From adad6f53864582074d50fbb89bddfbf3b0698b29 Mon Sep 17 00:00:00 2001 From: Santiago Lo Coco Date: Thu, 1 Dec 2022 19:26:34 -0300 Subject: [PATCH] Add step-functions, update lambda and fix bugs Co-authored-by: Ezequiel Bellver --- README.md | 14 +--- run.sh | 16 ++++- terraform/modules/eventbridge/variables.tf | 9 --- terraform/modules/lambda/outputs.tf | 7 +- terraform/modules/stepfunctions/main.tf | 12 ++++ .../main.tf => stepfunctions/outputs.tf} | 7 +- terraform/modules/stepfunctions/variables.tf | 29 ++++++++ .../versions.tf | 0 terraform/organization/apigw.tf | 4 +- terraform/organization/datasources.tf | 14 ++++ terraform/organization/locals.tf | 32 +++++++-- terraform/organization/stepfunctions.tf | 66 ++++++++++++++++++ terraform/organization/vpc.tf | 23 ++++++ terraform/resources/lambda/lambdaDB.zip | Bin 513 -> 521 bytes terraform/resources/lambda/lambdaError.zip | Bin 0 -> 559 bytes .../lambda/lambdaError/lambda_handler.py | 14 ++++ terraform/resources/lambda/lambdaGET.zip | Bin 0 -> 361 bytes .../lambda/lambdaGET/lambda_handler.py | 13 ++++ terraform/resources/lambda/lambdaSNS.zip | Bin 387 -> 393 bytes .../lambda/lambdaSNS/lambda_handler.py | 1 + terraform/resources/lambda/lambdaSQS.zip | Bin 495 -> 519 bytes .../lambda/lambdaSQS/lambda_handler.py | 34 ++++----- terraform/resources/lambda/lambdaUpdate.zip | Bin 0 -> 509 bytes .../lambda/lambdaUpdate/lambda_handler.py | 27 +++++++ 24 files changed, 275 insertions(+), 47 deletions(-) delete mode 100644 terraform/modules/eventbridge/variables.tf create mode 100644 terraform/modules/stepfunctions/main.tf rename terraform/modules/{eventbridge/main.tf => stepfunctions/outputs.tf} (52%) create mode 100644 terraform/modules/stepfunctions/variables.tf rename terraform/modules/{eventbridge => stepfunctions}/versions.tf (100%) create mode 100644 terraform/organization/stepfunctions.tf create mode 100644 terraform/resources/lambda/lambdaError.zip create mode 100644 terraform/resources/lambda/lambdaError/lambda_handler.py create mode 100644 terraform/resources/lambda/lambdaGET.zip create mode 100644 terraform/resources/lambda/lambdaGET/lambda_handler.py create mode 100644 terraform/resources/lambda/lambdaUpdate.zip create mode 100644 terraform/resources/lambda/lambdaUpdate/lambda_handler.py diff --git a/README.md b/README.md index 5dfc340..aa80221 100644 --- a/README.md +++ b/README.md @@ -121,21 +121,11 @@ Los servicios que deben ser corregidos (asociados a la entrega del TP3) son los Bellver, Ezequiel 61268 - 25% - - - Burgos, Satiago Eduardo - 55193 - 25% + 50% Lo Coco, Santiago 61301 - 25% - - - Oillataguerre, Amparo - 58714 - 25% + 50% diff --git a/run.sh b/run.sh index 23dbcdb..2d57fed 100644 --- a/run.sh +++ b/run.sh @@ -8,23 +8,37 @@ usage: ${0##*/} [command] -p Show changes required by the current terraform config. -a Create or update infraestructure. -d Destroy infraestructure. + -l Create zip files of the lambdas. EOF exit 1 } RUN= -while getopts "hvpad" OPTION; do +while getopts "hvpadl" OPTION; do case $OPTION in a) RUN=apply ;; v) RUN=validate ;; p) RUN=plan ;; d) RUN=destroy ;; + l) RUN=lambda ;; *) usage ;; esac done dir="$PWD" +if [ "$RUN" = 'lambda' ]; then + cd "$dir/terraform/resources/lambda" || exit + lambdas=$(find -H . -maxdepth 1 -mindepth 1 -type d -printf "%f\n") + for lambda in $lambdas; do + cd $lambda || exit + zip $lambda.zip lambda_handler.py + mv $lambda.zip .. + cd .. + done + exit +fi + cd "$dir/terraform/organization" || exit terraform init diff --git a/terraform/modules/eventbridge/variables.tf b/terraform/modules/eventbridge/variables.tf deleted file mode 