Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Datalake V1 #905

Draft
wants to merge 35 commits into
base: main
Choose a base branch
from
Draft

Datalake V1 #905

wants to merge 35 commits into from

Conversation

ShadeWyrm
Copy link
Contributor

Adds the stuff for the datalake. SUPER WIP.

Copy link
Contributor

@craigzour craigzour left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Had a first look at it

Comment on lines +86 to +89
printf "${greenColor}...Setting up S3 Datalake Buckets${reset}\n"
cd $basedir/env/cloud/buckets
terragrunt apply --terragrunt-non-interactive -auto-approve --terragrunt-log-level warn

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already had an existing S3 module. Is there a reason why you created a new buckets one?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was just trying to keep things independent for now, so that I could cut out things as necessary and not get lost in pre-existing scripts. I'd look at moving them into the s3 module prior maybe - but I also like the idea of not tightly coupling so if we need to nuke or change it can be quick.

Lemme know thoughts!~ :)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also like the idea of keeping things independent. What we could do is to just put it in the S3 module but have separate .tf files to identify the new buckets as being part of the Datalake work.

localstack_services.sh Show resolved Hide resolved
Copy link

⚠ Terrform update available

Terraform: 1.10.4 (using 1.9.8)
Terragrunt: 0.72.0 (using 0.69.2)

Copy link

Staging: app

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 1 to add, 0 to change, 0 to destroy
Show summary
CHANGE NAME
add aws_ecs_task_definition.form_viewer
Show plan
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_ecs_task_definition.form_viewer will be created
  + resource "aws_ecs_task_definition" "form_viewer" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = jsonencode(
            [
              + {
                  + environment      = [
                      + {
                          + name  = "AUDIT_LOG_QUEUE_URL"
                          + value = "https://sqs.ca-central-1.amazonaws.com/687401027353/audit_log_queue"
                        },
                      + {
                          + name  = "COGNITO_CLIENT_ID"
                          + value = "17bsg3b2b7q5snon007rru264u"
                        },
                      + {
                          + name  = "COGNITO_ENDPOINT_URL"
                          + value = "cognito-idp.ca-central-1.amazonaws.com/ca-central-1_Cguq9JNQ1"
                        },
                      + {
                          + name  = "EMAIL_ADDRESS_CONTACT_US"
                          + value = "[email protected]"
                        },
                      + {
                          + name  = "EMAIL_ADDRESS_SUPPORT"
                          + value = "[email protected]"
                        },
                      + {
                          + name  = "HOST_URL"
                          + value = "https://forms-staging.cdssandbox.xyz"
                        },
                      + {
                          + name  = "METRIC_PROVIDER"
                          + value = "stdout"
                        },
                      + {
                          + name  = "NEXTAUTH_URL"
                          + value = "https://forms-staging.cdssandbox.xyz"
                        },
                      + {
                          + name  = "RECAPTCHA_V3_SITE_KEY"
                          + value = "6LfJDN4eAAAAAGvdRF7ZnQ7ciqdo1RQnQDFmh0VY"
                        },
                      + {
                          + name  = "REDIS_URL"
                          + value = "gcforms-redis-rep-group.uwpetx.ng.0001.cac1.cache.amazonaws.com"
                        },
                      + {
                          + name  = "RELIABILITY_FILE_STORAGE"
                          + value = "forms-staging-reliability-file-storage"
                        },
                      + {
                          + name  = "REPROCESS_SUBMISSION_QUEUE_URL"
                          + value = "https://sqs.ca-central-1.amazonaws.com/687401027353/reprocess_submission_queue.fifo"
                        },
                      + {
                          + name  = "TEMPLATE_ID"
                          + value = "8d597a1b-a1d6-4e3c-8421-042a2b4158b7"
                        },
                      + {
                          + name  = "TEMPORARY_TOKEN_TEMPLATE_ID"
                          + value = "b6885d06-d10a-422a-973f-05e274d9aa86"
                        },
                      + {
                          + name  = "TRACER_PROVIDER"
                          + value = "stdout"
                        },
                      + {
                          + name  = "VAULT_FILE_STORAGE"
                          + value = "forms-staging-vault-file-storage"
                        },
                      + {
                          + name  = "ZITADEL_PROVIDER"
                          + value = "https://auth.forms-staging.cdssandbox.xyz"
                        },
                    ]
                  + essential        = true
                  + image            = "687401027353.dkr.ecr.ca-central-1.amazonaws.com/form_viewer_staging"
                  + linuxParameters  = {
                      + capabilities = {
                          + add  = []
                          + drop = [
                              + "ALL",
                            ]
                        }
                    }
                  + logConfiguration = {
                      + logDriver = "awslogs"
                      + options   = {
                          + awslogs-group         = "Forms"
                          + awslogs-region        = "ca-central-1"
                          + awslogs-stream-prefix = "ecs-form-viewer"
                        }
                    }
                  + mountPoints      = []
                  + name             = "form_viewer"
                  + portMappings     = [
                      + {
                          + containerPort = 3000
                          + hostPort      = 3000
                          + protocol      = "tcp"
                        },
                    ]
                  + secrets          = [
                      + {
                          + name      = "DATABASE_URL"
                          + valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:server-database-url-0PSpE3"
                        },
                      + {
                          + name      = "FRESHDESK_API_KEY"
                          + valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:freshdesk_api_key-JVyxop"
                        },
                      + {
                          + name      = "GC_NOTIFY_CALLBACK_BEARER_TOKEN"
                          + valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:notify_callback_bearer_token-aXJPLs"
                        },
                      + {
                          + name      = "NOTIFY_API_KEY"
                          + valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:notify_api_key-eR3nNp"
                        },
                      + {
                          + name      = "RECAPTCHA_V3_SECRET_KEY"
                          + valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:recaptcha_secret-tTjsBo"
                        },
                      + {
                          + name      = "SENTRY_API_KEY"
                          + valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:sentry_api_key-QBmONz"
                        },
                      + {
                          + name      = "TOKEN_SECRET"
                          + valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:token_secret-n5Doyu"
                        },
                      + {
                          + name      = "ZITADEL_ADMINISTRATION_KEY"
                          + valueFrom = "arn:aws:secretsmanager:ca-central-1:687401027353:secret:zitadel_administration_key-Oaki1d"
                        },
                    ]
                  + systemControls   = []
                  + volumesFrom      = []
                },
            ]
        )
      + cpu                      = "2048"
      + execution_role_arn       = "arn:aws:iam::687401027353:role/form-viewer"
      + family                   = "form-viewer"
      + id                       = (known after apply)
      + memory                   = "4096"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags_all                 = {
          + "CostCentre" = "forms-platform-staging"
          + "Terraform"  = "true"
        }
      + task_role_arn            = "arn:aws:iam::687401027353:role/form-viewer"
      + track_latest             = false
    }

