diff --git a/.github/workflows/terraspace.yml b/.github/workflows/terraspace.yml index 08e8a1f..995c075 100644 --- a/.github/workflows/terraspace.yml +++ b/.github/workflows/terraspace.yml @@ -102,6 +102,10 @@ jobs: run: | yarn --non-interactive install + - name: Run Post Deploy Mods setup + run: | + sh app/stacks/post-deploy-mods/resources/lambdas/pre-filter-DistributionApiEndpoints/zip_lambda.sh + - name: Plan Cumulus if: ${{ !inputs.deploy }} run: | diff --git a/app/stacks/post-deploy-mods/main.tf b/app/stacks/post-deploy-mods/main.tf index 18f7d42..205bf50 100644 --- a/app/stacks/post-deploy-mods/main.tf +++ b/app/stacks/post-deploy-mods/main.tf @@ -6,7 +6,7 @@ resource "aws_lambda_function" "pre_filter_DistApiEndpoints" { function_name = "${var.prefix}-pre-filter-DistApiEndpoints" filename = "${path.module}/resources/lambdas/pre-filter-DistributionApiEndpoints/distro/lambda.zip" role = aws_iam_role.lambda_exec_pre_filter_DistApiEndpoints.arn - handler = "index.preFilterDistApiEndpoints" + handler = "lambda_function.lambda_handler" #"index.preFilterDistApiEndpoints" runtime = "python3.10" #local.lambda_runtime timeout = 300 memory_size = 3008 @@ -37,6 +37,10 @@ resource "aws_iam_role" "lambda_exec_pre_filter_DistApiEndpoints" { }, ] }) + + # lifecycle { + # prevent_destroy = true + # } } # Define an attachment to the aws_iam_role above @@ -70,6 +74,12 @@ resource "aws_iam_role_policy_attachment" "lambda_invoke_policy_attachment" { policy_arn = aws_iam_policy.lambda_invoke_policy.arn } +# Attach an AWS managed Policy for DynamoDB Read Only access +resource "aws_iam_role_policy_attachment" "dynamodb_readonly_policy" { + role = aws_iam_role.lambda_exec_pre_filter_DistApiEndpoints.name + policy_arn = "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess" +} + # Fetch existing API Gateway data "aws_api_gateway_rest_api" "distribution_api" { name = "${var.prefix}-distribution" # Example "cumulus-uat-distribution" @@ -122,3 +132,18 @@ resource "aws_lambda_permission" "api_gateway" { principal = "apigateway.amazonaws.com" source_arn = "${data.aws_api_gateway_rest_api.distribution_api.execution_arn}/*/*" } + +# Ensure the API Gateway redeploys after the update +resource "aws_api_gateway_deployment" "api_deployment" { + depends_on = [aws_api_gateway_integration.proxy_lambda_integration] + + rest_api_id = data.aws_api_gateway_rest_api.distribution_api.id + stage_name = "dev" # The existing cumulus deployment for this API Gateway Stage is always called dev (in all environments) + + triggers = { + redeployment = sha1(jsonencode({ + lambda_version = aws_lambda_function.pre_filter_DistApiEndpoints.source_code_hash + integration_uri = aws_api_gateway_integration.proxy_lambda_integration.uri + })) + } +} diff --git a/app/stacks/post-deploy-mods/resources/lambdas/pre-filter-DistributionApiEndpoints/src/lambda_function.py b/app/stacks/post-deploy-mods/resources/lambdas/pre-filter-DistributionApiEndpoints/src/lambda_function.py index 24f9ce8..844e8c2 100644 --- a/app/stacks/post-deploy-mods/resources/lambdas/pre-filter-DistributionApiEndpoints/src/lambda_function.py +++ b/app/stacks/post-deploy-mods/resources/lambdas/pre-filter-DistributionApiEndpoints/src/lambda_function.py @@ -7,6 +7,7 @@ # To call another lambda, from this lambda import boto3 +# This Value should represent the Cumulus Prefix: ENV_VAR__CUMULUS_PREFIX # SETTINGS # diff --git a/scripts/package.json b/scripts/package.json index cd8c24e..d86acf1 100644 --- a/scripts/package.json +++ b/scripts/package.json @@ -10,7 +10,8 @@ "clean:all": "yarn clean:build && yarn clean:dependencies", "generate-test-granule-files": "yarn build && cd .. && node scripts/build/generate-test-granule-files.js", "rerun-step-function": "yarn build && cd .. && node scripts/build/rerun-step-function.js", - "terraform-doctor": "yarn build && cd .. && node scripts/build/terraform-doctor.js" + "terraform-doctor": "yarn build && cd .. && node scripts/build/terraform-doctor.js", + "post-deploy-mods": "sh app/stacks/post-deploy-mods/resources/lambdas/pre-filter-DistributionApiEndpoints/zip_lambda.sh" }, "devDependencies": { "@types/uuid": "^9.0.7", diff --git a/scripts/src/post-deploy-mods.sh b/scripts/src/post-deploy-mods.sh new file mode 100644 index 0000000..e2881f9 --- /dev/null +++ b/scripts/src/post-deploy-mods.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +echo "" +echo "post-deploy-mods.sh: STARTED" + +# About to call zip lambdas +ZIP_LAMBDAS_PATH="app/stacks/post-deploy-mods/resources/lambdas/pre-filter-DistributionApiEndpoints/zip_lambda.sh" +echo "post-deploy-mods.sh: About to call zip_lambda.sh at path: $ZIP_LAMBDAS_PATH" +sh "$ZIP_LAMBDAS_PATH" + +echo "post-deploy-mods.sh: ENDED" +echo ""