diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 41ca317c..2918fea6 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -21,8 +21,8 @@ jobs: env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - REACT_APP_API_ENDPOINT: https://api.dev.vigilant-sniffle.com/ + AWS_DEFAULT_REGION: eu-west-1 + REACT_APP_API_ENDPOINT: https://api.dev.oiretutka.fi/ run: | sudo apt-get install -y awscli npm install diff --git a/README.md b/README.md index d4b914f4..70d6812b 100644 --- a/README.md +++ b/README.md @@ -1 +1 @@ -# vigilant-sniffle \ No newline at end of file +# symptomradar diff --git a/frontend/package-lock.json b/frontend/package-lock.json index bca938f3..a3c4011c 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -1,5 +1,5 @@ { - "name": "vigilant-sniffle-frontend", + "name": "symptomradar-frontend", "version": "0.1.0", "lockfileVersion": 1, "requires": true, diff --git a/frontend/package.json b/frontend/package.json index eddbdc71..82e0ab55 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -1,5 +1,5 @@ { - "name": "vigilant-sniffle-frontend", + "name": "symptomradar-frontend", "version": "0.1.0", "private": true, "dependencies": { diff --git a/frontend/public/index.html b/frontend/public/index.html index 5665b87c..c6ca7e56 100644 --- a/frontend/public/index.html +++ b/frontend/public/index.html @@ -173,4 +173,4 @@

General information

- \ No newline at end of file + diff --git a/frontend/src/index.tsx b/frontend/src/index.tsx index 6359ef18..274ed798 100644 --- a/frontend/src/index.tsx +++ b/frontend/src/index.tsx @@ -1,3 +1,3 @@ import './index.css'; -console.log('vigilant-sniffle', { API_ENDPOINT: process.env.REACT_APP_API_ENDPOINT }); +console.log('symptomradar', { API_ENDPOINT: process.env.REACT_APP_API_ENDPOINT }); diff --git a/infra/README.md b/infra/README.md new file mode 100644 index 00000000..16686995 --- /dev/null +++ b/infra/README.md @@ -0,0 +1,13 @@ +# symptomradar infra + +1. Comment out `backend "s3"` +1. `terraform init` +1. `terraform apply -target aws_s3_bucket.terraform_state -target aws_dynamodb_table.terraform_state_lock` +1. Uncomment `backend "s3"` +1. `terraform init` +1. `terraform apply -target module.env_dev.aws_s3_bucket.backend_code -target aws_route53_zone.oiretutka_fi` +1. `./scripts/deploy-backend dev-tmp` (fails with an error about function missing; this is fine for now) +1. `terraform apply` +1. `./scripts/deploy-frontend dev-tmp` + +For reasons unknown, the Athena result bucket needs to be set manually, even if it's defined in the Terraform config. For the `dev` env for instance, it'd be `s3://symptomradar-dev-storage-results/`. diff --git a/infra/backend.tf b/infra/backend.tf index c815710a..89d98aae 100644 --- a/infra/backend.tf +++ b/infra/backend.tf @@ -30,10 +30,8 @@ resource "aws_dynamodb_table" "terraform_state_lock" { # IMPORTANT: Terraform doesn't allow variable interpolations here, so var.name_prefix needs to be hard-coded here terraform { backend "s3" { - profile = "vigilant-sniffle" - bucket = "vigilant-sniffle-terraform-state" + bucket = "symptomradar-terraform-state" key = "terraform" - region = "eu-central-1" - dynamodb_table = "vigilant-sniffle-terraform-state-lock" + dynamodb_table = "symptomradar-terraform-state-lock" } } diff --git a/infra/main.tf b/infra/main.tf index d9e72846..2d652bc9 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -1,6 +1,6 @@ # This is the DNS Zone to which we assume we can create DNS records -resource "aws_route53_zone" "vigilant_sniffle_com" { - name = "vigilant-sniffle.com" +resource "aws_route53_zone" "oiretutka_fi" { + name = "oiretutka.fi" tags = var.tags } diff --git a/infra/modules/aws_lambda_api/api_gateway_config.tf b/infra/modules/aws_lambda_api/api_gateway_config.tf index ec7ef34b..41b86d50 100644 --- a/infra/modules/aws_lambda_api/api_gateway_config.tf +++ b/infra/modules/aws_lambda_api/api_gateway_config.tf @@ -37,11 +37,12 @@ resource "aws_api_gateway_method_settings" "this" { resource "aws_api_gateway_domain_name" "this" { domain_name = var.api_domain - regional_certificate_arn = aws_acm_certificate_validation.this.certificate_arn + regional_certificate_arn = var.api_gateway_endpoint_config == "EDGE" ? null : aws_acm_certificate_validation.this.certificate_arn + certificate_arn = var.api_gateway_endpoint_config == "EDGE" ? aws_acm_certificate_validation.this.certificate_arn : null tags = var.tags endpoint_configuration { - types = ["REGIONAL"] + types = [var.api_gateway_endpoint_config] } } diff --git a/infra/modules/aws_lambda_api/certificate.tf b/infra/modules/aws_lambda_api/certificate.tf index 04d97721..dad50c55 100644 --- a/infra/modules/aws_lambda_api/certificate.tf +++ b/infra/modules/aws_lambda_api/certificate.tf @@ -1,6 +1,7 @@ # Generate a certificate for the domain automatically using ACM # https://www.terraform.io/docs/providers/aws/r/acm_certificate.html resource "aws_acm_certificate" "this" { + provider = aws.us_east_1 # because ACM is only available in the "us-east-1" region domain_name = var.api_domain validation_method = "DNS" # the required records are created below tags = var.tags @@ -17,6 +18,7 @@ resource "aws_route53_record" "cert_validation" { # Request a validation for the cert with ACM resource "aws_acm_certificate_validation" "this" { + provider = aws.us_east_1 # because ACM is only available in the "us-east-1" region certificate_arn = aws_acm_certificate.this.arn validation_record_fqdns = [aws_route53_record.cert_validation.fqdn] } diff --git a/infra/modules/aws_lambda_api/providers.tf b/infra/modules/aws_lambda_api/providers.tf new file mode 100644 index 00000000..4cf917b9 --- /dev/null +++ b/infra/modules/aws_lambda_api/providers.tf @@ -0,0 +1,4 @@ +# This alias is needed because ACM is only available in the "us-east-1" region +provider "aws" { + alias = "us_east_1" +} diff --git a/infra/modules/aws_lambda_api/route53.tf b/infra/modules/aws_lambda_api/route53.tf index 068b34b2..74051c0a 100644 --- a/infra/modules/aws_lambda_api/route53.tf +++ b/infra/modules/aws_lambda_api/route53.tf @@ -5,8 +5,8 @@ resource "aws_route53_record" "ipv4" { type = "A" alias { - name = aws_api_gateway_domain_name.this.regional_domain_name - zone_id = aws_api_gateway_domain_name.this.regional_zone_id + name = var.api_gateway_endpoint_config == "EDGE" ? aws_api_gateway_domain_name.this.cloudfront_domain_name : aws_api_gateway_domain_name.this.regional_domain_name + zone_id = var.api_gateway_endpoint_config == "EDGE" ? aws_api_gateway_domain_name.this.cloudfront_zone_id : aws_api_gateway_domain_name.this.regional_zone_id evaluate_target_health = false } } @@ -18,8 +18,8 @@ resource "aws_route53_record" "ipv6" { type = "AAAA" alias { - name = aws_api_gateway_domain_name.this.regional_domain_name - zone_id = aws_api_gateway_domain_name.this.regional_zone_id + name = var.api_gateway_endpoint_config == "EDGE" ? aws_api_gateway_domain_name.this.cloudfront_domain_name : aws_api_gateway_domain_name.this.regional_domain_name + zone_id = var.api_gateway_endpoint_config == "EDGE" ? aws_api_gateway_domain_name.this.cloudfront_zone_id : aws_api_gateway_domain_name.this.regional_zone_id evaluate_target_health = false } } diff --git a/infra/modules/aws_lambda_api/variables.tf b/infra/modules/aws_lambda_api/variables.tf index aa2258c7..f759b12d 100644 --- a/infra/modules/aws_lambda_api/variables.tf +++ b/infra/modules/aws_lambda_api/variables.tf @@ -72,6 +72,11 @@ variable "api_gateway_cloudwatch_metrics" { default = false } +variable "api_gateway_endpoint_config" { + description = "Either `\"EDGE\"`, `\"REGIONAL\"` or `\"PRIVATE\"`; see https://docs.aws.amazon.com/apigateway/latest/developerguide/create-regional-api.html" + default = "EDGE" +} + variable "tags" { description = "AWS Tags to add to all resources created (where possible); see https://aws.amazon.com/answers/account-management/aws-tagging-strategies/" type = map(string) diff --git a/infra/modules/main/backend.tf b/infra/modules/main/backend.tf index 8a1bdd5d..84204f95 100644 --- a/infra/modules/main/backend.tf +++ b/infra/modules/main/backend.tf @@ -11,7 +11,7 @@ module "backend_api" { name_prefix = "${var.name_prefix}-backend-api" tags = local.tags_backend - api_domain = "api.dev.vigilant-sniffle.com" + api_domain = "api.dev.oiretutka.fi" function_s3_bucket = aws_s3_bucket.backend_code.id function_zipfile = "backend-lambda.zip" function_handler = "index.apiEntrypoint" diff --git a/infra/modules/main/frontend.tf b/infra/modules/main/frontend.tf