Skip to content

Commit

Permalink
Update substitutions and main template (#6)
Browse files Browse the repository at this point in the history 
* TEST modified pipeline

* FIX modified pipeline

* FIX elb substitutions

* FIX elb configuration task name

* ADD dynamodb deployment

* FIX dynamodb deployment pipeline

* FIX dynamodb deployment pipeline

* FIX dynamodb part at sam template

* FIX pipeline dynamodb name substitution

* ADD replicas for DynamoDB

* FIX replicas definition for DynamoDB

* CHANGE DynamoDB table definition to enable repicas

* FIX DynamoDB table definition

* FIX DynamoDB table definition

* FIX DynamoDB table definition

* FIX DynamoDB table definition

* ADD ReadProvisionedThroughputSettings for each replica

* FIX dynamodb capacity parameters

* Optimize action workflow

* ADD elb for develop and main

* FIX pipeline variables export

* FIX pipeline variables export v2

* FIX pipeline variables export v3

* FIX lambda permissions

* FIX lambda permissions v2

* FIX lambda permissions v3

* FIX lambda permissions v4

* FIX lambda permissions v5

* FIX lambda permissions v6

* Manual edit 20231129 (#4)

* FIX main template

* ADD us-west-2 region to dynamodb table

* Add rewrite for test

* Add return to rewrite

* Add logs

* Return collback

* ADD viewer request function

* Fix memory size

* FIX viewer request function

* FIX cache control for viewer request

* ADD default response

* Update index.mjs for viewer-request

* ADD features before hotfix 2.0.1

* Use base64 encoded multiline substitutions

* Fix base64 encoded multiline substitutions

* Fix base64 encoded multiline substitutions v2

* Change multiline substitution from sed to awk

* Fix viewer request code

* Prepare main template

* Prepare main template v2

---------

Co-authored-by: Sergey Malkin <sergey.malkin@onlyoffice.com>
  • Loading branch information
@YaroslavPshenichnikov @SergeMalkin
YaroslavPshenichnikov and SergeMalkin authored Jan 20, 2024
1 parent 03921f9 commit 468ab92
Show file tree
Hide file tree
Showing 5 changed files with 247 additions and 138 deletions.
29 changes: 17 additions & 12 deletions .github/workflows/sam-pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
role-duration-seconds: 3600
role-skip-session-tagging: true

