transition from serverless framework to terraform #194
+468
−126
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AyodeAwe
force-pushed
the
replace-sf-w-terraform
branch
from
d31d2f9
to
8c70215
Compare
Terraform Plan 📝Show PlanTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_api_gateway_authorizer.ops_bot will be created
+ resource "aws_api_gateway_authorizer" "ops_bot" {
+ arn = (known after apply)
+ authorizer_credentials = (known after apply)
+ authorizer_result_ttl_in_seconds = 300
+ authorizer_uri = (known after apply)
+ id = (known after apply)
+ identity_source = "method.request.header.Authorization"
+ name = "ops-bot-authorizer"
+ rest_api_id = (known after apply)
+ type = "REQUEST"
}
# aws_api_gateway_deployment.ops_bot will be created
+ resource "aws_api_gateway_deployment" "ops_bot" {
+ created_date = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ rest_api_id = (known after apply)
+ triggers = (known after apply)
}
# aws_api_gateway_integration.lambda will be created
+ resource "aws_api_gateway_integration" "lambda" {
+ cache_namespace = (known after apply)
+ connection_type = "INTERNET"
+ http_method = "POST"
+ id = (known after apply)
+ integration_http_method = "POST"
+ passthrough_behavior = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = (known after apply)
+ timeout_milliseconds = 29000
+ type = "AWS_PROXY"
+ uri = (known after apply)
}
# aws_api_gateway_method.proxy will be created
+ resource "aws_api_gateway_method" "proxy" {
+ api_key_required = false
+ authorization = "CUSTOM"
+ authorizer_id = (known after apply)
+ http_method = "POST"
+ id = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = (known after apply)
}
# aws_api_gateway_resource.proxy will be created
+ resource "aws_api_gateway_resource" "proxy" {
+ id = (known after apply)
+ parent_id = (known after apply)
+ path = (known after apply)
+ path_part = "{proxy+}"
+ rest_api_id = (known after apply)
}
# aws_api_gateway_rest_api.ops_bot will be created
+ resource "aws_api_gateway_rest_api" "ops_bot" {
+ api_key_source = (known after apply)
+ arn = (known after apply)
+ binary_media_types = (known after apply)
+ created_date = (known after apply)
+ description = (known after apply)
+ disable_execute_api_endpoint = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ minimum_compression_size = (known after apply)
+ name = "ops-bot-prod"
+ policy = (known after apply)
+ root_resource_id = (known after apply)
+ tags_all = (known after apply)
+ endpoint_configuration (known after apply)
}
# aws_api_gateway_stage.ops_bot will be created
+ resource "aws_api_gateway_stage" "ops_bot" {
+ arn = (known after apply)
+ deployment_id = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ rest_api_id = (known after apply)
+ stage_name = "prod"
+ tags_all = (known after apply)
+ web_acl_arn = (known after apply)
}
# aws_cloudwatch_log_group.authorizer will be created
+ resource "aws_cloudwatch_log_group" "authorizer" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/lambda/ops-bot-prod-authorizerFn"
+ name_prefix = (known after apply)
+ retention_in_days = 60
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_cloudwatch_log_group.probot_handler will be created
+ resource "aws_cloudwatch_log_group" "probot_handler" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/lambda/ops-bot-prod-handleProbot"
+ name_prefix = (known after apply)
+ retention_in_days = 60
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_iam_role.api_gateway_authorizer will be created
+ resource "aws_iam_role" "api_gateway_authorizer" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "sts:AssumeRole",
]
+ Effect = "Allow"
+ Principal = {
+ Service = [
+ "apigateway.amazonaws.com",
]
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "ops-bot-prod-api-gateway-authorizer"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# aws_iam_role.lambda_role will be created
+ resource "aws_iam_role" "lambda_role" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "sts:AssumeRole",
]
+ Effect = "Allow"
+ Principal = {
+ Service = [
+ "lambda.amazonaws.com",
]
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "ops-bot-prod-lambda-role"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# aws_iam_role_policy.api_gateway_authorizer will be created
+ resource "aws_iam_role_policy" "api_gateway_authorizer" {
+ id = (known after apply)
+ name = "ops-bot-prod-api-gateway-authorizer"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ role = (known after apply)
}
# aws_iam_role_policy.lambda_policy will be created
+ resource "aws_iam_role_policy" "lambda_policy" {
+ id = (known after apply)
+ name = "ops-bot-prod-lambda-policy"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ role = (known after apply)
}
# aws_lambda_function.authorizer will be created
+ resource "aws_lambda_function" "authorizer" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ code_sha256 = (known after apply)
+ function_name = "ops-bot-prod-authorizerFn"
+ handler = "dist/authorizer.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 1024
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs18.x"
+ s3_bucket = "rapidsai-serverless-deployments"
+ s3_key = "authorizer-.zip"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = (known after apply)
+ source_code_size = (known after apply)
+ tags_all = (known after apply)
+ timeout = 3
+ version = (known after apply)
+ environment {
+ variables = {
+ "probotFnName" = "ops-bot-prod-handleProbot"
}
}
+ ephemeral_storage (known after apply)
+ logging_config (known after apply)
+ tracing_config (known after apply)
}
# aws_lambda_function.probot_handler will be created
+ resource "aws_lambda_function" "probot_handler" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ code_sha256 = (known after apply)
+ function_name = "ops-bot-prod-handleProbot"
+ handler = "dist/probot.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 1024
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs18.x"
+ s3_bucket = "rapidsai-serverless-deployments"
+ s3_key = "probot-.zip"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = (known after apply)
+ source_code_size = (known after apply)
+ tags_all = (known after apply)
+ timeout = 900
+ version = (known after apply)
+ environment {
+ variables = {
+ "APP_ID" = (sensitive value)
+ "GPUTESTER_PAT" = (sensitive value)
+ "LOG_FORMAT" = "json"
+ "LOG_LEVEL" = "debug"
+ "NODE_ENV" = "prod"
+ "PRIVATE_KEY" = (sensitive value)
+ "WEBHOOK_SECRET" = (sensitive value)
}
}
+ ephemeral_storage (known after apply)
+ logging_config (known after apply)
+ tracing_config (known after apply)
}
Plan: 15 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ api_gateway_url = (known after apply)
