From de997d61bac6cb9cc0b7cc84ead2ed038eb44413 Mon Sep 17 00:00:00 2001 From: Hashfyre Date: Sat, 21 Dec 2019 10:04:28 +0530 Subject: [PATCH 1/7] upgrades terraform to v0.12.12 --- terraform/.terraform-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/.terraform-version b/terraform/.terraform-version index 772c67a..874fbda 100644 --- a/terraform/.terraform-version +++ b/terraform/.terraform-version @@ -1 +1 @@ -0.11.8 \ No newline at end of file +v0.12.12 From 17d2c18ff1dff93a45e1eb75cd936d3764621c42 Mon Sep 17 00:00:00 2001 From: Hashfyre Date: Sat, 21 Dec 2019 10:05:01 +0530 Subject: [PATCH 2/7] upgrades aws provider to 2.43.0 --- terraform/provider.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/provider.tf b/terraform/provider.tf index 1412d9b..07e1eb1 100644 --- a/terraform/provider.tf +++ b/terraform/provider.tf @@ -1,18 +1,18 @@ provider "aws" { region = "eu-west-1" - version = "~> 1.37" + version = "~> 2.43.0" profile = "speakforme" } provider "aws" { alias = "mumbai" region = "ap-south-1" - version = "~> 1.37" + version = "~> 2.43.0" profile = "speakforme" } terraform { - version = "~> 0.11.8" + required_version = "~> v0.12.12" backend "s3" { bucket = "speakforme-infrastructure" From 03380b2f857cc2523cf9b47f8e19265c1757b261 Mon Sep 17 00:00:00 2001 From: Hashfyre Date: Sat, 21 Dec 2019 10:05:26 +0530 Subject: [PATCH 3/7] converts inline email bucket policy to hcl --- terraform/data.tf | 26 ++++++++++++++++++++++++++ terraform/s3.tf | 43 +++++++++++++------------------------------ 2 files changed, 39 insertions(+), 30 deletions(-) diff --git a/terraform/data.tf b/terraform/data.tf index b10dca0..0e2de95 100644 --- a/terraform/data.tf +++ b/terraform/data.tf @@ -29,3 +29,29 @@ data "aws_iam_policy_document" "lambda_apigw_assume_role" { } } } + +data "aws_iam_policy_document" "email-bucket" { + version = "2012-10-17" + statement { + sid = "AllowSESPuts" + actions = ["s3:PutObject"] + principals { + type = "Service" + identifiers = ["ses.amazonaws.com"] + } + + resources = [ + "arn:aws:s3:::speakforme-emails/*" + ] + + // TODO: Hoping the value is an accountID and can be referred to using + // local variable + condition { + test = "StringEquals" + variable = "aws:Referer" + values = [ + "531324969672" + ] + } + } +} diff --git a/terraform/s3.tf b/terraform/s3.tf index e2dde6f..9f643eb 100644 --- a/terraform/s3.tf +++ b/terraform/s3.tf @@ -1,13 +1,13 @@ // This bucket is in ap-south-1 resource "aws_s3_bucket" "infrastructure" { - bucket = "speakforme-infrastructure" + bucket = "${var.infrastructure-bucket}" provider = "aws.mumbai" acl = "private" - tags { - Name = "speakforme-infrastructure" - environment = "production" + tags = { + Name = "${var.infrastructure-bucket}" + environment = "${var.campaign-env}" terraform = true } @@ -26,7 +26,7 @@ resource "aws_s3_bucket" "infrastructure" { // This bucket is in eu-west-1 resource "aws_s3_bucket" "emails" { - bucket = "speakforme-emails" + bucket = "${var.email-bucket}" acl = "private" @@ -44,31 +44,9 @@ resource "aws_s3_bucket" "emails" { } } - policy = < Date: Sat, 21 Dec 2019 10:06:04 +0530 Subject: [PATCH 4/7] fixes tags block as per 0.12 --- terraform/dynamodb.