diff --git a/.gitignore b/.gitignore index 91af6b42..744e2f1d 100644 --- a/.gitignore +++ b/.gitignore @@ -19,6 +19,7 @@ examples/quickstart/minio/* .terraform.lock.hcl .terraform.tfstate.lock* terraform.* +backend.tf build/buz *.build target/* diff --git a/deploy/terraform/aws/lambda/locals.tf b/deploy/terraform/aws/lambda/locals.tf index 5035baba..513868e9 100644 --- a/deploy/terraform/aws/lambda/locals.tf +++ b/deploy/terraform/aws/lambda/locals.tf @@ -1,19 +1,19 @@ locals { - domain_parts = split(".", var.buz_domain) - cookie_domain = join(".", slice(local.domain_parts, 1, length(local.domain_parts))) # Assumes Buz is running on a subdomain and the cookie should be on root - buz_debug_var = "DEBUG" - buz_config_var = "BUZ_CONFIG_PATH" - buz_config_path = "/etc/buz/config.yml" - system_env_base = "${var.system}-${var.env}-" - artifact_repository = "${local.system_env_base}img" - image = "buz:${var.buz_version}" - buz_source_image = "ghcr.io/silverton-io/${local.image}" - service_name = "${local.system_env_base}collector" - config = "${local.system_env_base}config" - schema_bucket = "${local.system_env_base}${var.schema_bucket_name}" - events_bucket = "${local.system_env_base}${var.events_bucket_name}" - default_output = "buz_events" - deadletter_output = "buz_invalid_events" + domain_parts = split(".", var.buz_domain) + cookie_domain = join(".", slice(local.domain_parts, 1, length(local.domain_parts))) # Assumes Buz is running on a subdomain and the cookie should be on root + buz_debug_var = "DEBUG" + buz_config_var = "BUZ_CONFIG_PATH" + buz_config_path = "/etc/buz/config.yml" + system_env_base = "${var.system}-${var.env}-" + artifact_repository = "${local.system_env_base}img" + image = "buz:${var.buz_version}" + buz_source_image = "${var.buz_image_repo}/${local.image}" + service_name = "${local.system_env_base}collector" + config = "${local.system_env_base}config" + schema_bucket = "${local.system_env_base}${var.schema_bucket_name}" + events_bucket = "${local.system_env_base}${var.events_bucket_name}" + default_output = "buz_events" + deadletter_output = "buz_invalid_events" metadata_extraction_params = "{isValid:.isValid,vendor:.vendor,namespace:.namespace,version:.version}" - s3_dynamic_prefix = "isValid=!{partitionKeyFromQuery:isValid}/vendor=!{partitionKeyFromQuery:vendor}/namespace=!{partitionKeyFromQuery:namespace}/version=!{partitionKeyFromQuery:version}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/" + s3_dynamic_prefix = "isValid=!{partitionKeyFromQuery:isValid}/vendor=!{partitionKeyFromQuery:vendor}/namespace=!{partitionKeyFromQuery:namespace}/version=!{partitionKeyFromQuery:version}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/" } diff --git a/deploy/terraform/aws/lambda/main.tf b/deploy/terraform/aws/lambda/main.tf index d8f6dd54..f1fa2240 100644 --- a/deploy/terraform/aws/lambda/main.tf +++ b/deploy/terraform/aws/lambda/main.tf @@ -139,7 +139,7 @@ data "aws_ecr_image" "buz_image" { resource "null_resource" "configure_docker" { triggers = { - build_number = var.buz_version + always_run = timestamp() } provisioner "local-exec" { command = "aws ecr get-login-password --region ${var.aws_region} | docker login --username AWS --password-stdin ${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.aws_region}.amazonaws.com" @@ -228,6 +228,14 @@ resource "aws_cloudwatch_log_group" "buz" { } } +data "aws_cloudfront_origin_request_policy" "buz" { + name = "Managed-AllViewerExceptHostHeader" +} + +data "aws_cloudfront_cache_policy" "buz" { + name = "Managed-CachingDisabled" +} + resource "aws_cloudfront_distribution" "buz" { enabled = true is_ipv6_enabled = true @@ -248,25 +256,20 @@ resource "aws_cloudfront_distribution" "buz" { } default_cache_behavior { - viewer_protocol_policy = "redirect-to-https" - min_ttl = 0 - default_ttl = 3600 - max_ttl = 86400 - target_origin_id = replace(replace(aws_lambda_function_url.buz.function_url, "https://", ""), "/", "") - allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"] - cached_methods = ["HEAD", "GET"] - forwarded_values { - query_string = true - cookies { - forward = "all" - } - } + viewer_protocol_policy = "redirect-to-https" + min_ttl = 0 + default_ttl = 3600 + max_ttl = 86400 + target_origin_id = replace(replace(aws_lambda_function_url.buz.function_url, "https://", ""), "/", "") + allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"] + cached_methods = ["HEAD", "GET"] + origin_request_policy_id = data.aws_cloudfront_origin_request_policy.buz.id + cache_policy_id = data.aws_cloudfront_cache_policy.buz.id } restrictions { geo_restriction { - restriction_type = "whitelist" - locations = ["US", "CA", "GB", "DE"] + restriction_type = "none" } } diff --git a/deploy/terraform/aws/lambda/provider.tf b/deploy/terraform/aws/lambda/provider.tf index 57b4a077..cb527a3d 100644 --- a/deploy/terraform/aws/lambda/provider.tf +++ b/deploy/terraform/aws/lambda/provider.tf @@ -10,5 +10,6 @@ terraform { } provider "aws" { - region = var.aws_region -} \ No newline at end of file + region = var.aws_region + profile = var.aws_profile +} diff --git a/deploy/terraform/aws/lambda/variables.tf b/deploy/terraform/aws/lambda/variables.tf index 80f1ec38..9d602745 100644 --- a/deploy/terraform/aws/lambda/variables.tf +++ b/deploy/terraform/aws/lambda/variables.tf @@ -4,6 +4,12 @@ variable "aws_region" { default = "us-east-1" } +variable "aws_profile" { + description = "AWS Profile" + type = string + default = "default" +} + variable "system" { description = "The name of the Buz implementation. \n\nExample: buz" type = string @@ -26,6 +32,12 @@ variable "buz_domain" { type = string } +variable "buz_image_repo" { + description = "The Buz image repository" + type = string + default = "ghcr.io/silverton-io" +} + variable "buz_version" { description = "The version of Buz to run." type = string