gateway_resource.this.path}"
} }

9
terraform/modules/apigw/outputs.tf
View File

@ -2,18 +2,15 @@
# Amazon API Gateway outputs # Amazon API Gateway outputs
# -------------------------------------------------------------------- # --------------------------------------------------------------------
output "api_endpoint" { output "endpoint" {
value = aws_api_gateway_stage.this.invoke_url value = aws_api_gateway_stage.this.invoke_url
} }
output "api_rest_id" { output "rest_id" {
value = aws_api_gateway_resource.this.rest_api_id value = aws_api_gateway_resource.this.rest_api_id
} }
output "api_resource_path" { output "resource_path" {
value = aws_api_gateway_resource.this.path value = aws_api_gateway_resource.this.path
} }
output "api_http_method" {
value = aws_api_gateway_method.this.http_method
}

21
terraform/modules/apigw/variables.tf
View File

@ -5,7 +5,6 @@
variable "name" { variable "name" {
description = "The name of the API." description = "The name of the API."
type = string type = string
default = ""
} }
variable "tags" { variable "tags" {
@ -28,3 +27,23 @@ variable "lambda" {
description = "List of lambdas the API will execute." description = "List of lambdas the API will execute."
type = list(any) type = list(any)
} }
variable "method" {
description = "Map of API gateway methods."
type = map(any)
}
variable "integration" {
description = "Map of API gateway integrations."
type = map(any)
}
variable "method_response" {
description = "Map of API gateway method response."
type = map(any)
}
variable "integration_response" {
description = "Map of API gateway method integrations."
type = map(any)
}

3
terraform/modules/cloudfront/outputs.tf
View File

@ -1,3 +0,0 @@
# --------------------------------------------------------------------
# CloudFront outputs
# --------------------------------------------------------------------

8
terraform/modules/cloudfront/variables.tf
View File

@ -5,19 +5,19 @@
variable "web_acl_id" { variable "web_acl_id" {
description = "Id or ARN of the AWS WAF web ACL that is associated with the distribution." description = "Id or ARN of the AWS WAF web ACL that is associated with the distribution."
type = string type = string
default = null nullable = false
} }
variable "tags" { variable "tags" {
description = "A map of tags to assign to the resource." description = "A map of tags to assign to the resource."
type = map(string) type = map(string)
default = null default = {}
} }
variable "origin" { variable "origin" {
description = "One or more origins for this distribution." description = "One or more origins for this distribution."
type = any type = any
default = null nullable = false
} }
variable "default_root_object" { variable "default_root_object" {
@ -29,7 +29,7 @@ variable "default_root_object" {
variable "default_cache_behavior" { variable "default_cache_behavior" {
description = "The default cache behavior for this distribution" description = "The default cache behavior for this distribution"
type = any type = any
default = null nullable = false
} }
variable "enabled" { variable "enabled" {

4
terraform/modules/lambda/outputs.tf
View File

@ -2,12 +2,12 @@
# Lambda outputs # Lambda outputs
# -------------------------------------------------------------------- # --------------------------------------------------------------------
output "lambda_function_arn" { output "function_arn" {
description = "The ARN of the Lambda Function" description = "The ARN of the Lambda Function"
value = aws_lambda_function.this.invoke_arn value = aws_lambda_function.this.invoke_arn
} }
output "lambda_function_name" { output "function_name" {
description = "The name of the Lambda Function" description = "The name of the Lambda Function"
value = aws_lambda_function.this.function_name value = aws_lambda_function.this.function_name
} }

5
terraform/modules/lambda/variables.tf
View File

@ -8,29 +8,24 @@ variable "package" {
default = null default = null
} }
variable "function_name" { variable "function_name" {
description = "A unique name for your Lambda Function." description = "A unique name for your Lambda Function."
type = string type = string
default = ""
} }
variable "handler" { variable "handler" {
description = "Lambda Function entrypoint in your code." description = "Lambda Function entrypoint in your code."
type = string type = string
default = ""
} }
variable "runtime" { variable "runtime" {
description = "Lambda Function runtime." description = "Lambda Function runtime."
type = string type = string
default = ""
} }
variable "iam_role" { variable "iam_role" {
description = "IAM role ARN attached to the Lambda Function." description = "IAM role ARN attached to the Lambda Function."
type = string type = string
default = ""
} }
variable "tags" { variable "tags" {