index e5b42a2d..773d7656 100644 --- a/infra/modules/main/frontend.tf +++ b/infra/modules/main/frontend.tf @@ -61,7 +61,7 @@ module "frontend" { origin_url = "http://${aws_s3_bucket.frontend_code.website_endpoint}/" # S3 website endpoints are only available over plain HTTP origin_custom_header_name = "User-Agent" # our S3 bucket will only allow requests containing this custom header origin_custom_header_value = random_string.s3_read_password.result # somewhat perplexingly, this is the "correct" way to ensure users can't bypass CloudFront on their way to S3 resources; https://abridge2devnull.com/posts/2018/01/restricting-access-to-a-cloudfront-s3-website-origin/ - site_domain = "dev.vigilant-sniffle.com" + site_domain = "dev.oiretutka.fi" viewer_https_only = true basic_auth_username = "dev" basic_auth_password = var.frontend_password diff --git a/infra/modules/main/storage.tf b/infra/modules/main/storage.tf index 94e487b4..db0913c3 100644 --- a/infra/modules/main/storage.tf +++ b/infra/modules/main/storage.tf @@ -4,9 +4,15 @@ resource "aws_s3_bucket" "storage" { tags = local.tags_storage } +# This bucket contains result files from Athena queries +resource "aws_s3_bucket" "storage_results" { + bucket = "${var.name_prefix}-storage-results" + tags = local.tags_storage +} + resource "aws_athena_database" "storage" { name = replace("${var.name_prefix}-storage", "/[^a-z0-9_]+/", "_") # only alphanumerics and underscores allowed here - bucket = aws_s3_bucket.storage.bucket + bucket = aws_s3_bucket.storage_results.id } locals { diff --git a/infra/providers.tf b/infra/providers.tf index f9c878fa..096541ef 100644 --- a/infra/providers.tf +++ b/infra/providers.tf @@ -1,14 +1,11 @@ provider "aws" { version = "~> 2.53" - profile = "vigilant-sniffle" - region = "eu-central-1" } # This alias is needed because ACM is only available in the "us-east-1" region provider "aws" { alias = "us_east_1" version = "~> 2.53" - profile = "vigilant-sniffle" region = "us-east-1" } diff --git a/infra/variables.tf b/infra/variables.tf index bdb3911b..da2895d6 100644 --- a/infra/variables.tf +++ b/infra/variables.tf @@ -1,6 +1,6 @@ variable "name_prefix" { description = "Name prefix to use for objects that need to be created (only lowercase alphanumeric characters and hyphens allowed, for S3 bucket name compatibility)" - default = "vigilant-sniffle" + default = "symptomradar" } variable "tags" { @@ -8,7 +8,7 @@ variable "tags" { type = map(string) default = { - Application = "vigilant-sniffle" + Application = "symptomradar" Environment = "infra" } } diff --git a/scripts/deploy-backend b/scripts/deploy-backend index 76193209..07a5aeee 100755 --- a/scripts/deploy-backend +++ b/scripts/deploy-backend @@ -34,14 +34,14 @@ BACKEND_DIR="$SELF_DIR/../backend" # Upload code to S3 aws s3 cp \ backend/dist/backend-lambda.zip \ - "s3://vigilant-sniffle-$1-backend-code/" + "s3://symptomradar-$1-backend-code/" # Let Lambda know function code has been updated aws lambda update-function-code \ - --function-name "vigilant-sniffle-$1-backend-api" \ - --s3-bucket "vigilant-sniffle-$1-backend-code" \ + --function-name "symptomradar-$1-backend-api" \ + --s3-bucket "symptomradar-$1-backend-code" \ --s3-key backend-lambda.zip aws lambda update-function-code \ - --function-name "vigilant-sniffle-$1-backend-worker" \ - --s3-bucket "vigilant-sniffle-$1-backend-code" \ + --function-name "symptomradar-$1-backend-worker" \ + --s3-bucket "symptomradar-$1-backend-code" \ --s3-key backend-lambda.zip diff --git a/scripts/deploy-frontend b/scripts/deploy-frontend index 63277a2b..63f8a9f4 100755 --- a/scripts/deploy-frontend +++ b/scripts/deploy-frontend @@ -22,12 +22,12 @@ FRONTEND_DIR="$SELF_DIR/../frontend" aws s3 cp \ --cache-control=max-age=86400 \ --recursive \ - frontend/build/static/ "s3://vigilant-sniffle-$1-frontend-code/static/" + frontend/build/static/ "s3://symptomradar-$1-frontend-code/static/" rm -rfv "$FRONTEND_DIR/build/static" # Upload & clean up files that need to be served fresh aws s3 cp \ --cache-control=no-store,must-revalidate \ --recursive \ - frontend/build/ "s3://vigilant-sniffle-$1-frontend-code/" + frontend/build/ "s3://symptomradar-$1-frontend-code/" rm -rfv "$FRONTEND_DIR/build"