search

cds-snc / simplify-privacy-statements-V2

starter-app repo based version of privacy app.
https://simplify-privacy-statements.alpha.canada.ca
MIT License
5 stars 1 forks source link

added lambda vpc access #242

Closed omartehsin1 closed 1 year ago

omartehsin1 commented 1 year ago

Summary | Résumé

Still getting permission denied errors for mounting the file system. added policy to allow lambda module to access EFS

github-actions[bot] commented 1 year ago

Production: efs

✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 0 to add, 0 to change, 0 to destroy
Show plan ```terraform Changes to Outputs: + aws_efs_file_system = "arn:aws:elasticfilesystem:ca-central-1:414662622316:file-system/fs-02e417f65f0b93510" You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_efs_access_point.efs_access_point"] WARN - plan.json - main - Missing Common Tags: ["aws_efs_file_system.generated_statement_efs"] 19 tests, 17 passed, 2 warnings, 0 failures, 0 exceptions ```
github-actions[bot] commented 1 year ago

Production: app

✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 4 to add, 0 to change, 0 to destroy
Show plan ```terraform Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_lambda_function_url.generated_statement_url will be created + resource "aws_lambda_function_url" "generated_statement_url" { + authorization_type = "NONE" + function_arn = (known after apply) + function_name = "generated_statement_lambda_function" + function_url = (known after apply) + id = (known after apply) + url_id = (known after apply) } # module.generated_statement_lambda.aws_iam_policy.policies[1] will be created + resource "aws_iam_policy" "policies" { + arn = (known after apply) + id = (known after apply) + name = "generated_statement_lambda_function-1" + path = "/" + policy = jsonencode( { + Statement = [ + { + Action = [ + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:ClientWrite", + "elasticfilesystem:ClientMount", ] + Effect = "Allow" + Resource = "" + Sid = "" }, ] + Version = "2012-10-17" } ) + policy_id = (known after apply) + tags = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } } # module.generated_statement_lambda.aws_iam_role_policy_attachment.attachments[1] will be created + resource "aws_iam_role_policy_attachment" "attachments" { + id = (known after apply) + policy_arn = (known after apply) + role = "generated_statement_lambda_function" } # module.generated_statement_lambda.aws_lambda_function.this will be created + resource "aws_lambda_function" "this" { + architectures = [ + "x86_64", ] + arn = (known after apply) + function_name = "generated_statement_lambda_function" + id = (known after apply) + image_uri = "414662622316.dkr.ecr.ca-central-1.amazonaws.com/privacy-statement-container:latest" + invoke_arn = (known after apply) + last_modified = (known after apply) + memory_size = 128 + package_type = "Image" + publish = false + qualified_arn = (known after apply) + qualified_invoke_arn = (known after apply) + reserved_concurrent_executions = -1 + role = "arn:aws:iam::414662622316:role/generated_statement_lambda_function" + signing_job_arn = (known after apply) + signing_profile_version_arn = (known after apply) + skip_destroy = false + source_code_hash = (known after apply) + source_code_size = (known after apply) + tags = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + tags_all = { + "CostCentre" = "simplify-privacy-statements-production" + "Terraform" = "true" } + timeout = 30 + version = (known after apply) + environment { + variables = { + "BINARY_CONTENT_TYPES" = "application/vnd.openxmlformats-officedocument.wordprocessingml.document" } } + ephemeral_storage { + size = 512 } + file_system_config { + arn = "arn:aws:elasticfilesystem:ca-central-1:414662622316:access-point/fsap-0f66b64c3791a5d33" + local_mount_path = "/mnt/access" } + tracing_config { + mode = "PassThrough" } + vpc_config { + security_group_ids = [ + "sg-033c29e939a74c39b", ] + subnet_ids = [ + "subnet-04892391188217b74", + "subnet-066c6b13009cc761a", + "subnet-0f0e20195a44b2a73", ] + vpc_id = (known after apply) } } Plan: 4 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```
Show Conftest results ```sh 18 tests, 18 passed, 0 warnings, 0 failures, 0 exceptions ```