|
AyodeAwe
force-pushed
the
replace-sf-w-terraform
branch
from
b5cd4b1
to
80d8736
Compare
Terraform Plan 📝Show PlanTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_api_gateway_authorizer.ops_bot will be created
+ resource "aws_api_gateway_authorizer" "ops_bot" {
+ arn = (known after apply)
+ authorizer_credentials = (known after apply)
+ authorizer_result_ttl_in_seconds = 300
+ authorizer_uri = (known after apply)
+ id = (known after apply)
+ identity_source = "method.request.header.Authorization"
+ name = "ops-bot-authorizer"
+ rest_api_id = (known after apply)
+ type = "REQUEST"
}
# aws_api_gateway_deployment.ops_bot will be created
+ resource "aws_api_gateway_deployment" "ops_bot" {
+ created_date = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ rest_api_id = (known after apply)
+ triggers = (known after apply)
}
# aws_api_gateway_integration.lambda will be created
+ resource "aws_api_gateway_integration" "lambda" {
+ cache_namespace = (known after apply)
+ connection_type = "INTERNET"
+ http_method = "POST"
+ id = (known after apply)
+ integration_http_method = "POST"
+ passthrough_behavior = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = (known after apply)
+ timeout_milliseconds = 29000
+ type = "AWS_PROXY"
+ uri = (known after apply)
}
# aws_api_gateway_method.proxy will be created
+ resource "aws_api_gateway_method" "proxy" {
+ api_key_required = false
+ authorization = "CUSTOM"
+ authorizer_id = (known after apply)
+ http_method = "POST"
+ id = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = (known after apply)
}
# aws_api_gateway_resource.proxy will be created
+ resource "aws_api_gateway_resource" "proxy" {
+ id = (known after apply)
+ parent_id = (known after apply)
+ path = (known after apply)
+ path_part = "{proxy+}"
+ rest_api_id = (known after apply)
}
# aws_api_gateway_rest_api.ops_bot will be created
+ resource "aws_api_gateway_rest_api" "ops_bot" {
+ api_key_source = (known after apply)
+ arn = (known after apply)
+ binary_media_types = (known after apply)
+ created_date = (known after apply)
+ description = (known after apply)
+ disable_execute_api_endpoint = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ minimum_compression_size = (known after apply)
+ name = "ops-bot-prod"
+ policy = (known after apply)
+ root_resource_id = (known after apply)
+ tags_all = (known after apply)
+ endpoint_configuration (known after apply)
}
# aws_api_gateway_stage.ops_bot will be created
+ resource "aws_api_gateway_stage" "ops_bot" {
+ arn = (known after apply)
+ deployment_id = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ rest_api_id = (known after apply)
+ stage_name = "prod"
+ tags_all = (known after apply)
+ web_acl_arn = (known after apply)
}
# aws_cloudwatch_log_group.authorizer will be created
+ resource "aws_cloudwatch_log_group" "authorizer" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/lambda/ops-bot-prod-authorizerFn"
+ name_prefix = (known after apply)
+ retention_in_days = 60
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_cloudwatch_log_group.probot_handler will be created
+ resource "aws_cloudwatch_log_group" "probot_handler" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/lambda/ops-bot-prod-handleProbot"
+ name_prefix = (known after apply)
+ retention_in_days = 60
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_iam_role.api_gateway_authorizer will be created
+ resource "aws_iam_role" "api_gateway_authorizer" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "sts:AssumeRole",
]
+ Effect = "Allow"
+ Principal = {
+ Service = [
+ "apigateway.amazonaws.com",
]
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "ops-bot-prod-api-gateway-authorizer"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# aws_iam_role.lambda_role will be created
+ resource "aws_iam_role" "lambda_role" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "sts:AssumeRole",
]
+ Effect = "Allow"
+ Principal = {
+ Service = [
+ "lambda.amazonaws.com",
]
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "ops-bot-prod-lambda-role"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# aws_iam_role_policy.api_gateway_authorizer will be created
+ resource "aws_iam_role_policy" "api_gateway_authorizer" {
+ id = (known after apply)
+ name = "ops-bot-prod-api-gateway-authorizer"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ role = (known after apply)
}
# aws_iam_role_policy.lambda_policy will be created
+ resource "aws_iam_role_policy" "lambda_policy" {
+ id = (known after apply)
+ name = "ops-bot-prod-lambda-policy"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ role = (known after apply)
}
# aws_lambda_function.authorizer will be created
+ resource "aws_lambda_function" "authorizer" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ code_sha256 = (known after apply)
+ function_name = "ops-bot-prod-authorizerFn"
+ handler = "dist/authorizer.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 1024
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs18.x"
+ s3_bucket = "rapidsai-serverless-deployments"
+ s3_key = "authorizer-.zip"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = (known after apply)
+ source_code_size = (known after apply)
+ tags_all = (known after apply)
+ timeout = 3
+ version = (known after apply)
+ environment {
+ variables = {
+ "probotFnName" = "ops-bot-prod-handleProbot"
}
}
+ ephemeral_storage (known after apply)
+ logging_config (known after apply)
+ tracing_config (known after apply)
}
# aws_lambda_function.probot_handler will be created
+ resource "aws_lambda_function" "probot_handler" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ code_sha256 = (known after apply)
+ function_name = "ops-bot-prod-handleProbot"
+ handler = "dist/probot.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 1024
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs18.x"
+ s3_bucket = "rapidsai-serverless-deployments"
+ s3_key = "probot-.zip"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = (known after apply)
+ source_code_size = (known after apply)
+ tags_all = (known after apply)
+ timeout = 900
+ version = (known after apply)
+ environment {
+ variables = {
+ "APP_ID" = (sensitive value)
+ "GPUTESTER_PAT" = (sensitive value)
+ "LOG_FORMAT" = "json"
+ "LOG_LEVEL" = "debug"
+ "NODE_ENV" = "prod"
+ "PRIVATE_KEY" = (sensitive value)
+ "WEBHOOK_SECRET" = (sensitive value)
}
}
+ ephemeral_storage (known after apply)
+ logging_config (known after apply)
+ tracing_config (known after apply)
}
Plan: 15 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ api_gateway_url = (known after apply)
|