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/dynamodb.tf b/terraform/dynamodb.tf index 8284156..abd15fb 100644 --- a/terraform/dynamodb.tf +++ b/terraform/dynamodb.tf @@ -12,7 +12,7 @@ resource "aws_dynamodb_table" "email-counters" { type = "S" } - tags { + tags = { Name = "email-counters" terraform = "true" } @@ -48,7 +48,7 @@ resource "aws_dynamodb_table" "email-subscriptions" { projection_type = "KEYS_ONLY" } - tags { + tags = { Name = "email-subscriptions" terraform = "true" } From 2e6f1f98231814b31793a0f46d77a605b4dd84f0 Mon Sep 17 00:00:00 2001 From: Hashfyre Date: Sat, 21 Dec 2019 10:06:15 +0530 Subject: [PATCH 5/7] uses filebase64sha256 to generate source_code_hash --- terraform/lambda.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/lambda.tf b/terraform/lambda.tf index b5b18fa..acf7b63 100644 --- a/terraform/lambda.tf +++ b/terraform/lambda.tf @@ -13,7 +13,7 @@ resource "aws_lambda_function" "store-and-ack" { // Finishes in under 2seconds usually timeout = 5 - source_code_hash = "${base64sha256(file(data.archive_file.email-receipt-lambda.output_path))}" + source_code_hash = "${filebase64sha256(data.archive_file.email-receipt-lambda.output_path)}" } data "archive_file" "unsubscribe-lambda" { @@ -28,5 +28,5 @@ resource "aws_lambda_function" "unsubscribe" { role = "${aws_iam_role.unsubscribe-lambda.arn}" handler = "index.handler" runtime = "nodejs8.10" - source_code_hash = "${base64sha256(file(data.archive_file.unsubscribe-lambda.output_path))}" + source_code_hash = "${filebase64sha256(data.archive_file.unsubscribe-lambda.output_path)}" } From 13a79da0aa9416cf6e6e9f1e36e4ff4ddb91918c Mon Sep 17 00:00:00 2001 From: Hashfyre Date: Sat, 21 Dec 2019 10:06:23 +0530 Subject: [PATCH 6/7] uses variables to templatize dns, ses resources --- terraform/dns.tf | 90 ++++++++++++++++++++-------------------------- terraform/ses.tf | 6 ++-- terraform/vars.tf | 91 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 133 insertions(+), 54 deletions(-) create mode 100644 terraform/vars.tf diff --git a/terraform/dns.tf b/terraform/dns.tf index a2324e0..675168b 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -1,144 +1,132 @@ -resource "aws_route53_zone" "speakforme-in" { - name = "speakforme.in" +resource "aws_route53_zone" "campaign-domain" { + name = "${var.campaign-domain}" - tags { - Environment = "production" + tags = { + Environment = "${var.campaign-env}" terraform = true } } resource "aws_route53_record" "campaign-a" { - zone_id = "${aws_route53_zone.speakforme-in.id}" - name = "campaign.speakforme.in" + zone_id = "${aws_route53_zone.campaign-domain.id}" + name = "${var.campaign-a-domain}" type = "A" ttl = "300" - records = ["34.199.252.2"] -} - -locals { - postal-server-ip = "18.211.250.184" + records = "${var.campaign-a-ip}" } resource "aws_route53_record" "postal-mx-a" { - zone_id = "${aws_route53_zone.speakforme-in.id}" + zone_id = "${aws_route53_zone.campaign-domain.id}" name = "mx.postal" type = "A" ttl = "300" - records = ["${local.postal-server-ip}"] + records = "${var.postal-server-ip}" } resource "aws_route53_record" "postal-a" { - zone_id = "${aws_route53_zone.speakforme-in.id}" + zone_id = "${aws_route53_zone.campaign-domain.id}" name = "postal" type = "A" ttl = "300" - records = ["${local.postal-server-ip}"] + records = "${var.postal-server-ip}" } resource "aws_route53_record" "postal-rp-a" { - zone_id = "${aws_route53_zone.speakforme-in.id}" + zone_id = "${aws_route53_zone.campaign-domain.id}" name = "rp.postal" type = "A" ttl = "300" - records = ["${local.postal-server-ip}"] + records = "${var.postal-server-ip}" } resource "aws_route53_record" "postal-sf-a" { - zone_id = "${aws_route53_zone.speakforme-in.id}" + zone_id = "${aws_route53_zone.campaign-domain.id}" name = "sf.postal" type = "A" ttl = "300" - records = ["${local.postal-server-ip}"] + records = "${var.postal-server-ip}" } resource "aws_route53_record" "storage-a" { - zone_id = "${aws_route53_zone.speakforme-in.id}" + zone_id = "${aws_route53_zone.campaign-domain.id}" name = "storage" type = "A" ttl = "300" - records = ["35.153.240.239"] + records = "${var.storage-a-ip}" } resource "aws_route53_record" "speakforme-a" { - zone_id = "${aws_route53_zone.speakforme-in.id}" + zone_id = "${aws_route53_zone.campaign-domain.id}" name = "speakforme.in" type = "A" ttl = "300" - records = ["104.198.14.52"] + records = "${var.speakforme-a-ip}" } // CNAME Records resource "aws_route53_record" "beta-cname" { - zone_id = "${aws_route53_zone.speakforme-in.id}" + zone_id = "${aws_route53_zone.campaign-domain.id}" name = "beta" type = "CNAME" ttl = "1800" - records = ["speakforme.github.io."] + records = "${var.beta-cname}" } resource "aws_route53_record" "netlify-cname" { - zone_id = "${aws_route53_zone.speakforme-in.id}" + zone_id = "${aws_route53_zone.campaign-domain.id}" name = "netlify" type = "CNAME" ttl = "1800" - records = ["speakforme.netlify.com."] + records = "${var.netlify-cname}" } resource "aws_route53_record" "psrp-email-cname" { - zone_id = "${aws_route53_zone.speakforme-in.id}" + zone_id = "${aws_route53_zone.campaign-domain.id}" name = "psrp.email" type = "CNAME" ttl = "1800" - records = ["rp.postal.speakforme.in."] + records = "${var.psrp-email-cname}" } resource "aws_route53_record" "psrp-cname" { - zone_id = "${aws_route53_zone.speakforme-in.id}" + zone_id = "${aws_route53_zone.campaign-domain.id}" name = "psrp" type = "CNAME" ttl = "1800" - records = ["rp.postal.speakforme.in."] + records = "${var.psrp-cname}" } resource "aws_route53_record" "www" { - zone_id = "${aws_route53_zone.speakforme-in.id}" + zone_id = "${aws_route53_zone.campaign-domain.id}" name = "www" type = "CNAME" ttl = "1800" - records = ["speakforme.netlify.com."] + records = "${var.www-cname}" } // MX Records resource "aws_route53_record" "email-mx" { - zone_id = "${aws_route53_zone.speakforme-in.id}" - name = "email" + zone_id = "${aws_route53_zone.campaign-domain.id}" + name = "${var.email-mx-name}" type = "MX" ttl = "60" - - records = [ - "10 inbound-smtp.eu-west-1.amazonaws.com.", - ] + records = "${var.email-mx-record}" } resource "aws_route53_record" "routes-mx" { - zone_id = "${aws_route53_zone.speakforme-in.id}" - name = "routes" + zone_id = "${aws_route53_zone.campaign-domain.id}" + name = "${var.routes-mx-name}" type = "MX" ttl = "1800" - - records = [ - "10 mx.postal.speakforme.in.", - ] + records = "${var.routes-mx-record}" } + resource "aws_route53_record" "speakforme-mx" { - zone_id = "${aws_route53_zone.speakforme-in.id}" - name = "speakforme.in" + zone_id = "${aws_route53_zone.campaign-domain.id}" + name = "${var.speakforme-mx-name}" type = "MX" ttl = "1800" - - records = [ - "10 mx.postal.speakforme.in.", - ] + records = "${var.speakforme-mx-record}" } diff --git a/terraform/ses.tf b/terraform/ses.tf index 8edf50d..23521ab 100644 --- a/terraform/ses.tf +++ b/terraform/ses.tf @@ -10,10 +10,10 @@ resource "aws_ses_receipt_rule" "store-and-acknowledge" { // Emails must be bcc'd to this email address recipients = [ // This supports bcc+(campaign-target-code) as well - "bcc@email.speakforme.in", + "bcc@${var.email-mx-name}.