-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
41 changed files
with
883 additions
and
47 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,7 @@ | ||
output "arn" { | ||
value = aws_dynamodb_table.table.arn | ||
} | ||
|
||
output "stream_arn" { | ||
value = aws_dynamodb_table.table.stream_arn | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,8 @@ | ||
resource "aws_sns_topic" "topic" { | ||
name = var.name | ||
kms_master_key_id = var.kms_key_id | ||
fifo_topic = var.fifo ? true : false | ||
content_based_deduplication = var.fifo ? true : false | ||
fifo_topic = endswith(var.name, ".fifo") ? true : false | ||
content_based_deduplication = endswith(var.name, ".fifo") ? true : false | ||
|
||
tags = var.tags | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# pubsub | ||
|
||
This example deploys a data pipeline that uses a [publish/subscribe (pub/sub) pattern](https://aws.amazon.com/what-is/pub-sub-messaging/). The publisher receives change data capture (CDC) events from a DynamoDB table and publishes them to an SNS topic from which three subscribers consume them. | ||
|
||
The data pipeline is visualized below: | ||
```mermaid | ||
flowchart TD | ||
%% core infrastructure | ||
ddb[DynamoDB\nTable] | ||
sns[SNS Topic] | ||
%% nodes | ||
publisher(Publisher) | ||
subscriber_x(Subscriber) | ||
subscriber_y(Subscriber) | ||
subscriber_z(Subscriber) | ||
%% connections | ||
ddb --> publisher | ||
publisher -->sns | ||
sns-->subscriber_x | ||
sns-->subscriber_y | ||
sns-->subscriber_z | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
local sub = import '../../../../../build/config/substation.libsonnet'; | ||
|
||
{ | ||
sink: sub.interfaces.sink.aws_sns( | ||
// change SNS topic ARN to match the resource created by Terraform | ||
settings = { arn: 'arn:aws:sns:us-east-1:123456789012:my-topic'} | ||
), | ||
transform: { | ||
type: 'noop', | ||
}, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
local sub = import '../../../../../build/config/substation.libsonnet'; | ||
|
||
{ | ||
sink: sub.interfaces.sink.stdout, | ||
transform: { | ||
type: 'noop', | ||
}, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
local sub = import '../../../../../build/config/substation.libsonnet'; | ||
|
||
{ | ||
sink: sub.interfaces.sink.stdout, | ||
transform: { | ||
type: 'noop', | ||
}, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
local sub = import '../../../../../build/config/substation.libsonnet'; | ||
|
||
{ | ||
sink: sub.interfaces.sink.stdout, | ||
transform: { | ||
type: 'noop', | ||
}, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
data "aws_caller_identity" "caller" {} | ||
|
||
# KMS encryption key that is shared by all Substation infrastructure | ||
module "kms" { | ||
source = "../../../../build/terraform/aws/kms" | ||
name = "alias/substation" | ||
policy = <<POLICY | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Effect": "Allow", | ||
"Action": [ | ||
"kms:Decrypt", | ||
"kms:GenerateDataKey" | ||
], | ||
"Principal": { | ||
"Service": "cloudwatch.amazonaws.com" | ||
}, | ||
"Resource": "*" | ||
}, | ||
{ | ||
"Effect": "Allow", | ||
"Action": "kms:*", | ||
"Principal": { | ||
"AWS": "arn:aws:iam::${data.aws_caller_identity.caller.account_id}:root" | ||
}, | ||
"Resource": "*" | ||
} | ||
] | ||
} | ||
POLICY | ||
} | ||
|
||
# AppConfig application that is shared by all Substation apps | ||
resource "aws_appconfig_application" "substation" { | ||
name = "substation" | ||
description = "Stores compiled configuration files for Substation" | ||
} | ||
|
||
# use the prod environment for production resources | ||
resource "aws_appconfig_environment" "prod" { | ||
name = "prod" | ||
description = "Stores production Substation configuration files" | ||