Terraform Plan 📝Show PlanTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_api_gateway_authorizer.ops_bot will be created
+ resource "aws_api_gateway_authorizer" "ops_bot" {
+ arn = (known after apply)
+ authorizer_credentials = (known after apply)
+ authorizer_result_ttl_in_seconds = 300
+ authorizer_uri = (known after apply)
+ id = (known after apply)
+ identity_source = "method.request.header.Authorization"
+ name = "ops-bot-authorizer"
+ rest_api_id = (known after apply)
+ type = "REQUEST"
}
# aws_api_gateway_deployment.ops_bot will be created
+ resource "aws_api_gateway_deployment" "ops_bot" {
+ created_date = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ rest_api_id = (known after apply)
+ triggers = (known after apply)
}
# aws_api_gateway_integration.lambda will be created
+ resource "aws_api_gateway_integration" "lambda" {
+ cache_namespace = (known after apply)
+ connection_type = "INTERNET"
+ http_method = "POST"
+ id = (known after apply)
+ integration_http_method = "POST"
+ passthrough_behavior = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = (known after apply)
+ timeout_milliseconds = 29000
+ type = "AWS_PROXY"
+ uri = (known after apply)
}
# aws_api_gateway_method.proxy will be created
+ resource "aws_api_gateway_method" "proxy" {
+ api_key_required = false
+ authorization = "CUSTOM"
+ authorizer_id = (known after apply)
+ http_method = "POST"
+ id = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = (known after apply)
}
# aws_api_gateway_resource.proxy will be created
+ resource "aws_api_gateway_resource" "proxy" {
+ id = (known after apply)
+ parent_id = (known after apply)
+ path = (known after apply)
+ path_part = "{proxy+}"
+ rest_api_id = (known after apply)
}
# aws_api_gateway_rest_api.ops_bot will be created
+ resource "aws_api_gateway_rest_api" "ops_bot" {
+ api_key_source = (known after apply)
+ arn = (known after apply)
+ binary_media_types = (known after apply)
+ created_date = (known after apply)
+ description = (known after apply)
+ disable_execute_api_endpoint = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ minimum_compression_size = (known after apply)
+ name = "ops-bot-prod"
+ policy = (known after apply)
+ root_resource_id = (known after apply)
+ tags_all = (known after apply)
+ endpoint_configuration (known after apply)
}
# aws_api_gateway_stage.ops_bot will be created
+ resource "aws_api_gateway_stage" "ops_bot" {
+ arn = (known after apply)
+ deployment_id = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ rest_api_id = (known after apply)
+ stage_name = "prod"
+ tags_all = (known after apply)
+ web_acl_arn = (known after apply)
}
# aws_cloudwatch_log_group.authorizer will be created
+ resource "aws_cloudwatch_log_group" "authorizer" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/lambda/ops-bot-prod-authorizerFn"
+ name_prefix = (known after apply)
+ retention_in_days = 60
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_cloudwatch_log_group.probot_handler will be created
+ resource "aws_cloudwatch_log_group" "probot_handler" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/lambda/ops-bot-prod-handleProbot"
+ name_prefix = (known after apply)
+ retention_in_days = 60
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_iam_role.api_gateway_authorizer will be created
+ resource "aws_iam_role" "api_gateway_authorizer" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "sts:AssumeRole",
]
+ Effect = "Allow"
+ Principal = {
+ Service = [
+ "apigateway.amazonaws.com",
]
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "ops-bot-prod-api-gateway-authorizer"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# aws_iam_role.lambda_role will be created
+ resource "aws_iam_role" "lambda_role" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "sts:AssumeRole",
]
+ Effect = "Allow"
+ Principal = {
+ Service = [
+ "lambda.amazonaws.com",
]
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "ops-bot-prod-lambda-role"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# aws_iam_role_policy.api_gateway_authorizer will be created
+ resource "aws_iam_role_policy" "api_gateway_authorizer" {
+ id = (known after apply)
+ name = "ops-bot-prod-api-gateway-authorizer"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ role = (known after apply)
}
# aws_iam_role_policy.lambda_policy will be created
+ resource "aws_iam_role_policy" "lambda_policy" {
+ id = (known after apply)
+ name = "ops-bot-prod-lambda-policy"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ role = (known after apply)
}
# aws_lambda_function.authorizer will be created
+ resource "aws_lambda_function" "authorizer" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ code_sha256 = (known after apply)
+ function_name = "ops-bot-prod-authorizerFn"
+ handler = "dist/authorizer.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 1024
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs18.x"
+ s3_bucket = "rapidsai-serverless-deployments"
+ s3_key = "authorizer-.zip"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = (known after apply)
+ source_code_size = (known after apply)
+ tags_all = (known after apply)
+ timeout = 3
+ version = (known after apply)
+ environment {
+ variables = {
+ "probotFnName" = "ops-bot-prod-handleProbot"
}
}
+ ephemeral_storage (known after apply)
+ logging_config (known after apply)
+ tracing_config (known after apply)
}
# aws_lambda_function.probot_handler will be created
+ resource "aws_lambda_function" "probot_handler" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ code_sha256 = (known after apply)
+ function_name = "ops-bot-prod-handleProbot"
+ handler = "dist/probot.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 1024
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs18.x"
+ s3_bucket = "rapidsai-serverless-deployments"
+ s3_key = "probot-.zip"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = (known after apply)
+ source_code_size = (known after apply)
+ tags_all = (known after apply)
+ timeout = 900
+ version = (known after apply)
+ environment {
+ variables = {
+ "APP_ID" = (sensitive value)
+ "GPUTESTER_PAT" = (sensitive value)
+ "LOG_FORMAT" = "json"
+ "LOG_LEVEL" = "debug"
+ "NODE_ENV" = "prod"
+ "PRIVATE_KEY" = (sensitive value)
+ "WEBHOOK_SECRET" = (sensitive value)
}
}
+ ephemeral_storage (known after apply)
+ logging_config (known after apply)
+ tracing_config (known after apply)
}
Plan: 15 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ api_gateway_url = (known after apply)
|
AyodeAwe
commented
Nov 25, 2024
.github/workflows/deploy-v2.yaml
Outdated
| name: deploy-probot-terraform | ||
|
|
||
| on: | ||
| pull_request: |
There was a problem hiding this comment.
