modified infra

Author: hanimao

infra/environments/dev/backend.tf

@@ -1,9 +1,14 @@
 terraform {
   required_providers {
     aws = {
-      source = "hashicorp/aws"
+      source  = "hashicorp/aws"
       version = "6.24.0"
     }
+
+    archive = {
+      source  = "hashicorp/archive"
+      version = "2.7.1"
+    }
   }
 }
 
@@ -31,6 +36,3 @@ provider "aws" {
 }
 
 
-
-
-

infra/environments/dev/component.tf

@@ -0,0 +1,50 @@
+resource "aws_vpc_endpoint" "main" {
+  vpc_id             = module.networking.vpc_id
+  private_dns_enabled = true 
+  vpc_endpoint_type  = "Interface"
+  subnet_ids         = module.networking.private_subnet_ids
+  security_group_ids = [aws_security_group.vpc_endpoint.id]
+  service_name       = "com.amazonaws.eu-west-2.secretsmanager"
+
+  tags = {
+    Environment = "dev"
+  }
+  depends_on = [module.lambda]
+}
+
+
+resource "aws_security_group" "vpc_endpoint" {
+  name        = "${var.project_name}-${var.environment}-endpoint-sg"
+  description = "Security group for vpc endpoint"
+  vpc_id      = module.networking.vpc_id
+
+ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+   security_groups = [module.lambda.security_group_id]
+  }
+
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = merge(var.tags, {
+    Name = "${var.project_name}-${var.environment}-endpoint-sg"
+  })
+}
+
+resource "aws_security_group_rule" "lambda_to_rds" {
+  type                     = "ingress"
+  from_port                = 1433
+  to_port                  = 1433
+  protocol                 = "tcp"
+  security_group_id        = module.database.security_group_id
+  source_security_group_id = module.lambda.security_group_id
+  description              = "Allow Lambda to connect to RDS"
+  depends_on               = [module.lambda]
+}

infra/environments/dev/main.tf

@@ -1,50 +1,17 @@
-data "aws_subnets" "private" {
-  filter {
-    name   = "vpc-id"
-    values = [data.aws_vpc.main.id]
-  }
-
-  filter {
-    name   = "tag:Name"
-    values = ["${var.environment}-private-subnet"]
-  }
-}
-
-data "aws_subnets" "private-b" {
-  filter {
-    name   = "vpc-id"
-    values = [data.aws_vpc.main.id]
-  }
-
-  filter {
-    name   = "tag:Name"
-    values = ["${var.environment}-private-subnet2"]
-  }
-}
-
+module "networking" {
+  source = "../../modules/networking"
 
-data "aws_vpc" "main" {
-  filter {
-    name   = "tag:Name"
-     values = ["${var.environment}-vpc"]
-  }
 }
 
-
 module "database" {
   source = "../../modules/database"
 
-  project_name           = var.project_name
-  environment            = var.environment
-  database_name           = var.db_name
-  vpc_id                 = data.aws_vpc.main.id
-  # security_groups = [aws_security_group.rds.id]
-  private_subnet_ids     = concat(
-    data.aws_subnets.private.ids,
-    data.aws_subnets.private-b.ids
-  )
-  instance_class         = var.db_instance_class
-  master_username        = var.db_master_username
+  project_name       = var.project_name
+  environment        = var.environment
+  vpc_id             = module.networking.vpc_id
+  private_subnet_ids = module.networking.private_subnet_ids
+  instance_class     = var.db_instance_class
+  master_username    = var.db_master_username
 
 }
 
@@ -53,21 +20,15 @@ module "lambda" {
 
   project_name       = var.project_name
   environment        = var.environment
-  vpc_id             = data.aws_vpc.main.id
-  private_subnet_ids = concat(
-    data.aws_subnets.private.ids,
-    data.aws_subnets.private-b.ids
-  )
-  # memory_size        = 512
+  vpc_id             = module.networking.vpc_id
+  private_subnet_ids = module.networking.private_subnet_ids
   log_retention_days = var.log_retention_days
-
-  db_host       = module.database.address
-  db_port       = module.database.port
-  db_name       = module.database.database_name
-  db_secret_arn = module.database.db_secret_arn
+  db_host            = module.database.address
+  db_port            = module.database.port
+  db_secret_arn      = module.database.db_secret_arn
 
 
- depends_on = [module.database]
+  depends_on = [module.database]
 }
 
 
@@ -82,12 +43,6 @@ module "api" {
   log_retention_days   = var.log_retention_days
 }
 