application_id = aws_appconfig_application.substation.id | ||
} | ||
|
||
# use the dev environment for development resources | ||
resource "aws_appconfig_environment" "dev" { | ||
name = "dev" | ||
description = "Stores development Substation configuration files" | ||
application_id = aws_appconfig_application.substation.id | ||
} | ||
|
||
# AppConfig doesn't have useful support for non-linear, non-instant deployments on AWS Lambda, so this deployment strategy is used to deploy configurations as quickly as possible | ||
# todo: add configuration rollback via CloudWatch Lambda monitoring | ||
resource "aws_appconfig_deployment_strategy" "instant" { | ||
name = "Instant" | ||
description = "This strategy deploys the configuration to all targets immediately with zero bake time." | ||
deployment_duration_in_minutes = 0 | ||
final_bake_time_in_minutes = 0 | ||
growth_factor = 100 | ||
growth_type = "LINEAR" | ||
replicate_to = "NONE" | ||
} | ||
|
||
# repository for the core Substation app | ||
module "ecr_substation" { | ||
source = "../../../../build/terraform/aws/ecr" | ||
name = "substation" | ||
kms_arn = module.kms.arn | ||
} | ||
|
||
# repository for the validation app | ||
module "ecr_validation" { | ||
source = "../../../../build/terraform/aws/ecr" | ||
name = "substation_validation" | ||
kms_arn = module.kms.arn | ||
} | ||
|
||
module "sns" { | ||
source = "../../../../build/terraform/aws/sns" | ||
kms_key_id = module.kms.key_id | ||
name = "substation_sns" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
################################################ | ||
# appconfig permissions | ||
# all Lambda must have this policy | ||
################################################ | ||
|
||
module "iam_appconfig_read" { | ||
source = "../../../../build/terraform/aws/iam" | ||
resources = ["${aws_appconfig_application.substation.arn}/*"] | ||
} | ||
|
||
module "iam_appconfig_read_attachment" { | ||
source = "../../../../build/terraform/aws/iam_attachment" | ||
id = "substation_appconfig_read" | ||
policy = module.iam_appconfig_read.appconfig_read_policy | ||
roles = [ | ||
module.publisher.role, | ||
module.subscriber_x.role, | ||
module.subscriber_y.role, | ||
module.subscriber_z.role, | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
################################################ | ||
# KMS read permissions | ||
# all Lambda must have this policy | ||
################################################ | ||
|
||
module "iam_kms_read" { | ||
source = "../../../../build/terraform/aws/iam" | ||
resources = [ | ||
module.kms.arn, | ||
] | ||
} | ||
|
||
module "iam_kms_read_attachment" { | ||
source = "../../../../build/terraform/aws/iam_attachment" | ||
id = "substation_kms_read" | ||
policy = module.iam_kms_read.kms_read_policy | ||
roles = [ | ||
module.publisher.role, | ||
module.subscriber_x.role, | ||
module.subscriber_y.role, | ||
module.subscriber_z.role, | ||
] | ||
} | ||
|
||
################################################ | ||
# KMS write permissions | ||
# all Lambda must have this policy | ||
################################################ | ||
|
||
module "iam_kms_write" { | ||
source = "../../../../build/terraform/aws/iam" | ||
resources = [ | ||
module.kms.arn, | ||
] | ||
} | ||
|
||
module "iam_kms_write_attachment" { | ||
source = "../../../../build/terraform/aws/iam_attachment" | ||
id = "substation_kms_write" | ||
policy = module.iam_kms_write.kms_write_policy | ||
roles = [ | ||
module.publisher.role, | ||
module.subscriber_x.role, | ||
module.subscriber_y.role, | ||
module.subscriber_z.role, | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
provider "aws" { | ||
# profile = "default" | ||
region = "us-east-1" | ||
} |
Oops, something went wrong.