Configure API DNS record set in terraform (HumanCellAtlas#356)

Specify DNS record set in terraform config
isabella232 · Apr 12, 2019 · 0b047fe · 0b047fe
1 parent 44e9551
commit 0b047fe
Show file tree

Hide file tree

Showing 11 changed files with 142 additions and 24 deletions.
diff --git a/chalice/build_deploy_config.sh b/chalice/build_deploy_config.sh
@@ -4,32 +4,13 @@ set -euo pipefail
 
 api_gateway_name="upload.lambdas.api_server"
 
-set_api_id() {
-    # Identify the id of our API Gateway by finding a gateway with a REST API with resource with an integration that
-    # executes our lambda.
-    echo "Finding API ID:"
-    for api_id in $(aws apigateway get-rest-apis | jq -r ".items[] | select(.name==\"${api_gateway_name}\") | .id") ; do
-        echo "    checking api ${api_id}"
-        for resource_id in $(aws apigateway get-resources --rest-api-id $api_id | jq -r .items[].id); do
-            echo "        checking resource ${resource_id}"
-            aws apigateway get-integration --rest-api-id $api_id --resource-id $resource_id --http-method GET >/dev/null 2>&1 || continue
-            uri=$(aws apigateway get-integration --rest-api-id $api_id --resource-id $resource_id --http-method GET | jq -r .uri)
-            if [[ $uri == *"$lambda_arn"* ]]; then
-                echo "            Found id! ${api_id}"
-                export api_id
-                return
-            fi
-        done
-    done
-}
-
 function setup_deployed_json() {
     deployed_json=".chalice/deployed.json"
     if [[ -z $lambda_arn ]]; then
         echo "Lambda function $lambda_name not found, resetting Chalice config"
         rm -f "$deployed_json"
     else
-        set_api_id
+        export api_id=$(../scripts/get_api_id "$api_gateway_name" "$lambda_name")
         echo "API Gateway ID = ${api_id}"
         cat "$deployed_json" | jq .$stage.api_handler_arn=env.lambda_arn | jq .$stage.rest_api_id=env.api_id | sponge "$deployed_json"
     fi

diff --git a/scripts/get_api_id b/scripts/get_api_id
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+set -e
+
+usage="usage: $0 [--json] <api_gateway_name> <target_lambda_name>"
+
+JSON_FORMAT=0
+
+if [[ "$#" = 0 ]]; then
+    echo "$usage"
+    exit 1
+fi
+
+format_response() {
+    api_id="$1"
+    if [[ "$JSON_FORMAT" = 1 ]]; then
+        echo "{\"api_id\":\"$api_id\"}"
+    else
+        echo $api_id
+    fi
+}
+
+while (( "$#" )); do
+    case "$1" in
+        -j|--json)
+            eval "$(jq -r '@sh "api_gateway_name=\(.api_gateway_name) lambda_name=\(.lambda_name)"')"
+            export api_gateway_name
+            export lambda_name
+            JSON_FORMAT=1
+            shift 1
+            break
+        ;;
+    *)
+        if [[ "$#" = 2 ]]; then
+            export api_gateway_name="$1"
+            export lambda_name="$2"
+            shift 2
+        else
+            echo "$usage"
+            exit 1
+        fi
+        ;;
+    esac
+done
+
+lambda_arn=$(aws lambda list-functions | jq -r '.Functions[] | select(.FunctionName==env.lambda_name) | .FunctionArn')
+
+# Identify the id of our API Gateway by finding a gateway with a REST API with resource with an integration that
+# executes our lambda.
+for api_id in $(aws apigateway get-rest-apis | jq -r ".items[] | select(.name==\"${api_gateway_name}\") | .id") ; do
+    for resource_id in $(aws apigateway get-resources --rest-api-id $api_id | jq -r .items[].id); do
+        aws apigateway get-integration --rest-api-id $api_id --resource-id $resource_id --http-method GET >/dev/null 2>&1 || continue
+        uri=$(aws apigateway get-integration --rest-api-id $api_id --resource-id $resource_id --http-method GET | jq -r .uri)
+        if [[ $uri == *"$lambda_arn"* ]]; then
+            format_response $api_id
+            exit 0
+        fi
+    done
+done
diff --git a/terraform/envs/dev/main.tf b/terraform/envs/dev/main.tf
@@ -27,6 +27,9 @@ module "upload-service" {
   bucket_name_prefix = "${var.bucket_name_prefix}"
   staging_bucket_arn = "${var.staging_bucket_arn}"
 
+  // DNS
+  parent_zone_domain_name = "${var.parent_zone_domain_name}"
+
   // API Lambda
   upload_api_fqdn = "${var.upload_api_fqdn}"
   ingest_api_key = "${var.ingest_api_key}"

diff --git a/terraform/envs/dev/terraform.tfvars.example b/terraform/envs/dev/terraform.tfvars.example
@@ -9,8 +9,11 @@ vpc_cidr_block = "xxx.xxx.xxx.xxx/xx"
 bucket_name_prefix = "org-humancellatlas-upload-"
 staging_bucket_arn = "arn:aws:s3:::org-humancellatlas-upload-staging"
 
+// DNS
+parent_zone_domain_name = "<deployment_stage>.data.humancellatlas.org"
+
 // API Lambda
-upload_api_fqdn = "upload.<deployment_stage>.data.humancellatlas.org"
+upload_api_fqdn = "upload.<deployment_stage>.<parent_zone_domain_name>"
 ingest_api_key = "xxxxxxxxxxxxxxxxxxxx"
 
