feat: operate across different regions

CHANGELOG.md

@@ -1,3 +1,8 @@
+## [1.1.0](https://github.com/ReasonSoftware/security-group-manager/releases/tag/v1.1.0) - 2021-01-05
+### Added
+- Variable `OPERATIONAL_REGION` to contain an AWS region with a target Security Group
+- Variable `SECRET_REGION` to contain an AWS region with a source **whitelist** Secret (*Secrets Manager*)
+
 ## [1.0.2](https://github.com/ReasonSoftware/security-group-manager/releases/tag/v1.0.2) - 2021-01-03
 ### Changed
 - Upgrade dependencies

Makefile

@@ -1,13 +1,14 @@
-# global
-BINARY := $(notdir $(CURDIR))
 GO_BIN_DIR := $(GOPATH)/bin
 
-# unit tests
 test: lint
 	@echo "unit testing..."
 	@go test -v $$(go list ./... | grep -v vendor | grep -v mocks) -race -coverprofile=coverage.txt -covermode=atomic
 
-# lint
+GO_LINTER := $(GO_BIN_DIR)/golangci-lint
+$(GO_LINTER):
+	@echo "installing linter..."
+	go get -u github.com/golangci/golangci-lint/cmd/golangci-lint
+
 .PHONY: lint
 lint: $(GO_LINTER)
 	@echo "vendoring..."
@@ -16,25 +17,6 @@ lint: $(GO_LINTER)
 	@echo "linting..."
 	@golangci-lint run ./...
 
-# initialize
-.PHONY: init
-init:
-	@rm -f go.mod
-	@rm -f go.sum
-	@rm -rf ./vendor
-	@go mod init $$(pwd | awk -F'/' '{print "github.com/"$$(NF-1)"/"$$NF}')
-
-# linter
-GO_LINTER := $(GO_BIN_DIR)/golangci-lint
-$(GO_LINTER):
-	@echo "installing linter..."
-	go get -u github.com/golangci/golangci-lint/cmd/golangci-lint
-
-.PHONY: release
-release: test
-	@GOOS=linux GOARCH=amd64 go build -o $(BINARY)
-	serverless deploy --stage prod
-
 .PHONY: codecov
 codecov: test
 	@go tool cover -html=coverage.txt

README.md

@@ -89,6 +89,8 @@ Tag a security group with `<protocol-name>=managed` that matches of the protocol
 
     - `DEBUG=true` - Enable verbose logs
     - `LOCAL=true` - Toggle to execute outside of AWS Lambda environment (useful during local development)
+    - `OPERATIONAL_REGION=<region>` - Region in which lambda should manage the security groups. This allows to manage multiple regions from multiple lambdas deployed in a single region (default: `us-east-1`)
+    - `SECRET_REGION=<region>` - **Secrets Manager** region in which a *whitelist* secret is created. Allows to maintain a single *source of truth* for lambdas deployed in multiple regions (default: `us-east-1`)
 
     </details>
 

main.go

@@ -5,6 +5,7 @@ import (
 	"strings"
 
 	"github.com/aws/aws-lambda-go/lambda"
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/ec2"
 	"github.com/aws/aws-sdk-go/service/secretsmanager"
@@ -43,9 +44,18 @@ func init() {
 	}
 
 	// validate input
-	if os.Getenv("AWS_REGION") == "" {
-		log.Warn("env.var 'AWS_REGION' is not set, assuming 'us-east-1'")
-		os.Setenv("AWS_REGION", "us-east-1")
+	ec2Region := "us-east-1"
+	smRegion := "us-east-1"
+	if os.Getenv("OPERATIONAL_REGION") != "" {
+		ec2Region = os.Getenv("OPERATIONAL_REGION")
+	} else {
+		log.Warn("env.var 'OPERATIONAL_REGION' is not set, assuming 'us-east-1'")
+	}
+
+	if os.Getenv("SECRET_REGION") != "" {
+		smRegion = os.Getenv("SECRET_REGION")
+	} else {
+		log.Warn("env.var 'SECRET_REGION' is not set, assuming 'us-east-1'")
 	}
 
 	if os.Getenv("SECRET") == "" {
@@ -55,9 +65,12 @@ func init() {
 	Secret = os.Getenv("SECRET")
 
 	// define clients
-	s := session.Must(session.NewSession())
-	Cli = ec2.New(s)
-	SCli = secretsmanager.New(s)
+	Cli = ec2.New(session.Must(session.NewSession(&aws.Config{
+		Region: &ec2Region,
+	})))
+	SCli = secretsmanager.New(session.Must(session.NewSession(&aws.Config{
+		Region: &smRegion,
+	})))
 
 	// get initial config
 	log.Debug("fetching configuration")
@@ -69,7 +82,7 @@ func init() {
 }
 
 func handler() {
-	log.Info("security-group-manager v1.0.2")
+	log.Info("security-group-manager v1.1.0")
 
 	if err := Config.Run(Cli); err != nil {
 		log.Fatal(err)