This will be removed once this PR is ready and approved as its only been used for the validation of this PR.
We will use the copy-prs plugin for a PR workflow.
Terraform Plan 📝Show PlanTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_api_gateway_authorizer.ops_bot will be created
+ resource "aws_api_gateway_authorizer" "ops_bot" {
+ arn = (known after apply)
+ authorizer_credentials = (known after apply)
+ authorizer_result_ttl_in_seconds = 300
+ authorizer_uri = (known after apply)
+ id = (known after apply)
+ identity_source = "method.request.header.Authorization"
+ name = "ops-bot-authorizer"
+ rest_api_id = (known after apply)
+ type = "REQUEST"
}
# aws_api_gateway_deployment.ops_bot will be created
+ resource "aws_api_gateway_deployment" "ops_bot" {
+ created_date = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ rest_api_id = (known after apply)
+ triggers = (known after apply)
}
# aws_api_gateway_integration.lambda will be created
+ resource "aws_api_gateway_integration" "lambda" {
+ cache_namespace = (known after apply)
+ connection_type = "INTERNET"
+ http_method = "POST"
+ id = (known after apply)
+ integration_http_method = "POST"
+ passthrough_behavior = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = (known after apply)
+ timeout_milliseconds = 29000
+ type = "AWS_PROXY"
+ uri = (known after apply)
}
# aws_api_gateway_method.proxy will be created
+ resource "aws_api_gateway_method" "proxy" {
+ api_key_required = false
+ authorization = "CUSTOM"
+ authorizer_id = (known after apply)
+ http_method = "POST"
+ id = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = (known after apply)
}
# aws_api_gateway_resource.proxy will be created
+ resource "aws_api_gateway_resource" "proxy" {
+ id = (known after apply)
+ parent_id = (known after apply)
+ path = (known after apply)
+ path_part = "{proxy+}"
+ rest_api_id = (known after apply)
}
# aws_api_gateway_rest_api.ops_bot will be created
+ resource "aws_api_gateway_rest_api" "ops_bot" {
+ api_key_source = (known after apply)
+ arn = (known after apply)
+ binary_media_types = (known after apply)
+ created_date = (known after apply)
+ description = (known after apply)
+ disable_execute_api_endpoint = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ minimum_compression_size = (known after apply)
+ name = "ops-bot-prod"
+ policy = (known after apply)
+ root_resource_id = (known after apply)
+ tags_all = (known after apply)
+ endpoint_configuration (known after apply)
}
# aws_api_gateway_stage.ops_bot will be created
+ resource "aws_api_gateway_stage" "ops_bot" {
+ arn = (known after apply)
+ deployment_id = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ rest_api_id = (known after apply)
+ stage_name = "prod"
+ tags_all = (known after apply)
+ web_acl_arn = (known after apply)
}
# aws_cloudwatch_log_group.authorizer will be created
+ resource "aws_cloudwatch_log_group" "authorizer" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/lambda/ops-bot-prod-authorizerFn"
+ name_prefix = (known after apply)
+ retention_in_days = 60
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_cloudwatch_log_group.probot_handler will be created
+ resource "aws_cloudwatch_log_group" "probot_handler" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/lambda/ops-bot-prod-handleProbot"
+ name_prefix = (known after apply)
+ retention_in_days = 60
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_iam_role.api_gateway_authorizer will be created
+ resource "aws_iam_role" "api_gateway_authorizer" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "sts:AssumeRole",
]
+ Effect = "Allow"
+ Principal = {
+ Service = [
+ "apigateway.amazonaws.com",
]
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "ops-bot-prod-api-gateway-authorizer"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# aws_iam_role.lambda_role will be created
+ resource "aws_iam_role" "lambda_role" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "sts:AssumeRole",
]
+ Effect = "Allow"
+ Principal = {
+ Service = [
+ "lambda.amazonaws.com",
]
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "ops-bot-prod-lambda-role"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# aws_iam_role_policy.api_gateway_authorizer will be created
+ resource "aws_iam_role_policy" "api_gateway_authorizer" {
+ id = (known after apply)
+ name = "ops-bot-prod-api-gateway-authorizer"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ role = (known after apply)
}
# aws_iam_role_policy.lambda_policy will be created
+ resource "aws_iam_role_policy" "lambda_policy" {
+ id = (known after apply)
+ name = "ops-bot-prod-lambda-policy"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ role = (known after apply)
}
# aws_lambda_function.authorizer will be created
+ resource "aws_lambda_function" "authorizer" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ code_sha256 = (known after apply)
+ function_name = "ops-bot-prod-authorizerFn"
+ handler = "dist/authorizer.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 1024
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs18.x"
+ s3_bucket = "rapidsai-serverless-deployments"
+ s3_key = "authorizer-.zip"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = (known after apply)
+ source_code_size = (known after apply)
+ tags_all = (known after apply)
+ timeout = 3
+ version = (known after apply)
+ environment {
+ variables = {
+ "probotFnName" = "ops-bot-prod-handleProbot"
}
}
+ ephemeral_storage (known after apply)
+ logging_config (known after apply)
+ tracing_config (known after apply)
}
# aws_lambda_function.probot_handler will be created
+ resource "aws_lambda_function" "probot_handler" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ code_sha256 = (known after apply)
+ function_name = "ops-bot-prod-handleProbot"
+ handler = "dist/probot.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 1024
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs18.x"
+ s3_bucket = "rapidsai-serverless-deployments"
+ s3_key = "probot-.zip"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = (known after apply)
+ source_code_size = (known after apply)
+ tags_all = (known after apply)
+ timeout = 900
+ version = (known after apply)
+ environment {
+ variables = {
+ "APP_ID" = (sensitive value)
+ "GPUTESTER_PAT" = (sensitive value)
+ "LOG_FORMAT" = "json"
+ "LOG_LEVEL" = "debug"
+ "NODE_ENV" = "prod"
+ "PRIVATE_KEY" = (sensitive value)
+ "WEBHOOK_SECRET" = (sensitive value)
}
}
+ ephemeral_storage (known after apply)
+ logging_config (known after apply)
+ tracing_config (known after apply)
}
Plan: 15 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ api_gateway_url = (known after apply)
|
jjacobelli
reviewed
Nov 26, 2024
| resource "aws_lambda_function" "authorizer" { | ||
| depends_on = [aws_cloudwatch_log_group.authorizer] | ||
| s3_bucket = data.aws_s3_bucket.deployment.id | ||
| s3_key = "authorizer-${var.deployment_version}.zip" |
There was a problem hiding this comment.
