Added new variables and code improvement

nuginy · Apr 29, 2024 · d1bdd93 · d1bdd93
1 parent e47fdeb
commit d1bdd93
Showing 7 changed files with 214 additions and 109 deletions.
diff --git a/second-exercise-aws-serverless-web-app/modules/amplify/main.tf b/second-exercise-aws-serverless-web-app/modules/amplify/main.tf
@@ -20,11 +20,16 @@ resource "aws_amplify_app" "web_app" {
     ENV = var.amplify_env,
     API_GW_ADDRESS = var.amplify_api_gw_address
   }
-  tags = var.amplify_tags
+  tags = merge(var.tags, {
+    DeployTime = timestamp()
+  })
   depends_on = [var.amplify_api_gw_address]
 }
 
 resource "aws_amplify_branch" "web_app" {
   app_id      = aws_amplify_app.web_app.id
   branch_name = "main"
+  tags = merge(var.tags, {
+    DeployTime = timestamp()
+  })
 }
diff --git a/second-exercise-aws-serverless-web-app/modules/amplify/variables.tf b/second-exercise-aws-serverless-web-app/modules/amplify/variables.tf
@@ -13,13 +13,13 @@ variable "git_repo_name" {
 variable "git_access_token" {}
 
 variable "amplify_env" {
-  description = "Value of the Amplify env var for variable ENV"
+  description = "Value of the Amplify environment variable for variable ENV"
   type = string
   default = "dev"
 }
 
 variable "amplify_api_gw_address" {
-  description = "Value of the Amplify env var for variable API_GW_ADDRESS"
+  description = "Value of the Amplify environment variable for variable API_GW_ADDRESS"
   type = string
   default = ""
 }
@@ -42,10 +42,11 @@ variable "amplify_branch_auto_creation_pattern" {
   default = ["main"]
 }
 
-variable "amplify_tags" {
-  description = "Value of the Amplify tags"
+variable "tags" {
+  description = "Value of the tags"
   type = map(string)
   default = {
     ENV = "Dev"
+    PROJECT = "TF-Vertice-MZ"
   }
 }
diff --git a/second-exercise-aws-serverless-web-app/modules/apigw_lambda/lambda.tf b/second-exercise-aws-serverless-web-app/modules/apigw_lambda/lambda.tf
@@ -1,59 +1,91 @@
+locals {
+  default_policies = [
+    {
+      effect = "Allow"
+
+      actions = [
+        "logs:CreateLogGroup",
+        "logs:CreateLogStream",
+        "logs:PutLogEvents",
+      ]
+
+      resources = ["arn:aws:logs:*:*:*"]
+    },
+    {
+      actions = [
+        "dynamodb:PutItem",
+        "dynamodb:DeleteItem",
+        "dynamodb:GetItem",
+        "dynamodb:Scan",
+        "dynamodb:Query",
+        "dynamodb:UpdateItem"
+      ]
+      effect    = "Allow"
+      resources = [var.dynamodb_arn]
+    }
+  ]
+  policies = concat(local.default_policies, var.lambda_policies)
+}
+
 resource "aws_iam_role" "iam_role_lamda" {
-  name_prefix = "${var.lambda_name}TfRole"
+  name_prefix        = "${var.lambda_name}TfRole"
   assume_role_policy = jsonencode({
-    "Version": "2012-10-17",
-    "Statement": [
+    "Version" : "2012-10-17",
+    "Statement" : [
       {
-        "Effect": "Allow",
-        "Principal": {
-          "Service": "lambda.amazonaws.com"
+        "Effect" : "Allow",
+        "Principal" : {
+          "Service" : "lambda.amazonaws.com"
         },
-        "Action": "sts:AssumeRole"
+        "Action" : "sts:AssumeRole"
       }
     ]
   })
+  tags = merge(var.tags, {
+    DeployTime = timestamp()
+  })
 }
 
