From 79c7c3c082dc290a7022be74a3333c927f4c7b05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Aufort?= <taufort@ippon.fr>
Date: Thu, 25 Mar 2021 16:01:00 +0100
Subject: [PATCH] feat(terraform): multiple changes
* format code
* activate DynamoDB PITR
---
deploy/{api-gateway.tf => api_gateway.tf} | 0
deploy/cloudwatch_alarms.tf | 2 +-
deploy/cloudwatch_api_logs.tf | 7 ++++---
deploy/dashboard.tf | 4 ----
deploy/docker-compose.yml | 2 +-
deploy/dynamodb.tf | 4 ++++
deploy/lambda.tf | 8 +++-----
deploy/variables.tf | 4 ++++
deploy/vars/staging.tfvars | 3 ++-
deploy/xray.tf | 2 +-
10 files changed, 20 insertions(+), 16 deletions(-)
rename deploy/{api-gateway.tf => api_gateway.tf} (100%)
diff --git a/deploy/api-gateway.tf b/deploy/api_gateway.tf
similarity index 100%
rename from deploy/api-gateway.tf
rename to deploy/api_gateway.tf
diff --git a/deploy/cloudwatch_alarms.tf b/deploy/cloudwatch_alarms.tf
index 2aaadeb..f3d2ce7 100644
--- a/deploy/cloudwatch_alarms.tf
+++ b/deploy/cloudwatch_alarms.tf
@@ -83,4 +83,4 @@ resource "aws_lambda_permission" "with_sns" {
function_name = aws_lambda_function.slack.arn
principal = "sns.amazonaws.com"
source_arn = data.aws_sns_topic.cloudmon.arn
-}
\ No newline at end of file
+}
diff --git a/deploy/cloudwatch_api_logs.tf b/deploy/cloudwatch_api_logs.tf
index 2120e55..a93dc1e 100644
--- a/deploy/cloudwatch_api_logs.tf
+++ b/deploy/cloudwatch_api_logs.tf
@@ -1,9 +1,11 @@
locals {
API_GATEWAY_LOG_GROUP = "API-Gateway-Execution-Logs_${split("-", aws_api_gateway_stage.main.id)[1]}/${aws_api_gateway_stage.main.stage_name}"
}
+
output "log_groupe_name" {
value = local.API_GATEWAY_LOG_GROUP
}
+
resource "aws_lambda_function" "logs" {
filename = data.archive_file.lambda_logs_file.output_path
function_name = "${local.prefix}-logs-apigw"
@@ -59,8 +61,7 @@ data "archive_file" "lambda_logs_event_file" {
}
resource "aws_iam_role" "iam_for_lambda_logs" {
- name = "${local.prefix}-lambda-admin-cloudwatch-logs"
-
+ name = "${local.prefix}-lambda-admin-cloudwatch-logs"
assume_role_policy = file("./templates/lambda/assume-role-policy.json")
}
@@ -72,4 +73,4 @@ resource "aws_iam_role_policy_attachment" "lambda_logs_FA" {
resource "aws_iam_role_policy_attachment" "lambda_cloudwatch_FA" {
role = aws_iam_role.iam_for_lambda_logs.name
policy_arn = "arn:aws:iam::aws:policy/CloudWatchFullAccess"
-}
\ No newline at end of file
+}
diff --git a/deploy/dashboard.tf b/deploy/dashboard.tf
index 5800d97..2b100c5 100644
--- a/deploy/dashboard.tf
+++ b/deploy/dashboard.tf
@@ -11,7 +11,3 @@ resource "aws_cloudwatch_dashboard" "main" {
})
}
-
-output "dashboard_json" {
- value = aws_cloudwatch_dashboard.main.dashboard_body
-}
diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml
index beb2ec4..e40688e 100644
--- a/deploy/docker-compose.yml
+++ b/deploy/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3.7'
services:
terraform:
- image: hashicorp/terraform:0.14.8
+ image: hashicorp/terraform:0.14.9
volumes:
- .:/infra
working_dir: /infra
diff --git a/deploy/dynamodb.tf b/deploy/dynamodb.tf
index 8af33a1..66d4d04 100644
--- a/deploy/dynamodb.tf
+++ b/deploy/dynamodb.tf
@@ -10,6 +10,10 @@ resource "aws_dynamodb_table" "main" {
type = "S"
}
+ point_in_time_recovery {
+ enabled = var.dynamodb_enable_pitr
+ }
+
tags = local.common_tags
lifecycle {
diff --git a/deploy/lambda.tf b/deploy/lambda.tf
index 46eb720..ee4146e 100644
--- a/deploy/lambda.tf
+++ b/deploy/lambda.tf
@@ -46,11 +46,10 @@ resource "aws_lambda_function" "index" {
tags = local.common_tags
}
-
resource "aws_iam_role" "iam_for_lambda" {
- name = "${local.prefix}-lambda"
-
+ name = "${local.prefix}-lambda"
assume_role_policy = file("./templates/lambda/assume-role-policy.json")
+ tags = local.common_tags
}
# See also the following AWS managed policy: AWSLambdaBasicExecutionRole
@@ -58,8 +57,7 @@ resource "aws_iam_policy" "lambda_logging" {
name = "${local.prefix}-lambda_logging"
path = "/"
description = "IAM policy for logging from a lambda"
-
- policy = file("./templates/lambda/lambda-policy.json")
+ policy = file("./templates/lambda/lambda-policy.json")
}
resource "aws_iam_role_policy_attachment" "lambda_logs" {
diff --git a/deploy/variables.tf b/deploy/variables.tf
index ce5736b..13fa0d6 100644
--- a/deploy/variables.tf
+++ b/deploy/variables.tf
@@ -35,3 +35,7 @@ variable "dynamodb_read_capacity" {
variable "dynamodb_write_capacity" {
type = number
}
+
+variable "dynamodb_enable_pitr" {
+ type = bool
+}
diff --git a/deploy/vars/staging.tfvars b/deploy/vars/staging.tfvars
index 387fc69..6980b79 100644
--- a/deploy/vars/staging.tfvars
+++ b/deploy/vars/staging.tfvars
@@ -1,2 +1,3 @@
dynamodb_read_capacity = 5
-dynamodb_write_capacity = 5
\ No newline at end of file
+dynamodb_write_capacity = 5
+dynamodb_enable_pitr = true
diff --git a/deploy/xray.tf b/deploy/xray.tf
index 0316034..b336b86 100644
--- a/deploy/xray.tf
+++ b/deploy/xray.tf
@@ -2,4 +2,4 @@ resource "aws_xray_group" "main" {
group_name = "${local.prefix}-group"
filter_expression = "http.url CONTAINS \"${aws_api_gateway_stage.main.invoke_url}\""
tags = local.common_tags
-}
\ No newline at end of file
+}
--
GitLab