slococo-uni
/
bsmsapp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix cloudfront bug

This commit is contained in:
Santiago Lo Coco 2022-12-07 11:54:43 -03:00
parent 3f6b1504a2
commit 8ffc69f1d3
7 changed files with 42 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
README.md
View File

@ -4,30 +4,42 @@ Best Stock Management System application.
## Descripción de los módulos ## Descripción de los módulos
### ACM
### API Gateway ### API Gateway
Construye una API REST que puede recibir requests POST, GET u OPTIONS. En el caso de GET, va directo a la lambda de lectura de la tabla (`lambdaDB`). Por otro lado, en el caso de un POST, se encola en el SQS para luego ir a otra lambda (`lambdaSQSDB`). Finalmente, el OPTIONS se utiliza para poder soportar y habilitar `CORS` y que, por ende, funcionen correctamente los llamados a la API desde el sitio estático. Construye una API REST que puede recibir requests POST, GET, PUT, DELETE y OPTIONS. En el caso de GET, va directo a la lambda de lectura de la tabla (`lambdaDB`). Por otro lado, en el caso de un POST, se encola en el SQS para luego ir a otra lambda (`lambdaSQSDB`). Finalmente, el OPTIONS se utiliza para poder soportar y habilitar `CORS` y que, por ende, funcionen correctamente los llamados a la API desde el sitio estático.
Ver [apigw/README.md](terraform/modules/apigw/README.md)
### CloudFront ### CloudFront
Funciona como CDN y realiza caché de la API y del S3 (que hostea el sitio estático). Funciona como CDN y realiza caché de la API y del S3 (que hostea el sitio estático).
### Cognito
### Dynamo DB ### Dynamo DB
Guarda los datos de los stocks de los usuarios. Tiene una tabla compuesta por `id` (la partition key) y `stock`. Guarda el stock de los productos de los usuarios. Tiene una tabla compuesta por `user` (partition key), `id` del producto (sort key) y `stock`.
### Lambda ### Lambda
Definimos 2 lambdas. Una se encarga de realizar escrituras al `DynamoDB` (`lambdaSQSDB`) y la otra de realizar lecturas (`lambdaDB`). Definimos 9 lambdas.
### Route53
### S3 ### S3
Definimos 3 buckets. Uno para logs y dos para el frontend (el sitio estático en sí y uno `www` que se redirecciona al primero). Definimos 3 buckets. Uno para logs y dos para el frontend (el sitio estático en sí y uno `www` que se redirecciona al primero).
### SNS
### SQS ### SQS
Se encarga de encolar POSTs recibidos por la API. Luego, dispara la lambda correspondiente (en este caso `lambdaSQSDB`). Se encarga de encolar POSTs recibidos por la API. Luego, dispara la lambda correspondiente (en este caso `lambdaSQSDB`).
### Step Functions
### VPC ### VPC
Este módulo es [externo](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest). Se define en este toda la parte de networking que se detalla en el diagrama de la arquitectura (el cual se encuentra al final de este documento). Este módulo es [externo](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest). Se define en este toda la parte de networking que se detalla en el diagrama de la arquitectura (el cual se encuentra al final de este documento).
@ -36,96 +48,10 @@ Este módulo es [externo](https://registry.terraform.io/modules/terraform-aws-mo
Protege la aplicación mediante 3 rules. Esto lo hace mediante la creación de un web ACL asociado a la distribución de CloudFront. Protege la aplicación mediante 3 rules. Esto lo hace mediante la creación de un web ACL asociado a la distribución de CloudFront.
## Descripción y referencia de funciones y meta-argumentos
Se debe notar que los links solo hacen referencia a la primera aparición en cada archivo.
### Funciones
Junto a cada función se especifica para qué se usa.
- **file**: devuelve como string el contenido del archivo `index.html`. Esto es utilizado para luego poder modificarlo (pues actúa como un template ya que tiene la variable `ENDPOINT` parametrizada) y usarlo.
+ [organization/datasources.tf](terraform/organization/datasources.tf#L14)
- **flatten**: retorna una lista de una dimensión con los elementos de una lista de listas pues así lo espera el módulo.
+ [organization/vpc.tf](terraform/organization/vpc.tf#L78)
- **format**: arma el `path` para un filename dado.
+ [modules/s3/main.tf](terraform/modules/s3/main.tf#L39)
- **jsonencode**: arma un string con un objeto JSON.
+ [modules/apigw/main.tf](terraform/modules/apigw/main.tf#L89)
- **length**: calcula el largo de `custom_origin_config` para saber si debe hacer un `for_each` sobre sus elementos, es decir, para saber si se lo definieron en el archivo que usa el módulo en cuestión.
+ [modules/cloudfront/main.tf](terraform/modules/cloudfront/main.tf#L20)
- **lookup**: obtiene el valor de un mapa para una key.
+ [modules/cloudfront/main.tf](terraform/modules/cloudfront/main.tf#L16)
- **replace**: modifica el `path` para hacerlo válido.
+ [modules/s3/main.tf](terraform/modules/s3/main.tf#L38)
+ [organization/cloudfront.tf](terraform/organization/cloudfront.tf#L13)
- **sha1**: computa el `SHA1` del string de la configuración del apigw para saber si se necesita forzar el redeploy del módulo.
+ [modules/apigw/main.tf](terraform/modules/apigw/main.tf#L103)
- **trimsuffix**: remueve substring del final de un string.
+ [modules/s3/main.tf](terraform/modules/s3/main.tf#L19)
- **try**: en caso de que no haya objetos, se utiliza un objeto vacío.
+ [modules/s3/main.tf](terraform/modules/s3/main.tf#L35)
+ [organization/s3.tf](terraform/organization/s3.tf#L10)
### Meta-argumentos
- **count**
+ [modules/s3/main.tf](terraform/modules/s3/main.tf#L18)
- **depends_on**
+ [modules/apigw/main.tf](terraform/modules/apigw/main.tf#L78)
+ [organization/apigw.tf](terraform/organization/apigw.tf#L8)
+ [organization/cloudfront.tf](terraform/organization/cloudfront.tf#L3)
+ [organization/lambda.tf](terraform/organization/lambda.tf#L9)
+ [organization/sqs.tf](terraform/organization/sqs.tf#L8)
- **for_each**
+ [modules/cloudfront/main.tf](terraform/modules/cloudfront/main.tf#L12)
+ [modules/dynamodb/main.tf](terraform/modules/dynamodb/main.tf#L12)
+ [modules/lambda/main.tf](terraform/modules/lambda/main.tf#L15)
+ [modules/s3/main.tf](terraform/modules/s3/main.tf#L35)
+ [organization/lambda.tf](terraform/organization/lambda.tf#L2)
+ [organization/s3.tf](terraform/organization/s3.tf#L2)
- **lifecycle**
+ [modules/apigw/main.tf](terraform/modules/apigw/main.tf#L114)
## Diagrama de arquitectura deployada ## Diagrama de arquitectura deployada
Los servicios que deben ser corregidos (asociados a la entrega del TP3) son los numerados.
<img src="docs/architecture.png" alt="architecture" width="800"/> <img src="docs/architecture.png" alt="architecture" width="800"/>
## Demo ## Demo
<img src="docs/demo.gif" alt="demo" width="800"/> <img src="docs/demo.gif" alt="demo" width="800"/>
## Rúbrica
<table>
<tr>
<th>Alumno</th>
<th>Legajo</th>
<th>Participación</th>
</tr>
<tr>
<td>Bellver, Ezequiel</td>
<td>61268</td>
<td>50%</td>
</tr>
<tr>
<td>Lo Coco, Santiago</td>
<td>61301</td>
<td>50%</td>
</tr>
</table>