 data "aws_iam_policy_document" "lambda_statements" {
-  statement {
-    effect = "Allow"
-
-    actions = [
-      "logs:CreateLogGroup",
-      "logs:CreateLogStream",
-      "logs:PutLogEvents",
-    ]
-
-    resources = ["arn:aws:logs:*:*:*"]
-  }
-
-  statement {
-    actions   = [
-      "dynamodb:PutItem",
-      "dynamodb:DeleteItem",
-      "dynamodb:GetItem",
-      "dynamodb:Scan",
-      "dynamodb:Query",
-      "dynamodb:UpdateItem"
-    ]
-    effect = "Allow"
-    resources = [var.dynamodb_arn]
-  }
+#  statement {
+#    effect = "Allow"
+#
+#    actions = [
+#      "logs:CreateLogGroup",
+#      "logs:CreateLogStream",
+#      "logs:PutLogEvents",
+#    ]
+#
+#    resources = ["arn:aws:logs:*:*:*"]
+#  }
+#
+#  statement {
+#    actions = [
+#      "dynamodb:PutItem",
+#      "dynamodb:DeleteItem",
+#      "dynamodb:GetItem",
+#      "dynamodb:Scan",
+#      "dynamodb:Query",
+#      "dynamodb:UpdateItem"
+#    ]
+#    effect    = "Allow"
+#    resources = [var.dynamodb_arn]
+#  }
 
   dynamic "statement" {
-    for_each = toset(var.lambda_policies)
+    for_each = local.policies
     content {
       actions   = statement.value["actions"]
-      effect = statement.value["effect"]
-      resources = statement.value["actions"]
+      effect    = statement.value["effect"]
+      resources = statement.value["resources"]
     }
   }
   depends_on = [var.dynamodb_arn]
 }
 
 resource "aws_iam_role_policy" "lambda_policy" {
-  policy = data.aws_iam_policy_document.lambda_statements.json
-  role   = aws_iam_role.iam_role_lamda.id
+  policy     = data.aws_iam_policy_document.lambda_statements.json
+  role       = aws_iam_role.iam_role_lamda.id
   depends_on = [data.aws_iam_policy_document.lambda_statements]
 }
 
@@ -70,28 +102,34 @@ data "archive_file" "zip_file" {
 resource "aws_cloudwatch_log_group" "lambda_function" {
   name              = "/aws/lambda/${var.lambda_name}"
   retention_in_days = 1
+  tags = merge(var.tags, {
+    DeployTime = timestamp()
+  })
 }
 
 resource "aws_lambda_function" "lambda_function" {
-  filename = data.archive_file.zip_file.output_path
+  filename         = data.archive_file.zip_file.output_path
   source_code_hash = data.archive_file.zip_file.output_base64sha256
-  function_name = "${var.lambda_name}Tf"
-  role          = aws_iam_role.iam_role_lamda.arn
-  description = var.lambda_description
+  function_name    = "${var.lambda_name}Tf"
+  role             = aws_iam_role.iam_role_lamda.arn
+  description      = var.lambda_description
   logging_config {
     log_format = "Text"
-    log_group = aws_cloudwatch_log_group.lambda_function.id
+    log_group  = aws_cloudwatch_log_group.lambda_function.id
   }
-  runtime = "python3.8"
-  handler = var.lambda_handler
-  memory_size = var.lambda_memory_size
+  runtime                        = "python3.8"
+  handler                        = var.lambda_handler
+  memory_size                    = var.lambda_memory_size
   reserved_concurrent_executions = var.lambda_concurrency
+  tags                           = merge(var.tags, {
+    DeployTime = timestamp()
+  })
 }
 
