Update config

danielbreves · Aug 17, 2023 · 39a5843 · 39a5843
1 parent 52be4d7
commit 39a5843
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 9 deletions.
diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
@@ -6,6 +6,10 @@ on:
   pull_request:
     branches: ["terraform"]
 
+concurrency:
+  group: ${{ github.ref }}
+  cancel-in-progress: true
+
 # These permissions are needed to interact with GitHub's OIDC Token endpoint.
 jobs:
   build:
@@ -36,4 +40,13 @@ jobs:
       # Build inside Docker containers
       - run: sam build --use-container
       # Prevent prompts and failure when the stack is unchanged
-      - run: sam deploy --no-confirm-changeset --no-fail-on-empty-changeset --image-repository ${{ vars.AWS_ECR_REPO }} --stack-name fastapi-backend-lambda
+      - run: >
+        sam deploy
+        --no-confirm-changeset
+        --no-fail-on-empty-changeset
+        --image-repository ${{ vars.AWS_ECR_REPO }}
+        --stack-name fastapi-backend-lambda
+        --parameter-overrides
+          SecretKeyArn=${{ vars.SECRET_ARN }}
+          DBPwdArn=${{ vars.DB_PASSWORD_ARN }}
+          DBEndpoint=${{ vars.DB_ENDPOINT }}
diff --git a/backend/app/core/config.py b/backend/app/core/config.py
@@ -6,11 +6,16 @@
 
 PROJECT_NAME = "fastapi-react-project"
 
-DATABASE_URL: URL = os.getenv("DATABASE_URL")
-SECRET_KEY: str = os.getenv("SECRET_KEY")
-TEST_USERNAME: str = os.getenv("TEST_USERNAME")
-TEST_PASSWORD: str = os.getenv("TEST_PASSWORD")
-CORS_ORIGINS: str = os.getenv("CORS_ORIGINS")
+_db_username = os.environ.get("DB_USER")
+_db_password = os.environ.get("DB_PASSWORD")
+_db_endpoint = os.environ.get("DB_ENDPOINT")
+_db_name = os.environ.get("DB_NAME")
 
+# Assemble the PostgreSQL URL
+DATABASE_URL: URL = f"postgresql://{_db_username}:{_db_password}@{_db_endpoint}/{_db_name}"
+SECRET_KEY: str = os.environ.get("SECRET_KEY")
+TEST_USERNAME: str = os.environ.get("TEST_USERNAME")
+TEST_PASSWORD: str = os.environ.get("TEST_PASSWORD")
+CORS_ORIGINS: str = os.environ.get("CORS_ORIGINS")
 
 API_V1_STR = "/api/v1"
diff --git a/backend/template.yaml b/backend/template.yaml
@@ -10,10 +10,30 @@ Globals:
   Function:
     Timeout: 3
     MemorySize: 128
-
     Tracing: Active
   Api:
     TracingEnabled: true
+Parameters:
+  SecretKeyArn:
+    Type: String
+    Default: example
+    Description: ARN for the secret in SM
+  DBUser:
+    Type: String
+    Default: postgres
+    Description: DB username
+  DBPwdArn:
+    Type: String
+    Default: example
+    Description: ARN for the DB pwd in SM
+  DBEndpoint:
+    Type: String
+    Default: example
+    Description: DB address:port
+  DBName:
+    Type: String
+    Default: fastapi-db
+    Description: DB name
 Resources:
   FastApiFunction:
     Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
@@ -23,6 +43,20 @@ Resources:
         Lambda function running a FastApiBackend
       PackageType: Image
       Timeout: 300
+      Environment:
+        Variables:
+          CORS_ORIGINS: ""
+          DB_USER: !Ref DBUser
+          DB_ENDPOINT: !Ref DBEndpoint
+          DB_NAME: !Ref DBName
+      Layers:
+        - arn:aws:lambda:ap-southeast-2:665172237481:layer:AWS-Parameters-and-Secrets-Lambda-Extension:11 # See https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html
+      Policies:
+        - AWSSecretsManagerGetSecretValuePolicy:
+          SecretArn: !Ref SecretKeyArn # AWS-Parameters-and-Secrets-Lambda-Extension Layer will make this an env var
+        - AWSSecretsManagerGetSecretValuePolicy:
+          SecretArn: !Ref DBPwdArn # AWS-Parameters-and-Secrets-Lambda-Extension Layer will make this an env var
+
       Events:
         HttpApiEvent:
           Type: HttpApi
@@ -53,7 +87,7 @@ Outputs:
   # Find out more about other implicit resources you can reference within SAM
   # https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
   FastApiFunctionUrl:
-    Description: "API Gateway endpoint URL for Prod stage for Hello World function"
+    Description: "API Gateway endpoint URL"
     Value: !Sub "https://${ServerlessHttpApi}.execute-api.${AWS::Region}.amazonaws.com"
   FastApiFunctionArn:
     Description: FastApi Lambda Function ARN

diff --git a/terraform/main.tf b/terraform/main.tf
@@ -49,11 +49,12 @@ resource "aws_ecr_lifecycle_policy" "ecr_repository_policy" {
 
 resource "aws_db_instance" "fastapi-db" {
   allocated_storage           = 5
-  db_name                     = "fastapi-db"
+  db_name                     = "fastapidb"
   engine                      = "postgres"
   engine_version              = "15.3"
   instance_class              = "db.t3.micro"
   manage_master_user_password = true
   username                    = "postgres"
   parameter_group_name        = "default.postgres15"
+  final_snapshot_identifier   = "final-snapshot"
 }
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
@@ -1,3 +1,11 @@
 output "ecr_repository_url" {
   value = aws_ecr_repository.ecr_repository.repository_url
+}
+
+output "db_endpoint" {
+  value = aws_db_instance.fastapi-db.endpoint
+}
+
+output "db_master_user_secret" {
+  value = aws_db_instance.fastapi-db.master_user_secret
 }