Skip to content

Commit

Permalink
Merge pull request #15 from FIAP-3SOAT-G15/setup-infra
Browse files Browse the repository at this point in the history 
Setup infra
  • Loading branch information
@wellyfrs
wellyfrs authored Jul 26, 2024
2 parents 577e156 + 93892a1 commit 039db38
Show file tree
Hide file tree
Showing 10 changed files with 199 additions and 24 deletions.
9 changes: 8 additions & 1 deletion .github/workflows/provision.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,13 @@ jobs:
- name: Checkout Repository
uses: actions/checkout@v4

# - name: OpenAPI Generator
# uses: hatamiarash7/openapi-generator@v0.3.0
# with:
# generator: openapi
# openapi-file: docs/openapi.yaml
# output-dir: .generated

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
Expand Down Expand Up @@ -63,5 +70,5 @@ jobs:
run: exit 1

- name: Terraform Apply
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
#if: github.ref == 'refs/heads/main' && github.event_name == 'push'
run: terraform apply -auto-approve -input=false
8 changes: 1 addition & 7 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,13 +93,7 @@ Architectural Decision Records (ADRs):

### Schema do BD do MVP

[![Schema do BD do MVP](diagrams/db-schema.png)](diagrams/db-schema.png)

### Diagramas de Estado

#### Estados de Consulta

[![Estados de Consulta](/docs/diagrams/appointment-states.png)](/docs/diagrams/appointment-states.png)
[![Schema do BD do MVP](diagrams/db-schema.png)](docs/diagrams/db-schema.png)

## CI/CD

Expand Down
6 changes: 0 additions & 6 deletions docs/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,12 +180,6 @@ Architectural Decision Records (ADRs):

[![Schema do BD do MVP](diagrams/db-schema.png)](diagrams/db-schema.png)

### Diagramas de Estado

#### Estados de Consulta

[![Estados de Consulta](diagrams/appointment-states.png)](diagrams/appointment-states.png)

## CI/CD

Descrição dos workflows do GitHub Actions:
Expand Down
16 changes: 8 additions & 8 deletions docs/diagrams/c4-container.puml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@ System_Boundary(self_order_system, "Health&Med") {
ContainerDb(booking_db, "Agendamento DB", "Postgres")
}

System_Boundary(handbook_service, "Prontuário Service") {
Container(handbook_app, "Prontuário API", "Spring Boot", "API para gerenciamento de prontuários eletrônicos, documentos, e controle de acesso")
ContainerDb(handbook_db, "Prontuário BD", "DynamoDB")
Container(handbook_store, "Prontuário Store", "S3", "Cloud store, encriptografado, com ACL, e replicação para HA")
System_Boundary(medical_record_service, "Prontuário Service") {
Container(medical_record_app, "Prontuário API", "Spring Boot", "API para gerenciamento de prontuários eletrônicos, documentos, e controle de acesso")
ContainerDb(medical_record_db, "Prontuário BD", "DynamoDB")
Container(medical_record_store, "Prontuário Store", "S3", "Cloud store, encriptografado, com ACL, e replicação para HA")
}
}

Expand All @@ -45,11 +45,11 @@ Rel(email_system, users, "envia para", $tags="async")

Rel(video_system, frontend, "disponibiliza serviço")
Rel(frontend, api_gateway, "requests")
Rel(frontend, handbook_store, "baixa/sobe arquivos")
Rel(frontend, medical_record_store, "baixa/sobe arquivos")

Rel(api_gateway, user_app, "requests")
Rel(api_gateway, booking_app, "requests")
Rel(api_gateway, handbook_app, "requests")
Rel(api_gateway, medical_record_app, "requests")

Rel(user_app, user_db, "read/write", "JDBC")
Rel(user_app, crm_system, "verifica CRM", "HTTP")
Expand All @@ -61,7 +61,7 @@ Rel(booking_app, booking_db, "read/write", "JDBC")
Rel(booking_app, email_system, "requests", "HTTP", $tags="async")
Rel(booking_app, video_system, "requests", "HTTP")

Rel(handbook_app, handbook_db, "read/write", "JDBC")
Rel(handbook_app, handbook_store, "read/write")
Rel(medical_record_app, medical_record_db, "read/write", "JDBC")
Rel(medical_record_app, medical_record_store, "read/write")