13
terraform/modules/s3/main.tf
View File

@ -15,7 +15,7 @@ resource "aws_s3_bucket_policy" "this" {
} }
resource "aws_s3_bucket_logging" "this" { resource "aws_s3_bucket_logging" "this" {
count = var.type == 2 ? 1 : 0 count = var.type == 2 ? 1 : 0
bucket = trimsuffix(var.bucket_name, "-logs") bucket = trimsuffix(var.bucket_name, "-logs")
target_bucket = aws_s3_bucket.this.id target_bucket = aws_s3_bucket.this.id
@ -23,7 +23,7 @@ resource "aws_s3_bucket_logging" "this" {
} }
resource "aws_s3_bucket_website_configuration" "this" { resource "aws_s3_bucket_website_configuration" "this" {
count = var.type == 1 ? 1 : 0 count = var.type == 1 ? 1 : 0
bucket = aws_s3_bucket.this.id bucket = aws_s3_bucket.this.id
dynamic "index_document" { dynamic "index_document" {
@ -66,3 +66,12 @@ resource "aws_s3_object" "this" {
content_type = each.value.content_type content_type = each.value.content_type
storage_class = try(each.value.tier, "STANDARD") storage_class = try(each.value.tier, "STANDARD")
} }
resource "aws_s3_object" "index" {
count = length(try([var.website["index_document"]], [])) > 0 ? 1 : 0
bucket = var.website_id
key = "index.html"
content = var.content
content_type = "text/html"
storage_class = "STANDARD"
}

14
terraform/modules/s3/variables.tf
View File

@ -9,13 +9,13 @@ variable "bucket_name" {
variable "objects" { variable "objects" {
type = map(any) type = map(any)
description = "" description = "Map of objects to upload to the bucket."
default = {} default = {}
} }
variable "website" { variable "website" {
type = map(any) type = map(any)
description = "" description = "Map that defines the configuration of the website."
default = {} default = {}
} }
@ -36,3 +36,13 @@ variable "type" {
default = 1 default = 1
description = "Determines the type of the bucket. 1 for static website and 2 for logs." description = "Determines the type of the bucket. 1 for static website and 2 for logs."
} }
variable "website_id" {
description = "Website bucket ID."
type = string
}
variable "content" {
description = "Website bucket content."
type = string
}

18
terraform/modules/sqs/variables.tf
View File

@ -8,49 +8,49 @@ variable "name" {
} }
variable "message_retention_seconds" { variable "message_retention_seconds" {
description = "The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days)" description = "The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days)."
type = number type = number
default = 345600 default = 345600
} }
variable "max_message_size" { variable "max_message_size" {
description = "The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB)" description = "The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB)."
type = number type = number
default = 262144 default = 262144
} }
variable "delay_seconds" { variable "delay_seconds" {
description = "The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes)" description = "The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes)."
type = number type = number
default = 0 default = 0
} }
variable "receive_wait_time_seconds" { variable "receive_wait_time_seconds" {
description = "The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds)" description = "The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds)."
type = number type = number
default = 0 default = 0
} }
variable "fifo_queue" { variable "fifo_queue" {
description = "Boolean designating a FIFO queue" description = "Boolean designating a FIFO queue."
type = bool type = bool
default = false default = false
} }
variable "content_based_deduplication" { variable "content_based_deduplication" {
description = "Enables content-based deduplication for FIFO queues" description = "Enables content-based deduplication for FIFO queues."
type = bool type = bool
default = false default = false
} }
variable "tags" { variable "tags" {
description = "A mapping of tags to assign to all resources" description = "A mapping of tags to assign to all resources."
type = map(string) type = map(string)
default = {} default = {}
} }
variable "lambda_name" { variable "lambda_name" {
description = "." description = "The name of the lambda to trigger when a message is queued."
type = string type = string
default = null default = null
} }

