Skip to content

Commit

Permalink
v24.8.0 (#56)
Browse files Browse the repository at this point in the history
* feat(aws): postgres db backup

* feat: sshuttle connection tweak

* feat(aws): group layer jump server

* feat(aws/group): jump server

* feat(aws/group): ses + cognito

* feat: update version to 24.8.0

* feat: cleanup scripts

* feat: update version
  • Loading branch information
VladyslavKurmaz authored Aug 4, 2024
1 parent cda26c9 commit d0b9dd5
Show file tree
Hide file tree
Showing 9 changed files with 712 additions and 14 deletions.
27 changes: 15 additions & 12 deletions .tln.conf
Original file line number Diff line number Diff line change
Expand Up @@ -117,18 +117,21 @@ const getTerraformOpts = (env) => {
return `${i}${p}${a}${aa}`;
}

const getConnectionOptions = (v) => {
const getConnectionOptions = (v, group, env) => {
const opts = v.split(':');
const layer = opts[0];
let prefix = '';
//
if (opts.length === 2) {
return {
layer: opts[0],
suffix: `-${opts[1]}`
if (opts[1]) {
prefix = `${group}-${env}-${opts[1]}`;
} else {
prefix = `${group}`;
}
}
return {
layer: opts[0],
suffix: ''
} else {
prefix = `${group}-${env}`;
}
return {layer, prefix};
}

module.exports = {
Expand Down Expand Up @@ -169,18 +172,18 @@ module.exports = {
}
},
{ id: 'get-bastion', builder: async (tln, script) => {
const {layer, suffix} = getConnectionOptions(script.env.TLN_CLOUDS_CONN_OPTS);
const {layer, prefix} = getConnectionOptions(script.env.TLN_CLOUDS_CONN_OPTS, script.env.TF_VAR_group_id, script.env.TF_VAR_env_id);
script.set([
`cat './${layer}/${script.env.TF_VAR_group_id}-${script.env.TF_VAR_env_id}${suffix}-bastion.addr'`
`cat './${layer}/${prefix}-bastion.addr'`
]);
}},
{ id: 'sshuttle', builder: async (tln, script) => {
const daemon = script.env.TLN_CLOUDS_DEAMON ? ' --daemon' : '';
const ci = script.env.TLN_CLOUDS_CI ? ' -q -o CheckHostIP=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' : '';
const {layer, suffix} = getConnectionOptions(script.env.TLN_CLOUDS_CONN_OPTS);
const {layer, prefix} = getConnectionOptions(script.env.TLN_CLOUDS_CONN_OPTS, script.env.TF_VAR_group_id, script.env.TF_VAR_env_id);
//
script.set([`
sshuttle --dns${daemon} -vr ${script.env.TLN_CLOUDS_BASTION} 0/0 --ssh-cmd 'ssh${ci} -i ./${layer}/${script.env.TF_VAR_group_id}-${script.env.TF_VAR_env_id}${suffix}-bastion-ssh-key.pem'
sshuttle --dns${daemon} -vr ${script.env.TLN_CLOUDS_BASTION} 0/0 --ssh-cmd 'ssh${ci} -i ./${layer}/${prefix}-bastion-ssh-key.pem'
`]);
}
},
Expand Down
34 changes: 34 additions & 0 deletions aws/app/backup.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
module "backup" {
source = "lgallard/backup/aws"
version = "0.22.0"

vault_name = "${module.shared.prefix_env}-pg-vault"

plan_name = "${module.shared.prefix_env}-pg-backup-plan"

rules = [
{
name = "db-backup"
schedule = var.backup_schedule
lifecycle = {
delete_after = var.backup_lifecycle
},
recovery_point_tags = {
Environment = module.shared.prefix_env
}
},
]

selections = [
{
name = "postgres"
resources = [module.rds_pg.db_instance_arn]
},
]

depends_on = [
module.rds_pg
]

tags = module.shared.tags
}
14 changes: 13 additions & 1 deletion aws/app/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -27,4 +27,16 @@ variable "databases" {
owner = string,
password = string
}))
}
}
variable "backup_schedule" {
type = string
default = "cron(0 */2 * * ? *)"
}
variable "backup_lifecycle" {
type = string
default = "1"
}
variable "snapshot_identifier" {
type = string
default = null
}
61 changes: 61 additions & 0 deletions aws/group/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

