search

cds-snc / simplify-privacy-statements-V2

starter-app repo based version of privacy app.
https://simplify-privacy-statements.alpha.canada.ca
MIT License
5 stars 1 forks source link

Feat/lambda module #232

Closed omartehsin1 closed 1 year ago

omartehsin1 commented 1 year ago

Summary | Résumé

Added the Lambda Module, the function URL will serve as our endpoint

github-actions[bot] commented 1 year ago

Production: ecr

✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 0 to add, 0 to change, 0 to destroy
Show plan ```terraform Changes to Outputs: + aws_ecr_repository_arn = "arn:aws:ecr:ca-central-1:414662622316:repository/privacy-statement-container" + aws_ecr_repository_url = "414662622316.dkr.ecr.ca-central-1.amazonaws.com/privacy-statement-container" - ecr_url = "414662622316.dkr.ecr.ca-central-1.amazonaws.com/privacy-statement-container" -> null You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.privacy_statement_container"] 18 tests, 17 passed, 1 warning, 0 failures, 0 exceptions ```
github-actions[bot] commented 1 year ago

Production: efs

✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 1 to add, 0 to change, 0 to destroy
Show plan ```terraform Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_efs_mount_target.efs_mount will be created + resource "aws_efs_mount_target" "efs_mount" { + availability_zone_id = (known after apply) + availability_zone_name = (known after apply) + dns_name = (known after apply) + file_system_arn = (known after apply) + file_system_id = "fs-02e417f65f0b93510" + id = (known after apply) + ip_address = (known after apply) + mount_target_dns_name = (known after apply) + network_interface_id = (known after apply) + owner_id = (known after apply) + security_groups = [ + "sg-033c29e939a74c39b", ] + subnet_id = jsonencode( [ + "subnet-066c6b13009cc761a", + "subnet-0f0e20195a44b2a73", + "subnet-04892391188217b74", ] ) } Plan: 1 to add, 0 to change, 0 to destroy. Changes to Outputs: + aws_efs_access_point = "arn:aws:elasticfilesystem:ca-central-1:414662622316:access-point/fsap-0f66b64c3791a5d33" ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_efs_access_point.efs_access_point"] WARN - plan.json - main - Missing Common Tags: ["aws_efs_file_system.generated_statement_efs"] 19 tests, 17 passed, 2 warnings, 0 failures, 0 exceptions ```
github-actions[bot] commented 1 year ago

Production: app

✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 8 to add, 0 to change, 0 to destroy
Show plan ```terraform Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_lambda_function_url.generated_statement_url will be created + resource "aws_lambda_function_url" "generated_statement_url" { + authorization_type = "NONE" + function_arn = (known after apply) + function_name = "generated_statement_lambda_function" + function_url = (known after apply) + id = (known after apply) + url_id = (known after apply) } # module.generated_statement_lambda.aws_cloudwatch_log_group.this will be created + resource "aws_cloudwatch_log_group" "this" { + arn = (known after apply) + id = (known after apply) + name = "/aws/lambda/generated_statement_lambda_function" + name_prefix = (known after apply) + retention_in_days = 14 + skip_destroy = false + tags = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } } # module.generated_statement_lambda.aws_iam_policy.vpc_policies[0] will be created + resource "aws_iam_policy" "vpc_policies" { + arn = (known after apply) + id = (known after apply) + name = "generated_statement_lambda_function_vpc" + path = "/" + policy = jsonencode( { + Statement = [ + { + Action = [ + "ecr:GetDownloadUrlForlayer", + "ecr:BatchGetImage", ] + Effect = "Allow" + Resource = "" + Sid = "ECRImageAccess" }, ] + Version = "2012-10-17" } ) + policy_id = (known after apply) + tags = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } } # module.generated_statement_lambda.aws_iam_role.this will be created + resource "aws_iam_role" "this" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "lambda.amazonaws.com" } + Sid = "" }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 3600 + name = "generated_statement_lambda_function" + name_prefix = (known after apply) + path = "/" + tags = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + unique_id = (known after apply) + inline_policy { + name = (known after apply) + policy = (known after apply) } } # module.generated_statement_lambda.aws_iam_role_policy_attachment.AWSLambdaVPCAccessExecutionRole[0] will be created + resource "aws_iam_role_policy_attachment" "AWSLambdaVPCAccessExecutionRole" { + id = (known after apply) + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + role = "generated_statement_lambda_function" } # module.generated_statement_lambda.aws_iam_role_policy_attachment.lambda_insights[0] will be created + resource "aws_iam_role_policy_attachment" "lambda_insights" { + id = (known after apply) + policy_arn = "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy" + role = "generated_statement_lambda_function" } # module.generated_statement_lambda.aws_iam_role_policy_attachment.vpc_policies[0] will be created + resource "aws_iam_role_policy_attachment" "vpc_policies" { + id = (known after apply) + policy_arn = (known after apply) + role = "generated_statement_lambda_function" } # module.generated_statement_lambda.aws_lambda_function.this will be created + resource "aws_lambda_function" "this" { + architectures = [ + "x86_64", ] + arn = (known after apply) + function_name = "generated_statement_lambda_function" + id = (known after apply) + image_uri = ":latest" + invoke_arn = (known after apply) + last_modified = (known after apply) + memory_size = 128 + package_type = "Image" + publish = false + qualified_arn = (known after apply) + qualified_invoke_arn = (known after apply) + reserved_concurrent_executions = -1 + role = (known after apply) + signing_job_arn = (known after apply) + signing_profile_version_arn = (known after apply) + skip_destroy = false + source_code_hash = (known after apply) + source_code_size = (known after apply) + tags = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + timeout = 30 + version = (known after apply) + environment { + variables = { + "BINARY_CONTENT_TYPES" = "application/vnd.openxmlformats-officedocument.wordprocessingml.document" } } + ephemeral_storage { + size = 512 } + file_system_config { + local_mount_path = "/mnt/access" } + tracing_config { + mode = "PassThrough" } + vpc_config { + security_group_ids = [ + "sg-033c29e939a74c39b", ] + subnet_ids = [ + jsonencode( [ + "subnet-066c6b13009cc761a", + "subnet-0f0e20195a44b2a73", + "subnet-04892391188217b74", ] ), ] + vpc_id = (known after apply) } } Plan: 8 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```
Show Conftest results ```sh 18 tests, 18 passed, 0 warnings, 0 failures, 0 exceptions ```