# add sns / sqs terraform { backend "s3" { bucket = "sondehub-terraform" key = "sondehub-main" region = "us-east-1" profile = "sondes" } } provider "aws" { region = "us-east-1" profile = "sondes" } locals { domain_name = "v2.sondehub.org" } data "aws_caller_identity" "current" {} data "aws_iot_endpoint" "endpoint" {} resource "aws_iam_role" "IAMRole" { path = "/" name = "Cognito_sondesAuth_Role" assume_role_policy = < { name = dvo.resource_record_name record = dvo.resource_record_value type = dvo.resource_record_type } } allow_overwrite = true name = each.value.name records = [each.value.record] ttl = 60 type = each.value.type zone_id = aws_route53_zone.Route53HostedZone.zone_id } resource "aws_acm_certificate_validation" "CertificateManagerCertificate" { certificate_arn = aws_acm_certificate.CertificateManagerCertificate.arn validation_record_fqdns = [for record in aws_route53_record.cert_validation : record.fqdn] } resource "aws_route53_record" "Route53RecordSet5" { name = "api" type = "CNAME" ttl = 60 records = [ "${aws_apigatewayv2_domain_name.ApiGatewayV2DomainName.domain_name_configuration.0.target_domain_name}." ] zone_id = aws_route53_zone.Route53HostedZone.zone_id } resource "aws_cognito_user_pool_domain" "main" { domain = "auth.${local.domain_name}" user_pool_id = aws_cognito_user_pool.CognitoUserPool.id certificate_arn = aws_acm_certificate_validation.CertificateManagerCertificate.certificate_arn } resource "aws_route53_record" "Route53RecordSet6" { name = "auth" type = "A" alias { name = "${aws_cognito_user_pool_domain.main.cloudfront_distribution_arn}." zone_id = "Z2FDTNDATAQYW2" evaluate_target_health = false } zone_id = aws_route53_zone.Route53HostedZone.zone_id } resource "aws_route53_record" "Route53RecordSet7" { name = "es" type = "CNAME" ttl = 300 records = [ aws_elasticsearch_domain.ElasticsearchDomain.endpoint ] zone_id = aws_route53_zone.Route53HostedZone.zone_id } data "archive_file" "api_to_iot" { type = "zip" source_file = "sonde-api-to-iot-core/lambda_function.py" output_path = "${path.module}/build/sonde-api-to-iot-core.zip" } data "archive_file" "sign_socket" { type = "zip" source_file = "sign-websocket/lambda_function.py" output_path = "${path.module}/build/sign_socket.zip" } resource "aws_lambda_function" "LambdaFunction" { function_name = "sonde-api-to-iot-core" handler = "lambda_function.lambda_handler" filename = "${path.module}/build/sonde-api-to-iot-core.zip" source_code_hash = data.archive_file.api_to_iot.output_base64sha256 publish = true memory_size = 256 role = aws_iam_role.IAMRole5.arn runtime = "python3.7" timeout = 10 tracing_config { mode = "Active" } environment { variables = { "IOT_ENDPOINT" = data.aws_iot_endpoint.endpoint.endpoint_address } } layers = [ "arn:aws:lambda:us-east-1:${data.aws_caller_identity.current.account_id}:layer:xray-python:1", "arn:aws:lambda:us-east-1:${data.aws_caller_identity.current.account_id}:layer:iot:3" ] } resource "aws_lambda_function" "sign_socket" { function_name = "sign-websocket" handler = "lambda_function.lambda_handler" filename = "${path.module}/build/sign_socket.zip" source_code_hash = data.archive_file.sign_socket.output_base64sha256 publish = true memory_size = 128 role = aws_iam_role.sign_socket.arn runtime = "python3.7" timeout = 10 tracing_config { mode = "Active" } environment { variables = { "IOT_ENDPOINT" = data.aws_iot_endpoint.endpoint.endpoint_address } } layers = [ "arn:aws:lambda:us-east-1:${data.aws_caller_identity.current.account_id}:layer:xray-python:1", "arn:aws:lambda:us-east-1:${data.aws_caller_identity.current.account_id}:layer:iot:3" ] } resource "aws_lambda_permission" "sign_socket" { action = "lambda:InvokeFunction" function_name = aws_lambda_function.sign_socket.arn principal = "apigateway.amazonaws.com" source_arn = "arn:aws:execute-api:us-east-1:${data.aws_caller_identity.current.account_id}:r03szwwq41/*/*/sondes/websocket" } resource "aws_lambda_permission" "LambdaPermission2" { action = "lambda:InvokeFunction" function_name = aws_lambda_function.LambdaFunction.arn principal = "apigateway.amazonaws.com" source_arn = "arn:aws:execute-api:us-east-1:${data.aws_caller_identity.current.account_id}:r03szwwq41/*/*/sondes/telemetry" } resource "aws_lambda_layer_version" "LambdaLayerVersion2" { compatible_runtimes = [ "python3.8" ] layer_name = "iot" s3_bucket = "sondehub-lambda-layers" s3_key = "iot.zip" source_code_hash = "sHyE9vXk+BzFphPe8evfiL79fcxsSEYVfpbTVi2IwH0=" } resource "aws_lambda_layer_version" "LambdaLayerVersion4" { compatible_runtimes = [ "python3.8" ] layer_name = "xray-python" s3_bucket = "sondehub-lambda-layers" s3_key = "xray-python.zip" source_code_hash = "ta4o2brS2ZRAeWhZjqrm6MhOc3RlYNgkOuD4dxSonEc=" } resource "aws_s3_bucket" "S3Bucket" { bucket = "sondehub-lambda-layers" } resource "aws_cloudwatch_log_group" "LogsLogGroup" { name = "/aws/lambda/sonde-api-to-iot-core" } resource "aws_apigatewayv2_api" "ApiGatewayV2Api" { name = "sondehub-v2" disable_execute_api_endpoint = true api_key_selection_expression = "$request.header.x-api-key" protocol_type = "HTTP" route_selection_expression = "$request.method $request.path" } resource "aws_apigatewayv2_stage" "ApiGatewayV2Stage" { name = "$default" api_id = aws_apigatewayv2_api.ApiGatewayV2Api.id default_route_settings { detailed_metrics_enabled = false } auto_deploy = true lifecycle { ignore_changes = ["deployment_id"] } } resource "aws_apigatewayv2_stage" "ApiGatewayV2Stage2" { name = "prod" api_id = aws_apigatewayv2_api.ApiGatewayV2Api.id deployment_id = aws_apigatewayv2_deployment.ApiGatewayV2Deployment4.id default_route_settings { detailed_metrics_enabled = false } } resource "aws_apigatewayv2_deployment" "ApiGatewayV2Deployment3" { api_id = aws_apigatewayv2_api.ApiGatewayV2Api.id } resource "aws_apigatewayv2_deployment" "ApiGatewayV2Deployment4" { api_id = aws_apigatewayv2_api.ApiGatewayV2Api.id } resource "aws_apigatewayv2_route" "ApiGatewayV2Route" { api_id = aws_apigatewayv2_api.ApiGatewayV2Api.id api_key_required = false authorization_type = "NONE" route_key = "PUT /sondes/telemetry" target = "integrations/${aws_apigatewayv2_integration.ApiGatewayV2Integration.id}" } resource "aws_apigatewayv2_route" "sign_socket" { api_id = aws_apigatewayv2_api.ApiGatewayV2Api.id api_key_required = false authorization_type = "NONE" route_key = "GET /sondes/websocket" target = "integrations/${aws_apigatewayv2_integration.sign_socket.id}" } resource "aws_apigatewayv2_integration" "sign_socket" { api_id = aws_apigatewayv2_api.ApiGatewayV2Api.id connection_type = "INTERNET" integration_method = "POST" integration_type = "AWS_PROXY" integration_uri = aws_lambda_function.sign_socket.arn timeout_milliseconds = 30000 payload_format_version = "2.0" } resource "aws_apigatewayv2_integration" "ApiGatewayV2Integration" { api_id = aws_apigatewayv2_api.ApiGatewayV2Api.id connection_type = "INTERNET" integration_method = "POST" integration_type = "AWS_PROXY" integration_uri = aws_lambda_function.LambdaFunction.arn timeout_milliseconds = 30000 payload_format_version = "2.0" } resource "aws_apigatewayv2_api_mapping" "ApiGatewayV2ApiMapping" { api_id = aws_apigatewayv2_api.ApiGatewayV2Api.id domain_name = aws_apigatewayv2_domain_name.ApiGatewayV2DomainName.id stage = "$default" api_mapping_key = "" } resource "aws_apigatewayv2_domain_name" "ApiGatewayV2DomainName" { domain_name = "api.${local.domain_name}" domain_name_configuration { certificate_arn = aws_acm_certificate_validation.CertificateManagerCertificate.certificate_arn endpoint_type = "REGIONAL" security_policy = "TLS_1_2" } } resource "aws_acm_certificate" "CertificateManagerCertificate" { domain_name = local.domain_name subject_alternative_names = [ "*.${local.domain_name}" ] validation_method = "DNS" } resource "aws_elasticsearch_domain" "ElasticsearchDomain" { domain_name = "sondes-v2" elasticsearch_version = "7.9" cluster_config { dedicated_master_count = 3 dedicated_master_enabled = false dedicated_master_type = "t3.small.elasticsearch" instance_count = 2 instance_type = "m5.large.elasticsearch" zone_awareness_enabled = true } cognito_options { enabled = true identity_pool_id = aws_cognito_identity_pool.CognitoIdentityPool.id role_arn = aws_iam_role.IAMRole3.arn user_pool_id = aws_cognito_user_pool.CognitoUserPool.id } access_policies = <