migrate create resources to terraform; add validator as submodule for ease of use & access

Author: AncaGhenade

.gitignore

@@ -60,4 +60,8 @@ src/main/shipment-list-frontend/yarn-error.log*
 
 setup/terraform/terraform.tfstate
 setup/terraform/.terraform.lock.hcl
-setup/terraform/terraform.tfstate.backup
+setup/terraform/terraform.tfstate.backup
+
+# lambda module
+shipment-picture-lambda-validator/target
+shipment-picture-lambda-validator/.idea

README.md

@@ -49,13 +49,15 @@ files, `application-prod.yml`, and  `application-dev.yml`.
 
 ## Running it
 
-### Production simulation
+## Production simulation
 
 Now, we don’t have a real production environment because that’s not the point here, but most likely,
 an application like this runs on a container orchestration platform, and all the necessary configs
 are still provided. Since we’re only simulating a production instance, all the configurations are
 kept in the `application-prod.yml` file.
 
+### User credentials
+
 Before getting started, it's important to note that an IAM user, who's credentials will be used,
 needs to be created with the following policies:
 
@@ -69,18 +71,31 @@ We will be using the user's credentials and export them as temporary environment
 $ export AWS_ACCESS_KEY_ID=[your_aws_access_key_id]
 $ export AWS_SECRET_ACCESS_KEY=[your_aws_secret_access_key_id]
 ```
-Make sure you have Terraform [installed](https://developer.hashicorp.com/terraform/downloads).
+
+### Building the validator module
+
+Step into the `shipment-picture-lambda-validator` module and run `mvn clean package shade:shade`.
+This will create an uber-jar by packaging all its dependencies. We'll need this one in the next step.
+
+### Creating resources - running Terraform
+
+Make sure you have Terraform [installed](https://developer.hashicorp.com/terraform/downloads).If you're 
+not familiar or uncomfortable with Terraform, there's also a branch that uses only AWS cli to create resources.
+
 Under setup/terraform run:
 ```
 $ terraform init
 $ terraform plan
 ```
-once these 2 commands run successfully and no errors occur, it's time to run:
+Once these 2 commands run successfully and no errors occur, it's time to run:
 ```
-$ terraform apply --auto-approve
+$ terraform apply
 ```
 
-This should create the needed S3 bucket, the DynamoDB `shipment` table and populate it with some sample data.
+This should create the needed S3 bucket, the DynamoDB `shipment` table and populate it with some 
+sample data, and the Lambda function that will help with picture validation.
+
+### Running the GUI
 
 Now `cd` into `src/main/shipment-list-frontend` and run `npm install` and `npm start`.
 This will spin up the React app that can be accessed on `localhost:3000`.
@@ -96,31 +111,22 @@ $ mvn spring-boot:run -Dspring-boot.run.profiles=prod
 ```
 Notice the `prod` profile is being set via command line arguments.
 
+### Using the application
+
 At `localhost:3000` you should now be able to see a list of shipments with standard icons,
 that means that only the database is populated, the pictures still need to be added from the
 `sample-pictures` folder.
+
 The weight of a shipment we can perceive, but not the size, that's why we need pictures to understand,
 using the "banana for scale" measuring unit. How else would we know??
 
+Current available actions using the GUI:
 
-The Lambda function is still not up. This falls under the `shipment-list-lambda-validator` project.
-
-```
-$ git clone https://github.com/tinyg210/shipment-list-lambda-validator.git
-```
-
-The `create-lambda.sh` script will do everything that needs for the creation and configuration of
-the
-Lambda. (I know what you're thinking, Terraform will follow.)
-Run `add-notif-config-for-lambda.sh`, but before that remember to edit `notification-config.json`
-with
-your own AWS account ID. This will enable the Lambda to receive notifications every time a picture
-is being
-added to S3.
-
-You should now be able to add a new picture for each shipment. Files that are not pictures will be
-deleted
-and the shipment picture will be replaced with a generic icon.
+- upload a new image
+- delete shipment from the list
+ 
+Files that are not pictures will be deleted
+and the shipment picture will be replaced with a generic icon, because we don't want any trouble.
 
