This commit is contained in:
xss 2022-01-29 14:52:34 +11:00
parent f7736d4008
commit 6eddddcc73
6 changed files with 35 additions and 30 deletions

View File

@ -15,7 +15,7 @@ jobs:
# These permissions are needed to interact with GitHub's OIDC Token endpoint. # These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions: permissions:
id-token: write id-token: write
contents: read contents: write
steps: steps:
- name: Configure AWS Credentials - name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1 uses: aws-actions/configure-aws-credentials@v1
@ -30,7 +30,11 @@ jobs:
id: fmt id: fmt
run: terraform fmt run: terraform fmt
continue-on-error: true continue-on-error: true
- uses: EndBug/add-and-commit@v7
with:
message: Terraform fmt [skip ci]
committer_name: GitHub Actions
committer_email: actions@github.com
- name: Terraform Init - name: Terraform Init
id: init id: init
run: terraform init run: terraform init

View File

@ -13,7 +13,8 @@ jobs:
# These permissions are needed to interact with GitHub's OIDC Token endpoint. # These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions: permissions:
id-token: write id-token: write
contents: read contents: write
pull-requests: write
steps: steps:
- name: Configure AWS Credentials - name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1 uses: aws-actions/configure-aws-credentials@v1

2
cdn.tf
View File

@ -545,7 +545,7 @@ resource "aws_cloudfront_distribution" "api" {
viewer_protocol_policy = "redirect-to-https" viewer_protocol_policy = "redirect-to-https"
} }
ordered_cache_behavior { ordered_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"] allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = [ cached_methods = [
"HEAD", "HEAD",
"GET" "GET"

View File

@ -215,17 +215,17 @@ resource "aws_apigatewayv2_integration" "ham_upload_telem" {
// SNS to MQTT // SNS to MQTT
resource "aws_lambda_function" "ham_sns_to_mqtt" { resource "aws_lambda_function" "ham_sns_to_mqtt" {
function_name = "ham-sns-to-mqtt" function_name = "ham-sns-to-mqtt"
handler = "sns_to_mqtt.lambda_handler" handler = "sns_to_mqtt.lambda_handler"
s3_bucket = aws_s3_bucket_object.lambda.bucket s3_bucket = aws_s3_bucket_object.lambda.bucket
s3_key = aws_s3_bucket_object.lambda.key s3_key = aws_s3_bucket_object.lambda.key
source_code_hash = data.archive_file.lambda.output_base64sha256 source_code_hash = data.archive_file.lambda.output_base64sha256
publish = true publish = true
memory_size = 128 memory_size = 128
role = aws_iam_role.basic_lambda_role.arn role = aws_iam_role.basic_lambda_role.arn
runtime = "python3.9" runtime = "python3.9"
timeout = 3 timeout = 3
architectures = ["arm64"] architectures = ["arm64"]
lifecycle { lifecycle {
ignore_changes = [environment] ignore_changes = [environment]
} }

View File

@ -113,17 +113,17 @@ EOF
// SNS to MQTT // SNS to MQTT
resource "aws_lambda_function" "sns_to_mqtt" { resource "aws_lambda_function" "sns_to_mqtt" {
function_name = "sns-to-mqtt" function_name = "sns-to-mqtt"
handler = "sns_to_mqtt.lambda_handler" handler = "sns_to_mqtt.lambda_handler"
s3_bucket = aws_s3_bucket_object.lambda.bucket s3_bucket = aws_s3_bucket_object.lambda.bucket
s3_key = aws_s3_bucket_object.lambda.key s3_key = aws_s3_bucket_object.lambda.key
source_code_hash = data.archive_file.lambda.output_base64sha256 source_code_hash = data.archive_file.lambda.output_base64sha256
publish = true publish = true
memory_size = 128 memory_size = 128
role = aws_iam_role.basic_lambda_role.arn role = aws_iam_role.basic_lambda_role.arn
runtime = "python3.9" runtime = "python3.9"
timeout = 3 timeout = 3
architectures = ["arm64"] architectures = ["arm64"]
lifecycle { lifecycle {
ignore_changes = [environment] ignore_changes = [environment]
} }

View File

@ -195,16 +195,16 @@ resource "aws_apigatewayv2_route" "recovered_put" {
resource "aws_lambda_function" "recovery_ingest" { resource "aws_lambda_function" "recovery_ingest" {
function_name = "recovery_ingest" function_name = "recovery_ingest"
handler = "recovery_ingest.handler" handler = "recovery_ingest.handler"
s3_bucket = aws_s3_bucket_object.lambda.bucket s3_bucket = aws_s3_bucket_object.lambda.bucket
s3_key = aws_s3_bucket_object.lambda.key s3_key = aws_s3_bucket_object.lambda.key
source_code_hash = data.archive_file.lambda.output_base64sha256 source_code_hash = data.archive_file.lambda.output_base64sha256
publish = true publish = true
memory_size = 128 memory_size = 128
role = aws_iam_role.recovered.arn role = aws_iam_role.recovered.arn
runtime = "python3.9" runtime = "python3.9"
timeout = 300 timeout = 300
tags = { tags = {
Name = "recovered_get" Name = "recovered_get"