 // Checksum Lambda
@@ -34,7 +37,7 @@ db_instance_count = 1
 preferred_maintenance_window = "sat:09:08-sat:09:38"
 
 // DCP Ingest
-ingest_api_host = "api.ingest.<deployment_stage>.data.humancellatlas.org"
+ingest_api_host = "api.ingest.<deployment_stage>.<parent_zone_domain_name>"
 
 // AUTH
 dcp_auth0_audience = "https://dev.data.humancellatlas.org/"

diff --git a/terraform/envs/dev/variables.tf b/terraform/envs/dev/variables.tf
@@ -23,11 +23,18 @@ variable "staging_bucket_arn" {
 }
 
 
-// API Lambda
+// DNS
+
+variable "parent_zone_domain_name" {
+  type = "string"
+}
 
 variable "upload_api_fqdn" {
   type = "string"
 }
+
+// API Lambda
+
 variable "ingest_api_key" {
   type = "string"
 }

diff --git a/terraform/envs/integration/main.tf b/terraform/envs/integration/main.tf
@@ -27,6 +27,9 @@ module "upload-service" {
   bucket_name_prefix = "${var.bucket_name_prefix}"
   staging_bucket_arn = "${var.staging_bucket_arn}"
 
+  // DNS
+  parent_zone_domain_name = "${var.parent_zone_domain_name}"
+
   // API Lambda
   upload_api_fqdn = "${var.upload_api_fqdn}"
   ingest_api_key = "${var.ingest_api_key}"

diff --git a/terraform/envs/prod/main.tf b/terraform/envs/prod/main.tf
@@ -27,6 +27,9 @@ module "upload-service" {
   bucket_name_prefix = "${var.bucket_name_prefix}"
   staging_bucket_arn = "${var.staging_bucket_arn}"
 
+  // DNS
+  parent_zone_domain_name = "${var.parent_zone_domain_name}"
+
   // API Lambda
   upload_api_fqdn = "${var.upload_api_fqdn}"
   ingest_api_key = "${var.ingest_api_key}"

diff --git a/terraform/envs/sam/main.tf b/terraform/envs/sam/main.tf
@@ -31,6 +31,9 @@ module "upload-service" {
   upload_api_fqdn = "${var.upload_api_fqdn}"
   ingest_api_key = "${var.ingest_api_key}"
 
+  // DNS
+  parent_zone_domain_name = "${var.parent_zone_domain_name}"
+
   // Checksum Lambda
   csum_docker_image = "${var.csum_docker_image}"
 

diff --git a/terraform/envs/staging/main.tf b/terraform/envs/staging/main.tf
@@ -27,6 +27,9 @@ module "upload-service" {
   bucket_name_prefix = "${var.bucket_name_prefix}"
   staging_bucket_arn = "${var.staging_bucket_arn}"
 
+  // DNS
+  parent_zone_domain_name = "${var.parent_zone_domain_name}"
+
   // API Lambda
   upload_api_fqdn = "${var.upload_api_fqdn}"
   ingest_api_key = "${var.ingest_api_key}"

diff --git a/terraform/modules/upload-service/dns.tf b/terraform/modules/upload-service/dns.tf
@@ -0,0 +1,46 @@
+data "aws_route53_zone" "deployment_stage" {
+  name = "${var.parent_zone_domain_name}."
+}
+
+data "aws_acm_certificate" "deployment_stage" {
+  domain   = "*.${var.parent_zone_domain_name}"
+  statuses = ["ISSUED"]
+  types = ["AMAZON_ISSUED"]
+  most_recent = true
+}
+
+resource "aws_api_gateway_domain_name" "upload" {
+  certificate_arn = "${data.aws_acm_certificate.deployment_stage.arn}"
+  domain_name     = "${var.upload_api_fqdn}"
+
+  endpoint_configuration {
+    types = ["EDGE"]
+  }
+}
+
+data "external" "api_gateway" {
+  program = ["${path.cwd}/../../../scripts/get_api_id", "--json"]
+
+  query = {
+    api_gateway_name = "upload.lambdas.api_server"
+    lambda_name = "${aws_lambda_function.upload_api_lambda.function_name}"
+  }
+}
+
+resource "aws_route53_record" "upload" {
+  name    = "${aws_api_gateway_domain_name.upload.domain_name}"
+  type    = "A"
+  zone_id = "${data.aws_route53_zone.deployment_stage.id}"
+
+  alias {
+    evaluate_target_health = false
+    name                   = "${aws_api_gateway_domain_name.upload.cloudfront_domain_name}"
+    zone_id                = "${aws_api_gateway_domain_name.upload.cloudfront_zone_id}"
+  }
+}
+
+resource "aws_api_gateway_base_path_mapping" "status_api" {
+  api_id      = "${lookup(data.external.api_gateway.result, "api_id")}"
+  stage_name  = "${var.deployment_stage}"
+  domain_name = "${aws_api_gateway_domain_name.upload.domain_name}"
+}
diff --git a/terraform/modules/upload-service/variables.tf b/terraform/modules/upload-service/variables.tf
@@ -22,11 +22,18 @@ variable "staging_bucket_arn" {
   type = "string"
 }
 
-// API Lambda
+// DNS
+
+variable "parent_zone_domain_name" {
+  type = "string"
+}
 
 variable "upload_api_fqdn" {
   type = "string"
 }
+
+// API Lambda
+
 variable "ingest_api_key" {
   type = "string"
 }