Plan: 1 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Show Conftest results
WARN - plan.json - main - Missing Common Tags: ["aws_appautoscaling_target.forms[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_codedeploy_app.app"]
WARN - plan.json - main - Missing Common Tags: ["aws_codedeploy_deployment_group.app"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_cluster.forms"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_service.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_task_definition.form_viewer"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.cognito"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_dynamodb"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_kms"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_s3"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_secrets_manager"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.forms_sqs"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.codedeploy"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.forms"]

34 tests, 19 passed, 15 warnings, 0 failures, 0 exceptions

Copy link

Staging: load_testing

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 0 to add, 4 to change, 0 to destroy
Show summary
CHANGE NAME
update aws_iam_policy.load_test_lambda
aws_ssm_parameter.load_testing_form_id
aws_ssm_parameter.load_testing_form_private_key
aws_ssm_parameter.load_testing_zitadel_app_private_key
Show plan
Resource actions are indicated with the following symbols:
  ~ update in-place
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.load_test_lambda will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "load_test_lambda" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ssm:GetParameters",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:ssm:ca-central-1:687401027353:parameter/load-testing/form-id",
              + "arn:aws:ssm:ca-central-1:687401027353:parameter/load-testing/form-private-key",
              + "arn:aws:ssm:ca-central-1:687401027353:parameter/load-testing/zitadel-app-private-key",
            ]
          + sid       = "GetSSMParameters"
        }
      + statement {
          + actions   = [
              + "lambda:InvokeFunction",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:lambda:ca-central-1:687401027353:function:Submission",
            ]
          + sid       = "InvokeSubmissionLambda"
        }
    }

  # aws_iam_policy.load_test_lambda will be updated in-place
  ~ resource "aws_iam_policy" "load_test_lambda" {
        id               = "arn:aws:iam::687401027353:policy/LoadTestLambda"
        name             = "LoadTestLambda"
      ~ policy           = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = "ssm:GetParameters"
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:ssm:ca-central-1:687401027353:parameter/load-testing/zitadel-app-private-key",
                          - "arn:aws:ssm:ca-central-1:687401027353:parameter/load-testing/form-private-key",
                          - "arn:aws:ssm:ca-central-1:687401027353:parameter/load-testing/form-id",
                        ]
                      - Sid      = "GetSSMParameters"
                    },
                  - {
                      - Action   = "lambda:InvokeFunction"
                      - Effect   = "Allow"
                      - Resource = "arn:aws:lambda:ca-central-1:687401027353:function:Submission"
                      - Sid      = "InvokeSubmissionLambda"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        tags             = {}
        # (7 unchanged attributes hidden)
    }

  # aws_ssm_parameter.load_testing_form_id will be updated in-place
  ~ resource "aws_ssm_parameter" "load_testing_form_id" {
        id              = "/load-testing/form-id"
      + insecure_value  = (known after apply)
        name            = "/load-testing/form-id"
        tags            = {}
      ~ version         = 1 -> (known after apply)
        # (9 unchanged attributes hidden)
    }

  # aws_ssm_parameter.load_testing_form_private_key will be updated in-place
  ~ resource "aws_ssm_parameter" "load_testing_form_private_key" {
        id              = "/load-testing/form-private-key"
      + insecure_value  = (known after apply)
        name            = "/load-testing/form-private-key"
        tags            = {}
      ~ version         = 3 -> (known after apply)
        # (9 unchanged attributes hidden)
    }

  # aws_ssm_parameter.load_testing_zitadel_app_private_key will be updated in-place
  ~ resource "aws_ssm_parameter" "load_testing_zitadel_app_private_key" {
        id              = "/load-testing/zitadel-app-private-key"
      + insecure_value  = (known after apply)
        name            = "/load-testing/zitadel-app-private-key"
        tags            = {}
      ~ version         = 3 -> (known after apply)
        # (9 unchanged attributes hidden)
    }

Plan: 0 to add, 4 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Show Conftest results
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.load_test_lambda"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.load_test_lambda"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.load_testing"]
WARN - plan.json - main - Missing Common Tags: ["aws_ssm_parameter.load_testing_form_id"]
WARN - plan.json - main - Missing Common Tags: ["aws_ssm_parameter.load_testing_form_private_key"]
WARN - plan.json - main - Missing Common Tags: ["aws_ssm_parameter.load_testing_zitadel_app_private_key"]

25 tests, 19 passed, 6 warnings, 0 failures, 0 exceptions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants