Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ねこ画像判定用API用のリソースを作成 #74

Merged
merged 6 commits into from
Apr 23, 2022
Merged

ねこ画像判定用API用のリソースを作成 #74

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
262e32c
:construction: #36
keitakn Apr 22, 2022
83755b4
:sparkles: #36 ステージング環境にlgtm-cat-image-recognition-apiのリソースを作成
keitakn Apr 22, 2022
a62554b
:sparkles: #36 本番環境にlgtm-cat-image-recognition-apiのリソースを追加
keitakn Apr 22, 2022
39f15e3
:sparkles: #36 ステージング用のlgtm-cat-image-recognition-apiを独自ドメインでアクセス出来るよ…
keitakn Apr 22, 2022
3e81507
:sparkles: #36 本番環境のlgtm-cat-image-recognition-apiに独自ドメインでアクセス出来る設定を追加
keitakn Apr 22, 2022
faa4ddb
:memo: #36 依存関係が複雑になっているので、READMEにlgtm-cat-image-recognitionとの依存関係を追記
keitakn Apr 22, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions modules/aws/api-gateway/http-api.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,3 +63,19 @@ resource "aws_apigatewayv2_api_mapping" "api" {
stage = "$default"
domain_name = aws_apigatewayv2_domain_name.api.domain_name
}

resource "aws_apigatewayv2_domain_name" "image_recognition_api" {
domain_name = var.image_recognition_api_gateway_domain_name

domain_name_configuration {
certificate_arn = var.certificate_arn
endpoint_type = "REGIONAL"
security_policy = "TLS_1_2"
}
}

resource "aws_apigatewayv2_api_mapping" "image_recognition_api" {
api_id = var.image_recognition_api_gateway_id
stage = "$default"
domain_name = aws_apigatewayv2_domain_name.image_recognition_api.domain_name
}
12 changes: 12 additions & 0 deletions modules/aws/api-gateway/route53.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,15 @@ resource "aws_route53_record" "apigateway" {
evaluate_target_health = false
}
}

resource "aws_route53_record" "image_recognition_api" {
zone_id = var.zone_id
name = aws_apigatewayv2_domain_name.image_recognition_api.domain_name
type = "A"

alias {
name = aws_apigatewayv2_domain_name.image_recognition_api.domain_name_configuration.0.target_domain_name
zone_id = aws_apigatewayv2_domain_name.image_recognition_api.domain_name_configuration.0.hosted_zone_id
evaluate_target_health = false
}
}
8 changes: 8 additions & 0 deletions modules/aws/api-gateway/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,11 @@ variable "lgtm_cat_bff_client_id" {
variable "api_allow_origins" {
type = list(string)
}

variable "image_recognition_api_gateway_id" {
type = string
}

variable "image_recognition_api_gateway_domain_name" {
type = string
}
15 changes: 14 additions & 1 deletion modules/aws/cognito/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,19 @@ resource "aws_cognito_resource_server" "lgtm_cat_api" {
user_pool_id = aws_cognito_user_pool.user_pool.id
}

// https://github.com/nekochans/lgtm-cat-image-recognition に定義されているAPIはこのscopeによって保護する
resource "aws_cognito_resource_server" "lgtm_cat_image_recognition_api" {
name = var.lgtm_cat_image_recognition_api_resource_server_name
identifier = var.lgtm_cat_image_recognition_api_resource_server_identifier

scope {
scope_description = "lgtm-cat-image-recognitionに定義されているAPIを全て利用出来る権限。"
scope_name = "all"
}

user_pool_id = aws_cognito_user_pool.user_pool.id
}

// https://github.com/nekochans/lgtm-cat-frontend のサーバーサイド部分でのみ利用する
resource "aws_cognito_user_pool_client" "lgtm_cat_bff_client" {
name = var.lgtm_cat_bff_client_name
Expand All @@ -76,7 +89,7 @@ resource "aws_cognito_user_pool_client" "lgtm_cat_bff_client" {

allowed_oauth_flows_user_pool_client = true
allowed_oauth_flows = ["client_credentials"]
allowed_oauth_scopes = ["${aws_cognito_resource_server.lgtm_cat_api.identifier}/all"]
allowed_oauth_scopes = ["${aws_cognito_resource_server.lgtm_cat_api.identifier}/all", "${aws_cognito_resource_server.lgtm_cat_image_recognition_api.identifier}/all"]

