# Portal Lambda Notes ## Smoke Test ``` { "test_connectivity": "True", "test_config": 0, "test_read_issues": 0, "test_splunk_search": 0, "test_vault_read": 0 } ``` ## MISC Notes read moose port 8089 send to portal port 443 HTTPS need execution role (IAM role needs perms to upload logs to ) policy policy_portal_data_sync_lambda description IAM policy for portal_data_sync_lambda role portal-data-sync-lambda-role description Allows Lambda functions to call AWS services on your behalf. create new lambda test_portal_data_sync VPC Moose vpc-0b455a7f22a13412b subnet-0b1e9d82bcd8c0a2c subnet-0d65c22aa4f76b634 sg-03b225559f97d7a5e CREATE new SG that can only access Access to Moose + portal 8089 -> 10.96.101.59 443 -> ANY portal-data-sync-lambda-sg allow lambda access to Moose sg-0a0974a250be2cf07 vpc -same as portal (test) vpc-075e58bd7619dc5b0 subnet subnet-02575f16e22431ad6 subnet-0662ad00a4fbf3034 Create test for lambda function { "test_read_issues": "True", "test_splunk_search": "True", "test_token": "redacted" } I think the token is for portal? Splunk username & password will be needed to access SH on port 8089 See vault for creds test api-portal-data-sync-lambda M7*P6U9!0uHL3s1blTW* increase timeout to 20 seconds figure out sg for access proxy Terraform terraform apply -target=aws_lambda_function.portal_data_sync -target=aws_iam_policy.policy_portal_data_sync_lambda -target=aws_iam_role_policy_attachment.lambda-role -target=aws_iam_role_policy_attachment.lambda-role -target=aws_cloudwatch_log_group.function -target=aws_security_group.portal_lambda_sg -target=aws_security_group.portal_lambda_splunk_sg -target=aws_security_group_rule.portal_lambda_https -target=aws_security_group_rule.portal_lambda_splunk_in -target=aws_security_group_rule.portal_lambda_splunk_out -target=aws_cloudwatch_event_rule.portal_event_rule -target=aws_cloudwatch_event_target.portal_lambda_cloudwatch_target -target=aws_lambda_permission.allow_cloudwatch_to_call_portal_lambda Vault auth vault write auth/aws/role/portal auth_type=iam bound_iam_principal_arn=arn:aws:iam::527700175026:role/portal-data-sync-lambda-role policies=portal max_ttl=24h vault write auth/aws/role/portal-data-sync-lambda-role auth_type=iam bound_iam_principal_arn=arn:aws:iam::527700175026:role/portal-data-sync-lambda-role policies=portal max_ttl=24h vault write auth/aws/role/portal-data-sync-lambda-role auth_type=iam bound_iam_principal_arn=arn:aws:iam::527700175026:role/portal-data-sync-lambda-role policies=portal max_ttl=24h vault write auth/aws/role/portal-data-sync-lambda-role auth_type=iam bound_iam_principal_arn=arn:aws:iam::477548533976:role/portal-data-sync-lambda-role policies=portal max_ttl=24h