 resource "aws_lambda_permission" "lambda_invoke" {
-  statement_id = "InvokePermissionFromApiGw"
+  statement_id  = "InvokePermissionFromApiGw"
   action        = "lambda:InvokeFunction"
   function_name = aws_lambda_function.lambda_function.function_name
   principal     = "apigateway.amazonaws.com"
-  source_arn = "${aws_api_gateway_rest_api.web_app.execution_arn}/*/*"
+  source_arn    = "${aws_api_gateway_rest_api.web_app.execution_arn}/*/*"
 }
diff --git a/second-exercise-aws-serverless-web-app/modules/apigw_lambda/main.tf b/second-exercise-aws-serverless-web-app/modules/apigw_lambda/main.tf
@@ -10,76 +10,78 @@ terraform {
 }
 
 module "cors" {
-  source = "squidfunk/api-gateway-enable-cors/aws"
+  source  = "squidfunk/api-gateway-enable-cors/aws"
   version = "0.3.3"
 
   api_id          = aws_api_gateway_rest_api.web_app.id
   api_resource_id = aws_api_gateway_rest_api.web_app.root_resource_id
-  allow_methods = ["POST", "OPTIONS"]
+  allow_methods   = ["POST", "OPTIONS"]
 }
 
 resource "aws_api_gateway_rest_api" "web_app" {
   name = "${var.apigw_name_prefix}Tf"
   endpoint_configuration {
     types = var.apigw_endpoint_types
   }
+  tags = merge(var.tags, {
+    DeployTime = timestamp()
+  })
 }
 
 resource "aws_api_gateway_method" "post" {
   authorization = var.apigw_method_auth
   http_method   = var.apigw_method_http_method
   resource_id   = aws_api_gateway_rest_api.web_app.root_resource_id
   rest_api_id   = aws_api_gateway_rest_api.web_app.id
-  depends_on = [aws_api_gateway_rest_api.web_app]
+  depends_on    = [aws_api_gateway_rest_api.web_app]
 }
 
 resource "aws_api_gateway_method_response" "post" {
-  http_method = aws_api_gateway_method.post.http_method
-  resource_id = aws_api_gateway_rest_api.web_app.root_resource_id
-  rest_api_id = aws_api_gateway_rest_api.web_app.id
-  status_code = "200"
-  response_models = {
+  http_method     = aws_api_gateway_method.post.http_method
+  resource_id     = aws_api_gateway_rest_api.web_app.root_resource_id
+  rest_api_id     = aws_api_gateway_rest_api.web_app.id
+  status_code     = "200"
+  response_models = contains(keys(var.method_response_response_models), "application/json") ? var.method_response_response_models : merge(var.method_response_response_models, {
     "application/json" = "Empty"
-  }
-  response_parameters = {
+  })
+  response_parameters = contains(keys(var.integration_response_response_parameters), "method.response.header.Access-Control-Allow-Origin") ? var.integration_response_response_parameters : merge(var.integration_response_response_parameters, {
     "method.response.header.Access-Control-Allow-Origin" = true
-  }
-
+  })
   depends_on = [aws_api_gateway_method.post]
 }
 
 resource "aws_api_gateway_integration_response" "post" {
-  http_method = aws_api_gateway_method.post.http_method
-  resource_id = aws_api_gateway_rest_api.web_app.root_resource_id
-  rest_api_id = aws_api_gateway_rest_api.web_app.id
-  status_code = "200"
-
-  response_parameters = {
+  http_method         = aws_api_gateway_method.post.http_method
+  resource_id         = aws_api_gateway_rest_api.web_app.root_resource_id
+  rest_api_id         = aws_api_gateway_rest_api.web_app.id
+  status_code         = "200"
+  response_parameters = contains(keys(var.integration_response_response_parameters), "method.response.header.Access-Control-Allow-Origin") ? var.integration_response_response_parameters : merge(var.integration_response_response_parameters, {
     "method.response.header.Access-Control-Allow-Origin" = "'*'"
-  }
-
+  })
   depends_on = [aws_api_gateway_method.post, aws_api_gateway_integration.lambda]
 }
 