# Set DynamoDB table name based on branch
# Set variables
- name: Set DynamoDB table name variable
run: |
if [[ "${{ github.ref_name }}" == "develop" ]]; then
Expand All @@ -31,22 +31,27 @@ jobs:
export DYNAMODB_TABLE_NAME="${{ secrets.MAIN_DYNAMODB_TABLE_NAME }}"
fi
sed -i "s/dynamodb_table_name_placeholder/${DYNAMODB_TABLE_NAME}/g" ./docspace-reverse-proxy/index.mjs
- name: Set ELB configuration
- name: Set viewer request domain name variable
run: |
if [[ "${{ github.ref_name }}" == "develop" ]]; then
export DEFAULT_REGION_ELB="${{ secrets.DEVELOP_DEFAULT_REGION_ELB }}"
export EU_CENTRAL_1_REGION_ELB="${{ secrets.DEVELOP_EU_CENTRAL_1_REGION_ELB }}"
export US_EAST_2_REGION_ELB="${{ secrets.DEVELOP_US_EAST_2_REGION_ELB }}"
export DOMAIN_NAMES="${{ secrets.DEVELOP_DOMAIN_NAMES }}"
elif [[ "${{ github.ref_name }}" == "main" ]]; then
export DEFAULT_REGION_ELB="${{ secrets.MAIN_DEFAULT_REGION_ELB }}"
export EU_CENTRAL_1_REGION_ELB="${{ secrets.MAIN_EU_CENTRAL_1_REGION_ELB }}"
export US_EAST_2_REGION_ELB="${{ secrets.MAIN_US_EAST_2_REGION_ELB }}"
export DOMAIN_NAMES="${{ secrets.MAIN_DOMAIN_NAMES }}"
fi
sed -i "s/domain_name_replace_placeholder/${DOMAIN_NAMES}/g" ./docspace-viewer-request/index.mjs
sed -i "s/default_region_elb_placeholder/$DEFAULT_REGION_ELB/g" ./docspace-reverse-proxy/index.mjs
sed -i "s/eu_central_1_region_elb_placeholder/$EU_CENTRAL_1_REGION_ELB/g" ./docspace-reverse-proxy/index.mjs
sed -i "s/us_east_2_region_elb_placeholder/$US_EAST_2_REGION_ELB/g" ./docspace-reverse-proxy/index.mjs
- name: Set regions_map and ddb_regions_map variables
run: |
if [[ "${{ github.ref_name }}" == "develop" ]]; then
echo '${{ secrets.DEVELOP_REGIONS_MAP_BASE64 }}' | base64 -d > regions_map.tmp
echo '${{ secrets.DEVELOP_DDB_REGIONS_MAP_BASE64 }}' | base64 -d > ddb_regions_map.tmp
elif [[ "${{ github.ref_name }}" == "main" ]]; then
echo '${{ secrets.MAIN_REGIONS_MAP_BASE64 }}' | base64 -d > regions_map.tmp
echo '${{ secrets.MAIN_DDB_REGIONS_MAP_BASE64 }}' | base64 -d > ddb_regions_map.tmp
fi
awk -v rmap="$(<regions_map.tmp)" '{ gsub(/regionsMap_placeholder/, rmap); print; }' ./docspace-reverse-proxy/index.mjs > temp_index.mjs && mv temp_index.mjs ./docspace-reverse-proxy/index.mjs
awk -v rmap="$(<ddb_regions_map.tmp)" '{ gsub(/ddbRegionsMap_placeholder/, rmap); print; }' ./docspace-reverse-proxy/index.mjs > temp_index.mjs && mv temp_index.mjs ./docspace-reverse-proxy/index.mjs
# Build and deploy stack
- run: sam build -u --template-file ${GITHUB_REF_NAME}-template.yaml
Expand Down
254 changes: 155 additions & 99 deletions develop-template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,105 +29,31 @@ Resources:
SnapStart:
ApplyOn: None
PackageType: Zip
Policies:
- Statement:
- Action:
- dynamodb:*
- dax:*
- application-autoscaling:DeleteScalingPolicy
- application-autoscaling:DeregisterScalableTarget
- application-autoscaling:DescribeScalableTargets
- application-autoscaling:DescribeScalingActivities
- application-autoscaling:DescribeScalingPolicies
- application-autoscaling:PutScalingPolicy
- application-autoscaling:RegisterScalableTarget
- cloudwatch:DeleteAlarms
- cloudwatch:DescribeAlarmHistory
- cloudwatch:DescribeAlarms
- cloudwatch:DescribeAlarmsForMetric
- cloudwatch:GetMetricStatistics
- cloudwatch:ListMetrics
- cloudwatch:PutMetricAlarm
- cloudwatch:GetMetricData
- datapipeline:ActivatePipeline
- datapipeline:CreatePipeline
- datapipeline:DeletePipeline
- datapipeline:DescribeObjects
- datapipeline:DescribePipelines
- datapipeline:GetPipelineDefinition
- datapipeline:ListPipelines
- datapipeline:PutPipelineDefinition
- datapipeline:QueryObjects
- ec2:DescribeVpcs
- ec2:DescribeSubnets
- ec2:DescribeSecurityGroups
- iam:GetRole
- iam:ListRoles
- kms:DescribeKey
- kms:ListAliases
- sns:CreateTopic
- sns:DeleteTopic
- sns:ListSubscriptions
- sns:ListSubscriptionsByTopic
- sns:ListTopics
- sns:Subscribe
- sns:Unsubscribe
- sns:SetTopicAttributes
- lambda:CreateFunction
- lambda:ListFunctions
- lambda:ListEventSourceMappings
- lambda:CreateEventSourceMapping
- lambda:DeleteEventSourceMapping
- lambda:GetFunctionConfiguration
- lambda:DeleteFunction
- resource-groups:ListGroups
- resource-groups:ListGroupResources
- resource-groups:GetGroup
- resource-groups:GetGroupQuery
- resource-groups:DeleteGroup
- resource-groups:CreateGroup
- tag:GetResources
- kinesis:ListStreams
- kinesis:DescribeStream
- kinesis:DescribeStreamSummary
Effect: Allow
Resource: "*"
- Action:
- cloudwatch:GetInsightRuleReport
Effect: Allow
Resource: arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*
- Action:
- iam:PassRole
Effect: Allow
Resource: "*"
Condition:
StringLike:
iam:PassedToService:
- application-autoscaling.amazonaws.com
- application-autoscaling.amazonaws.com.cn
- dax.amazonaws.com
- Effect: Allow
Action:
- iam:CreateServiceLinkedRole
Resource: "*"
Condition:
StringEquals:
iam:AWSServiceName:
- replication.dynamodb.amazonaws.com
- dax.amazonaws.com
- dynamodb.application-autoscaling.amazonaws.com
- contributorinsights.dynamodb.amazonaws.com
- kinesisreplication.dynamodb.amazonaws.com
- Effect: Allow
Action:
- logs:CreateLogGroup
Resource: arn:aws:logs:*:*:*
- Effect: Allow
Action:
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
- arn:aws:logs:*:*:log-group:*:*
Role: !GetAtt DocspaceReverseProxyRole.Arn