33
terraform/modules/cognito/README.md
View File

@ -23,27 +23,30 @@ No modules.
| [aws_cognito_user_pool.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool) | resource | | [aws_cognito_user_pool.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool) | resource |
| [aws_cognito_user_pool_client.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool_client) | resource | | [aws_cognito_user_pool_client.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool_client) | resource |
| [aws_cognito_user_pool_domain.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool_domain) | resource | | [aws_cognito_user_pool_domain.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool_domain) | resource |
| [aws_lambda_permission.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
## Inputs ## Inputs
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:| |------|-------------|------|---------|:--------:|
| <a name="input_account_recovery_mechanisms"></a> [account\_recovery\_mechanisms](#input\_account\_recovery\_mechanisms) | (Optional) A list of recovery\_mechanisms which are defined by a `name` and its `priority`. Valid values for `name` are veri fied\_email, verified\_phone\_number, and admin\_only. | `any` | `[]` | no | | <a name="input_account_recovery_mechanisms"></a> [account\_recovery\_mechanisms](#input\_account\_recovery\_mechanisms) | A list of recovery\_mechanisms which are defined by a `name` and its `priority`. Valid values for `name` are veri fied\_email, verified\_phone\_number, and admin\_only. | `any` | `[]` | no |
| <a name="input_alias_attributes"></a> [alias\_attributes](#input\_alias\_attributes) | (Optional) Attributes supported as an alias for this user pool. Possible values: 'phone\_number', 'email', or 'preferred\_username'. Conflicts with username\_attributes. | `set(string)` | `null` | no | | <a name="input_alias_attributes"></a> [alias\_attributes](#input\_alias\_attributes) | Attributes supported as an alias for this user pool. Possible values: 'phone\_number', 'email', or 'preferred\_username'. Conflicts with username\_attributes. | `set(string)` | `null` | no |
| <a name="input_auto_verified_attributes"></a> [auto\_verified\_attributes](#input\_auto\_verified\_attributes) | (Optional) The attributes to be auto-verified. Possible values: 'email', 'phone\_number'. | `set(string)` | <pre>[<br> "email"<br>]</pre> | no | | <a name="input_auto_verified_attributes"></a> [auto\_verified\_attributes](#input\_auto\_verified\_attributes) | The attributes to be auto-verified. Possible values: 'email', 'phone\_number'. | `set(string)` | <pre>[<br> "email"<br>]</pre> | no |
| <a name="input_client_name"></a> [client\_name](#input\_client\_name) | (Required) The name of the client user pool. | `string` | n/a | yes | | <a name="input_client_name"></a> [client\_name](#input\_client\_name) | The name of the client user pool. | `string` | n/a | yes |
| <a name="input_domain"></a> [domain](#input\_domain) | (Optional) Type a domain prefix to use for the sign-up and sign-in pages that are hosted by Amazon Cognito, e.g. 'https://{YOUR_PREFIX}.auth.eu-west-1.amazoncognito.com'. The prefix must be unique across the selected AWS Region. Domain names can only contain lower-case letters, numbers, and hyphens. | `string` | `null` | no | | <a name="input_domain"></a> [domain](#input\_domain) | Type a domain prefix to use for the sign-up and sign-in pages that are hosted by Amazon Cognito, e.g. 'https://{YOUR_PREFIX}.auth.eu-west-1.amazoncognito.com'. The prefix must be unique across the selected AWS Region. Domain names can only contain lower-case letters, numbers, and hyphens. | `string` | `null` | no |
| <a name="input_enable_username_case_sensitivity"></a> [enable\_username\_case\_sensitivity](#input\_enable\_username\_case\_sensitivity) | (Optional) Specifies whether username case sensitivity will be applied for all users in the user pool through Cognito APIs. | `bool` | `false` | no | | <a name="input_enable_username_case_sensitivity"></a> [enable\_username\_case\_sensitivity](#input\_enable\_username\_case\_sensitivity) | Specifies whether username case sensitivity will be applied for all users in the user pool through Cognito APIs. | `bool` | `false` | no |