142 changes: 142 additions & 0 deletions aws/group/cognito.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,142 @@
/*
locals {
api_base_url = "http://localhost"
}
module "cognito_user_pool" {
source = "lgallard/cognito-user-pool/aws"
version = "0.30.0"
user_pool_name = module.shared.prefix_group
alias_attributes = ["email", "preferred_username"]
auto_verified_attributes = ["email"]
verification_message_template_default_email_option = "CONFIRM_WITH_LINK"
admin_create_user_config_allow_admin_create_user_only = false
domain = module.shared.prefix_group
// mfa_configuration = "ON"
// software_token_mfa_configuration = {
// enabled = true
// }
email_configuration = {
email_sending_account = "DEVELOPER"
reply_to_email_address = "no-reply@${var.domain_name}"
source_arn = module.ses.ses_domain_identity_arn
}
string_schemas = [
{
attribute_data_type = "String"
name = "email"
mutable = true
required = true
developer_only_attribute = false
string_attribute_constraints = {
min_length = 0
max_length = 2048
}
},
]
// lambda_config = {
// pre_authentication = module.cognito_pre_auth_function.lambda_function_arn
// }
clients = [
{
name = "Web"
access_token_validity = 24
id_token_validity = 24
refresh_token_validity = 30
token_validity_units = {
access_token = "hours"
id_token = "hours"
refresh_token = "days"
}
callback_urls = [
"${local.api_base_url}/iam/login/oauth2/code/cognito",
"${local.api_base_url}/iam/swagger-ui/oauth2-redirect.html"
]
logout_urls = [
"${local.api_base_url}/iam/auth/complete",
]
default_redirect_uri = "${local.api_base_url}/iam/login/oauth2/code/cognito"
generate_secret = true
allowed_oauth_scopes = ["openid", "email"]
supported_identity_providers = ["COGNITO"]
allowed_oauth_flows = ["code"]
explicit_auth_flows = ["ALLOW_REFRESH_TOKEN_AUTH", "ALLOW_USER_PASSWORD_AUTH"]
allowed_oauth_flows_user_pool_client = true
}
]
// depends_on = [ module.cognito_pre_auth_function ]
tags = module.shared.tags
}
*/

/*
module "cognito_pre_auth_function" {
source = "terraform-aws-modules/lambda/aws"
function_name = "${module.shared.prefix_group}-cognito-pre-auth"
description = "Cognito Pre-auth function"
handler = "cognito-pre-auth.lambda_handler"
runtime = "python3.12"
lambda_role = aws_iam_role.cognito_pre_auth_aim.arn
source_path = "src/cognito-pre-auth.py"
depends_on = [ aws_iam_role_policy_attachment.cognito_pre_auth_policy_attachment ]
tags = module.shared.tags
}
resource "aws_iam_role" "cognito_pre_auth_aim" {
name = "${module.shared.prefix_group}-cognito-pre-auth-aim"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Principal = {
Service = "lambda.amazonaws.com"
}
Action = "sts:AssumeRole"
},
]
})
}
resource "aws_iam_policy" "cognito_pre_auth_aim_policy" {
name = "${module.shared.prefix_group}-cognito-pre-auth-aim-policy"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "cognito-idp:AdminUpdateUserAttributes"
Effect = "Allow"
Resource = "*"
},
]
})
}
resource "aws_iam_role_policy_attachment" "cognito_pre_auth_policy_attachment" {
role = aws_iam_role.cognito_pre_auth_aim.name
policy_arn = aws_iam_policy.cognito_pre_auth_aim_policy.arn
depends_on = [ aws_iam_role.cognito_pre_auth_aim, aws_iam_policy.cognito_pre_auth_aim_policy ]
}
resource "aws_lambda_permission" "cognito_pre_auth_function_invoke_permission" {
statement_id = "AllowExecutionFromCognito"
action = "lambda:InvokeFunction"
function_name = module.cognito_pre_auth_function.lambda_function_arn
principal = "cognito-idp.amazonaws.com"
source_arn = module.cognito_user_pool.arn
}
*/
Loading

0 comments on commit d0b9dd5

Please sign in to comment.