mirror of
https://github.com/Telecominfraproject/wlan-toolsmith.git
synced 2025-11-03 20:38:07 +00:00
[WIFI-10659] Create alert for new content in coredumps s3 bucket (#217)
* Add lifecycle config to coredump S3 bucket Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Add required resources to create S3 event notification and Lambda function Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Add handler argument Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Fix Terraform format Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org>
This commit is contained in:
Johann Hoffmann
2
terraform/wifi-289708231103/core-dumps-s3/.sops.yaml
Normal file
2
terraform/wifi-289708231103/core-dumps-s3/.sops.yaml
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
creation_rules:
|
||||||
|
- kms: 'arn:aws:kms:us-east-2:289708231103:alias/helm-secrets'
|
||||||
@@ -12,6 +12,13 @@ terraform {
|
|||||||
dynamodb_table = "terraform-state-lock"
|
dynamodb_table = "terraform-state-lock"
|
||||||
encrypt = true
|
encrypt = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
required_providers {
|
||||||
|
sops = {
|
||||||
|
source = "carlpett/sops"
|
||||||
|
version = "~> 0.5"
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
@@ -20,11 +27,81 @@ locals {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
data "sops_file" "secrets" {
|
||||||
|
source_file = "secrets.enc.json"
|
||||||
|
}
|
||||||
|
|
||||||
resource "aws_s3_bucket" "openwifi-core-dumps" {
|
resource "aws_s3_bucket" "openwifi-core-dumps" {
|
||||||
bucket = "openwifi-core-dumps"
|
bucket = "openwifi-core-dumps"
|
||||||
tags = local.common_tags
|
tags = local.common_tags
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "aws_s3_bucket_lifecycle_configuration" "openwifi-core-dumps" {
|
||||||
|
bucket = aws_s3_bucket.openwifi-core-dumps.id
|
||||||
|
|
||||||
|
rule {
|
||||||
|
id = "core-dumps-retention"
|
||||||
|
filter {}
|
||||||
|
status = "Enabled"
|
||||||
|
|
||||||
|
expiration {
|
||||||
|
days = 14
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_s3_bucket_notification" "s3_eventnotification_slack" {
|
||||||
|
bucket = aws_s3_bucket.openwifi-core-dumps.id
|
||||||
|
|
||||||
|
lambda_function {
|
||||||
|
lambda_function_arn = aws_lambda_function.s3_eventnotification_slack.arn
|
||||||
|
events = ["s3:ObjectCreated:Put"]
|
||||||
|
}
|
||||||
|
|
||||||
|
depends_on = [aws_lambda_permission.s3_eventnotification_slack]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_role" "s3_eventnotification_slack" {
|
||||||
|
name = "s3_eventnotification_slack"
|
||||||
|
|
||||||
|
assume_role_policy = <<EOF
|
||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [
|
||||||
|
{
|
||||||
|
"Action": "sts:AssumeRole",
|
||||||
|
"Principal": {
|
||||||
|
"Service": "lambda.amazonaws.com"
|
||||||
|
},
|
||||||
|
"Effect": "Allow"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_lambda_permission" "s3_eventnotification_slack" {
|
||||||
|
statement_id = "AllowExecutionFromS3Bucket"
|
||||||
|
action = "lambda:InvokeFunction"
|
||||||
|
function_name = aws_lambda_function.s3_eventnotification_slack.arn
|
||||||
|
principal = "s3.amazonaws.com"
|
||||||
|
source_arn = aws_s3_bucket.openwifi-core-dumps.arn
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_lambda_function" "s3_eventnotification_slack" {
|
||||||
|
filename = "s3_eventnotification_slack.zip"
|
||||||
|
function_name = "s3_eventnotification_slack"
|
||||||
|
handler = "s3_eventnotification_slack.lambda_handler"
|
||||||
|
role = aws_iam_role.s3_eventnotification_slack.arn
|
||||||
|
runtime = "python3.9"
|
||||||
|
|
||||||
|
environment {
|
||||||
|
variables = {
|
||||||
|
SLACK_WEBHOOK_URL = data.sops_file.secrets.data["slack_webhook_url"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
resource "aws_s3_bucket_acl" "openwifi-core-dumps" {
|
resource "aws_s3_bucket_acl" "openwifi-core-dumps" {
|
||||||
bucket = aws_s3_bucket.openwifi-core-dumps.id
|
bucket = aws_s3_bucket.openwifi-core-dumps.id
|
||||||
acl = "private"
|
acl = "private"
|
||||||
|
|||||||
Binary file not shown.
22
terraform/wifi-289708231103/core-dumps-s3/secrets.enc.json
Normal file
22
terraform/wifi-289708231103/core-dumps-s3/secrets.enc.json
Normal file
@@ -0,0 +1,22 @@
|
|||||||
|
{
|
||||||
|
"slack_webhook_url": "ENC[AES256_GCM,data:XKM7b0Fvgh0MObnGi5ad3tQ0f19TeeJSPeJ8SDRI+rBGBdCXGFLbkh/CAT19g7ddFNCX5DeYXXMN2WsWNhjyBai2yhC9UeefkYaK8bhLnEcZ,iv:6VLvnjyRbX6sHbTfQLoiq2bqIfHYqTRvn1/3L+HaleY=,tag:0mph2YAxqzEuPDnjA/VHXg==,type:str]",
|
||||||
|
"sops": {
|
||||||
|
"kms": [
|
||||||
|
{
|
||||||
|
"arn": "arn:aws:kms:us-east-2:289708231103:alias/helm-secrets",
|
||||||
|
"created_at": "2022-08-30T17:40:01Z",
|
||||||
|
"enc": "AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AEt8nVCknDEL+YOfRwA3V4lAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMpGIJPhf0dqp3uqsPAgEQgDuJZk20++N1k3zofsYfLBB1bo9RJqvkR0o94/ToTZ7A6s/3Z4QzSVb25a8jmfB5p07hINmVPtMt3bnKfQ==",
|
||||||
|
"aws_profile": ""
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"gcp_kms": null,
|
||||||
|
"azure_kv": null,
|
||||||
|
"hc_vault": null,
|
||||||
|
"age": null,
|
||||||
|
"lastmodified": "2022-08-30T17:40:03Z",
|
||||||
|
"mac": "ENC[AES256_GCM,data:OvMx5D74wactxfTPuXhNQMFcbcPcHm8Nz/qleAGswPbnYxMXVw790Dycnv5EZbNlEeGkykfKt17zWCgb5vQXLhkpvpRk88HB6s4cNNqzNT428+7YLJZlzAroHSBu5uH5qEMwf3C+/ow418H7UCwAYU2tfLY4Nb2Tb1xAL9eu+Uk=,iv:/2sMTkq+iDYg3S05N7t3Q3PL8AhwpIv5uUPjQoesfsQ=,tag:8j8dfoxCU4nr4yetFeBvjA==,type:str]",
|
||||||
|
"pgp": null,
|
||||||
|
"unencrypted_suffix": "_unencrypted",
|
||||||
|
"version": "3.7.1"
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user