depends_on = [aws_cognito_resource_server.lgtm_cat_api]
}
8 changes: 8 additions & 0 deletions modules/aws/cognito/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,14 @@ variable "lgtm_cat_api_resource_server_identifier" {
type = string
}

variable "lgtm_cat_image_recognition_api_resource_server_name" {
type = string
}

variable "lgtm_cat_image_recognition_api_resource_server_identifier" {
type = string
}

variable "lgtm_cat_bff_client_name" {
type = string
}
16 changes: 9 additions & 7 deletions providers/aws/environments/prod/17-cognito/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
module "cognito" {
source = "../../../../../modules/aws/cognito"
user_pool_name = local.user_pool_name
user_pool_domain_name = local.user_pool_domain_name
email_identity_arn = local.email_identity_arn
lgtm_cat_api_resource_server_name = local.lgtm_cat_api_resource_server_name
lgtm_cat_api_resource_server_identifier = local.lgtm_cat_api_resource_server_identifier
lgtm_cat_bff_client_name = local.lgtm_cat_bff_client_name
source = "../../../../../modules/aws/cognito"
user_pool_name = local.user_pool_name
user_pool_domain_name = local.user_pool_domain_name
email_identity_arn = local.email_identity_arn
lgtm_cat_api_resource_server_name = local.lgtm_cat_api_resource_server_name
lgtm_cat_api_resource_server_identifier = local.lgtm_cat_api_resource_server_identifier
lgtm_cat_image_recognition_api_resource_server_name = local.lgtm_cat_image_recognition_api_resource_server_name
lgtm_cat_image_recognition_api_resource_server_identifier = local.lgtm_cat_image_recognition_api_resource_server_identifier
lgtm_cat_bff_client_name = local.lgtm_cat_bff_client_name
}
16 changes: 9 additions & 7 deletions providers/aws/environments/prod/17-cognito/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
locals {
env = "prod"
user_pool_name = "${local.env}-lgtmeow-user-pool"
user_pool_domain_name = "${local.env}-lgtmeow"
email_identity_arn = data.terraform_remote_state.ses.outputs.email_identity_arn
lgtm_cat_api_resource_server_name = "${local.env}-lgtm-cat-api"
lgtm_cat_api_resource_server_identifier = "api.lgtmeow"
lgtm_cat_bff_client_name = "lgtmeow-bff"
env = "prod"
user_pool_name = "${local.env}-lgtmeow-user-pool"
user_pool_domain_name = "${local.env}-lgtmeow"
email_identity_arn = data.terraform_remote_state.ses.outputs.email_identity_arn
lgtm_cat_api_resource_server_name = "${local.env}-lgtm-cat-api"
lgtm_cat_api_resource_server_identifier = "api.lgtmeow"
lgtm_cat_image_recognition_api_resource_server_name = "${local.env}-lgtm-cat-image-recognition-api"
lgtm_cat_image_recognition_api_resource_server_identifier = "image-recognition-api.lgtmeow"
lgtm_cat_bff_client_name = "lgtmeow-bff"
}
29 changes: 15 additions & 14 deletions providers/aws/environments/prod/20-api/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,18 +18,19 @@ module "lambda" {
module "api_gateway" {
source = "../../../../../modules/aws/api-gateway"

lambda_function_name = module.lambda.lambda_function_name
lambda_invoke_arn = module.lambda.lambda_invoke_arn
lambda_arn = module.lambda.lambda_arn
api_gateway_name = local.api_gateway_name
api_gateway_domain_name = local.api_gateway_domain_name
auto_deploy = local.auto_deploy
certificate_arn = local.certificate_arn
zone_id = data.aws_route53_zone.api.zone_id
jwt_authorizer_name = local.jwt_authorizer_name
jwt_authorizer_issuer_url = local.jwt_authorizer_issuer_url
lgtm_cat_bff_client_id = local.lgtm_cat_bff_client_id
api_allow_origins = var.api_allow_origins

depends_on = [module.lambda]
lambda_function_name = module.lambda.lambda_function_name
lambda_invoke_arn = module.lambda.lambda_invoke_arn
lambda_arn = module.lambda.lambda_arn
api_gateway_name = local.api_gateway_name
api_gateway_domain_name = local.api_gateway_domain_name
auto_deploy = local.auto_deploy
certificate_arn = local.certificate_arn
zone_id = data.aws_route53_zone.api.zone_id
jwt_authorizer_name = local.jwt_authorizer_name
jwt_authorizer_issuer_url = local.jwt_authorizer_issuer_url
lgtm_cat_bff_client_id = local.lgtm_cat_bff_client_id
api_allow_origins = var.api_allow_origins
image_recognition_api_gateway_id = local.image_recognition_api_gateway_id
image_recognition_api_gateway_domain_name = local.image_recognition_api_gateway_domain_name
depends_on = [module.lambda]
}
11 changes: 11 additions & 0 deletions providers/aws/environments/prod/20-api/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ locals {
jwt_authorizer_issuer_url = "https://${data.terraform_remote_state.cognito.outputs.idp_endpoint}"
lgtm_cat_bff_client_id = data.terraform_remote_state.cognito.outputs.lgtm_cat_bff_client_id

image_recognition_api_gateway_id = jsondecode(data.aws_secretsmanager_secret_version.image_recognition_secret.secret_string)["api_id"]
image_recognition_api_gateway_domain_name = "image-recognition-api.${var.main_domain_name}"

db_password = jsondecode(data.aws_secretsmanager_secret_version.secret.secret_string)["db_app_password"]
db_username = jsondecode(data.aws_secretsmanager_secret_version.secret.secret_string)["db_app_user"]
db_name = jsondecode(data.aws_secretsmanager_secret_version.secret.secret_string)["db_name"]
Expand Down Expand Up @@ -41,3 +44,11 @@ variable "api_allow_origins" {
type = list(string)
default = ["https://lgtmeow.com"]
}

data "aws_secretsmanager_secret" "image_recognition_secret" {
name = "/prod/lgtm-cat/image-recognition"
}

data "aws_secretsmanager_secret_version" "image_recognition_secret" {
secret_id = data.aws_secretsmanager_secret.image_recognition_secret.id
}
16 changes: 9 additions & 7 deletions providers/aws/environments/stg/17-cognito/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
module "cognito" {
source = "../../../../../modules/aws/cognito"
user_pool_name = local.user_pool_name
user_pool_domain_name = local.user_pool_domain_name
email_identity_arn = local.email_identity_arn
lgtm_cat_api_resource_server_name = local.lgtm_cat_api_resource_server_name
lgtm_cat_api_resource_server_identifier = local.lgtm_cat_api_resource_server_identifier
lgtm_cat_bff_client_name = local.lgtm_cat_bff_client_name
source = "../../../../../modules/aws/cognito"
user_pool_name = local.user_pool_name
user_pool_domain_name = local.user_pool_domain_name
email_identity_arn = local.email_identity_arn
lgtm_cat_api_resource_server_name = local.lgtm_cat_api_resource_server_name
lgtm_cat_api_resource_server_identifier = local.lgtm_cat_api_resource_server_identifier
lgtm_cat_image_recognition_api_resource_server_name = local.lgtm_cat_image_recognition_api_resource_server_name
lgtm_cat_image_recognition_api_resource_server_identifier = local.lgtm_cat_image_recognition_api_resource_server_identifier
lgtm_cat_bff_client_name = local.lgtm_cat_bff_client_name
}
16 changes: 9 additions & 7 deletions providers/aws/environments/stg/17-cognito/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
locals {
env = "stg"
user_pool_name = "${local.env}-lgtmeow-user-pool"
user_pool_domain_name = "${local.env}-lgtmeow"
email_identity_arn = data.terraform_remote_state.ses.outputs.email_identity_arn
lgtm_cat_api_resource_server_name = "${local.env}-lgtm-cat-api"
lgtm_cat_api_resource_server_identifier = "api.lgtmeow"
lgtm_cat_bff_client_name = "lgtmeow-bff"
env = "stg"
user_pool_name = "${local.env}-lgtmeow-user-pool"
user_pool_domain_name = "${local.env}-lgtmeow"
email_identity_arn = data.terraform_remote_state.ses.outputs.email_identity_arn
lgtm_cat_api_resource_server_name = "${local.env}-lgtm-cat-api"
lgtm_cat_api_resource_server_identifier = "api.lgtmeow"
lgtm_cat_image_recognition_api_resource_server_name = "${local.env}-lgtm-cat-image-recognition-api"
lgtm_cat_image_recognition_api_resource_server_identifier = "image-recognition-api.lgtmeow"
lgtm_cat_bff_client_name = "lgtmeow-bff"
}
29 changes: 15 additions & 14 deletions providers/aws/environments/stg/20-api/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,18 +18,19 @@ module "lambda" {
module "api_gateway" {
source = "../../../../../modules/aws/api-gateway"