100644 index fac0c0b..0000000 --- a/terraform/modules/eventbridge/variables.tf +++ /dev/null @@ -1,9 +0,0 @@ -# ------------------------------------------------------------------------------ -# Amazon EventBridge variables -# ------------------------------------------------------------------------------ - -variable "tags" { - description = "A mapping of tags to assign to the resource" - type = map(string) - default = {} -} \ No newline at end of file diff --git a/terraform/modules/lambda/outputs.tf b/terraform/modules/lambda/outputs.tf index 0ef54e6..3fc4ec3 100644 --- a/terraform/modules/lambda/outputs.tf +++ b/terraform/modules/lambda/outputs.tf @@ -2,9 +2,14 @@ # Lambda outputs # -------------------------------------------------------------------- +output "function_invoke_arn" { + description = "The invoke ARN of the Lambda Function" + value = aws_lambda_function.this.invoke_arn +} + output "function_arn" { description = "The ARN of the Lambda Function" - value = aws_lambda_function.this.invoke_arn + value = aws_lambda_function.this.arn } output "function_name" { diff --git a/terraform/modules/stepfunctions/main.tf b/terraform/modules/stepfunctions/main.tf new file mode 100644 index 0000000..e4c249b --- /dev/null +++ b/terraform/modules/stepfunctions/main.tf @@ -0,0 +1,12 @@ +# ------------------------------------------------------------------------------ +# Amazon Step Functions +# ------------------------------------------------------------------------------ + +resource "aws_sfn_state_machine" "this" { + name = var.name + + definition = var.definition + role_arn = var.role_arn + + type = upper(var.type) +} \ No newline at end of file diff --git a/terraform/modules/eventbridge/main.tf b/terraform/modules/stepfunctions/outputs.tf similarity index 52% rename from terraform/modules/eventbridge/main.tf rename to terraform/modules/stepfunctions/outputs.tf index c37907f..8a81d3f 100644 --- a/terraform/modules/eventbridge/main.tf +++ b/terraform/modules/stepfunctions/outputs.tf @@ -1,3 +1,8 @@ # ------------------------------------------------------------------------------ -# Amazon EventBridge +# Amazon Step Function outputs # ------------------------------------------------------------------------------ + +output "name" { + description = "The name of the Step Function" + value = aws_sfn_state_machine.this.name +} diff --git a/terraform/modules/stepfunctions/variables.tf b/terraform/modules/stepfunctions/variables.tf new file mode 100644 index 0000000..8935298 --- /dev/null +++ b/terraform/modules/stepfunctions/variables.tf @@ -0,0 +1,29 @@ +# ------------------------------------------------------------------------------ +# Amazon Step Function variables +# ------------------------------------------------------------------------------ + +variable "tags" { + description = "A mapping of tags to assign to the resource" + type = map(string) + default = {} +} + +variable "name" { + description = "The state machine name." + type = string +} + +variable "definition" { + description = "The Step Function definition." + type = string +} + +variable "type" { + description = "Determines whether a Standard or Express state machine is created.." + type = string +} + +variable "role_arn" { + description = "The Step Function role." + type = string +} diff --git a/terraform/modules/eventbridge/versions.tf b/terraform/modules/stepfunctions/versions.tf similarity index 100% rename from terraform/modules/eventbridge/versions.tf rename to terraform/modules/stepfunctions/versions.tf diff --git a/terraform/organization/apigw.tf b/terraform/organization/apigw.tf index