From f145794871147706dbe919bd0e49b3ace85cbcd1 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 12:59:35 +0100 Subject: [PATCH 01/26] Encode (hopefully) all AWS configuration into files --- infra/.gitignore | 2 + infra/.terraform.lock.hcl | 44 ++++++++ infra/apigw.tf | 169 +++++++++++++++++++++++++++++ infra/athena.tf | 220 ++++++++++++++++++++++++++++++++++++++ infra/cloudfront.tf | 136 +++++++++++++++++++++++ infra/dashboard.tf | 139 ++++++++++++++++++++++++ infra/domain.tf | 113 ++++++++++++++++++++ infra/dynamodb.tf | 59 ++++++++++ infra/index-everywhere.js | 9 ++ infra/lambda.tf | 148 +++++++++++++++++++++++++ infra/logging.tf | 86 +++++++++++++++ infra/main.tf | 31 ++++++ infra/static.tf | 77 +++++++++++++ 13 files changed, 1233 insertions(+) create mode 100644 infra/.gitignore create mode 100644 infra/.terraform.lock.hcl create mode 100644 infra/apigw.tf create mode 100644 infra/athena.tf create mode 100644 infra/cloudfront.tf create mode 100644 infra/dashboard.tf create mode 100644 infra/domain.tf create mode 100644 infra/dynamodb.tf create mode 100644 infra/index-everywhere.js create mode 100644 infra/lambda.tf create mode 100644 infra/logging.tf create mode 100644 infra/main.tf create mode 100644 infra/static.tf diff --git a/infra/.gitignore b/infra/.gitignore new file mode 100644 index 0000000..09aa2cb --- /dev/null +++ b/infra/.gitignore @@ -0,0 +1,2 @@ +.terraform/ +lambda_function_payload.zip diff --git a/infra/.terraform.lock.hcl b/infra/.terraform.lock.hcl new file mode 100644 index 0000000..d962954 --- /dev/null +++ b/infra/.terraform.lock.hcl @@ -0,0 +1,44 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/archive" { + version = "2.4.1" + hashes = [ + "h1:JgIo+nNySG8svjXevfoTRi0jzgHbLMDrnr55WBeRupw=", + "zh:00240c042740d18d6ba545b211ff7ed5a9e8490d30be3f865e71dba90d7a34cf", + "zh:230c285beafaffd8d60da3446157b95f8fb43b359ba94b09214c1822bf310c3d", + "zh:726672a0e61a1d39695ce5e330aa3e6caa97f2a9438cf8125360e80f4cb52fa5", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:7bc8f4a4fc7059ec01e767246df7937603dbc6ec49cb3eedffe6ecb68dbe9cb4", + "zh:800d898ce8ac96b244746c5a41f4107bd3c883fe6093d9a972a28b138ac02c4e", + "zh:9a8ea216af3840af48c08ef5ed998606c556b15be30d7b42c89a62df54285903", + "zh:b9905d0ac55b61ea78ecf0e6b07d54a9863a9f02e249d0d492e68cfcede0d89f", + "zh:c822495ba01ab7cee66c892f941097971c3be122a6200d556f462a751d446df8", + "zh:e05c31f2f4dca9eaada2726d16d2ffb03d6441b4eb55547b93d62d81383cd0ef", + "zh:ec14c68ca5d881bac73dbbd298f0ca84444001a81d473f51e36c4e29df040983", + "zh:ed32ebccb20b21c112f01d73d138ba5ada28cf8ede175441738a30711c79119a", + ] +} + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.31.0" + constraints = "~> 5.0" + hashes = [ + "h1:WwgMbMOhZblxZTdjHeJf9XB2/hcSHHmpuywLxuTWYw0=", + "zh:0cdb9c2083bf0902442384f7309367791e4640581652dda456f2d6d7abf0de8d", + "zh:2fe4884cb9642f48a5889f8dff8f5f511418a18537a9dfa77ada3bcdad391e4e", + "zh:36d8bdd72fe61d816d0049c179f495bc6f1e54d8d7b07c45b62e5e1696882a89", + "zh:539dd156e3ec608818eb21191697b230117437a58587cbd02ce533202a4dd520", + "zh:6a53f4b57ac4eb3479fc0d8b6e301ca3a27efae4c55d9f8bd24071b12a03361c", + "zh:6faeb8ff6792ca7af1c025255755ad764667a300291cc10cea0c615479488c87", + "zh:7d9423149b323f6d0df5b90c4d9029e5455c670aea2a7eb6fef4684ba7eb2e0b", + "zh:8235badd8a5d0993421cacf5ead48fac73d3b5a25c8a68599706a404b1f70730", + "zh:860b4f60842b2879c5128b7e386c8b49adeda9287fed12c5cd74861bb659bbcd", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:b021fceaf9382c8fe3c6eb608c24d01dce3d11ba7e65bb443d51ca9b90e9b237", + "zh:b38b0bfc1c69e714e80cf1c9ea06e687ee86aa9f45694be28eb07adcebbe0489", + "zh:c972d155f6c01af9690a72adfb99cfc24ef5ef311ca92ce46b9b13c5c153f572", + "zh:e0dd29920ec84fdb6026acff44dcc1fb1a24a0caa093fa04cdbc713d384c651d", + "zh:e3127ebd2cb0374cd1808f911e6bffe2f4ac4d84317061381242353f3a7bc27d", + ] +} diff --git a/infra/apigw.tf b/infra/apigw.tf new file mode 100644 index 0000000..82c9f89 --- /dev/null +++ b/infra/apigw.tf @@ -0,0 +1,169 @@ +resource "aws_apigatewayv2_api" "www" { + name = "wewerewondering" + protocol_type = "HTTP" +} + +import { + to = aws_apigatewayv2_api.www + id = "je8z4t28h4" +} + +data "aws_iam_policy_document" "apigw_assume" { + statement { + principals { + type = "Service" + identifiers = ["apigateway.amazonaws.com"] + } + actions = ["sts:AssumeRole"] + } +} + +resource "aws_iam_role" "apigw_cw" { + name = "wewerewondering-api-gw" + description = "Allows API Gateway to push logs to CloudWatch Logs." + assume_role_policy = data.aws_iam_policy_document.apigw_assume.json + managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"] +} + +import { + to = aws_iam_role.apigw_cw + id = "wewerewondering-api-gw" +} + +resource "aws_api_gateway_account" "www" { + cloudwatch_role_arn = aws_iam_role.apigw_cw.arn +} + +import { + to = aws_api_gateway_account.www + id = "api-gateway-account" +} + +resource "aws_apigatewayv2_stage" "www" { + api_id = aws_apigatewayv2_api.www.id + name = "$default" + auto_deploy = true + access_log_settings { + destination_arn = aws_cloudwatch_log_group.apigw.arn + format = jsonencode({ + "requestId" : "$context.requestId", + "ip" : "$context.identity.sourceIp", + "requestTime" : "$context.requestTime", + "httpMethod" : "$context.httpMethod", + "routeKey" : "$context.routeKey", + "status" : "$context.status", + "protocol" : "$context.protocol", + "responseLength" : "$context.responseLength" + }) + } + default_route_settings { + throttling_burst_limit = 250 + throttling_rate_limit = 50 + } +} + +import { + to = aws_apigatewayv2_stage.www + id = "je8z4t28h4/$default" +} + +resource "aws_apigatewayv2_integration" "www" { + api_id = aws_apigatewayv2_api.www.id + integration_type = "AWS_PROXY" + integration_method = "POST" + integration_uri = aws_lambda_function.www.invoke_arn + payload_format_version = "2.0" +} + +import { + to = aws_apigatewayv2_integration.www + id = "je8z4t28h4/4y6aomd" +} + +resource "aws_apigatewayv2_route" "api_event_post" { + api_id = aws_apigatewayv2_api.www.id + route_key = "POST /api/event" + target = "integrations/${aws_apigatewayv2_integration.www.id}" +} + +import { + to = aws_apigatewayv2_route.api_event_post + id = "je8z4t28h4/lmcxybh" +} + +resource "aws_apigatewayv2_route" "api_event_eid_post" { + api_id = aws_apigatewayv2_api.www.id + route_key = "POST /api/event/{eid}" + target = "integrations/${aws_apigatewayv2_integration.www.id}" +} + +import { + to = aws_apigatewayv2_route.api_event_eid_post + id = "je8z4t28h4/cyva0m4" +} + +resource "aws_apigatewayv2_route" "api_event_eid_get" { + api_id = aws_apigatewayv2_api.www.id + route_key = "GET /api/event/{eid}" + target = "integrations/${aws_apigatewayv2_integration.www.id}" +} + +import { + to = aws_apigatewayv2_route.api_event_eid_get + id = "je8z4t28h4/iih0hlf" +} + +resource "aws_apigatewayv2_route" "api_event_eid_questions_get" { + api_id = aws_apigatewayv2_api.www.id + route_key = "GET /api/event/{eid}/questions" + target = "integrations/${aws_apigatewayv2_integration.www.id}" +} + +import { + to = aws_apigatewayv2_route.api_event_eid_questions_get + id = "je8z4t28h4/ezhnbti" +} + +resource "aws_apigatewayv2_route" "api_event_eid_questions_secret_get" { + api_id = aws_apigatewayv2_api.www.id + route_key = "GET /api/event/{eid}/questions/{secret}" + target = "integrations/${aws_apigatewayv2_integration.www.id}" +} + +import { + to = aws_apigatewayv2_route.api_event_eid_questions_secret_get + id = "je8z4t28h4/fb0pv8e" +} + +resource "aws_apigatewayv2_route" "api_event_toggle_post" { + api_id = aws_apigatewayv2_api.www.id + route_key = "POST /api/event/{eid}/questions/{secret}/{qid}/toggle/{property}" + target = "integrations/${aws_apigatewayv2_integration.www.id}" +} + +import { + to = aws_apigatewayv2_route.api_event_toggle_post + id = "je8z4t28h4/0y2fhvt" +} + +resource "aws_apigatewayv2_route" "api_questions_get" { + api_id = aws_apigatewayv2_api.www.id + route_key = "GET /api/questions/{qids}" + target = "integrations/${aws_apigatewayv2_integration.www.id}" +} + +import { + to = aws_apigatewayv2_route.api_questions_get + id = "je8z4t28h4/5j62zea" +} + +resource "aws_apigatewayv2_route" "api_vote_post" { + api_id = aws_apigatewayv2_api.www.id + route_key = "POST /api/vote/{qid}/{updown}" + target = "integrations/${aws_apigatewayv2_integration.www.id}" +} + +import { + to = aws_apigatewayv2_route.api_vote_post + id = "je8z4t28h4/d6f5hnm" +} diff --git a/infra/athena.tf b/infra/athena.tf new file mode 100644 index 0000000..6e2c97f --- /dev/null +++ b/infra/athena.tf @@ -0,0 +1,220 @@ +locals { + athena = "wewerewondering-athena" +} + +resource "aws_s3_bucket" "athena" { + bucket = local.athena + + # TODO: lifecycle configuration + # https://docs.aws.amazon.com/athena/latest/ug/querying.html#query-results-specify-location +} + +import { + to = aws_s3_bucket.athena + id = local.athena +} + +resource "aws_s3_bucket_ownership_controls" "athena" { + bucket = aws_s3_bucket.athena.id + + rule { + object_ownership = "BucketOwnerEnforced" + } +} + +import { + to = aws_s3_bucket_ownership_controls.athena + id = local.athena +} + +resource "aws_s3_bucket_acl" "athena" { + depends_on = [aws_s3_bucket_ownership_controls.athena] + + bucket = aws_s3_bucket.athena.id + acl = "private" +} + +import { + to = aws_s3_bucket_acl.athena + id = "${local.athena},private" +} + +# https://docs.aws.amazon.com/athena/latest/ug/cloudfront-logs.html +resource "aws_glue_catalog_table" "cf_logs" { + name = "cloudfront_logs" + database_name = "default" + table_type = "EXTERNAL_TABLE" + parameters = { + EXTERNAL = "TRUE" + "skip.header.line.count" = 2 + } + storage_descriptor { + input_format = "org.apache.hadoop.mapred.TextInputFormat" + location = "s3://${aws_s3_bucket.logs.id}/" + output_format = "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat" + + columns { + name = "date" + type = "date" + } + columns { + name = "time" + type = "string" + } + columns { + name = "location" + type = "string" + } + columns { + name = "bytes" + type = "bigint" + } + columns { + name = "request_ip" + type = "string" + } + columns { + name = "method" + type = "string" + } + columns { + name = "host" + type = "string" + } + columns { + name = "uri" + type = "string" + } + columns { + name = "status" + type = "int" + } + columns { + name = "referrer" + type = "string" + } + columns { + name = "user_agent" + type = "string" + } + columns { + name = "query_string" + type = "string" + } + columns { + name = "cookie" + type = "string" + } + columns { + name = "result_type" + type = "string" + } + columns { + name = "request_id" + type = "string" + } + columns { + name = "host_header" + type = "string" + } + columns { + name = "request_protocol" + type = "string" + } + columns { + name = "request_bytes" + type = "bigint" + } + columns { + name = "time_taken" + type = "float" + } + columns { + name = "xforwarded_for" + type = "string" + } + columns { + name = "ssl_protocol" + type = "string" + } + columns { + name = "ssl_cipher" + type = "string" + } + columns { + name = "response_result_type" + type = "string" + } + columns { + name = "http_version" + type = "string" + } + columns { + name = "fle_status" + type = "string" + } + columns { + name = "fle_encrypted_fields" + type = "int" + } + columns { + name = "c_port" + type = "int" + } + columns { + name = "time_to_first_byte" + type = "float" + } + columns { + name = "x_edge_detailed_result_type" + type = "string" + } + columns { + name = "sc_content_type" + type = "string" + } + columns { + name = "sc_content_len" + type = "bigint" + } + columns { + name = "sc_range_start" + type = "bigint" + } + columns { + name = "sc_range_end" + type = "bigint" + } + + ser_de_info { + parameters = { + "field.delim" = "\t" + "serialization.format" = "\t" + } + serialization_library = "org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe" + } + } +} + +import { + to = aws_glue_catalog_table.cf_logs + id = "880545379339:default:cloudfront_logs" +} + +resource "aws_athena_workgroup" "www" { + name = "primary" + + configuration { + enforce_workgroup_configuration = false + publish_cloudwatch_metrics_enabled = false + + result_configuration { + output_location = "s3://${aws_s3_bucket.athena.bucket}/" + } + } +} + +import { + to = aws_athena_workgroup.www + id = "primary" +} diff --git a/infra/cloudfront.tf b/infra/cloudfront.tf new file mode 100644 index 0000000..91fc71d --- /dev/null +++ b/infra/cloudfront.tf @@ -0,0 +1,136 @@ +locals { + s3_origin_id = "wewerewondering" + gw_origin_id = "wewerewondering-api" +} + +resource "aws_cloudfront_origin_access_control" "static" { + name = aws_s3_bucket.static.bucket_regional_domain_name + origin_access_control_origin_type = "s3" + signing_behavior = "always" + signing_protocol = "sigv4" +} + +import { + to = aws_cloudfront_origin_access_control.static + id = "E2O0QG272YYJYR" +} + +resource "aws_cloudfront_cache_policy" "cache_when_requested" { + name = "CacheWhenRequested" + default_ttl = 1 + max_ttl = 31536000 + min_ttl = 1 + parameters_in_cache_key_and_forwarded_to_origin { + cookies_config { + cookie_behavior = "none" + } + headers_config { + header_behavior = "none" + } + query_strings_config { + query_string_behavior = "none" + } + enable_accept_encoding_brotli = true + enable_accept_encoding_gzip = true + } +} + +import { + to = aws_cloudfront_cache_policy.cache_when_requested + id = "fcc8df6d-6613-4210-8246-f45d18f04835" +} + +resource "aws_cloudfront_function" "index_everywhere" { + name = "index-everywhere" + runtime = "cloudfront-js-1.0" + code = file("${path.module}/index-everywhere.js") +} + +import { + to = aws_cloudfront_function.index_everywhere + id = "index-everywhere" +} + +resource "aws_cloudfront_distribution" "www" { + origin { + origin_id = local.gw_origin_id + # NOTE: this is stupid + domain_name = "${aws_apigatewayv2_api.www.id}.execute-api.