# aws-localstack

OpenTofu project for provisioning simulated AWS resources on LocalStack for the fictional Quantum application.

LocalStack endpoint:

```text
https://localstack.paulononato.com.br
```

## Resources

- S3 bucket for Quantum application artifacts.
- SQS main queue and DLQ.
- Python Lambda function for event processing.
- IAM role and fictional policies for the Lambda function.
- CloudWatch Log Group.
- Secrets Manager secret with simulated credentials.
- Event source mapping SQS -> Lambda.

## Repository Layout

```text
.
+-- environments
|   +-- dev
|   +-- stg
|   +-- prd
+-- examples
+-- modules
    +-- quantum
```

Each environment is an independent OpenTofu root module. The shared infrastructure code lives in `modules/quantum`.

## Prerequisites

- OpenTofu installed.
- AWS CLI, optional for testing.
- Access to the LocalStack endpoint.

Credentials used by LocalStack:

```bash
export AWS_ACCESS_KEY_ID=test
export AWS_SECRET_ACCESS_KEY=test
export AWS_DEFAULT_REGION=us-east-1
```

On PowerShell:

```powershell
$env:AWS_ACCESS_KEY_ID="test"
$env:AWS_SECRET_ACCESS_KEY="test"
$env:AWS_DEFAULT_REGION="us-east-1"
```

## Usage

Choose an environment first:

```bash
cd environments/dev
```

Use `environments/stg` or `environments/prd` for the other simulated stages.

Initialize:

```bash
tofu init
```

Plan:

```bash
tofu plan
```

Apply:

```bash
tofu apply
```

Destroy:

```bash
tofu destroy
```

## Quick Tests

List buckets:

```bash
aws --endpoint-url https://localstack.paulononato.com.br s3 ls
```

Send a message to the Quantum queue:

```bash
aws --endpoint-url https://localstack.paulononato.com.br sqs send-message \
  --queue-url "$(tofu output -raw quantum_queue_url)" \
  --message-body file://../../examples/quantum-message.json
```

Read the secret:

```bash
aws --endpoint-url https://localstack.paulononato.com.br secretsmanager get-secret-value \
  --secret-id "$(tofu output -raw quantum_secret_name)"
```

## RDS Note

RDS is not included in the LocalStack Community edition provisioned on the server. This project avoids RDS and uses only the services available in the current stack.