-# module "networking" {
-#   source = "../../modules/networking"
-
-# }
-
-
 
 
 

infra/environments/dev/terraform.tfvars

@@ -1,9 +1,8 @@
-project_name               = "node-api"
-environment                = "dev"
-aws_region                 = "eu-west-2"
-db_name                    = "master"
-db_master_username         = "sqladmin"
-db_instance_class          = "db.t3.medium"
-db_engine_version          = "15.00"
-memory_size                = 512
-log_retention_days         = 7
+project_name       = "node-api"
+environment        = "dev"
+aws_region         = "eu-west-2"
+db_master_username = "sqladmin"
+db_instance_class  = "db.t3.medium"
+db_engine_version  = "15.00"
+memory_size        = 512
+log_retention_days = 7

infra/environments/dev/variables.tf

@@ -14,7 +14,7 @@ variable "db_master_username" {
 
 
 variable "db_allocated_storage" {
-  type = number
+  type    = number
   default = 10
 }
 
@@ -32,6 +32,8 @@ variable "db_instance_class" {
   type = string
 }
 
-variable "db_name" {
-  type = string
+ 
+variable "tags" {
+  type    = map(string)
+  default = {}
 }

infra/modules/database/main.tf

@@ -3,24 +3,6 @@ resource "aws_security_group" "rds" {
   description = "Security group for RDS SQL Server"
   vpc_id      = var.vpc_id
 
-
-
-  ingress {
-    from_port = 1433
-    to_port   = 1433
-    protocol  = "tcp"
-   # cidr_blocks 
-   security_groups = [aws_security_group.lambda.id]
- 
-  }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
   tags = merge(var.tags, {
     Name = "${var.project_name}-${var.environment}-rds-sg"
   })
@@ -38,9 +20,11 @@ resource "aws_db_subnet_group" "main" {
 }
 
 resource "random_password" "master" {
-  length           = 16
-  special          = true
-  override_special = "!#$%&*()-_=+[]{}:?"
+  length  = 12
+  upper   = true
+  lower   = true
+  numeric = true
+  special = false
 
 }
 
@@ -68,11 +52,9 @@ resource "aws_db_instance" "main" {
   allocated_storage     = 20
   storage_type          = "gp3"
   storage_encrypted     = true
-  db_name               = var.database_name
   username              = "sqladmin"
   password              = random_password.master.result
   port                  = 1433
-
   db_subnet_group_name   = aws_db_subnet_group.main.name
   vpc_security_group_ids = [aws_security_group.rds.id]
   publicly_accessible    = false

infra/modules/database/outputs.tf

@@ -10,9 +10,6 @@ output "port" {
   value = aws_db_instance.main.port
 }
 
-output "database_name" {
-  value = aws_db_instance.main.db_name
-}
 
 output "db_secret_arn" {
   value     = aws_secretsmanager_secret.db_credentials.arn

infra/modules/database/variables.tf

@@ -16,9 +16,9 @@ variable "private_subnet_ids" {
   type = list(string)
 }
 
-variable "database_name" {
-  type = string
-}
+# variable "database_name" {
+#   type = string
+# }
 
 variable "master_username" {
   type    = string

infra/modules/lambda/main.tf

@@ -1,5 +1,3 @@
-# creates your s3 bucket for your codee
-
 resource "aws_s3_bucket" "lambda_artifacts" {
   bucket = "${var.project_name}-${var.environment}-lambda-artifacts"
 
@@ -8,7 +6,7 @@ resource "aws_s3_bucket" "lambda_artifacts" {
   })
 }
 
-# Creates an IAM Role for a Lambda function
+
 resource "aws_iam_role" "lambda" {
   name = "${var.project_name}-${var.environment}-lambda-role"
 
@@ -55,8 +53,9 @@ resource "aws_lambda_function" "api" {
   function_name = "${var.project_name}-${var.environment}-api"
   role          = aws_iam_role.lambda.arn
 
-  s3_bucket = aws_s3_bucket.lambda_artifacts.bucket
-  s3_key    = "deployment.zip"
+  filename         = data.archive_file.lambda_zip.output_path
+  source_code_hash = data.archive_file.lambda_zip.output_base64sha256
+
 
   handler     = "index.handler"
   runtime     = "nodejs20.x"
@@ -96,7 +95,7 @@ resource "aws_iam_policy" "lambda_secrets_policy" {
       {
         Effect   = "Allow",
         Action   = ["secretsmanager:GetSecretValue"],
-        Resource = var.db_secret_arn  # must be the full secret ARN
+        Resource = var.db_secret_arn 
       }
     ]
   })
@@ -114,3 +113,18 @@ resource "aws_iam_role_policy_attachment" "lambda_basic" {
   role       = aws_iam_role.lambda.name
   policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
 }
+
+
+data "archive_file" "lambda_zip" {
+  type        = "zip"
+  source_dir  = "${path.module}/../../../src/handler"
+  output_path = "${path.module}/../../../src/handler/deployment.zip"
+}
+
+
+resource "aws_s3_object" "main" {
+  bucket = aws_s3_bucket.lambda_artifacts.bucket
+  key    = "deployment.zip"
+  source = data.archive_file.lambda_zip.output_path
+
+}

infra/modules/lambda/variables.tf

@@ -39,9 +39,6 @@ variable "db_port" {
   default = 1433
 }
 
-variable "db_name" {
-  type = string
-}
 
 variable "db_secret_arn" {
   type      = string