81
terraform/modules/waf/main.tf
View File

@ -10,73 +10,34 @@ resource "aws_wafv2_web_acl" "this" {
allow {} allow {}
} }
rule { dynamic "rule" {
name = "AWS-AWSManagedRulesCommonRuleSet" for_each = var.rule
priority = 1
override_action { content {
none {} name = rule.value.name
} priority = rule.value.priority
statement { override_action {
managed_rule_group_statement { none {}
name = "AWSManagedRulesCommonRuleSet" }
vendor_name = "AWS"
statement {
managed_rule_group_statement {
name = rule.value.managed_rule_group_statement
vendor_name = "AWS"
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = rule.value.metric_name
sampled_requests_enabled = true
} }
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "AWS-AWSManagedRulesCommonRuleSet"
sampled_requests_enabled = true
} }
} }
rule {
name = "AWS-AWSManagedRulesLinuxRuleSet"
priority = 2
statement {
managed_rule_group_statement {
name = "AWSManagedRulesLinuxRuleSet"
vendor_name = "AWS"
}
}
override_action {
none {}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "AWS-AWSManagedRulesLinuxRuleSet"
sampled_requests_enabled = true
}
}
rule {
name = "AWS-AWSManagedRulesKnownBadInputsRuleSet"
priority = 3
override_action {
none {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesKnownBadInputsRuleSet"
vendor_name = "AWS"
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "AWS-AWSManagedRulesKnownBadInputsRuleSet"
sampled_requests_enabled = true
}
}
visibility_config { visibility_config {
cloudwatch_metrics_enabled = true cloudwatch_metrics_enabled = true
metric_name = "waf-bsmsapp" metric_name = "waf-bsmsapp"

8
terraform/modules/waf/variables.tf
View File

@ -16,4 +16,10 @@ variable "tags" {
variable "scope" { variable "scope" {
description = "WAF scope (cloudfront or regional)." description = "WAF scope (cloudfront or regional)."
type = string type = string
} }
variable "rule" {
description = "Map of WAF rules."
type = map(any)
default = {}
}

107
terraform/organization/apigw.tf
View File

@ -6,23 +6,120 @@ module "apigw" {
} }
depends_on = [ depends_on = [
module.lambda, module.sqs module.lambda,
module.sqs
] ]
name = "AWSAPIGateway-g3" name = "AWSAPIGateway-g3"
lambda = [ lambda = [
{ {
http_method = "GET" function_arn = module.lambda["lambdaDB"].function_arn
lambda_function_arn = module.lambda["lambdaDB"].lambda_function_arn function_name = module.lambda["lambdaDB"].function_name
lambda_function_name = module.lambda["lambdaDB"].lambda_function_name source_arn = "arn:aws:execute-api:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}"
lambda_source_arn = "arn:aws:execute-api:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}"
} }
] ]
role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole" role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole"
sqs_arn = "arn:aws:apigateway:${data.aws_region.current.name}:sqs:path/${module.sqs.name}" sqs_arn = "arn:aws:apigateway:${data.aws_region.current.name}:sqs:path/${module.sqs.name}"
method = {
get = {
http_method = "GET"
}
post = {
http_method = "POST"
},
options = {
http_method = "OPTIONS"
},
}
integration = {
get = {
integration_http_method = "POST",
type = "AWS_PROXY",
credentials = null,
uri = module.lambda["lambdaDB"].function_arn,
request_parameters = {},
request_templates = {},
},
post = {
integration_http_method = "POST",
type = "AWS",
credentials = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole",
uri = "arn:aws:apigateway:${data.aws_region.current.name}:sqs:path/${module.sqs.name}",
request_parameters = {
"integration.request.header.Content-Type" = "'application/x-www-form-urlencoded'"
},
request_templates = {
"application/json" = file("template.json")
}
},
options = {
integration_http_method = null,
type = "MOCK",
credentials = null,
uri = null,
request_parameters = {},
request_templates = {
"application/json" = jsonencode(
{
statusCode = 200
}
)
}
},
}
method_response = {
get = {
response_models = {}
response_parameters = {
"method.response.header.Access-Control-Allow-Origin" = "true"
}
},
post = {
response_models = {}
response_parameters = {
"method.response.header.Access-Control-Allow-Origin" = "true"
}
},
options = {
response_models = {
"application/json" = "Empty"
}
response_parameters = {
"method.response.header.Access-Control-Allow-Headers" = true,
"method.response.header.Access-Control-Allow-Methods" = true,
"method.response.header.Access-Control-Allow-Origin" = true
}
}
}
integration_response = {
get = {
selection_pattern = "^2[0-9][0-9]"
response_parameters = {
"method.response.header.Access-Control-Allow-Origin" = "'*'"
}
},
post = {
selection_pattern = "^2[0-9][0-9]"
response_parameters = {
"method.response.header.Access-Control-Allow-Origin" = "'*'"
}
},
options = {
selection_pattern = null
response_parameters = {
"method.response.header.Access-Control-Allow-Headers" = "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'",
"method.response.header.Access-Control-Allow-Methods" = "'GET,OPTIONS,POST'",
"method.response.header.Access-Control-Allow-Origin" = "'*'"
}
}
}
tags = { tags = {
name = "api-gateway-g3" name = "api-gateway-g3"
} }