Any reason to provide lambda code using S3 instead of directly providing the zip file using https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#filename-1?
There was a problem hiding this comment.
The current implementation (with serverless framework) seems to follow the same format. It looks like we're currently saving (versioned) deployed artifacts in the rapidsai-serverless-deployments s3 bucket
There was a problem hiding this comment.
I think we can remove the usage of the S3 bucket. I don't think this is providing anything useful
There was a problem hiding this comment.
I largely agree with you but the option of redeploying terraform with an older version of the application artifact might be useful.
I don't immediately see that such a use-case might arise but it might be an option we want to keep as long as there are no serious cons.
Thoughts @ajschmidt8 ?
If we do keep this though, then I think I might need to add logic that implements maintaining a desired number of versions in the bucket (i.e with each new version that gets deployed, the oldest version gets deleted).
There was a problem hiding this comment.
Isn't the git repo the history though?
If we needed to revert to an older version of the application, we would just merge a revert PR and it would redeploy right?
There was a problem hiding this comment.
If we needed to revert to an older version of the application, we would just merge a revert PR and it would redeploy right?
Yup.
I think we can skip the S3 artifact. the serverless framework used the S3 artifacts for the basis of some arbitrary features in their framework (e.g. the serverless rollback command). We don't need that. Like Ray mentioned, git is our history.
There was a problem hiding this comment.
Jordan and I also opted not to use S3 for artifacts during our recent removal of the serverless framework.
There was a problem hiding this comment.
I think one of the other main reasons to use S3 (which doesn't apply to us) is when your package is >50MB as outlined below:
There was a problem hiding this comment.
Isn't the git repo the history though?
Yep. Git is indeed our history. I will push an update.
|
Documentation should be updated too |
Terraform Plan 📝Show PlanTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_api_gateway_authorizer.ops_bot will be created
+ resource "aws_api_gateway_authorizer" "ops_bot" {
+ arn = (known after apply)
+ authorizer_credentials = (known after apply)
+ authorizer_result_ttl_in_seconds = 300
+ authorizer_uri = (known after apply)
+ id = (known after apply)
+ identity_source = "method.request.header.Authorization"
+ name = "ops-bot-authorizer"
+ rest_api_id = (known after apply)
+ type = "REQUEST"
}
# aws_api_gateway_deployment.ops_bot will be created
+ resource "aws_api_gateway_deployment" "ops_bot" {
+ created_date = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ rest_api_id = (known after apply)
+ triggers = (known after apply)
}
# aws_api_gateway_integration.lambda will be created
+ resource "aws_api_gateway_integration" "lambda" {
+ cache_namespace = (known after apply)
+ connection_type = "INTERNET"
+ http_method = "POST"
+ id = (known after apply)
+ integration_http_method = "POST"
+ passthrough_behavior = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = (known after apply)
+ timeout_milliseconds = 29000
+ type = "AWS_PROXY"
+ uri = (known after apply)
}
# aws_api_gateway_method.proxy will be created
+ resource "aws_api_gateway_method" "proxy" {
+ api_key_required = false
+ authorization = "CUSTOM"
+ authorizer_id = (known after apply)
+ http_method = "POST"
+ id = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = (known after apply)
}
# aws_api_gateway_resource.proxy will be created
+ resource "aws_api_gateway_resource" "proxy" {
+ id = (known after apply)
+ parent_id = (known after apply)
+ path = (known after apply)
+ path_part = "{proxy+}"
+ rest_api_id = (known after apply)
}
# aws_api_gateway_rest_api.ops_bot will be created
+ resource "aws_api_gateway_rest_api" "ops_bot" {
+ api_key_source = (known after apply)
+ arn = (known after apply)
+ binary_media_types = (known after apply)
+ created_date = (known after apply)
+ description = (known after apply)
+ disable_execute_api_endpoint = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ minimum_compression_size = (known after apply)
+ name = "ops-bot-prod"
+ policy = (known after apply)
+ root_resource_id = (known after apply)
+ tags_all = (known after apply)
+ endpoint_configuration (known after apply)
}
# aws_api_gateway_stage.ops_bot will be created
+ resource "aws_api_gateway_stage" "ops_bot" {
+ arn = (known after apply)
+ deployment_id = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ rest_api_id = (known after apply)
+ stage_name = "prod"
+ tags_all = (known after apply)
+ web_acl_arn = (known after apply)
}
# aws_cloudwatch_log_group.authorizer will be created
+ resource "aws_cloudwatch_log_group" "authorizer" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/lambda/ops-bot-prod-authorizerFn"
+ name_prefix = (known after apply)
+ retention_in_days = 60
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_cloudwatch_log_group.probot_handler will be created
+ resource "aws_cloudwatch_log_group" "probot_handler" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/lambda/ops-bot-prod-handleProbot"
+ name_prefix = (known after apply)
+ retention_in_days = 60
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_iam_role.api_gateway_authorizer will be created
+ resource "aws_iam_role" "api_gateway_authorizer" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "sts:AssumeRole",
]
+ Effect = "Allow"
+ Principal = {
+ Service = [
+ "apigateway.amazonaws.com",
]
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "ops-bot-prod-api-gateway-authorizer"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# aws_iam_role.lambda_role will be created
+ resource "aws_iam_role" "lambda_role" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "sts:AssumeRole",
]
