switch to moving the sns to mqtt into vpc to reduce data usages

2024-12-18 20:57:56 +00:00 · 2022-02-12 09:08:07 +11:00 · 2022-02-12 09:08:07 +11:00 · dd14a3a350
commit dd14a3a350
parent 07fba22320
4 changed files with 32 additions and 7 deletions
--- a/ingestion.tf
+++ b/ingestion.tf
@ -131,6 +131,15 @@ resource "aws_lambda_function" "sns_to_mqtt" {
    Name = "sns-to-mqtt"
  }

+  vpc_config {
+    security_group_ids = [
+      "sg-05f795128b295c504",
+    ] 
+    subnet_ids         = [
+      aws_subnet.private["us-east-1b"].id
+    ]
+  }
+
 }

 resource "aws_lambda_permission" "sns_to_mqtt" {
--- a/lambda/sns_to_mqtt/init.py
+++ b/lambda/sns_to_mqtt/init.py
@ -4,18 +4,24 @@ import json
 import os
 import paho.mqtt.client as mqtt
 import time
-
+import random
 client = mqtt.Client(transport="websockets")

 connected_flag = False

+import socket
+socket.setdefaulttimeout(1)
+
 def connect():
    client.on_connect = on_connect
    client.on_disconnect = on_disconnect
    client.on_publish = on_publish
-    client.tls_set()
+    #client.tls_set()
    client.username_pw_set(username=os.getenv("MQTT_USERNAME"), password=os.getenv("MQTT_PASSWORD"))
-    client.connect(os.getenv("MQTT_HOST"), 443, 5)
+    HOSTS = os.getenv("MQTT_HOST").split(",")
+    HOST = random.choice(HOSTS)
+    print(f"Connecting to {HOST}")
+    client.connect(HOST, 8080, 5)
    client.loop_start()
    print("loop started")

@ -68,5 +74,3 @@ def lambda_handler(event, context):
            retain=False
        )
    time.sleep(0.05) # give paho mqtt 100ms to send messages this could be improved on but paho mqtt is a pain to interface with
-    
-
--- a/main.tf
+++ b/main.tf
@ -73,7 +73,19 @@ resource "aws_iam_role_policy" "basic_lambda_role" {
            "Resource": [
                "arn:aws:logs:us-east-1:${data.aws_caller_identity.current.account_id}:log-group:/aws/lambda/*"
            ]
+        },
+        {
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface"
+            ],
+            "Effect": "Allow",
+            "Resource": "*"
        }
+                    
    ]
 }
 EOF
--- a/websockets.tf
+++ b/websockets.tf
@ -343,9 +343,9 @@ resource "aws_ecs_task_definition" "ws_reader_ec2" {
      },
    ]
  )
-  cpu                = "1024"
+  cpu                = "512"
  execution_role_arn = aws_iam_role.ecs_execution.arn
-  memory             = "800"
+  memory             = "400"
  network_mode       = "bridge"
  requires_compatibilities = [
    "EC2",