| <a name="input_name"></a> [name](#input\_name) | (Required) The name of the user pool. | `string` | n/a | yes | | <a name="input_lambda_function_name"></a> [lambda\_function\_name](#input\_lambda\_function\_name) | Lambda name | `string` | n/a | yes |
| <a name="input_password_minimum_length"></a> [password\_minimum\_length](#input\_password\_minimum\_length) | (Optional) The minimum length of the password policy that you have set. | `number` | `20` | no | | <a name="input_lambda_pre_sign_up"></a> [lambda\_pre\_sign\_up](#input\_lambda\_pre\_sign\_up) | The ARN of a pre-registration AWS Lambda trigger. | `string` | n/a | yes |
| <a name="input_password_require_lowercase"></a> [password\_require\_lowercase](#input\_password\_require\_lowercase) | (Optional) Whether you have required users to use at least one lowercase letter in their password. | `bool` | `true` | no | | <a name="input_name"></a> [name](#input\_name) | The name of the user pool. | `string` | n/a | yes |
| <a name="input_password_require_numbers"></a> [password\_require\_numbers](#input\_password\_require\_numbers) | (Optional) Whether you have required users to use at least one number in their password. | `bool` | `true` | no | | <a name="input_password_minimum_length"></a> [password\_minimum\_length](#input\_password\_minimum\_length) | The minimum length of the password policy that you have set. | `number` | `20` | no |
| <a name="input_password_require_symbols"></a> [password\_require\_symbols](#input\_password\_require\_symbols) | (Optional) Whether you have required users to use at least one symbol in their password. | `bool` | `true` | no | | <a name="input_password_require_lowercase"></a> [password\_require\_lowercase](#input\_password\_require\_lowercase) | Whether you have required users to use at least one lowercase letter in their password. | `bool` | `true` | no |
| <a name="input_password_require_uppercase"></a> [password\_require\_uppercase](#input\_password\_require\_uppercase) | (Optional) Whether you have required users to use at least one uppercase letter in their password. | `bool` | `true` | no | | <a name="input_password_require_numbers"></a> [password\_require\_numbers](#input\_password\_require\_numbers) | Whether you have required users to use at least one number in their password. | `bool` | `true` | no |
| <a name="input_password_require_symbols"></a> [password\_require\_symbols](#input\_password\_require\_symbols) | Whether you have required users to use at least one symbol in their password. | `bool` | `true` | no |
| <a name="input_password_require_uppercase"></a> [password\_require\_uppercase](#input\_password\_require\_uppercase) | Whether you have required users to use at least one uppercase letter in their password. | `bool` | `true` | no |
| <a name="input_redirect_url"></a> [redirect\_url](#input\_redirect\_url) | Redirect URL. | `string` | `null` | no | | <a name="input_redirect_url"></a> [redirect\_url](#input\_redirect\_url) | Redirect URL. | `string` | `null` | no |
| <a name="input_schema_attributes"></a> [schema\_attributes](#input\_schema\_attributes) | (Optional) A list of schema attributes of a user pool. You can add a maximum of 25 custom attributes. | `any` | `[]` | no | | <a name="input_schema_attributes"></a> [schema\_attributes](#input\_schema\_attributes) | A list of schema attributes of a user pool. You can add a maximum of 25 custom attributes. | `any` | `[]` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A mapping of tags to assign to the resource. | `map(string)` | `{}` | no | | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource. | `map(string)` | `{}` | no |
| <a name="input_temporary_password_validity_days"></a> [temporary\_password\_validity\_days](#input\_temporary\_password\_validity\_days) | (Optional) In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator. | `number` | `1` | no | | <a name="input_temporary_password_validity_days"></a> [temporary\_password\_validity\_days](#input\_temporary\_password\_validity\_days) | In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator. | `number` | `1` | no |
## Outputs ## Outputs