+ Effect = "Allow"
+ Principal = {
+ Service = [
+ "lambda.amazonaws.com",
]
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "ops-bot-prod-lambda-role"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# aws_iam_role_policy.api_gateway_authorizer will be created
+ resource "aws_iam_role_policy" "api_gateway_authorizer" {
+ id = (known after apply)
+ name = "ops-bot-prod-api-gateway-authorizer"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ role = (known after apply)
}
# aws_iam_role_policy.lambda_policy will be created
+ resource "aws_iam_role_policy" "lambda_policy" {
+ id = (known after apply)
+ name = "ops-bot-prod-lambda-policy"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ role = (known after apply)
}
# aws_lambda_function.authorizer will be created
+ resource "aws_lambda_function" "authorizer" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ code_sha256 = (known after apply)
+ function_name = "ops-bot-prod-authorizerFn"
+ handler = "dist/authorizer.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 1024
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs18.x"
+ s3_bucket = "rapidsai-serverless-deployments"
+ s3_key = "authorizer-.zip"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = (known after apply)
+ source_code_size = (known after apply)
+ tags_all = (known after apply)
+ timeout = 3
+ version = (known after apply)
+ environment {
+ variables = {
+ "probotFnName" = "ops-bot-prod-handleProbot"
}
}
+ ephemeral_storage (known after apply)
+ logging_config (known after apply)
+ tracing_config (known after apply)
}
# aws_lambda_function.probot_handler will be created
+ resource "aws_lambda_function" "probot_handler" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ code_sha256 = (known after apply)
+ function_name = "ops-bot-prod-handleProbot"
+ handler = "dist/probot.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 1024
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs18.x"
+ s3_bucket = "rapidsai-serverless-deployments"
+ s3_key = "probot-.zip"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = (known after apply)
+ source_code_size = (known after apply)
+ tags_all = (known after apply)
+ timeout = 900
+ version = (known after apply)
+ environment {
+ variables = {
+ "APP_ID" = (sensitive value)
+ "GPUTESTER_PAT" = (sensitive value)
+ "LOG_FORMAT" = "json"
+ "LOG_LEVEL" = "debug"
+ "NODE_ENV" = "prod"
+ "PRIVATE_KEY" = (sensitive value)
+ "WEBHOOK_SECRET" = (sensitive value)
}
}
+ ephemeral_storage (known after apply)
+ logging_config (known after apply)
+ tracing_config (known after apply)
}
Plan: 15 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ api_gateway_url = (known after apply)
|
Terraform Plan 📝Show PlanTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_api_gateway_authorizer.ops_bot will be created
+ resource "aws_api_gateway_authorizer" "ops_bot" {
+ arn = (known after apply)
+ authorizer_credentials = (known after apply)
+ authorizer_result_ttl_in_seconds = 300
+ authorizer_uri = (known after apply)
+ id = (known after apply)
+ identity_source = "method.request.header.Authorization"
+ name = "ops-bot-authorizer"
+ rest_api_id = (known after apply)
+ type = "REQUEST"
}
# aws_api_gateway_deployment.ops_bot will be created
+ resource "aws_api_gateway_deployment" "ops_bot" {
+ created_date = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ rest_api_id = (known after apply)
+ triggers = (known after apply)
}
# aws_api_gateway_integration.lambda will be created
+ resource "aws_api_gateway_integration" "lambda" {
+ cache_namespace = (known after apply)
+ connection_type = "INTERNET"
+ http_method = "POST"
+ id = (known after apply)
+ integration_http_method = "POST"
+ passthrough_behavior = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = (known after apply)
+ timeout_milliseconds = 29000
+ type = "AWS_PROXY"
+ uri = (known after apply)
}
# aws_api_gateway_method.proxy will be created
+ resource "aws_api_gateway_method" "proxy" {
+ api_key_required = false
+ authorization = "CUSTOM"
+ authorizer_id = (known after apply)
+ http_method = "POST"
+ id = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = (known after apply)
}
# aws_api_gateway_resource.proxy will be created
+ resource "aws_api_gateway_resource" "proxy" {
+ id = (known after apply)
+ parent_id = (known after apply)
+ path = (known after apply)
+ path_part = "{proxy+}"
+ rest_api_id = (known after apply)
}
# aws_api_gateway_rest_api.ops_bot will be created
+ resource "aws_api_gateway_rest_api" "ops_bot" {
+ api_key_source = (known after apply)
+ arn = (known after apply)
+ binary_media_types = (known after apply)
+ created_date = (known after apply)
+ description = (known after apply)
+ disable_execute_api_endpoint = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ minimum_compression_size = (known after apply)
+ name = "ops-bot-prod"
+ policy = (known after apply)
+ root_resource_id = (known after apply)
+ tags_all = (known after apply)
+ endpoint_configuration (known after apply)
}
# aws_api_gateway_stage.ops_bot will be created
+ resource "aws_api_gateway_stage" "ops_bot" {
+ arn = (known after apply)
+ deployment_id = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ rest_api_id = (known after apply)
+ stage_name = "prod"
+ tags_all = (known after apply)
+ web_acl_arn = (known after apply)
}
# aws_cloudwatch_log_group.authorizer will be created
+ resource "aws_cloudwatch_log_group" "authorizer" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/lambda/ops-bot-prod-authorizerFn"
+ name_prefix = (known after apply)
+ retention_in_days = 60
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_cloudwatch_log_group.probot_handler will be created
+ resource "aws_cloudwatch_log_group" "probot_handler" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/lambda/ops-bot-prod-handleProbot"
+ name_prefix = (known after apply)
+ retention_in_days = 60
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_iam_role.api_gateway_authorizer will be created
