Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rgl/terraform-aws-documentdb-example

An example Amazon DocumentDB instance, Amazon API Gateway, and AWS Lambda Function
https://github.com/rgl/terraform-aws-documentdb-example

aws aws-api-gateway aws-docdb aws-documentdb aws-lambda aws-secrets-manager terraform

Last synced: 14 days ago
JSON representation

An example Amazon DocumentDB instance, Amazon API Gateway, and AWS Lambda Function

Host: GitHub
URL: https://github.com/rgl/terraform-aws-documentdb-example
Owner: rgl
Created: 2024-04-30T06:38:40.000Z (6 months ago)
Default Branch: main
Last Pushed: 2024-05-03T19:29:13.000Z (6 months ago)
Last Synced: 2024-10-05T18:22:04.517Z (about 1 month ago)
Topics: aws, aws-api-gateway, aws-docdb, aws-documentdb, aws-lambda, aws-secrets-manager, terraform
Language: HCL
Homepage:
Size: 26.4 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# About

[![Lint](https://github.com/rgl/terraform-aws-documentdb-example/actions/workflows/lint.yml/badge.svg)](https://github.com/rgl/terraform-aws-documentdb-example/actions/workflows/lint.yml)

This deploys an example [Amazon DocumentDB instance](https://aws.amazon.com/documentdb/), [Amazon API Gateway](https://aws.amazon.com/api-gateway/), and [AWS Lambda Function](https://aws.amazon.com/lambda/).

This will:

* Use the [Amazon DocumentDB Service](https://aws.amazon.com/documentdb/).
* Create a Database instance.
* Build an example Go AWS Lambda Function as a Container Image.
* At each request, increment the `counters.hits.counter` property, and
return its modified value.
* Create the `counters` database.
* Create the `hits` database collection.
* Get the database credentials from a Secret.
* The Secret is stored in [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/).
* Upload it to the [Amazon ECR](https://aws.amazon.com/ecr/).
* Create an [Amazon API Gateway](https://aws.amazon.com/api-gateway/).
* Configure it to use the Go AWS Lambda Function.
* Create a VPC and all the required plumbing required for the Go AWS Lambda
Function to use an Amazon DocumentDB Database instance.
* Make the Document DB Database instance available in a [VPC database subnet](https://docs.aws.amazon.com/documentdb/latest/developerguide/document-db-subnet-groups.html).
* Make the Secrets Manager service endpoint available as a [VPC Endpoint](https://docs.aws.amazon.com/whitepapers/latest/aws-privatelink/what-are-vpc-endpoints.html).

# Usage (on a Ubuntu Desktop)

Install the dependencies:

* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).
* [Terraform](https://www.terraform.io/downloads.html).
* [Docker](https://docs.docker.com/engine/install/).

Set the AWS Account credentials using SSO:

```bash
# set the environment variables to use a specific profile.
# e.g. use the pattern ---
export AWS_PROFILE=example-dev-AdministratorAccess-123456
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_DEFAULT_REGION
# set the account credentials.
# see https://docs.aws.amazon.com/cli/latest/userguide/sso-configure-profile-token.html#sso-configure-profile-token-auto-sso
aws configure sso
# dump the configured profile and sso-session.
cat ~/.aws/config
# show the user, user amazon resource name (arn), and the account id, of the
# profile set in the AWS_PROFILE environment variable.
aws sts get-caller-identity
```

Or, set the AWS Account credentials using an Access Key:

```bash
# set the account credentials.
# NB get these from your aws account iam console.
# see Managing access keys (console) at
# https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey
export AWS_ACCESS_KEY_ID='TODO'
export AWS_SECRET_ACCESS_KEY='TODO'
unset AWS_PROFILE
# set the default region.
export AWS_DEFAULT_REGION='eu-west-1'
# show the user, user amazon resource name (arn), and the account id.
aws sts get-caller-identity
```

Review the [`inputs.tf`](inputs.tf) file.

Initialize the project:

```bash
terraform init -lockfile=readonly
```

Deploy the example:

```bash
terraform apply
```

Show the terraform state:

```bash
terraform state list
terraform show
```

Access the example service (hosted by the Go AWS Lambda Function Container):

```bash
example_url="$(terraform output --raw example_url)"
curl \
-s \
-X GET \
"$example_url" \
| jq
```

You should see a response alike the following, where the `hitsCounter` property
value is incremented after each request:

```json
{
"hitsCounter": 1
}
```

Test recreating the lambda function:

```bash
terraform destroy -target=module.example_lambda_function
terraform apply
```

Destroy the example:

```bash
terraform destroy
```

List this repository dependencies (and which have newer versions):

```bash
GITHUB_COM_TOKEN='YOUR_GITHUB_PERSONAL_TOKEN' ./renovate.sh
```

# Notes

* There is no way to use an AWS IAM Role to authenticate as a DocumentDB User.
* This means we cannot use the Lambda Function IAM Role as a password-less
authentication mechanism. So, we must manage the DocumentDB User password.