feat(terraform): multiple changes

* add prevent_destroy for dynamodb table * override read/write capacity regarding the Terraform workspace * add tags on 'aws_api_gateway_rest_api' resource * move output

feat(terraform): multiple changes
bb88e146 · Timothée AUFORT · d2546eca · bb88e146 · bb88e146 · bb88e146
Commit bb88e146 authored 4 years ago by Timothée AUFORT
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -27,7 +27,7 @@ Staging Plan:
    - cd deploy/
    - terraform init
    - terraform workspace select staging || terraform workspace new staging
-    - terraform plan
+    - terraform plan -var-file=vars/staging.tfvars
  rules:
    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^(master)$/ || $CI_COMMIT_BRANCH =~ /^(master)$/'

@@ -41,7 +41,7 @@ Staging Apply:
    - cd -
    - terraform init
    - terraform workspace select staging
-    - terraform apply -auto-approve
+    - terraform apply -var-file=vars/staging.tfvars -auto-approve
    - echo "API_ENDPOINT=$(terraform output -raw api_endpoint)" >> ../deploy.env
  artifacts:
    reports:
@@ -79,7 +79,7 @@ Staging Destroy:
    - cd deploy/
    - terraform init
    - terraform workspace select staging
-    - terraform destroy -auto-approve
+    - terraform destroy -var-file=vars/staging.tfvars -auto-approve
  rules: 
    - if: '$CI_COMMIT_BRANCH =~ /^(master)$/'
      when: manual
--- a/deploy/.terraform.lock.hcl
+++ b/deploy/.terraform.lock.hcl
@@ -3,7 +3,7 @@

 provider "registry.terraform.io/hashicorp/archive" {
  version     = "2.1.0"
-  constraints = ">= 2.1.0"
+  constraints = "~> 2.1"
  hashes = [
    "h1:K4Q9hmTnCrGbXZBq2hf6CbekHx5oXFwPBmWOwAPNqtM=",
    "h1:Rjd4bHMA69V+16tiriAUTW8vvqoljzNLmEaRBCgzpUs=",
@@ -23,39 +23,22 @@ provider "registry.terraform.io/hashicorp/archive" {
 }

 provider "registry.terraform.io/hashicorp/aws" {
-  version     = "3.30.0"
-  constraints = ">= 3.30.0"
+  version     = "3.33.0"
+  constraints = "~> 3.30"
  hashes = [
-    "h1:H1Vg0BX4XMIQAE6NEOR95wst+ETcrv/tSwz+m04rszE=",
-    "h1:PmKa3uxO2mDA5FJfGmpX+4e0x70vFLV5Ka9NxkuMpUo=",
-    "h1:z9kdXY2A/+dIZrPy9hNlg/B5I/AuETQsp0jz9EgprIQ=",
-    "zh:01f562a6a31fe46a8ca74804f360e3452b26f71abc549ce1f0ab5a8af2484cdf",
-    "zh:25bacc5ed725051f0ab1f7d575e45c901e5b8e1d50da4156a31dda92b2b7e481",
-    "zh:349b79979d9169db614d8ebd1bc2e0caeb7a38dc816e261b8b2b4b5204615519",
-    "zh:5e41446acc54c6fc15e82c3fa14b72174b30eba81e0711ede297e5620c55a628",
-    "zh:68ad98f6d612bdc35a65d48950abc8e75c69decb49db28258ce8eeb5458586b7",
-    "zh:704603d65e8bac17d203b57c2db142c3134a91076e1b4a31c40f75eb3257dde8",
-    "zh:a362c700032b2db047d16007d52f28b3f216d32671b6b355d23bdaa082c66a4b",
-    "zh:bd197797b41268de3c93cad02b7c655dc0c4d8661abb37544ca049e6b1eccae6",
-    "zh:deb12ef0e3396a71d485977ddc14b695775f7937097ebf2b2f53ed348a4365e7",
-    "zh:ec8a7d0f02738f290107d39bf401d68ddce82a95cd9d998003f7e04b3a196411",
-    "zh:ffcc43b6c5e7f26c55e2a8c539d7370fca8042722400a3e06bdce4240bd7088a",
-  ]
-}
-
-provider "registry.terraform.io/hashicorp/template" {
-  version = "2.2.0"
-  hashes = [
-    "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
-    "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
-    "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
-    "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
-    "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
-    "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
-    "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
-    "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
-    "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
-    "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
-    "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
+    "h1:4+2CO4Pb3BKwI0MD+DBmnX5GFsYTs47y6w4/kQbPJIQ=",
+    "h1:UJcZV5+xJmHHDCsm+s8+xMonccZvVD0jdGwHAoi7nJg=",
+    "h1:dfszrcpjXjaZN3XsCz7TWhucZkNxZ6AVyoL890K+RdI=",
+    "zh:0e89b10323a59de9dd6f286423cc172cb1733683d654c886493c3bd4e43e6290",
+    "zh:288df55f0f4fac1e920cfa61616ac42a4e4414bd7a637902db03d0c7101f14ca",
+    "zh:303c9136c5bf97e6c1deda6e27f0d0931fe0eaaab547bf219b996623fb0ad522",
+    "zh:457a5da9f323e2781942df534153d000ea81727798ee0771177009d84b04aad7",
+    "zh:857fa3e29cc25ace76556a5edfded41628a3380cebf457e627576a83084852f8",
+    "zh:85e1eb383372f834630fac7b02ec9ae1e33d24d61cf5a7d832583a16e6b5add4",
+    "zh:9dd01eb05ac73146ac5f25421b7683fe4bffec23e408162887e1265f9bfe8462",
+    "zh:b1561e1335754ec93a54f45c18dc1cab70f38bc08adf244d793791134f5641ef",
+    "zh:bb96f57b80e3d94ee4bc05a5450fdd796424272b46cfc67ff9d094d5316c5fac",
+    "zh:e4ce241d8b5dd1124dc0f1da6c0840ab777de8717dac6e76afbbad9883f5ce34",
+    "zh:f2b292e813844d6d611db89017fc420ac05f2e3b25324e3c893481d375e23396",
  ]
 }
--- a/deploy/api-gateway.tf
+++ b/deploy/api-gateway.tf
 resource "aws_api_gateway_rest_api" "main" {
  name        = "${local.prefix}-main"
  description = "Internet facing API in order to access Lambda for DynamoDB CRUD operations"
+  tags        = local.common_tags
 }