${var.campaign-domain}", // This is just so that we can verify this in SES as a sending email address - "info@email.speakforme.in", + "info@${var.email-mx-name}.${var.campaign-domain}", ] // We don't need no AV scans @@ -21,7 +21,7 @@ resource "aws_ses_receipt_rule" "store-and-acknowledge" { // Store Then Process s3_action { - bucket_name = "speakforme-emails" + bucket_name = "${var.email-bucket}" position = 1 } diff --git a/terraform/vars.tf b/terraform/vars.tf new file mode 100644 index 0000000..ddfd3ff --- /dev/null +++ b/terraform/vars.tf @@ -0,0 +1,91 @@ +variable "campaign-a-ip" { + type = "list" + default = ["34.199.252.2"] +} + +variable "campaign-domain" { + default = "speakforme.in" +} + +variable "campaign-env" { + default = "production" +} + +variable "campaign-a-domain" { + default = "campaign.speakforme.in" +} + +variable "postal-server-ip" { + type = "list" + default = ["18.211.250.184"] +} + +variable "storage-a-ip" { + type = "list" + default = ["35.153.240.239"] +} + +variable "speakforme-a-ip" { + type = "list" + default = ["104.198.14.52"] +} + +variable "beta-cname" { + type = "list" + default = ["speakforme.github.io."] +} + +variable "netlify-cname" { + type = "list" + default = ["speakforme.netlify.com."] +} + +variable "psrp-email-cname" { + type = "list" + default = ["rp.postal.speakforme.in."] +} + +variable "psrp-cname" { + type = "list" + default = ["rp.postal.speakforme.in."] +} + +variable "www-cname" { + type = "list" + default = ["speakforme.netlify.com."] +} + +variable "email-mx-record" { + type = "list" + default = ["10 inbound-smtp.eu-west-1.amazonaws.com."] +} + +variable "email-mx-name" { + default = "email" +} + +variable "routes-mx-record" { + type = "list" + default = ["10 mx.postal.speakforme.in."] +} + +variable "routes-mx-name" { + default = "routes" +} + +variable "speakforme-mx-name" { + default = "speakforme.in" +} + +variable "speakforme-mx-record" { + type = "list" + default = ["10 mx.postal.speakforme.in."] +} + +variable "infrastructure-bucket" { + default = "speakforme-infrastructure" +} + +variable "email-bucket" { + default = "speakforme-emails" +} From 126866377b353db2c52a2f26184eb60b79202d75 Mon Sep 17 00:00:00 2001 From: Nemo Date: Tue, 21 Jan 2020 23:31:10 +0530 Subject: [PATCH 7/7] Upgrade aws provider --- .terraform-version | 2 +- provider.tf | 4 ++-- terraform/vars.tf => vars.tf | 0 3 files changed, 3 insertions(+), 3 deletions(-) rename terraform/vars.tf => vars.tf (100%) diff --git a/.terraform-version b/.terraform-version index 874fbda..a31499e 100644 --- a/.terraform-version +++ b/.terraform-version @@ -1 +1 @@ -v0.12.12 +0.12.12 diff --git a/provider.tf b/provider.tf index 07e1eb1..b775de5 100644 --- a/provider.tf +++ b/provider.tf @@ -1,13 +1,13 @@ provider "aws" { region = "eu-west-1" - version = "~> 2.43.0" + version = "~> 2.45.0" profile = "speakforme" } provider "aws" { alias = "mumbai" region = "ap-south-1" - version = "~> 2.43.0" + version = "~> 2.45.0" profile = "speakforme" } diff --git a/terraform/vars.tf b/vars.tf similarity index 100% rename from terraform/vars.tf rename to vars.tf