 ### Developer environment
 
@@ -144,19 +150,28 @@ $ tflocal --help
 Usage: terraform [global options] <subcommand> [args]
 ...
 ```
-From here on, it's the same as before:
+From here on, it's smooth sailing, the same as before. You can eve use the same folder to run 
+your commands:
+
 ```
-$ terraform plan
-$ terraform apply --auto-approve
+$ tflocal init
+$ tflocal plan -var 'env=dev'
+$ tflocal apply -var 'env=dev'
 ```
+Well, almost, we're doing a little cheating and passing and environmental variable to let the Lambda
+know this is the `dev` environment.
 
 
-After that, the Spring Boot application needs to start using the dev profile:
+After that, the Spring Boot application needs to start using the dev profile (make sure you're in the 
+root folder):
 
 ```
 $ mvn spring-boot:run -Dspring-boot.run.profiles=dev
 ```
 
-The same actions should be easily achieved again, but locally.
+Go back to `localhost:3000` and a new list will be available, and notice that the functionalities of
+the application have not changed. 
+
+There you have it, smooth transition from AWS to Localstack, with no code change. 👍🏻
 
 

docker-compose.yml

@@ -5,13 +5,10 @@ services:
     image: localstack/localstack
     container_name: localstack
     ports:
-      - "4566:4566" # port of to where localstack can be addressed to
-      - "9000:9000"
+      - "127.0.0.1:4566:4566"            # LocalStack Gateway
+      - "127.0.0.1:4510-4559:4510-4559"  # external services port range
     environment:
-      - SERVICES=s3,dynamodb,lambda # a list of desired services you want to use.
-      - DEFAULT_REGION=eu-central-1 # where the localstack mocks to be running
-      - AWS_ACCESS_KEY_ID=test_access_key
-      - AWS_SECRET_ACCESS_KEY=test_secret_access_key
+      - DEFAULT_REGION=eu-central-1 # where the localstack mocks will be running
       - DATA_DIR=/tmp/localstack/data
       - PORT_WEB_UI=9000
       - LAMBDA_EXECUTOR=local

pom.xml

@@ -80,37 +80,6 @@
           </excludes>
         </configuration>
       </plugin>
-
-<!--            TBD? -->
-      <!--      <plugin>-->
-      <!--        <groupId>org.apache.maven.plugins</groupId>-->
-      <!--        <artifactId>maven-checkstyle-plugin</artifactId>-->
-      <!--        <version>${maven-checkstyle-plugin.version}</version>-->
-      <!--        <dependencies>-->
-      <!--          <dependency>-->
-      <!--            <groupId>com.puppycrawl.tools</groupId>-->
-      <!--            <artifactId>checkstyle</artifactId>-->
-      <!--            <version>${checkstyle.version}</version>-->
-      <!--          </dependency>-->
-      <!--        </dependencies>-->
-      <!--        <configuration>-->
-      <!--          <configLocation>google_checks.xml</configLocation>-->
-      <!--          <encoding>UTF-8</encoding>-->
-      <!--          <consoleOutput>true</consoleOutput>-->
-      <!--          <failsOnError>true</failsOnError>-->
-      <!--          <linkXRef>false</linkXRef>-->
-      <!--          <violationSeverity>warning</violationSeverity>-->
-      <!--        </configuration>-->
-      <!--        <executions>-->
-      <!--          <execution>-->
-      <!--            <id>validate</id>-->
-      <!--            <phase>validate</phase>-->
-      <!--            <goals>-->
-      <!--              <goal>check</goal>-->
-      <!--            </goals>-->
-      <!--          </execution>-->
-      <!--        </executions>-->
-      <!--      </plugin>-->
     </plugins>
   </build>
 </project>

sample-pictures/wrong.txt sample-pictures/wrong-format-file.txtsample-pictures/wrong.txt renamed to sample-pictures/wrong-format-file.txt

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     aws = {
-      source = "hashicorp/aws"
+      source  = "hashicorp/aws"
       version = ">= 4.52.0"
     }
   }
@@ -10,15 +10,18 @@ provider "aws" {
   region = "eu-central-1"
 }
 
-
-resource "aws_s3_bucket" "shipment-list-demo-bucket" {
-  bucket = "shipment-list-demo-bucket"
+resource "aws_s3_bucket" "shipment_picture_bucket" {
+  bucket = "shipment-picture-bucket"