+ resource "aws_iam_role" "api_gateway_authorizer" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "sts:AssumeRole",
]
+ Effect = "Allow"
+ Principal = {
+ Service = [
+ "apigateway.amazonaws.com",
]
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "ops-bot-prod-api-gateway-authorizer"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# aws_iam_role.lambda_role will be created
+ resource "aws_iam_role" "lambda_role" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "sts:AssumeRole",
]
+ Effect = "Allow"
+ Principal = {
+ Service = [
+ "lambda.amazonaws.com",
]
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "ops-bot-prod-lambda-role"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# aws_iam_role_policy.api_gateway_authorizer will be created
+ resource "aws_iam_role_policy" "api_gateway_authorizer" {
+ id = (known after apply)
+ name = "ops-bot-prod-api-gateway-authorizer"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ role = (known after apply)
}
# aws_iam_role_policy.lambda_policy will be created
+ resource "aws_iam_role_policy" "lambda_policy" {
+ id = (known after apply)
+ name = "ops-bot-prod-lambda-policy"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ role = (known after apply)
}
# aws_lambda_function.authorizer will be created
+ resource "aws_lambda_function" "authorizer" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ code_sha256 = (known after apply)
+ function_name = "ops-bot-prod-authorizerFn"
+ handler = "dist/authorizer.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 1024
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs18.x"
+ s3_bucket = "rapidsai-serverless-deployments"
+ s3_key = "authorizer-.zip"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = (known after apply)
+ source_code_size = (known after apply)
+ tags_all = (known after apply)
+ timeout = 3
+ version = (known after apply)
+ environment {
+ variables = {
+ "probotFnName" = "ops-bot-prod-handleProbot"
}
}
+ ephemeral_storage (known after apply)
+ logging_config (known after apply)
+ tracing_config (known after apply)
}
# aws_lambda_function.probot_handler will be created
+ resource "aws_lambda_function" "probot_handler" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ code_sha256 = (known after apply)
+ function_name = "ops-bot-prod-handleProbot"
+ handler = "dist/probot.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 1024
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs18.x"
+ s3_bucket = "rapidsai-serverless-deployments"
+ s3_key = "probot-.zip"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = (known after apply)
+ source_code_size = (known after apply)
+ tags_all = (known after apply)
+ timeout = 900
+ version = (known after apply)
+ environment {
+ variables = {
+ "APP_ID" = (sensitive value)
+ "GPUTESTER_PAT" = (sensitive value)
+ "LOG_FORMAT" = "json"
+ "LOG_LEVEL" = "debug"
+ "NODE_ENV" = "prod"
+ "PRIVATE_KEY" = (sensitive value)
+ "WEBHOOK_SECRET" = (sensitive value)
}
}
+ ephemeral_storage (known after apply)
+ logging_config (known after apply)
+ tracing_config (known after apply)
}
Plan: 15 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ api_gateway_url = (known after apply)
|
Terraform Plan 📝Show PlanTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_api_gateway_authorizer.ops_bot will be created
+ resource "aws_api_gateway_authorizer" "ops_bot" {
+ arn = (known after apply)
+ authorizer_credentials = (known after apply)
+ authorizer_result_ttl_in_seconds = 300
+ authorizer_uri = (known after apply)
+ id = (known after apply)
+ identity_source = "method.request.header.Authorization"
+ name = "ops-bot-authorizer"
+ rest_api_id = (known after apply)
+ type = "REQUEST"
}
# aws_api_gateway_deployment.ops_bot will be created
+ resource "aws_api_gateway_deployment" "ops_bot" {
+ created_date = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ rest_api_id = (known after apply)
+ triggers = (known after apply)
}
# aws_api_gateway_integration.lambda will be created
+ resource "aws_api_gateway_integration" "lambda" {
+ cache_namespace = (known after apply)
+ connection_type = "INTERNET"
+ http_method = "POST"
+ id = (known after apply)
+ integration_http_method = "POST"
+ passthrough_behavior = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = (known after apply)
+ timeout_milliseconds = 29000
+ type = "AWS_PROXY"
+ uri = (known after apply)
}
# aws_api_gateway_method.proxy will be created
+ resource "aws_api_gateway_method" "proxy" {
+ api_key_required = false
+ authorization = "CUSTOM"
+ authorizer_id = (known after apply)
+ http_method = "POST"
+ id = (known after apply)
+ resource_id = (known after apply)
+ rest_api_id = (known after apply)
}
# aws_api_gateway_resource.proxy will be created
+ resource "aws_api_gateway_resource" "proxy" {
+ id = (known after apply)
+ parent_id = (known after apply)
+ path = (known after apply)
+ path_part = "{proxy+}"
+ rest_api_id = (known after apply)
}
# aws_api_gateway_rest_api.ops_bot will be created
+ resource "aws_api_gateway_rest_api" "ops_bot" {
+ api_key_source = (known after apply)
+ arn = (known after apply)
+ binary_media_types = (known after apply)
+ created_date = (known after apply)
+ description = (known after apply)
+ disable_execute_api_endpoint = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ minimum_compression_size = (known after apply)
+ name = "ops-bot-prod"
+ policy = (known after apply)
+ root_resource_id = (known after apply)
+ tags_all = (known after apply)
+ endpoint_configuration (known after apply)
}
# aws_api_gateway_stage.ops_bot will be created
+ resource "aws_api_gateway_stage" "ops_bot" {
+ arn = (known after apply)
+ deployment_id = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ rest_api_id = (known after apply)
+ stage_name = "prod"
+ tags_all = (known after apply)
+ web_acl_arn = (known after apply)
}
# aws_cloudwatch_log_group.authorizer will be created
+ resource "aws_cloudwatch_log_group" "authorizer" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/lambda/ops-bot-prod-authorizerFn"