ebe1a39..4df3c86 100644 --- a/terraform/organization/apigw.tf +++ b/terraform/organization/apigw.tf @@ -14,7 +14,7 @@ module "apigw" { lambda = [ { - function_arn = module.lambda["lambdaDB"].function_arn + function_arn = module.lambda["lambdaDB"].function_invoke_arn function_name = module.lambda["lambdaDB"].function_name source_arn = "arn:aws:execute-api:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}" } @@ -40,7 +40,7 @@ module "apigw" { integration_http_method = "POST", type = "AWS_PROXY", credentials = null, - uri = module.lambda["lambdaDB"].function_arn, + uri = module.lambda["lambdaDB"].function_invoke_arn, request_parameters = {}, request_templates = {}, }, diff --git a/terraform/organization/datasources.tf b/terraform/organization/datasources.tf index 366de28..35aa384 100644 --- a/terraform/organization/datasources.tf +++ b/terraform/organization/datasources.tf @@ -51,3 +51,17 @@ data "aws_iam_policy_document" "sns" { resources = ["arn:aws:sns:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${module.sns.name}"] } } + +data "aws_iam_policy_document" "stepfunctions" { + statement { + effect = "Allow" + actions = [ + "states:StartExecution", + ] + principals { + type = "AWS" + identifiers = ["*"] + } + resources = ["arn:aws:states:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:stateMachine:${module.stepfunctions.name}"] + } +} diff --git a/terraform/organization/locals.tf b/terraform/organization/locals.tf index 0d8cd22..b55560c 100644 --- a/terraform/organization/locals.tf +++ b/terraform/organization/locals.tf @@ -57,7 +57,7 @@ locals { role = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole" handler = "lambda_handler.main" runtime = "python3.9", - security_group_ids = aws_security_group.dynamodb_sg.id + security_group_ids = aws_security_group.stepfunctions_sg.id }, lambdaDB = { package = "${local.path}/lambda/lambdaDB.zip" @@ -75,6 +75,30 @@ locals { runtime = "python3.9", security_group_ids = aws_security_group.sns_sg.id } + lambdaGET = { + package = "${local.path}/lambda/lambdaGET.zip" + function_name = "AWSLambdaHandlerGETg3" + role = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole" + handler = "lambda_handler.main" + runtime = "python3.7", + security_group_ids = aws_security_group.sns_sg.id + } + lambdaUpdate = { + package = "${local.path}/lambda/lambdaUpdate.zip" + function_name = "AWSLambdaHandlerUpdateg3" + role = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole" + handler = "lambda_handler.main" + runtime = "python3.9", + security_group_ids = aws_security_group.dynamodb_sg.id + } + lambdaError = { + package = "${local.path}/lambda/lambdaError.zip" + function_name = "AWSLambdaHandlerSNSErrorg3" + role = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole" + handler = "lambda_handler.main" + runtime = "python3.9", + security_group_ids = aws_security_group.sns_sg.id + } } private_inbound = [ @@ -91,9 +115,9 @@ locals { { rule_number = 100 rule_action = "allow" - from_port = 443 - to_port = 443 - protocol = "tcp" + from_port = 0 + to_port = 65535 + protocol = 6 cidr_block = "0.0.0.0/0" } ] diff --git a/terraform/organization/stepfunctions.tf b/terraform/organization/stepfunctions.tf new file mode 100644 index 0000000..ac643cc --- /dev/null +++ b/terraform/organization/stepfunctions.tf @@ -0,0 +1,66 @@ +module "stepfunctions" { + source = "../modules/stepfunctions" + + providers = { + aws = aws.aws + } + + name = "AWSStepFunctions-g3" + role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/LabRole" + definition = <12@&@MdNaVPIh3U?