208 lines
5.2 KiB
Terraform
208 lines
5.2 KiB
Terraform
locals {
|
|
name_prefix = "${var.project_name}-${var.environment}"
|
|
|
|
common_tags = {
|
|
Application = "Quantum"
|
|
Environment = var.environment
|
|
ManagedBy = "OpenTofu"
|
|
Runtime = "LocalStack"
|
|
}
|
|
}
|
|
|
|
data "archive_file" "quantum_lambda" {
|
|
type = "zip"
|
|
source_file = "${path.module}/lambda/handler.py"
|
|
output_path = "${path.module}/build/quantum_lambda.zip"
|
|
}
|
|
|
|
resource "aws_s3_bucket" "quantum_artifacts" {
|
|
bucket = "${local.name_prefix}-artifacts"
|
|
force_destroy = true
|
|
|
|
tags = merge(local.common_tags, {
|
|
Name = "${local.name_prefix}-artifacts"
|
|
})
|
|
}
|
|
|
|
resource "aws_s3_bucket_versioning" "quantum_artifacts" {
|
|
bucket = aws_s3_bucket.quantum_artifacts.id
|
|
|
|
versioning_configuration {
|
|
status = "Enabled"
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_object" "sample_config" {
|
|
bucket = aws_s3_bucket.quantum_artifacts.id
|
|
key = "config/quantum-${var.environment}.json"
|
|
content_type = "application/json"
|
|
|
|
content = jsonencode({
|
|
appName = "Quantum"
|
|
environment = var.environment
|
|
featureToggle = "localstack"
|
|
owner = "platform-team"
|
|
})
|
|
|
|
tags = local.common_tags
|
|
}
|
|
|
|
resource "aws_sqs_queue" "quantum_dlq" {
|
|
name = "${local.name_prefix}-events-dlq"
|
|
message_retention_seconds = 1209600
|
|
|
|
tags = merge(local.common_tags, {
|
|
Name = "${local.name_prefix}-events-dlq"
|
|
})
|
|
}
|
|
|
|
resource "aws_sqs_queue" "quantum_events" {
|
|
name = "${local.name_prefix}-events"
|
|
visibility_timeout_seconds = 45
|
|
message_retention_seconds = 345600
|
|
|
|
redrive_policy = jsonencode({
|
|
deadLetterTargetArn = aws_sqs_queue.quantum_dlq.arn
|
|
maxReceiveCount = 3
|
|
})
|
|
|
|
tags = merge(local.common_tags, {
|
|
Name = "${local.name_prefix}-events"
|
|
})
|
|
}
|
|
|
|
resource "aws_secretsmanager_secret" "quantum_app" {
|
|
name = "${local.name_prefix}/app"
|
|
recovery_window_in_days = 0
|
|
|
|
tags = merge(local.common_tags, {
|
|
Name = "${local.name_prefix}-app-secret"
|
|
})
|
|
}
|
|
|
|
resource "aws_secretsmanager_secret_version" "quantum_app" {
|
|
secret_id = aws_secretsmanager_secret.quantum_app.id
|
|
|
|
secret_string = jsonencode({
|
|
databaseUrl = "postgres://quantum_user:change-me@quantum-${var.environment}-db.local:5432/quantum"
|
|
apiKey = "qtm_${var.environment}_change_me"
|
|
jwtSecret = "change-me-${var.environment}"
|
|
})
|
|
}
|
|
|
|
resource "aws_iam_role" "quantum_lambda" {
|
|
name = "${local.name_prefix}-lambda-role"
|
|
|
|
assume_role_policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [
|
|
{
|
|
Effect = "Allow"
|
|
Principal = {
|
|
Service = "lambda.amazonaws.com"
|
|
}
|
|
Action = "sts:AssumeRole"
|
|
}
|
|
]
|
|
})
|
|
|
|
tags = local.common_tags
|
|
}
|
|
|
|
resource "aws_iam_policy" "quantum_lambda" {
|
|
name = "${local.name_prefix}-lambda-policy"
|
|
description = "Permissions for the Quantum Lambda function on LocalStack."
|
|
|
|
policy = jsonencode({
|
|
Version = "2012-10-17"
|
|
Statement = [
|
|
{
|
|
Effect = "Allow"
|
|
Action = [
|
|
"logs:CreateLogGroup",
|
|
"logs:CreateLogStream",
|
|
"logs:PutLogEvents"
|
|
]
|
|
Resource = "*"
|
|
},
|
|
{
|
|
Effect = "Allow"
|
|
Action = [
|
|
"sqs:ReceiveMessage",
|
|
"sqs:DeleteMessage",
|
|
"sqs:GetQueueAttributes"
|
|
]
|
|
Resource = aws_sqs_queue.quantum_events.arn
|
|
},
|
|
{
|
|
Effect = "Allow"
|
|
Action = [
|
|
"secretsmanager:GetSecretValue"
|
|
]
|
|
Resource = aws_secretsmanager_secret.quantum_app.arn
|
|
},
|
|
{
|
|
Effect = "Allow"
|
|
Action = [
|
|
"s3:GetObject",
|
|
"s3:PutObject",
|
|
"s3:ListBucket"
|
|
]
|
|
Resource = [
|
|
aws_s3_bucket.quantum_artifacts.arn,
|
|
"${aws_s3_bucket.quantum_artifacts.arn}/*"
|
|
]
|
|
}
|
|
]
|
|
})
|
|
|
|
tags = local.common_tags
|
|
}
|
|
|
|
resource "aws_iam_role_policy_attachment" "quantum_lambda" {
|
|
role = aws_iam_role.quantum_lambda.name
|
|
policy_arn = aws_iam_policy.quantum_lambda.arn
|
|
}
|
|
|
|
resource "aws_cloudwatch_log_group" "quantum_lambda" {
|
|
name = "/aws/lambda/${local.name_prefix}-processor"
|
|
retention_in_days = 14
|
|
|
|
tags = local.common_tags
|
|
}
|
|
|
|
resource "aws_lambda_function" "quantum_processor" {
|
|
function_name = "${local.name_prefix}-processor"
|
|
description = "Event processor for the Quantum application."
|
|
role = aws_iam_role.quantum_lambda.arn
|
|
runtime = "python3.11"
|
|
handler = "handler.lambda_handler"
|
|
filename = data.archive_file.quantum_lambda.output_path
|
|
source_code_hash = data.archive_file.quantum_lambda.output_base64sha256
|
|
timeout = 30
|
|
memory_size = 256
|
|
|
|
environment {
|
|
variables = {
|
|
APP_NAME = "Quantum"
|
|
BUCKET_NAME = aws_s3_bucket.quantum_artifacts.bucket
|
|
SECRET_NAME = aws_secretsmanager_secret.quantum_app.name
|
|
QUEUE_URL = aws_sqs_queue.quantum_events.url
|
|
}
|
|
}
|
|
|
|
depends_on = [
|
|
aws_cloudwatch_log_group.quantum_lambda,
|
|
aws_iam_role_policy_attachment.quantum_lambda
|
|
]
|
|
|
|
tags = local.common_tags
|
|
}
|
|
|
|
resource "aws_lambda_event_source_mapping" "quantum_events" {
|
|
event_source_arn = aws_sqs_queue.quantum_events.arn
|
|
function_name = aws_lambda_function.quantum_processor.arn
|
|
batch_size = 5
|
|
enabled = false
|
|
}
|