+  force_destroy = true
+  lifecycle {
+    prevent_destroy = false
+  }
 }
 
 
-resource "aws_s3_bucket_acl" "shipment-list-demo-bucket-acl" {
-  bucket = aws_s3_bucket.shipment-list-demo-bucket.id
-  acl = "private"
+resource "aws_s3_bucket_acl" "shipment_picture_bucket_acl" {
+  bucket = aws_s3_bucket.shipment_picture_bucket.id
+  acl    = "private"
 }
 
 resource "aws_dynamodb_table" "shipment" {
@@ -32,18 +35,127 @@ resource "aws_dynamodb_table" "shipment" {
   }
   hash_key = "shipmentId"
   server_side_encryption {
-        enabled = true
-      }
+    enabled = true
+  }
 
-      stream_enabled = true
-      stream_view_type = "NEW_AND_OLD_IMAGES"
+  stream_enabled   = true
+  stream_view_type = "NEW_AND_OLD_IMAGES"
 }
 
-
 resource "aws_dynamodb_table_item" "shipment" {
-  for_each = local.tf_data
+  for_each   = local.tf_data
   table_name = aws_dynamodb_table.shipment.name
   hash_key   = "shipmentId"
-  item = jsonencode(each.value)
+  item       = jsonencode(each.value)
+}
+
+
+resource "aws_s3_bucket" "lambda_code_bucket" {
+  bucket = "shipment-picture-lambda-validator-bucket"
+  force_destroy = true
+  lifecycle {
+    prevent_destroy = false
+  }
+}
+
+resource "aws_s3_bucket_acl" "lambda_code_bucket_acl" {
+  bucket = aws_s3_bucket.lambda_code_bucket.id
+  acl = "private"
+}
+
+resource "aws_s3_bucket_object" "lambda_code" {
+  source = "../../shipment-picture-lambda-validator/target/shipment-picture-lambda-validator-1.0-SNAPSHOT.jar"
+  bucket = aws_s3_bucket.lambda_code_bucket.id
+  key    = "shipment-picture-lambda-validator-1.0-SNAPSHOT.jar"
+}
+
+resource "aws_lambda_function" "shipment_picture_lambda_validator" {
+  function_name = "shipment-picture-lambda-validator"
+  handler       = "dev.ancaghenade.shipmentpicturelambdavalidator.ServiceHandler::handleRequest"
+  runtime       = "java11"
+  role          = aws_iam_role.lambda_exec.arn
+  s3_bucket     = aws_s3_bucket.lambda_code_bucket.id
+  s3_key        = aws_s3_bucket_object.lambda_code.key
+  memory_size   = 512
+  timeout       = 15
+  environment {
+    variables = {
+      ENVIRONMENT = var.env
+    }
+  }
 }
 
+resource "aws_s3_bucket_notification" "demo_bucket_notification" {
+  bucket = aws_s3_bucket.shipment_picture_bucket.id
+  lambda_function {
+    lambda_function_arn = aws_lambda_function.shipment_picture_lambda_validator.arn
+    events              = ["s3:ObjectCreated:*"]
+  }
+}
+
+resource "aws_lambda_permission" "s3_lambda_exec_permission" {
+  statement_id  = "AllowExecutionFromS3Bucket"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.shipment_picture_lambda_validator.function_name
+  principal     = "s3.amazonaws.com"
+  source_arn    = aws_s3_bucket.shipment_picture_bucket.arn
+}
+
+resource "aws_iam_role" "lambda_exec" {
+  name = "lambda_exec_role"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_exec_policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
+  role       = aws_iam_role.lambda_exec.name
+}
+
+resource "aws_iam_role_policy" "lambda_exec_policy" {
+  name = "lambda_exec_policy"
+  role = aws_iam_role.lambda_exec.id
+
+  policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+              "logs:CreateLogGroup",
+              "logs:CreateLogStream",
+              "logs:PutLogEvents"
+            ],
+            "Resource": "arn:aws:logs:*:*:*"
+          },
+          {
+            "Effect": "Allow",
+            "Action": [
+              "s3:GetObject",
+              "s3:PutObject"
+            ],
+            "Resource": [
+              "arn:aws:s3:::shipment-picture-bucket",
+              "arn:aws:s3:::shipment-picture-bucket/*"
+            ]
+          }
+          ]
+          }
+          EOF
+}
+
+

setup/terraform/main.tf

@@ -0,0 +1,5 @@
+variable "env" {
+  type        = string
+  description = "dev env"
+  default = ""
+}

setup/terraform/vars.tf

@@ -5,7 +5,7 @@
 @Getter
 public enum BucketName {
 
-  SHIPMENT_PICTURE("shipment-list-demo-bucket");
+  SHIPMENT_PICTURE("shipment-picture-bucket");
 
   private final String bucketName;