Merge pull request #16 from futurice/rename-project

Rename project
futurice · Mar 23, 2020 · 0c8ec7d · 0c8ec7d
2 parents bb91a60 + 0e80316
commit 0c8ec7d
Show file tree

Hide file tree

Showing 21 changed files with 60 additions and 34 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -21,8 +21,8 @@ jobs:
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
-          REACT_APP_API_ENDPOINT: https://api.dev.vigilant-sniffle.com/
+          AWS_DEFAULT_REGION: eu-west-1
+          REACT_APP_API_ENDPOINT: https://api.dev.oiretutka.fi/
         run: |
           sudo apt-get install -y awscli
           npm install

diff --git a/README.md b/README.md
@@ -1 +1 @@
-# vigilant-sniffle
+# symptomradar
diff --git a/frontend/package-lock.json b/frontend/package-lock.json
diff --git a/frontend/package.json b/frontend/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "vigilant-sniffle-frontend",
+  "name": "symptomradar-frontend",
   "version": "0.1.0",
   "private": true,
   "dependencies": {

diff --git a/frontend/public/index.html b/frontend/public/index.html
@@ -173,4 +173,4 @@ <h2 class="question-group-title">General information</h2>
   </main>
 </body>
 
-</html>
+</html>
diff --git a/frontend/src/index.tsx b/frontend/src/index.tsx
@@ -1,3 +1,3 @@
 import './index.css';
 
-console.log('vigilant-sniffle', { API_ENDPOINT: process.env.REACT_APP_API_ENDPOINT });
+console.log('symptomradar', { API_ENDPOINT: process.env.REACT_APP_API_ENDPOINT });
diff --git a/infra/README.md b/infra/README.md
@@ -0,0 +1,13 @@
+# symptomradar infra
+
+1. Comment out `backend "s3"`
+1. `terraform init`
+1. `terraform apply -target aws_s3_bucket.terraform_state -target aws_dynamodb_table.terraform_state_lock`
+1. Uncomment `backend "s3"`
+1. `terraform init`
+1. `terraform apply -target module.env_dev.aws_s3_bucket.backend_code -target aws_route53_zone.oiretutka_fi`
+1. `./scripts/deploy-backend dev-tmp` (fails with an error about function missing; this is fine for now)
+1. `terraform apply`
+1. `./scripts/deploy-frontend dev-tmp`
+
+For reasons unknown, the Athena result bucket needs to be set manually, even if it's defined in the Terraform config. For the `dev` env for instance, it'd be `s3://symptomradar-dev-storage-results/`.
diff --git a/infra/backend.tf b/infra/backend.tf
@@ -30,10 +30,8 @@ resource "aws_dynamodb_table" "terraform_state_lock" {
 # IMPORTANT: Terraform doesn't allow variable interpolations here, so var.name_prefix needs to be hard-coded here
 terraform {
   backend "s3" {
-    profile        = "vigilant-sniffle"
-    bucket         = "vigilant-sniffle-terraform-state"
+    bucket         = "symptomradar-terraform-state"
     key            = "terraform"
-    region         = "eu-central-1"
-    dynamodb_table = "vigilant-sniffle-terraform-state-lock"
+    dynamodb_table = "symptomradar-terraform-state-lock"
   }
 }
diff --git a/infra/main.tf b/infra/main.tf
@@ -1,6 +1,6 @@
 # This is the DNS Zone to which we assume we can create DNS records
-resource "aws_route53_zone" "vigilant_sniffle_com" {
-  name = "vigilant-sniffle.com"
+resource "aws_route53_zone" "oiretutka_fi" {
+  name = "oiretutka.fi"
   tags = var.tags
 }
 

diff --git a/infra/modules/aws_lambda_api/api_gateway_config.tf b/infra/modules/aws_lambda_api/api_gateway_config.tf
@@ -37,11 +37,12 @@ resource "aws_api_gateway_method_settings" "this" {
 
 resource "aws_api_gateway_domain_name" "this" {
   domain_name              = var.api_domain
-  regional_certificate_arn = aws_acm_certificate_validation.this.certificate_arn
+  regional_certificate_arn = var.api_gateway_endpoint_config == "EDGE" ? null : aws_acm_certificate_validation.this.certificate_arn
+  certificate_arn          = var.api_gateway_endpoint_config == "EDGE" ? aws_acm_certificate_validation.this.certificate_arn : null
   tags                     = var.tags
 
   endpoint_configuration {
-    types = ["REGIONAL"]
+    types = [var.api_gateway_endpoint_config]
   }
 }
 

diff --git a/infra/modules/aws_lambda_api/certificate.tf b/infra/modules/aws_lambda_api/certificate.tf
@@ -1,6 +1,7 @@
 # Generate a certificate for the domain automatically using ACM
 # https://www.terraform.io/docs/providers/aws/r/acm_certificate.html
 resource "aws_acm_certificate" "this" {
+  provider          = aws.us_east_1 # because ACM is only available in the "us-east-1" region
   domain_name       = var.api_domain
   validation_method = "DNS" # the required records are created below
   tags              = var.tags
@@ -17,6 +18,7 @@ resource "aws_route53_record" "cert_validation" {
 