5
terraform/organization/cloudfront.tf
View File

@ -7,8 +7,7 @@ module "cloudfront" {
depends_on = [ depends_on = [
module.s3, module.s3,
module.apigw, module.apigw
module.waf
] ]
enabled = true enabled = true
@ -16,7 +15,7 @@ module "cloudfront" {
origin = { origin = {
api-gateway = { api-gateway = {
domain_name = replace(replace(module.apigw.api_endpoint, "https://", ""), "/", "") domain_name = replace(replace(module.apigw.endpoint, "https://", ""), "/", "")
custom_origin_config = { custom_origin_config = {
http_port = 80 http_port = 80

2
terraform/organization/datasources.tf
View File

@ -13,7 +13,7 @@ data "aws_caller_identity" "current" {
data "template_file" "userdata" { data "template_file" "userdata" {
template = file("${path.module}/html/index.html") template = file("${path.module}/html/index.html")
vars = { vars = {
ENDPOINT = "${module.apigw.api_endpoint}" ENDPOINT = "${module.apigw.endpoint}"
} }
} }

1
terraform/organization/provider.tf
View File

@ -5,6 +5,7 @@ provider "aws" {
shared_credentials_files = ["~/.aws/credentials"] shared_credentials_files = ["~/.aws/credentials"]
profile = "default" profile = "default"
s3_use_path_style = true
skip_requesting_account_id = true skip_requesting_account_id = true
skip_get_ec2_platforms = true skip_get_ec2_platforms = true
skip_metadata_api_check = true skip_metadata_api_check = true

12
terraform/organization/s3.tf
View File

@ -11,14 +11,6 @@ module "s3" {
website = try(each.value.website, {}) website = try(each.value.website, {})
objects = try(each.value.objects, {}) objects = try(each.value.objects, {})
bucket_acl = each.value.bucket_acl bucket_acl = each.value.bucket_acl
} website_id = module.s3["website"].id
content = data.template_file.userdata.rendered
resource "aws_s3_object" "this" {
provider = aws.aws
bucket = module.s3["website"].id
key = "index.html"
content = data.template_file.userdata.rendered
content_type = "text/html"
storage_class = "STANDARD"
} }

2
terraform/organization/sqs.tf
View File

@ -10,7 +10,7 @@ module "sqs" {
] ]
name = "AWS-SQS-g3" name = "AWS-SQS-g3"
lambda_name = module.lambda["lambdaSQS"].lambda_function_name lambda_name = module.lambda["lambdaSQS"].function_name
tags = { tags = {
name = "SQS" name = "SQS"

14
terraform/organization/template.json Normal file
View File

@ -0,0 +1,14 @@
Action=SendMessage&MessageBody={
"method": "$context.httpMethod",
"body-json" : $input.json('$'),
"queryParams": {
#foreach($param in $input.params().querystring.keySet())
"$param": "$util.escapeJavaScript($input.params().querystring.get($param))" #if($foreach.hasNext),#end
#end
},
"pathParams": {
#foreach($param in $input.params().path.keySet())
"$param": "$util.escapeJavaScript($input.params().path.get($param))" #if($foreach.hasNext),#end
#end
}
}

21
terraform/organization/waf.tf
View File

@ -8,6 +8,27 @@ module "waf" {
name = "AWS-WAF-g3" name = "AWS-WAF-g3"
scope = "CLOUDFRONT" scope = "CLOUDFRONT"
rule = {
common = {
name = "AWS-AWSManagedRulesCommonRuleSet",
priority = 1,
managed_rule_group_statement = "AWSManagedRulesCommonRuleSet",
metric_name = "AWS-AWSManagedRulesCommonRuleSet",
},
linux = {
name = "AWS-AWSManagedRulesLinuxRuleSet",
priority = 2,
managed_rule_group_statement = "AWSManagedRulesLinuxRuleSet",
metric_name = "AWS-AWSManagedRulesLinuxRuleSet",
},
input = {
name = "AWS-AWSManagedRulesKnownBadInputsRuleSet",
priority = 3,
managed_rule_group_statement = "AWSManagedRulesKnownBadInputsRuleSet",
metric_name = "AWS-AWSManagedRulesKnownBadInputsRuleSet",
}
}
tags = { tags = {
name = "WAF" name = "WAF"
} }