From 39a58434e64381fd03ac3028b26b0698e98116a9 Mon Sep 17 00:00:00 2001 From: Daniel Ribeiro Date: Thu, 17 Aug 2023 22:35:43 +1000 Subject: [PATCH] Update config --- .github/workflows/pipeline.yml | 15 +++++++++++++- backend/app/core/config.py | 15 +++++++++----- backend/template.yaml | 38 ++++++++++++++++++++++++++++++++-- terraform/main.tf | 3 ++- terraform/outputs.tf | 8 +++++++ 5 files changed, 70 insertions(+), 9 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 4ed59bb..2093805 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -6,6 +6,10 @@ on: pull_request: branches: ["terraform"] +concurrency: + group: ${{ github.ref }} + cancel-in-progress: true + # These permissions are needed to interact with GitHub's OIDC Token endpoint. jobs: build: @@ -36,4 +40,13 @@ jobs: # Build inside Docker containers - run: sam build --use-container # Prevent prompts and failure when the stack is unchanged - - run: sam deploy --no-confirm-changeset --no-fail-on-empty-changeset --image-repository ${{ vars.AWS_ECR_REPO }} --stack-name fastapi-backend-lambda + - run: > + sam deploy + --no-confirm-changeset + --no-fail-on-empty-changeset + --image-repository ${{ vars.AWS_ECR_REPO }} + --stack-name fastapi-backend-lambda + --parameter-overrides + SecretKeyArn=${{ vars.SECRET_ARN }} + DBPwdArn=${{ vars.DB_PASSWORD_ARN }} + DBEndpoint=${{ vars.DB_ENDPOINT }} \ No newline at end of file diff --git a/backend/app/core/config.py b/backend/app/core/config.py index ec0b794..f30f911 100644 --- a/backend/app/core/config.py +++ b/backend/app/core/config.py @@ -6,11 +6,16 @@ PROJECT_NAME = "fastapi-react-project" -DATABASE_URL: URL = os.getenv("DATABASE_URL") -SECRET_KEY: str = os.getenv("SECRET_KEY") -TEST_USERNAME: str = os.getenv("TEST_USERNAME") -TEST_PASSWORD: str = os.getenv("TEST_PASSWORD") -CORS_ORIGINS: str = os.getenv("CORS_ORIGINS") +_db_username = os.environ.get("DB_USER") +_db_password = os.environ.get("DB_PASSWORD") +_db_endpoint = os.environ.get("DB_ENDPOINT") +_db_name = os.environ.get("DB_NAME") +# Assemble the PostgreSQL URL +DATABASE_URL: URL = f"postgresql://{_db_username}:{_db_password}@{_db_endpoint}/{_db_name}" +SECRET_KEY: str = os.environ.get("SECRET_KEY") +TEST_USERNAME: str = os.environ.get("TEST_USERNAME") +TEST_PASSWORD: str = os.environ.get("TEST_PASSWORD") +CORS_ORIGINS: str = os.environ.get("CORS_ORIGINS") API_V1_STR = "/api/v1" diff --git a/backend/template.yaml b/backend/template.yaml index 2195e08..b8c52f7 100644 --- a/backend/template.yaml +++ b/backend/template.yaml @@ -10,10 +10,30 @@ Globals: Function: Timeout: 3 MemorySize: 128 - Tracing: Active Api: TracingEnabled: true +Parameters: + SecretKeyArn: + Type: String + Default: example + Description: ARN for the secret in SM + DBUser: + Type: String + Default: postgres + Description: DB username + DBPwdArn: + Type: String + Default: example + Description: ARN for the DB pwd in SM + DBEndpoint: + Type: String + Default: example + Description: DB address:port + DBName: + Type: String + Default: fastapi-db + Description: DB name Resources: FastApiFunction: Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction @@ -23,6 +43,20 @@ Resources: Lambda function running a FastApiBackend PackageType: Image Timeout: 300 + Environment: + Variables: + CORS_ORIGINS: "" + DB_USER: !Ref DBUser + DB_ENDPOINT: !Ref DBEndpoint + DB_NAME: !Ref DBName + Layers: + - arn:aws:lambda:ap-southeast-2:665172237481:layer:AWS-Parameters-and-Secrets-Lambda-Extension:11 # See https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html + Policies: + - AWSSecretsManagerGetSecretValuePolicy: + SecretArn: !Ref SecretKeyArn # AWS-Parameters-and-Secrets-Lambda-Extension Layer will make this an env var + - AWSSecretsManagerGetSecretValuePolicy: + SecretArn: !Ref DBPwdArn # AWS-Parameters-and-Secrets-Lambda-Extension Layer will make this an env var + Events: HttpApiEvent: Type: HttpApi @@ -53,7 +87,7 @@ Outputs: # Find out more about other implicit resources you can reference within SAM # https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api FastApiFunctionUrl: - Description: "API Gateway endpoint URL for Prod stage for Hello World function" + Description: "API Gateway endpoint URL" Value: !Sub "https://${ServerlessHttpApi}.execute-api.${AWS::Region}.amazonaws.com" FastApiFunctionArn: Description: FastApi Lambda Function ARN diff --git a/terraform/main.tf b/terraform/main.tf index 5ed125f..a39efd3 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -49,11 +49,12 @@ resource "aws_ecr_lifecycle_policy" "ecr_repository_policy" { resource "aws_db_instance" "fastapi-db" { allocated_storage = 5 - db_name = "fastapi-db" + db_name = "fastapidb" engine = "postgres" engine_version = "15.3" instance_class = "db.t3.micro" manage_master_user_password = true username = "postgres" parameter_group_name = "default.postgres15" + final_snapshot_identifier = "final-snapshot" } diff --git a/terraform/outputs.tf b/terraform/outputs.tf index 73caeec..831ed7c 100644 --- a/terraform/outputs.tf +++ b/terraform/outputs.tf @@ -1,3 +1,11 @@ output "ecr_repository_url" { value = aws_ecr_repository.ecr_repository.repository_url +} + +output "db_endpoint" { + value = aws_db_instance.fastapi-db.endpoint +} + +output "db_master_user_secret" { + value = aws_db_instance.fastapi-db.master_user_secret } \ No newline at end of file