_Ae4_y%U=4c=z149H81A`!g%;bZNBK4dM%x;`@$t7ny zl1nSN85mh!Ff%ZKiPS(}|HB46d%uUf>|8VZR@MgTOMJ z<#YL;wcq89{5q~)f9AdYE^{?!?dP24YbsjzykEanSvfa1f;Gt0X|tT9s;AOchm>v( z8;MNqf=mtld10rY+ZopH@s@C9Ewxy5)z0-o>9L%hFEX9sNd5vWy6~rKYBzC zHRjJvd=Z<#J9+h=uRk9B4+xUGV&XJYWZ!`wJ)YS%e}2?Wxze>MN9wIO--T^`A-t>R z3ihr&<>>bK+NoLmRfnf+pV90v|Ne&+$Gd}=uO4?h>Rqv{=G(5Q5?-3+cV|0$Unu#1`qazQYPyR*9e;o0ZN;3q3;YG1NNMihA0a*8 zle6RJoHCXL#P9a<@)hP&dl85_}D;exuejm`tz?}>Nvbqb&)v)Z z*v~hdCbs>Qh2BHnm@_-S=^b+SIlR@B<>S!_8+jV`ai=7O%%7808{1nXmyo~bb|5eJ z#Y9G~-EhJzUf^o zXDH}d`flme_5Lkix3Aj$t;1;MLhXo{KmW{%s@|Rba@=>`K865qMkYCCEWyvjz#uqz dC!@M1mhcboW@Q6L7y}~^h6Cv-!1!Wd005A{zNi2I diff --git a/terraform/resources/lambda/lambdaError.zip b/terraform/resources/lambda/lambdaError.zip new file mode 100644 index 0000000000000000000000000000000000000000..8208a8280f173a7e752cbb1ed7a47d8ae2f74a75 GIT binary patch literal 559 zcmWIWW@Zs#U|`^25NK-*Z4+gUD`#Y22w`Gi5M+>H$VtpiN=b~*NX$#gNiEVVs0KKGeK~98s&#z6rzbs(vlLDIwcg@$W}wKtcMA?q znD%9QP+arlDK9nGpJIBGsk+3*arMRv6SU+w$~No}N@VmB5WMh|FS)`|{MUDuc@Da5e~<0> zg-z4{@jChjvzcx#_?gXX8kYRm-@V{PfXyie&Z9RYPFy+g*=OfWQ@t!PmP>c`OEp&< zpLfAnq2#4=tfi5Ta5Te(MH7_0b@?vMwAD6wd|N<3y_UH2_8H$gGE=!T9eJQ))-F*k=S+VKc6zUc)Q4IM#<;RMptl?!UceA&xPP$N4XKIhH*F7@p)Px)t^@T2ts w-i%Cg%(&uE0vNXp48SO5Skee$VTn;zNQ|PzW`H*<8%P5q5QYQkLm)F40Q(f%Q2+n{ literal 0 HcmV?d00001 diff --git a/terraform/resources/lambda/lambdaError/lambda_handler.py b/terraform/resources/lambda/lambdaError/lambda_handler.py new file mode 100644 index 0000000..5fb0908 --- /dev/null +++ b/terraform/resources/lambda/lambdaError/lambda_handler.py @@ -0,0 +1,14 @@ +import json +import boto3 + + +def main(event, context): + print(event) + message = "Error en la actualización de stock." + subject = "BSMSapp" + client = boto3.client("sns") + # El dueño del tópico podría salir de la BD, habría que guardar la relación item y dueño. + # Ahora está hardcodeado a un dueño solo (no me parece mal de todos modos para la entrega esta) + # Pero podríamos hacer un get del dynamo y obtener el dueño de ahí sino. + topic_arn = "arn:aws:sns:us-east-1:025685231147:slococo" + client.publish(TopicArn=topic_arn, Message=message, Subject=subject) diff --git a/terraform/resources/lambda/lambdaGET.zip b/terraform/resources/lambda/lambdaGET.zip new file mode 100644 index 0000000000000000000000000000000000000000..bafdca7df8f3974456e232fd7111138fc85179b6 GIT binary patch literal 361 zcmWIWW@Zs#U|`^2csH{#ba#KB??xa`oRNV+kU@qaCowlEB{4oDF)t-2wMeg^GBkvf zfw@7wGZ}W6C8`UcNQN}7y` zCo5VG7fs``RGf12TID+JwcnOr3SGIXDq6&K-W|K^v+bXq3H?qn7Z@MdNaVPIh3VAzq}7+QEC#`hwSXEae+-bzd+uJt9%MS^UPZ+UBM5YPc{=iWOt)(+x+==Wt>kH zEPXI@^-exZ8Oda^`-x%aw*P3g`<~Er{>NnNg9{>j&ON{N$}GW6>1(5b)8|P|VfWZ3 zoEOrWRPQ?D%9^#0=9u3$(EZh=w*IjHC#BFHQS-^#Ev)xkK16Nft;~8gRc4WKzShsu ztt<=oc~03Dk z(W_wbgPGbp`83~1CX3l8gq*ux;XXgg;Gp^+&)$Ryxh_gyJ1;nYwPRhohgadekj^Am zi7PACKAKY>u012I)_JnnhuJosqRB63A5499Coca}&^6J@RkK7VIF&qGrM7>~GleVW zoi<{|xdDN~nKXY!28NYP6D4Ho<1{;yLAbPnn}Lz#1v3K! zm`I&uo8N38&{qDRtNW+|<0<$3EmIV|x9gp~px8TsdHR*m4YKnyFW1M{w{VE?AGrDc z?(ZKK7c*0J{<^7lcHFN{y*f$Y(xJvhPmf)Dm$~p=#b;HOC6iY?a|`oJE9y#LW9{(7 zox?iPbwzajS@U1*Op3)AS-;SOS65zFEylbZUao!exu_%g?5;SCkt zJlV?OXWWN{l zuOrePHf4=%^af<%ZKwm~V!fyTkMK4niZ(x1uc8Kv{v%0Y9$A*@Y*QeLK{B^Ew#gPy9Ypor2ZmFHW z-fr!?s*=Y2)mwbz&zrK%F*+vlrb2z|Q`VX$-sF1=ct6Ox8BhCKlpmmF_nf($bB553x%wieJQJ_}F~% zNsGpO1yKusk4q^@7fl}2?pzXImT{`p@JFbf#oa7#sY2CBuMHyF&nv$ct$!?#jr(;K#(kAjlxYkdv63l#&>qk(if~lUk%#P#GG+ z$-sR3OGh#YmsW5yFtWU0W?%plu|XUC4jTyE{VY07QYb)JbXVxBfG9RK6^A5^(5FYP zCp`Jl^p-*N)&AnLrdf{^Kkoki?(Syct6MT`tIIQluD<(t>3%-Y;)fp<=9MDLuLQt%JuDYd6}Oa>|jgvOxC%= zb+*qyr{Z~$z`5tw_k91p=!(PNy@4NP5{^yR_kW$SVc*%;lAivz7QOxBSDCS?x=JT$ zU*rA-f$LN^&u45qI#+yOvG$Y$&)=k3&Fwj9E+Di