 resource "aws_api_gateway_resource" "access" {
@@ -56,6 +57,7 @@ resource "aws_lambda_permission" "crud" {
  # within the API Gateway REST API.
  source_arn = "${aws_api_gateway_rest_api.main.execution_arn}/*/*"
 }
+
 resource "aws_lambda_permission" "index" {
  statement_id  = "AllowAPIGatewayInvoke"
  action        = "lambda:InvokeFunction"
@@ -76,6 +78,7 @@ resource "aws_api_gateway_deployment" "main" {
  }

  rest_api_id = aws_api_gateway_rest_api.main.id
+
  lifecycle {
    create_before_destroy = true
  }
@@ -89,6 +92,10 @@ resource "aws_api_gateway_stage" "main" {
  tags                 = local.common_tags
 }

+output "api_endpoint" {
+  value = aws_api_gateway_stage.main.invoke_url
+}
+
 resource "aws_api_gateway_method_settings" "general_settings" {
  rest_api_id = aws_api_gateway_rest_api.main.id
  stage_name  = aws_api_gateway_stage.main.stage_name

--- a/deploy/dashboard.tf
+++ b/deploy/dashboard.tf
@@ -14,4 +14,4 @@ resource "aws_cloudwatch_dashboard" "main" {

 output "dashboard_json" {
  value = aws_cloudwatch_dashboard.main.dashboard_body
-}
\ No newline at end of file
+}
--- a/deploy/dynamodb.tf
+++ b/deploy/dynamodb.tf
@@ -2,8 +2,8 @@ resource "aws_dynamodb_table" "main" {
  name           = "${local.prefix}-main-db"
  hash_key       = "ID"
  billing_mode   = "PROVISIONED"
-  write_capacity = 5
-  read_capacity  = 5
+  read_capacity  = var.dynamodb_read_capacity
+  write_capacity = var.dynamodb_write_capacity

  attribute {
    name = "ID"
@@ -11,4 +11,8 @@ resource "aws_dynamodb_table" "main" {
  }

  tags = local.common_tags
+
+  lifecycle {
+    prevent_destroy = true
+  }
 }
--- a/deploy/outputs.tf
+++ b/deploy/outputs.tf
-output "api_endpoint" {
-  value = aws_api_gateway_stage.main.invoke_url
-}
\ No newline at end of file
--- a/deploy/variables.tf
+++ b/deploy/variables.tf
@@ -19,11 +19,19 @@ variable "aws_region" {
 }

 variable "slack_webhook_url" {
-  sensitive = true
  type      = string
+  sensitive = true
 }

 variable "sns_topic_name" {
-  default = "edebrye-cloudmon"
  type    = string
+  default = "edebrye-cloudmon"
+}
+
+variable "dynamodb_read_capacity" {
+  type = number
+}
+
+variable "dynamodb_write_capacity" {
+  type = number
 }
--- a/deploy/vars/staging.tfvars
+++ b/deploy/vars/staging.tfvars
+dynamodb_read_capacity  = 5
+dynamodb_write_capacity = 5
\ No newline at end of file