From b92fde09ec81b9fcc2df20f716cd01c632b5ede0 Mon Sep 17 00:00:00 2001 From: Long Nguyen Date: Mon, 16 Oct 2023 22:31:01 +0700 Subject: [PATCH 1/3] [#103] Update the checkout action to latest version --- .github/workflows/lint.yml | 4 ++-- .github/workflows/publish-wiki.yml | 2 +- .github/workflows/publish.yml | 2 +- .github/workflows/test.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f60e0ae3..7cdc9f3c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup node and restore cached dependencies uses: actions/setup-node@v3 @@ -29,7 +29,7 @@ jobs: - name: Setup Terraform uses: hashicorp/setup-terraform@v2 with: - terraform_version: 1.5.5 + terraform_version: 1.6.1 - name: Terraform fmt run: terraform fmt -check -recursive diff --git a/.github/workflows/publish-wiki.yml b/.github/workflows/publish-wiki.yml index bb2a59c2..74c8f19d 100644 --- a/.github/workflows/publish-wiki.yml +++ b/.github/workflows/publish-wiki.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Checkout the repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.head_ref }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 49f58176..f8537b0b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -13,7 +13,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Node uses: actions/setup-node@v3 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a0326779..e2294ad9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout the repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Node uses: actions/setup-node@v3 From 61b8f85b18304cb890f498127ac583f3f755a393 Mon Sep 17 00:00:00 2001 From: Long Nguyen Date: Mon, 16 Oct 2023 22:41:00 +0700 Subject: [PATCH 2/3] [#103] Update Terraform to latest version --- .tool-versions | 2 +- .../addons/versionControl/github/.github/workflows/lint.yml | 2 +- templates/terraform/.tool-versions | 2 +- templates/terraform/core/main.tf | 2 +- templates/terraform/shared/main.tf | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.tool-versions b/.tool-versions index f01dd005..edd23911 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,2 +1,2 @@ nodejs 18.12.1 -terraform 1.5.5 +terraform 1.6.1 diff --git a/templates/addons/versionControl/github/.github/workflows/lint.yml b/templates/addons/versionControl/github/.github/workflows/lint.yml index 478e0bb9..7e05ab3e 100644 --- a/templates/addons/versionControl/github/.github/workflows/lint.yml +++ b/templates/addons/versionControl/github/.github/workflows/lint.yml @@ -4,7 +4,7 @@ on: push: env: - TERRAFORM_VERSION: "1.5.5" + TERRAFORM_VERSION:"1.6.1" TFSEC_VERSION: "v1.28.1" concurrency: diff --git a/templates/terraform/.tool-versions b/templates/terraform/.tool-versions index 008f6876..8af8575a 100644 --- a/templates/terraform/.tool-versions +++ b/templates/terraform/.tool-versions @@ -1,2 +1,2 @@ -terraform 1.5.5 +terraform 1.6.1 tfsec 1.28.1 diff --git a/templates/terraform/core/main.tf b/templates/terraform/core/main.tf index 46e67365..72fcb62e 100644 --- a/templates/terraform/core/main.tf +++ b/templates/terraform/core/main.tf @@ -1,4 +1,4 @@ terraform { # Terraform version - required_version = "1.5.5" + required_version = "1.6.1" } diff --git a/templates/terraform/shared/main.tf b/templates/terraform/shared/main.tf index 46e67365..4ad30419 100644 --- a/templates/terraform/shared/main.tf +++ b/templates/terraform/shared/main.tf @@ -1,4 +1,4 @@ terraform { # Terraform version - required_version = "1.5.5" + required_version ="1.6.1" } From fcd5c8771549c3ed1bb8f86381330a8490dc39bc Mon Sep 17 00:00:00 2001 From: Long Nguyen Date: Tue, 17 Oct 2023 09:26:23 +0700 Subject: [PATCH 3/3] [#103] Add the template files for SNS module --- templates/addons/aws/modules/sns/main.tf | 53 +++++++++++++++++++ templates/addons/aws/modules/sns/outputs.tf | 4 ++ templates/addons/aws/modules/sns/variables.tf | 9 ++++ 3 files changed, 66 insertions(+) create mode 100644 templates/addons/aws/modules/sns/main.tf create mode 100644 templates/addons/aws/modules/sns/outputs.tf create mode 100644 templates/addons/aws/modules/sns/variables.tf diff --git a/templates/addons/aws/modules/sns/main.tf b/templates/addons/aws/modules/sns/main.tf new file mode 100644 index 00000000..7988668b --- /dev/null +++ b/templates/addons/aws/modules/sns/main.tf @@ -0,0 +1,53 @@ +data "aws_iam_policy_document" "sns_platform_assume_role_policy" { + statement { + sid = "SnsPlatformAssumeRolePolicy" + effect = "Allow" + actions = ["sts:AssumeRole"] + + principals { + type = "Service" + identifiers = ["sns.amazonaws.com"] + } + } +} + +data "aws_iam_policy_document" "sns_platform_log_policy" { + statement { + sid = "LogMobilePushNotificationsPolicy" + effect = "Allow" + + actions = [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:PutMetricFilter", + "logs:PutRetentionPolicy" + ] + + resources = ["*"] + } +} + +resource "aws_iam_role" "sns_platform_role" { + name = "${var.namespace}-sns-platform-log-role" + + assume_role_policy = data.aws_iam_policy_document.sns_platform_assume_role_policy.json +} + +resource "aws_iam_policy" "sns_platform_log_policy" { + name = "${var.namespace}-platform-log-policy" + policy = data.aws_iam_policy_document.sns_platform_log_policy.json +} + +resource "aws_iam_role_policy_attachment" "sns_platform_log_policy" { + role = aws_iam_role.sns_platform_role.name + policy_arn = aws_iam_policy.sns_platform_log_policy.arn +} + +resource "aws_sns_platform_application" "mobile_push_notifications" { + name = "${var.namespace}-mobile-push-notifications" + platform = "GCM" + failure_feedback_role_arn = aws_iam_role.sns_platform_role.arn + success_feedback_role_arn = aws_iam_role.sns_platform_role.arn + platform_credential = var.firebase_cloud_messaging_api_key +} diff --git a/templates/addons/aws/modules/sns/outputs.tf b/templates/addons/aws/modules/sns/outputs.tf new file mode 100644 index 00000000..314859f0 --- /dev/null +++ b/templates/addons/aws/modules/sns/outputs.tf @@ -0,0 +1,4 @@ +output "aws_sns_plaform_mobile_push_notifications_arn" { + description = "ARN of SNS Plaform for mobile push notifications" + value = aws_sns_platform_application.mobile_push_notifications.arn +} diff --git a/templates/addons/aws/modules/sns/variables.tf b/templates/addons/aws/modules/sns/variables.tf new file mode 100644 index 00000000..694f610d --- /dev/null +++ b/templates/addons/aws/modules/sns/variables.tf @@ -0,0 +1,9 @@ +variable "namespace" { + description = "The namespace with environment for SNS" + type = string +} + +variable "firebase_cloud_messaging_api_key" { + description = "Application Platform API key for FCM" + type = string +}