Portal Lamba Notes.md 2.7 KB
Portal Lambda Notes
Smoke Test
{
"test_connectivity": "True",
"test_config": 0,
"test_read_issues": 0,
"test_splunk_search": 0,
"test_vault_read": 0
}
MISC Notes
read moose port 8089 send to portal port 443 HTTPS
need execution role (IAM role needs perms to upload logs to ) policy policy_portal_data_sync_lambda description IAM policy for portal_data_sync_lambda
role portal-data-sync-lambda-role description Allows Lambda functions to call AWS services on your behalf.
create new lambda test_portal_data_sync
VPC Moose
vpc-0b455a7f22
subnet-0b1e9d82bc
subnet-0d65c22aa4
sg-03b225559f
CREATE new SG that can only access
Access to Moose + portal 8089 -> 10.96.101.59 443 -> ANY
portal-data-sync-lambda-sg allow lambda access to Moose
sg-0a0974a250
vpc -same as portal (test)
vpc-075e58bd76
subnet
subnet-02575f16e2
subnet-0662ad00a4
Create test for lambda function { "test_read_issues": "True", "test_splunk_search": "True", "test_token": "redacted" }
I think the token is for portal?
Splunk username & password will be needed to access SH on port 8089 See vault for creds test api-portal-data-sync-lambda M7P6U9!0uHL3s1blTW
increase timeout to 20 seconds figure out sg for access proxy
Terraform terraform apply -target=aws_lambda_function.portal_data_sync -target=aws_iam_policy.policy_portal_data_sync_lambda -target=aws_iam_role_policy_attachment.lambda-role -target=aws_iam_role_policy_attachment.lambda-role -target=aws_cloudwatch_log_group.function -target=aws_security_group.portal_lambda_sg -target=aws_security_group.portal_lambda_splunk_sg -target=aws_security_group_rule.portal_lambda_https -target=aws_security_group_rule.portal_lambda_splunk_in -target=aws_security_group_rule.portal_lambda_splunk_out -target=aws_cloudwatch_event_rule.portal_event_rule -target=aws_cloudwatch_event_target.portal_lambda_cloudwatch_target -target=aws_lambda_permission.allow_cloudwatch_to_call_portal_lambda
Vault auth vault write auth/aws/role/portal auth_type=iam bound_iam_principal_arn=arn:aws:iam::527700175026:role/portal-data-sync-lambda-role policies=portal max_ttl=24h vault write auth/aws/role/portal-data-sync-lambda-role auth_type=iam bound_iam_principal_arn=arn:aws:iam::527700175026:role/portal-data-sync-lambda-role policies=portal max_ttl=24h
vault write auth/aws/role/portal-data-sync-lambda-role auth_type=iam bound_iam_principal_arn=arn:aws:iam::527700175026:role/portal-data-sync-lambda-role policies=portal max_ttl=24h
vault write auth/aws/role/portal-data-sync-lambda-role auth_type=iam bound_iam_principal_arn=arn:aws:iam::477548533976:role/portal-data-sync-lambda-role policies=portal max_ttl=24h