+ name_prefix = (known after apply)
+ retention_in_days = 60
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_cloudwatch_log_group.probot_handler will be created
+ resource "aws_cloudwatch_log_group" "probot_handler" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/lambda/ops-bot-prod-handleProbot"
+ name_prefix = (known after apply)
+ retention_in_days = 60
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_iam_role.api_gateway_authorizer will be created
+ resource "aws_iam_role" "api_gateway_authorizer" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "sts:AssumeRole",
]
+ Effect = "Allow"
+ Principal = {
+ Service = [
+ "apigateway.amazonaws.com",
]
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "ops-bot-prod-api-gateway-authorizer"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# aws_iam_role.lambda_role will be created
+ resource "aws_iam_role" "lambda_role" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "sts:AssumeRole",
]
+ Effect = "Allow"
+ Principal = {
+ Service = [
+ "lambda.amazonaws.com",
]
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "ops-bot-prod-lambda-role"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# aws_iam_role_policy.api_gateway_authorizer will be created
+ resource "aws_iam_role_policy" "api_gateway_authorizer" {
+ id = (known after apply)
+ name = "ops-bot-prod-api-gateway-authorizer"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ role = (known after apply)
}
# aws_iam_role_policy.lambda_policy will be created
+ resource "aws_iam_role_policy" "lambda_policy" {
+ id = (known after apply)
+ name = "ops-bot-prod-lambda-policy"
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ role = (known after apply)
}
# aws_lambda_function.authorizer will be created
+ resource "aws_lambda_function" "authorizer" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ code_sha256 = (known after apply)
+ function_name = "ops-bot-prod-authorizerFn"
+ handler = "dist/authorizer.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 1024
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs18.x"
+ s3_bucket = "rapidsai-serverless-deployments"
+ s3_key = "authorizer-.zip"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = (known after apply)
+ source_code_size = (known after apply)
+ tags_all = (known after apply)
+ timeout = 3
+ version = (known after apply)
+ environment {
+ variables = {
+ "probotFnName" = "ops-bot-prod-handleProbot"
}
}
+ ephemeral_storage (known after apply)
+ logging_config (known after apply)
+ tracing_config (known after apply)
}
# aws_lambda_function.probot_handler will be created
+ resource "aws_lambda_function" "probot_handler" {
+ architectures = (known after apply)
+ arn = (known after apply)
+ code_sha256 = (known after apply)
+ function_name = "ops-bot-prod-handleProbot"
+ handler = "dist/probot.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 1024
+ package_type = "Zip"
+ publish = false
+ qualified_arn = (known after apply)
+ qualified_invoke_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs18.x"
+ s3_bucket = "rapidsai-serverless-deployments"
+ s3_key = "probot-.zip"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ skip_destroy = false
+ source_code_hash = (known after apply)
+ source_code_size = (known after apply)
+ tags_all = (known after apply)
+ timeout = 900
+ version = (known after apply)
+ environment {
+ variables = {
+ "APP_ID" = (sensitive value)
+ "GPUTESTER_PAT" = (sensitive value)
+ "LOG_FORMAT" = "json"
+ "LOG_LEVEL" = "debug"
+ "NODE_ENV" = "prod"
+ "PRIVATE_KEY" = (sensitive value)
+ "WEBHOOK_SECRET" = (sensitive value)
}
}
+ ephemeral_storage (known after apply)
+ logging_config (known after apply)
+ tracing_config (known after apply)
}
Plan: 15 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ api_gateway_url = (known after apply)
|
ajschmidt8
reviewed
Nov 26, 2024
Comment on lines
+100
to
+122
| - name: Update PR with Plan | ||
| if: github.event_name == 'pull_request' | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| github-token: ${{ secrets.GPUTESTER_PAT }} | ||
| script: | | ||
| const planDecoded = Buffer.from(process.env.PLAN_ENCODED, 'base64').toString('utf-8'); | ||
| const output = `#### Terraform Plan 📝 | ||
| <details> | ||
| <summary>Show Plan</summary> | ||
|
|
||
| \`\`\`hcl | ||
| ${planDecoded} | ||
| \`\`\` | ||
|
|
||
| </details> | ||
| `; | ||
| github.rest.issues.createComment({ | ||
| issue_number: context.issue.number, | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| body: output | ||
| }) |
There was a problem hiding this comment.
This seems a bit unnecessary to me.
The terraform code associated with deploying the Lambda function is small and will likely not change much after the initial merge.
Comment on lines
+7
to
+11
| variable "environment" { | ||
| description = "Environment name" | ||
| type = string | ||
| default = "prod" | ||
| } |
There was a problem hiding this comment.
I assume this variable was kept because of the naming conventions used by the serverless framework, right?
Although the serverless framework included an "environment" concept/feature, it wasn't something we ever used.
Therefore, I'd vote to remove this.
| function_name = "ops-bot-${var.environment}-handleProbot" | ||
| role = aws_iam_role.lambda_role.arn | ||
| handler = "dist/probot.handler" | ||
| runtime = "nodejs18.x" |
There was a problem hiding this comment.
as a separate task, we should update this runtime version. Lambda support for NodeJS 22 was just announced a few days ago: https://aws.amazon.com/blogs/compute/node-js-22-runtime-now-available-in-aws-lambda/.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As outlined in the PR below, the latest version of the serverless framework is no longer free for large organizations.
#186
This PR provides a terraform-based implementation of the ops-bot deployment that Serverless Framework currently powers. It adds both terraform configs and a workflow that should support both PR and deployment workflows.