|
|
@@ -1,18 +1,29 @@
|
|
|
+locals {
|
|
|
+ environment_vars = {
|
|
|
+ "HTTP_PROXY" = "http://${var.proxy}"
|
|
|
+ "HTTPS_PROXY" = "http://${var.proxy}"
|
|
|
+ "NO_PROXY" = "${var.dns_info["legacy_private"]["zone"]},${var.dns_info["private"]["zone"]}"
|
|
|
+ "VAULT_HOST" = "vault.${var.dns_info["private"]["zone"]}"
|
|
|
+ "VAULT_PATH" = "portal/data/lambda_sync_env"
|
|
|
+ "VERIFY_PORTAL_SSL" = "0"
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
data "aws_iam_policy_document" "policy_portal_data_sync_lambda" {
|
|
|
- statement {
|
|
|
- effect = "Allow"
|
|
|
- actions = [
|
|
|
- "ec2:CreateNetworkInterface",
|
|
|
- "logs:CreateLogStream",
|
|
|
- "ec2:DescribeNetworkInterfaces",
|
|
|
- "logs:DescribeLogStreams",
|
|
|
- "ec2:DeleteNetworkInterface",
|
|
|
- "logs:PutRetentionPolicy",
|
|
|
- "logs:CreateLogGroup",
|
|
|
- "logs:PutLogEvents"
|
|
|
- ]
|
|
|
- resources = ["*"]
|
|
|
- }
|
|
|
+ statement {
|
|
|
+ effect = "Allow"
|
|
|
+ actions = [
|
|
|
+ "ec2:CreateNetworkInterface",
|
|
|
+ "logs:CreateLogStream",
|
|
|
+ "ec2:DescribeNetworkInterfaces",
|
|
|
+ "logs:DescribeLogStreams",
|
|
|
+ "ec2:DeleteNetworkInterface",
|
|
|
+ "logs:PutRetentionPolicy",
|
|
|
+ "logs:CreateLogGroup",
|
|
|
+ "logs:PutLogEvents"
|
|
|
+ ]
|
|
|
+ resources = ["*"]
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
resource "aws_iam_policy" "policy_portal_data_sync_lambda" {
|
|
|
@@ -87,38 +98,20 @@ resource "aws_security_group_rule" "portal_lambda_splunk_in" {
|
|
|
# Env variables for bootstrap only; true secrets should be in vault
|
|
|
resource "aws_lambda_function" "portal_data_sync" {
|
|
|
description = "Sync data between Splunk and Portal"
|
|
|
- filename = "code.zip"
|
|
|
- source_code_hash = filebase64sha256("code.zip")
|
|
|
- function_name = "portal_data_sync"
|
|
|
- role = aws_iam_role.portal-lambda-role.arn
|
|
|
- handler = "lambda_function.lambda_handler"
|
|
|
- runtime = "python3.7"
|
|
|
- timeout = "600"
|
|
|
- vpc_config {
|
|
|
- subnet_ids = var.subnets
|
|
|
- security_group_ids = [ data.aws_security_group.typical-host.id, aws_security_group.portal_lambda_splunk_sg.id ]
|
|
|
- }
|
|
|
- environment {
|
|
|
- variables = {
|
|
|
- "CUSTOMER_1_NAME" = "AFS"
|
|
|
- "CUSTOMER_2_NAME" = "NGA"
|
|
|
- "CUSTOMER_3_NAME" = "MOOSE"
|
|
|
- "CUSTOMER_5_NAME" = "MA_COVID"
|
|
|
- "CUSTOMER_6_NAME" = "LA_COVID"
|
|
|
- "CUSTOMER_7_NAME" = "DC_COVID"
|
|
|
- "CUSTOMER_8_NAME" = "NIH"
|
|
|
- "CUSTOMER_9_NAME" = "BAS"
|
|
|
- "CUSTOMER_10_NAME" = "FRTIB"
|
|
|
- "CUSTOMER_11_NAME" = "DOED"
|
|
|
- "CUSTOMER_12_NAME" = "CA_COVID"
|
|
|
- "HTTP_PROXY" = "http://${var.proxy}"
|
|
|
- "HTTPS_PROXY" = "http://${var.proxy}"
|
|
|
- "NO_PROXY" = "${var.dns_info["legacy_private"]["zone"]},${var.dns_info["private"]["zone"]}"
|
|
|
- "VAULT_HOST" = "vault.${var.dns_info["private"]["zone"]}"
|
|
|
- "VAULT_PATH" = "portal/data/lambda_sync_env"
|
|
|
- "VERIFY_PORTAL_SSL" = "0"
|
|
|
- }
|
|
|
- }
|
|
|
+ filename = "code.zip"
|
|
|
+ source_code_hash = filebase64sha256("code.zip")
|
|
|
+ function_name = "portal_data_sync"
|
|
|
+ role = aws_iam_role.portal-lambda-role.arn
|
|
|
+ handler = "lambda_function.lambda_handler"
|
|
|
+ runtime = "python3.7"
|
|
|
+ timeout = "720"
|
|
|
+ vpc_config {
|
|
|
+ subnet_ids = var.subnets
|
|
|
+ security_group_ids = [ data.aws_security_group.typical-host.id, aws_security_group.portal_lambda_splunk_sg.id ]
|
|
|
+ }
|
|
|
+ environment {
|
|
|
+ variables = merge(var.customer_vars, local.environment_vars)
|
|
|
+ }
|
|
|
tags = merge(var.standard_tags, var.tags)
|
|
|
|
|
|
lifecycle {
|
Brad Poulton