 # Request a validation for the cert with ACM
 resource "aws_acm_certificate_validation" "this" {
+  provider                = aws.us_east_1 # because ACM is only available in the "us-east-1" region
   certificate_arn         = aws_acm_certificate.this.arn
   validation_record_fqdns = [aws_route53_record.cert_validation.fqdn]
 }

diff --git a/infra/modules/aws_lambda_api/providers.tf b/infra/modules/aws_lambda_api/providers.tf
@@ -0,0 +1,4 @@
+# This alias is needed because ACM is only available in the "us-east-1" region
+provider "aws" {
+  alias = "us_east_1"
+}
diff --git a/infra/modules/aws_lambda_api/route53.tf b/infra/modules/aws_lambda_api/route53.tf
@@ -5,8 +5,8 @@ resource "aws_route53_record" "ipv4" {
   type    = "A"
 
   alias {
-    name                   = aws_api_gateway_domain_name.this.regional_domain_name
-    zone_id                = aws_api_gateway_domain_name.this.regional_zone_id
+    name                   = var.api_gateway_endpoint_config == "EDGE" ? aws_api_gateway_domain_name.this.cloudfront_domain_name : aws_api_gateway_domain_name.this.regional_domain_name
+    zone_id                = var.api_gateway_endpoint_config == "EDGE" ? aws_api_gateway_domain_name.this.cloudfront_zone_id : aws_api_gateway_domain_name.this.regional_zone_id
     evaluate_target_health = false
   }
 }
@@ -18,8 +18,8 @@ resource "aws_route53_record" "ipv6" {
   type    = "AAAA"
 
   alias {
-    name                   = aws_api_gateway_domain_name.this.regional_domain_name
-    zone_id                = aws_api_gateway_domain_name.this.regional_zone_id
+    name                   = var.api_gateway_endpoint_config == "EDGE" ? aws_api_gateway_domain_name.this.cloudfront_domain_name : aws_api_gateway_domain_name.this.regional_domain_name
+    zone_id                = var.api_gateway_endpoint_config == "EDGE" ? aws_api_gateway_domain_name.this.cloudfront_zone_id : aws_api_gateway_domain_name.this.regional_zone_id
     evaluate_target_health = false
   }
 }
diff --git a/infra/modules/aws_lambda_api/variables.tf b/infra/modules/aws_lambda_api/variables.tf
@@ -72,6 +72,11 @@ variable "api_gateway_cloudwatch_metrics" {
   default     = false
 }
 
+variable "api_gateway_endpoint_config" {
+  description = "Either `\"EDGE\"`, `\"REGIONAL\"` or `\"PRIVATE\"`; see https://docs.aws.amazon.com/apigateway/latest/developerguide/create-regional-api.html"
+  default     = "EDGE"
+}
+
 variable "tags" {
   description = "AWS Tags to add to all resources created (where possible); see https://aws.amazon.com/answers/account-management/aws-tagging-strategies/"
   type        = map(string)

diff --git a/infra/modules/main/backend.tf b/infra/modules/main/backend.tf
@@ -11,7 +11,7 @@ module "backend_api" {
 
   name_prefix            = "${var.name_prefix}-backend-api"
   tags                   = local.tags_backend
-  api_domain             = "api.dev.vigilant-sniffle.com"
+  api_domain             = "api.dev.oiretutka.fi"
   function_s3_bucket     = aws_s3_bucket.backend_code.id
   function_zipfile       = "backend-lambda.zip"
   function_handler       = "index.apiEntrypoint"