docspaceviewerrequest:
Type: AWS::Serverless::Function
Properties:
CodeUri: docspace-viewer-request/
Description: ""
MemorySize: 128
Timeout: 3
Handler: index.handler
Runtime: nodejs18.x
Architectures:
- x86_64
EventInvokeConfig:
MaximumEventAgeInSeconds: 21600
MaximumRetryAttempts: 2
EphemeralStorage:
Size: 512
RuntimeManagementConfig:
UpdateRuntimeOn: Auto
SnapStart:
ApplyOn: None
PackageType: Zip
Role: !GetAtt DocspaceReverseProxyRole.Arn

GlobalDynamoDBTable:
Type: AWS::DynamoDB::GlobalTable
Properties:
Expand All @@ -153,6 +79,13 @@ Resources:
MaxCapacity: 10
TargetTrackingScalingPolicyConfiguration:
TargetValue: 70
- Region: us-west-2
ReadProvisionedThroughputSettings:
ReadCapacityAutoScalingSettings:
MinCapacity: 1
MaxCapacity: 10
TargetTrackingScalingPolicyConfiguration:
TargetValue: 70
- Region: eu-central-1
ReadProvisionedThroughputSettings:
ReadCapacityAutoScalingSettings:
Expand All @@ -168,3 +101,126 @@ Resources:
TargetValue: 70
StreamSpecification:
StreamViewType: NEW_AND_OLD_IMAGES

# ==== ROLES ==== #
DocspaceReverseProxyRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: sts:AssumeRole
Principal:
Service:
- "lambda.amazonaws.com"
- "edgelambda.amazonaws.com"
# ==== POLICIES ==== #
PublishLogsPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Allows functions to write logs
Roles:
- !Ref DocspaceReverseProxyRole
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: "*"

DyanmoDBFullAccessPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Allows functions to write logs
Roles:
- !Ref DocspaceReverseProxyRole
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- dynamodb:*
- dax:*
- application-autoscaling:DeleteScalingPolicy
- application-autoscaling:DeregisterScalableTarget
- application-autoscaling:DescribeScalableTargets
- application-autoscaling:DescribeScalingActivities
- application-autoscaling:DescribeScalingPolicies
- application-autoscaling:PutScalingPolicy
- application-autoscaling:RegisterScalableTarget
- cloudwatch:DeleteAlarms
- cloudwatch:DescribeAlarmHistory
- cloudwatch:DescribeAlarms
- cloudwatch:DescribeAlarmsForMetric
- cloudwatch:GetMetricStatistics
- cloudwatch:ListMetrics
- cloudwatch:PutMetricAlarm
- cloudwatch:GetMetricData
- datapipeline:ActivatePipeline
- datapipeline:CreatePipeline
- datapipeline:DeletePipeline
- datapipeline:DescribeObjects
- datapipeline:DescribePipelines
- datapipeline:GetPipelineDefinition
- datapipeline:ListPipelines
- datapipeline:PutPipelineDefinition
- datapipeline:QueryObjects
- ec2:DescribeVpcs
- ec2:DescribeSubnets
- ec2:DescribeSecurityGroups
- iam:GetRole
- iam:ListRoles
- kms:DescribeKey
- kms:ListAliases
- sns:CreateTopic
- sns:DeleteTopic
- sns:ListSubscriptions
- sns:ListSubscriptionsByTopic
- sns:ListTopics
- sns:Subscribe
- sns:Unsubscribe
- sns:SetTopicAttributes
- lambda:CreateFunction
- lambda:ListFunctions
- lambda:ListEventSourceMappings
- lambda:CreateEventSourceMapping
- lambda:DeleteEventSourceMapping
- lambda:GetFunctionConfiguration
- lambda:DeleteFunction
- resource-groups:ListGroups
- resource-groups:ListGroupResources
- resource-groups:GetGroup
- resource-groups:GetGroupQuery
- resource-groups:DeleteGroup
- resource-groups:CreateGroup
- tag:GetResources
- kinesis:ListStreams
- kinesis:DescribeStream
- kinesis:DescribeStreamSummary
Resource: "*"
- Effect: Allow
Action:
- iam:PassRole
Condition:
StringLike:
iam:PassedToService:
- application-autoscaling.amazonaws.com
- application-autoscaling.amazonaws.com.cn
- dax.amazonaws.com
Resource: "*"
- Effect: Allow
Action:
- iam:CreateServiceLinkedRole
Condition:
StringEquals:
iam:AWSServiceName:
- replication.dynamodb.amazonaws.com
- dax.amazonaws.com
- dynamodb.application-autoscaling.amazonaws.com
- contributorinsights.dynamodb.amazonaws.com
- kinesisreplication.dynamodb.amazonaws.com
Resource: "*"
29 changes: 3 additions & 26 deletions docspace-reverse-proxy/index.mjs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,34 +2,11 @@

const cachedItem = {};
const regionsMap = {
"default": "default_region_elb_placeholder",
"eu-central-1": "eu_central_1_region_elb_placeholder",
"us-west-2": "us_east_2_region_elb_placeholder"
regionsMap_placeholder
};

const ddbRegionsMap = {

"default": "us-west-2",

"us-east-1": "us-east-1",
"us-east-2": "us-east-2",
"us-west-1": "us-east-2",
"us-west-2": "us-east-2",

"eu-central-1": "eu-central-1",
"eu-west-1": "eu-central-1",
"eu-west-2": "eu-central-1",
"eu-west-3": "eu-central-1",
"eu-north-1": "eu-central-1",
"me-central-1": "eu-central-1",

"ap-south-1": "ap-southeast-1",
"ap-northeast-3": "ap-southeast-1",
"ap-northeast-2": "ap-southeast-1",
"ap-southeast-1": "ap-southeast-1",
"ap-southeast-2": "ap-southeast-1",
"ap-northeast-1": "ap-southeast-1"

ddbRegionsMap_placeholder
};

const dynamodbTableName = "dynamodb_table_name_placeholder";
Expand Down Expand Up @@ -173,4 +150,4 @@ export const handler = async (event, context, callback) => {

// Return to CloudFront
return callback(null, request);
};
};
Loading

0 comments on commit 468ab92

Please sign in to comment.