@enduml
1 change: 1 addition & 0 deletions terraform/kms.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
resource "aws_kms_key" "medical_record_bucket_kms_key" {}
99 changes: 99 additions & 0 deletions terraform/rds.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
locals {
dbname = "healthmeddb"
username = "master"
port = 5432
}

module "db" {
source = "terraform-aws-modules/rds/aws"
version = "6.5.2"

identifier = local.dbname

engine = "postgres"
engine_version = "15"
family = "postgres15"
major_engine_version = "15"
instance_class = "db.t3.micro"

allocated_storage = 10
max_allocated_storage = 20

storage_encrypted = false

db_name = local.dbname
username = local.username
port = local.port

db_subnet_group_name = module.vpc.database_subnet_group_name
vpc_security_group_ids = [module.security_group.security_group_id]

backup_retention_period = 0
skip_final_snapshot = true
deletion_protection = false
}

module "security_group" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 5.0"

name = local.dbname
vpc_id = module.vpc.vpc_id

ingress_with_cidr_blocks = [
{
from_port = local.port
to_port = local.port
protocol = "tcp"
cidr_blocks = module.vpc.vpc_cidr_block
},
]
}

module "rds_params" {
source = "terraform-aws-modules/ssm-parameter/aws"
name = "/live/healthmed/db"
type = "String"

value = jsonencode({
name : local.dbname,
endpoint : module.db.db_instance_endpoint,
port : local.port
})
}

resource "aws_iam_policy" "rds_secrets_read_only_policy" {
name = "HealthmedRDSSecretsReadOnlyPolicy"

policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"secretsmanager:DescribeSecret",
"secretsmanager:GetSecretValue"
],
Resource = module.db.db_instance_master_user_secret_arn
}
]
})
}

resource "aws_iam_policy" "rds_params_read_only_policy" {
name = "HealthmedRDSParamsReadOnlyPolicy"

policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"ssm:GetParameter",
"ssm:GetParameters"
],
Resource = module.rds_params.ssm_parameter_arn
}
]
})
}
35 changes: 33 additions & 2 deletions terraform/s3.tf
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
resource "aws_s3_bucket" "medical_record_bucket" {
bucket = var.medical_record_bucket_name
tags = var.tags
}

resource "aws_s3_bucket" "website_bucket" {
bucket = var.website_bucket_name
tags = var.tags
Expand All @@ -24,18 +29,44 @@ resource "aws_s3_bucket_public_access_block" "website_bucket_public_access_block
restrict_public_buckets = false
}

resource "aws_s3_bucket_ownership_controls" "s3_bucket_acl_ownership" {
resource "aws_s3_bucket_ownership_controls" "website_bucket_ownership_controls" {
bucket = aws_s3_bucket.website_bucket.id
rule {
object_ownership = "BucketOwnerPreferred"
}
depends_on = [aws_s3_bucket_public_access_block.website_bucket_public_access_block]
}

resource "aws_s3_bucket_ownership_controls" "medical_record_ownership_controls" {
bucket = aws_s3_bucket.medical_record_bucket.id
rule {
object_ownership = "BucketOwnerPreferred"
}
}

resource "aws_s3_bucket_server_side_encryption_configuration" "medical_record_sse_config" {
bucket = aws_s3_bucket.medical_record_bucket.id

rule {
apply_server_side_encryption_by_default {
kms_master_key_id = aws_kms_key.medical_record_bucket_kms_key.arn
sse_algorithm = "aws:kms"
}

bucket_key_enabled = true
}
}

resource "aws_s3_bucket_acl" "website_bucket_acl" {
bucket = aws_s3_bucket.website_bucket.id
acl = "public-read"
depends_on = [aws_s3_bucket_ownership_controls.s3_bucket_acl_ownership]
depends_on = [aws_s3_bucket_ownership_controls.website_bucket_ownership_controls]
}

resource "aws_s3_bucket_acl" "medical_record_bucket_acl" {
bucket = aws_s3_bucket.medical_record_bucket.id
acl = "private"
depends_on = [aws_s3_bucket_ownership_controls.medical_record_ownership_controls]
}

resource "aws_s3_bucket_policy" "website_bucket_policy" {
Expand Down
3 changes: 3 additions & 0 deletions terraform/ses.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
resource "aws_ses_email_identity" "email_identity" {
email = "wellyfrs+FIAP-3SOAT-G15@gmail.com"
}
5 changes: 5 additions & 0 deletions terraform/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,11 @@ variable "website_bucket_name" {
default = "fiap-3soat-g15-healthmed"
}

variable "medical_record_bucket_name" {
type = string
default = "fiap-3soat-g15-healthmed-medical-records"
}

variable "tags" {
type = map(string)
default = {
Expand Down
41 changes: 41 additions & 0 deletions terraform/vpc.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
data "aws_availability_zones" "available" {}

locals {
vpc_name = "healthmed"
vpc_cidr = "10.0.0.0/16"
azs = slice(data.aws_availability_zones.available.names, 0, 2)
}

module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "5.0.0"

name = local.vpc_name

azs = local.azs
private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
database_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 8)]

create_database_subnet_group = true

# Single NAT Gateway Behaviour
# https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest#nat-gateway-scenarios
enable_nat_gateway = true
single_nat_gateway = true
one_nat_gateway_per_az = false

enable_dns_hostnames = true
enable_dns_support = true

# For Kubernetes
public_subnet_tags = {
"kubernetes.io/role/elb" = "1"
}

private_subnet_tags = {
"kubernetes.io/role/internal-elb" = "1"
}

tags = var.tags
}

0 comments on commit 039db38

Please sign in to comment.