diff --git a/infra/modules/main/frontend.tf b/infra/modules/main/frontend.tf
@@ -61,7 +61,7 @@ module "frontend" {
   origin_url                 = "http://${aws_s3_bucket.frontend_code.website_endpoint}/" # S3 website endpoints are only available over plain HTTP
   origin_custom_header_name  = "User-Agent"                                              # our S3 bucket will only allow requests containing this custom header
   origin_custom_header_value = random_string.s3_read_password.result                     # somewhat perplexingly, this is the "correct" way to ensure users can't bypass CloudFront on their way to S3 resources; https://abridge2devnull.com/posts/2018/01/restricting-access-to-a-cloudfront-s3-website-origin/
-  site_domain                = "dev.vigilant-sniffle.com"
+  site_domain                = "dev.oiretutka.fi"
   viewer_https_only          = true
   basic_auth_username        = "dev"
   basic_auth_password        = var.frontend_password

diff --git a/infra/modules/main/storage.tf b/infra/modules/main/storage.tf
@@ -4,9 +4,15 @@ resource "aws_s3_bucket" "storage" {
   tags   = local.tags_storage
 }
 
+# This bucket contains result files from Athena queries
+resource "aws_s3_bucket" "storage_results" {
+  bucket = "${var.name_prefix}-storage-results"
+  tags   = local.tags_storage
+}
+
 resource "aws_athena_database" "storage" {
   name   = replace("${var.name_prefix}-storage", "/[^a-z0-9_]+/", "_") # only alphanumerics and underscores allowed here
-  bucket = aws_s3_bucket.storage.bucket
+  bucket = aws_s3_bucket.storage_results.id
 }
 
 locals {

diff --git a/infra/providers.tf b/infra/providers.tf
@@ -1,14 +1,11 @@
 provider "aws" {
   version = "~> 2.53"
-  profile = "vigilant-sniffle"
-  region  = "eu-central-1"
 }
 
 # This alias is needed because ACM is only available in the "us-east-1" region
 provider "aws" {
   alias   = "us_east_1"
   version = "~> 2.53"
-  profile = "vigilant-sniffle"
   region  = "us-east-1"
 }
 

diff --git a/infra/variables.tf b/infra/variables.tf
@@ -1,14 +1,14 @@
 variable "name_prefix" {
   description = "Name prefix to use for objects that need to be created (only lowercase alphanumeric characters and hyphens allowed, for S3 bucket name compatibility)"
-  default     = "vigilant-sniffle"
+  default     = "symptomradar"
 }
 
 variable "tags" {
   description = "AWS Tags to add to all resources created (where possible); see https://aws.amazon.com/answers/account-management/aws-tagging-strategies/"
   type        = map(string)
 
   default = {
-    Application = "vigilant-sniffle"
+    Application = "symptomradar"
     Environment = "infra"
   }
 }

diff --git a/scripts/deploy-backend b/scripts/deploy-backend
@@ -34,14 +34,14 @@ BACKEND_DIR="$SELF_DIR/../backend"
 # Upload code to S3
 aws s3 cp \
   backend/dist/backend-lambda.zip \
-  "s3://vigilant-sniffle-$1-backend-code/"
+  "s3://symptomradar-$1-backend-code/"
 
 # Let Lambda know function code has been updated
 aws lambda update-function-code \
-  --function-name "vigilant-sniffle-$1-backend-api" \
-  --s3-bucket "vigilant-sniffle-$1-backend-code" \
+  --function-name "symptomradar-$1-backend-api" \
+  --s3-bucket "symptomradar-$1-backend-code" \
   --s3-key backend-lambda.zip
 aws lambda update-function-code \
-  --function-name "vigilant-sniffle-$1-backend-worker" \
-  --s3-bucket "vigilant-sniffle-$1-backend-code" \
+  --function-name "symptomradar-$1-backend-worker" \
+  --s3-bucket "symptomradar-$1-backend-code" \
   --s3-key backend-lambda.zip
diff --git a/scripts/deploy-frontend b/scripts/deploy-frontend
@@ -22,12 +22,12 @@ FRONTEND_DIR="$SELF_DIR/../frontend"
 aws s3 cp \
   --cache-control=max-age=86400 \
   --recursive \
-  frontend/build/static/ "s3://vigilant-sniffle-$1-frontend-code/static/"
+  frontend/build/static/ "s3://symptomradar-$1-frontend-code/static/"
 rm -rfv "$FRONTEND_DIR/build/static"
 
 # Upload & clean up files that need to be served fresh
 aws s3 cp \
   --cache-control=no-store,must-revalidate \
   --recursive \
-  frontend/build/ "s3://vigilant-sniffle-$1-frontend-code/"
+  frontend/build/ "s3://symptomradar-$1-frontend-code/"
 rm -rfv "$FRONTEND_DIR/build"
-Original file line number
+Diff line change
@@ Expand Up / @@ -173,4 +173,4 @@ <h2 class="question-group-title">General information</h2> @@
       </main>
     </body>
-    </html>
+    </html>