lambda_function_name = module.lambda.lambda_function_name
lambda_invoke_arn = module.lambda.lambda_invoke_arn
lambda_arn = module.lambda.lambda_arn
api_gateway_name = local.api_gateway_name
api_gateway_domain_name = local.api_gateway_domain_name
auto_deploy = local.auto_deploy
certificate_arn = local.certificate_arn
zone_id = data.aws_route53_zone.api.zone_id
jwt_authorizer_name = local.jwt_authorizer_name
jwt_authorizer_issuer_url = local.jwt_authorizer_issuer_url
lgtm_cat_bff_client_id = local.lgtm_cat_bff_client_id
api_allow_origins = var.api_allow_origins

depends_on = [module.lambda]
lambda_function_name = module.lambda.lambda_function_name
lambda_invoke_arn = module.lambda.lambda_invoke_arn
lambda_arn = module.lambda.lambda_arn
api_gateway_name = local.api_gateway_name
api_gateway_domain_name = local.api_gateway_domain_name
auto_deploy = local.auto_deploy
certificate_arn = local.certificate_arn
zone_id = data.aws_route53_zone.api.zone_id
jwt_authorizer_name = local.jwt_authorizer_name
jwt_authorizer_issuer_url = local.jwt_authorizer_issuer_url
lgtm_cat_bff_client_id = local.lgtm_cat_bff_client_id
api_allow_origins = var.api_allow_origins
image_recognition_api_gateway_id = local.image_recognition_api_gateway_id
image_recognition_api_gateway_domain_name = local.image_recognition_api_gateway_domain_name
depends_on = [module.lambda]
}
11 changes: 11 additions & 0 deletions providers/aws/environments/stg/20-api/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ locals {
jwt_authorizer_issuer_url = "https://${data.terraform_remote_state.cognito.outputs.idp_endpoint}"
lgtm_cat_bff_client_id = data.terraform_remote_state.cognito.outputs.lgtm_cat_bff_client_id

image_recognition_api_gateway_id = jsondecode(data.aws_secretsmanager_secret_version.image_recognition_secret.secret_string)["api_id"]
image_recognition_api_gateway_domain_name = "${local.env}-image-recognition-api.${var.main_domain_name}"

db_password = jsondecode(data.aws_secretsmanager_secret_version.secret.secret_string)["db_app_password"]
db_username = jsondecode(data.aws_secretsmanager_secret_version.secret.secret_string)["db_app_user"]
db_name = jsondecode(data.aws_secretsmanager_secret_version.secret.secret_string)["db_name"]
Expand Down Expand Up @@ -41,3 +44,11 @@ variable "api_allow_origins" {
type = list(string)
default = ["https://*", "http://localhost:2222"]
}

data "aws_secretsmanager_secret" "image_recognition_secret" {
name = "/stg/lgtm-cat/image-recognition"
}
Comment on lines +48 to +50
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/nekochans/lgtm-cat-image-recognition のデプロイ時に生成されるAPI GatewayのIDはSecretManagerに事前に入れておく事にした🐱

https://github.com/nekochans/lgtm-cat-image-recognition のデプロイ時にSecretManagerを生成出来れば良いのだけど難しそうだったのでデプロイ後にコンソールからSecretManagerを作成する方針としてある(一回デプロイしたら基本消さないので、大きな問題はないと思っている)


data "aws_secretsmanager_secret_version" "image_recognition_secret" {
secret_id = data.aws_secretsmanager_secret.image_recognition_secret.id
}