5
terraform/organization/acm.tf
View File

@ -5,11 +5,6 @@ module "acm" {
aws = aws.aws aws = aws.aws
} }
# depends_on = [
# module.route53
# ]
# zone_id = module.route53.zone_id
domain_name = local.domain domain_name = local.domain
subject_alternative_names = [ subject_alternative_names = [
"*.${local.domain}" "*.${local.domain}"

4
terraform/organization/cloudfront.tf
View File

@ -37,7 +37,7 @@ module "cloudfront" {
custom_origin_config = { custom_origin_config = {
http_port = 80 http_port = 80
https_port = 443 https_port = 443
origin_protocol_policy = "match-viewer" origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"] origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
} }
} }
@ -45,7 +45,7 @@ module "cloudfront" {
default_cache_behavior = { default_cache_behavior = {
target_origin_id = "s3" target_origin_id = "s3"
viewer_protocol_policy = "allow-all" viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET", "HEAD", "OPTIONS"] allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD"] cached_methods = ["GET", "HEAD"]

2
terraform/organization/lambda.tf
View File

@ -20,6 +20,4 @@ module "lambda" {
vpc_security_group_ids = [each.value.security_group_ids] vpc_security_group_ids = [each.value.security_group_ids]
source_code_hash = filebase64sha256(each.value.package) source_code_hash = filebase64sha256(each.value.package)
# environment_variables = each.value.environment_variables
} }

BIN
terraform/resources/lambda/lambdaError.zip
View File

Binary file not shown.

11
terraform/resources/lambda/lambdaError/lambda_handler.py
View File

@ -4,11 +4,14 @@ import boto3
def main(event, context): def main(event, context):
print(event) print(event)
record = event['Records'][0]
body = record["body"]
body = body.replace('\n', '')
body = json.loads(body)
query = body["body-json"]
message = "Error en la actualización de stock." message = "Error en la actualización de stock."
subject = "BSMSapp" subject = "BSMSapp"
client = boto3.client("sns") client = boto3.client("sns")
# El dueño del tópico podría salir de la BD, habría que guardar la relación item y dueño. topic_arn = "arn:aws:sns:us-east-1:025685231147:" + query["username"]
# Ahora está hardcodeado a un dueño solo (no me parece mal de todos modos para la entrega esta)
# Pero podríamos hacer un get del dynamo y obtener el dueño de ahí sino.
topic_arn = "arn:aws:sns:us-east-1:025685231147:slococo"
client.publish(TopicArn=topic_arn, Message=message, Subject=subject) client.publish(TopicArn=topic_arn, Message=message, Subject=subject)