 resource "aws_api_gateway_integration" "lambda" {
-  http_method = aws_api_gateway_method.post.http_method
-  resource_id = aws_api_gateway_rest_api.web_app.root_resource_id
-  rest_api_id = aws_api_gateway_rest_api.web_app.id
-  type        = "AWS"
+  http_method             = aws_api_gateway_method.post.http_method
+  resource_id             = aws_api_gateway_rest_api.web_app.root_resource_id
+  rest_api_id             = aws_api_gateway_rest_api.web_app.id
+  type                    = "AWS"
   integration_http_method = var.apigw_method_http_method
-  uri = aws_lambda_function.lambda_function.invoke_arn
-
-  depends_on = [aws_api_gateway_method.post, aws_lambda_function.lambda_function]
+  uri                     = aws_lambda_function.lambda_function.invoke_arn
+  depends_on              = [aws_api_gateway_method.post, aws_lambda_function.lambda_function]
 }
 
 resource "aws_api_gateway_deployment" "web_app" {
   rest_api_id = aws_api_gateway_rest_api.web_app.id
-  depends_on = [aws_api_gateway_method.post, aws_api_gateway_integration.lambda]
+  depends_on  = [aws_api_gateway_method.post, aws_api_gateway_integration.lambda]
 }
 
 resource "aws_api_gateway_stage" "web_app" {
   deployment_id = aws_api_gateway_deployment.web_app.id
   rest_api_id   = aws_api_gateway_rest_api.web_app.id
   stage_name    = var.env
-  depends_on = [aws_api_gateway_deployment.web_app]
+  depends_on    = [aws_api_gateway_deployment.web_app]
+  tags          = merge(var.tags, {
+    DeployTime = timestamp()
+  })
 }
diff --git a/second-exercise-aws-serverless-web-app/modules/apigw_lambda/variables.tf b/second-exercise-aws-serverless-web-app/modules/apigw_lambda/variables.tf
@@ -1,5 +1,5 @@
 variable "apigw_name_prefix" {
-  description = "Value of the name of the Api Gw app"
+  description = "Value of the name of the Api Gw App"
   type = string
   default = "HelloWorldAPI"
 }
@@ -10,73 +10,94 @@ variable "apigw_endpoint_types" {
   default = [ "EDGE" ]
 }
 
-variable "apigw_root_path" {
-  description = "Value of the Api Gw root path"
-  type = string
-  default = ""
-}
-
 variable "apigw_method_auth" {
-  description = "Value of the Api Gw resource method authorization"
+  description = "Value of the Api Gw Resource method authorization"
   type = string
   default = "NONE"
 }
 
 variable "apigw_method_http_method" {
-  description = "Value of the Api Gw resource method http method"
+  description = "Value of the Api Gw Resource method http method"
   type = string
   default = "POST"
 }
 
 variable "env" {
-  default = "dev"
-  description = "Allow to set up environment for deployment"
+  description = "Value of the environment variable"
   type = string
+  default = "dev"
 }
 
 variable "lambda_name" {
-  default = "HelloWorldFunction"
-  description = "Allow to set up name for lambda function, default save_golang_generated_files"
+  description = "Value of the Lambda Function name"
   type = string
+  default = "HelloWorldFunction"
 }
 
 variable "lambda_description" {
-  default = "This lambda function waiting for input from api gw and store inputs to dynamodb table and return result"
-  description = "Allow add description for lambda function"
+  description = "Value of the Lambda Function description"
   type = string
+  default = "This lambda function waiting for input from api gw and store inputs to dynamodb table and return result"
 }
 
 variable "lambda_memory_size" {
-  default = 128
-  description = "Allow to set up lambda function memory size, default 128"
+  description = "Value of the Lambda Function memory size"
   type = number
+  default = 128
 }
 
 variable "lambda_concurrency" {
-  description = "Allow to set up lambda concurrency reservation, default -1 (means unlimited)"
+  description = "Value of the Lambda Function concurrency setting"
   type = number
   default = -1
 }
 
 variable "lambda_handler" {
-  description = "Allow to set up handler function for lambda function, default main"
+  description = "Valuo of the Lambda Function handler"
   type = string
   default = "lambda_function.lambda_handler"
 }
 
 variable "lambda_path" {
-  default = "./code/lambda_code/lambda_function.py"
-  description = "Allow to set up path from point of resource called to main.go, default ./modules/app/lambda_code/main.go"
+  description = "Value of the path to the Lambda Function source code in our code base"
   type = string
+  default = "./code/lambda_code/lambda_function.py"
 }
 
 variable "dynamodb_arn" {
-  description = "Value of dynamodb arn"
+  description = "Value of the Dynamodb arn"
   type = string
 }
 
 variable "lambda_policies" {
   description = "Value of the Aws Lambda policy, List of Maps"
   type = list(map(any))
   default = []
+}
+
+variable "integration_response_response_parameters" {
+  description = "Value of the response parameters block for Api Gw Integration Response"
+  type = map(any)
+  default = {}
+}
+
+variable "method_response_response_parameters" {
+  description = "Value of the response parameters block for Api Gw Method Response"
+  type = map(any)
+  default = {}
+}
+
+variable "method_response_response_models" {
+  description = "Value of the response models block for Api Gw Method Response"
+  type = map(any)
+  default = {}
+}
+
+variable "tags" {
+  description = "Value of the tags"
+  type = map(string)
+  default = {
+    ENV = "Dev"
+    PROJECT = "TF-Vertice-MZ"
+  }
 }
diff --git a/second-exercise-aws-serverless-web-app/modules/dynamodb/main.tf b/second-exercise-aws-serverless-web-app/modules/dynamodb/main.tf
@@ -11,13 +11,13 @@ terraform {
 
 resource "aws_dynamodb_table" "web_app" {
   name = "${var.dynamodb_name}Tf"
-  hash_key = "ID"
-  read_capacity = 1
-  write_capacity = 1
+  hash_key = var.default_hash_key
+  read_capacity = var.read_capacity
+  write_capacity = var.write_capacity
 
   attribute {
-    name = "ID"
-    type = "S"
+    name = var.default_hash_key
+    type = var.default_hash_key_type
   }
 
   dynamic "attribute" {
@@ -27,4 +27,8 @@ resource "aws_dynamodb_table" "web_app" {
       type = attribute.value["type"]
 }
   }
+
+  tags = merge(var.tags, {
+    DeployTime = timestamp()
+  })
 }
diff --git a/second-exercise-aws-serverless-web-app/modules/dynamodb/variables.tf b/second-exercise-aws-serverless-web-app/modules/dynamodb/variables.tf
@@ -1,5 +1,5 @@
 variable "dynamodb_name" {
-  description = "Value of the DynamoDb prefix name"
+  description = "Value of the DynamoDb name"
   type = string
   default = "HelloWorldDatabase"
 }
@@ -8,4 +8,38 @@ variable "dynamodb_attributes" {
   description = "Value of DynamoDb table attributes - name and type, list of maps"
   type = list(map(any))
   default = []
-}
+}
+
+variable "tags" {
+  description = "Value of the tags"
+  type = map(string)
+  default = {
+    ENV = "Dev"
+    PROJECT = "TF-Vertice-MZ"
+  }
+}
+
+variable "default_hash_key" {
+  description = "Value of the Hash Key of the Dynamodb table"
+  type = string
+  default = "ID"
+}
+
+variable "default_hash_key_type" {
+  description = "Type of the Hash Key of the Dynamodb table"
+  type = string
+  default = "S"
+}
+
+variable "read_capacity" {
+  description = "Value of the Dynamodb table Read Capacity"
+  type = number
+  default = 1
+}
+
+variable "write_capacity" {
+  description = "Value of the Dynamodb table Write Capacity"
+  type = number
+  default = 1
+}
+