${data.aws_region.current.name}.amazonaws.com" + + custom_origin_config { + http_port = 80 + https_port = 443 + origin_protocol_policy = "https-only" + origin_ssl_protocols = ["TLSv1.2"] + } + } + + origin { + origin_id = local.s3_origin_id + domain_name = aws_s3_bucket.static.bucket_regional_domain_name + origin_access_control_id = aws_cloudfront_origin_access_control.static.id + } + + enabled = true + is_ipv6_enabled = true + default_root_object = "index.html" + aliases = ["wewerewondering.com"] + price_class = "PriceClass_All" + http_version = "http2" + + logging_config { + include_cookies = false + bucket = aws_s3_bucket.logs.bucket_domain_name + } + + default_cache_behavior { + allowed_methods = ["GET", "HEAD"] + cached_methods = ["GET", "HEAD"] + target_origin_id = local.s3_origin_id + + # Using the CachingOptimized managed policy ID: + cache_policy_id = "658327ea-f89d-4fab-a63d-7e88639e58f6" + # Using the SecurityHeadersPolicy managed policy ID: + response_headers_policy_id = "67f7725c-6f97-4210-82d7-5512b31e9d03" + + compress = true + viewer_protocol_policy = "redirect-to-https" + + function_association { + event_type = "viewer-request" + function_arn = aws_cloudfront_function.index_everywhere.arn + } + } + + # Cache behavior with precedence 0 + ordered_cache_behavior { + path_pattern = "/api/*" + allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"] + cached_methods = ["GET", "HEAD"] + target_origin_id = local.gw_origin_id + compress = true + + cache_policy_id = aws_cloudfront_cache_policy.cache_when_requested.id + # Using the SecurityHeadersPolicy managed policy ID: + response_headers_policy_id = "67f7725c-6f97-4210-82d7-5512b31e9d03" + + viewer_protocol_policy = "https-only" + } + + restrictions { + geo_restriction { + restriction_type = "none" + } + } + + viewer_certificate { + acm_certificate_arn = aws_acm_certificate_validation.www.certificate_arn + minimum_protocol_version = "TLSv1.2_2021" + ssl_support_method = "sni-only" + } +} + +import { + to = aws_cloudfront_distribution.www + id = "E1ECZRHBXFKMHK" +} diff --git a/infra/dashboard.tf b/infra/dashboard.tf new file mode 100644 index 0000000..c791acb --- /dev/null +++ b/infra/dashboard.tf @@ -0,0 +1,139 @@ +resource "aws_cloudwatch_dashboard" "www" { + dashboard_name = "ApiGatewayHttp" + + dashboard_body = jsonencode({ + "widgets" : [ + { + "height" : 4, + "width" : 8, + "y" : 0, + "x" : 0, + "type" : "metric", + "properties" : { + "metrics" : [ + ["AWS/ApiGateway", "Count", "ApiId", aws_apigatewayv2_api.www.id, { "period" : 300, "stat" : "Sum" }] + ], + "legend" : { + "position" : "bottom" + }, + "region" : data.aws_region.current.name, + "liveData" : false, + "title" : "Count: Sum", + "period" : 300, + "view" : "timeSeries", + "stacked" : false + } + }, + { + "height" : 4, + "width" : 8, + "y" : 0, + "x" : 8, + "type" : "metric", + "properties" : { + "metrics" : [ + ["AWS/ApiGateway", "5xx", "ApiId", aws_apigatewayv2_api.www.id, { "period" : 300, "stat" : "Sum" }] + ], + "legend" : { + "position" : "bottom" + }, + "region" : data.aws_region.current.name, + "liveData" : false, + "title" : "5XXError: Sum", + "period" : 300, + "view" : "timeSeries", + "stacked" : false + } + }, + { + "height" : 4, + "width" : 8, + "y" : 0, + "x" : 16, + "type" : "metric", + "properties" : { + "metrics" : [ + ["AWS/ApiGateway", "4xx", "ApiId", aws_apigatewayv2_api.www.id, { "period" : 300, "stat" : "Sum" }] + ], + "legend" : { + "position" : "bottom" + }, + "region" : data.aws_region.current.name, + "liveData" : false, + "title" : "4XXError: Sum", + "period" : 300, + "view" : "timeSeries", + "stacked" : false + } + }, + { + "height" : 4, + "width" : 12, + "y" : 4, + "x" : 0, + "type" : "metric", + "properties" : { + "metrics" : [ + ["AWS/ApiGateway", "Latency", "ApiId", aws_apigatewayv2_api.www.id, { "period" : 300, "stat" : "Average" }] + ], + "legend" : { + "position" : "bottom" + }, + "region" : data.aws_region.current.name, + "liveData" : false, + "title" : "Latency: Average", + "period" : 300, + "view" : "timeSeries", + "stacked" : false + } + }, + { + "height" : 4, + "width" : 12, + "y" : 4, + "x" : 12, + "type" : "metric", + "properties" : { + "metrics" : [ + ["AWS/ApiGateway", "IntegrationLatency", "ApiId", aws_apigatewayv2_api.www.id, { "period" : 300, "stat" : "Average" }] + ], + "legend" : { + "position" : "bottom" + }, + "region" : data.aws_region.current.name, + "liveData" : false, + "title" : "IntegrationLatency: Average", + "period" : 300, + "view" : "timeSeries", + "stacked" : false + } + }, + { + "height" : 4, + "width" : 24, + "y" : 8, + "x" : 0, + "type" : "metric", + "properties" : { + "metrics" : [ + ["AWS/ApiGateway", "DataProcessed", "ApiId", aws_apigatewayv2_api.www.id, { "period" : 300, "stat" : "Sum" }] + ], + "legend" : { + "position" : "bottom" + }, + "region" : data.aws_region.current.name, + "liveData" : false, + "title" : "DataProcessed: Sum", + "period" : 300, + "view" : "timeSeries", + "stacked" : false + } + } + ] + }) +} + +import { + to = aws_cloudwatch_dashboard.www + id = "ApiGatewayHttp" +} diff --git a/infra/domain.tf b/infra/domain.tf new file mode 100644 index 0000000..ed3000f --- /dev/null +++ b/infra/domain.tf @@ -0,0 +1,113 @@ +locals { + domain = "wewerewondering.com" +} + +resource "aws_route53_zone" "www" { + name = local.domain +} + +import { + to = aws_route53_zone.www + id = "Z0224639SZ3FM93JW8DU" +} + +resource "aws_route53_record" "www_mx" { + zone_id = aws_route53_zone.www.zone_id + name = local.domain + type = "MX" + ttl = 3600 + records = [ + "10 mx1.improvmx.com", + "20 mx2.improvmx.com" + ] +} + +import { + to = aws_route53_record.www_mx + id = "Z0224639SZ3FM93JW8DU_${local.domain}_MX" +} + +resource "aws_route53_record" "www_spf" { + zone_id = aws_route53_zone.www.zone_id + name = local.domain + type = "TXT" + ttl = 3600 + records = [ + "v=spf1 include:spf.improvmx.com ~all", + ] +} + +import { + to = aws_route53_record.www_spf + id = "Z0224639SZ3FM93JW8DU_${local.domain}_TXT" +} + +resource "aws_route53_record" "www_cf" { + zone_id = aws_route53_zone.www.zone_id + name = local.domain + type = "A" + alias { + name = aws_cloudfront_distribution.www.domain_name + zone_id = aws_cloudfront_distribution.www.hosted_zone_id + evaluate_target_health = false + } +} + +import { + to = aws_route53_record.www_cf + id = "Z0224639SZ3FM93JW8DU_${local.domain}_A" +} + +resource "aws_route53_record" "www_cf_v6" { + zone_id = aws_route53_zone.www.zone_id + name = local.domain + type = "AAAA" + alias { + name = aws_cloudfront_distribution.www.domain_name + zone_id = aws_cloudfront_distribution.www.hosted_zone_id + evaluate_target_health = false + } +} + +import { + to = aws_route53_record.www_cf_v6 + id = "Z0224639SZ3FM93JW8DU_${local.domain}_AAAA" +} + +resource "aws_acm_certificate" "www" { + provider = aws.us-east-1 + domain_name = local.domain + validation_method = "DNS" + + lifecycle { + create_before_destroy = true + } +} + +import { + to = aws_acm_certificate.www + id = "arn:aws:acm:us-east-1:880545379339:certificate/f3e11148-9740-4b7f-a1a6-da43e045cef0" +} + +resource "aws_route53_record" "www_cert" { + for_each = { + for dvo in aws_acm_certificate.www.domain_validation_options : dvo.domain_name => { + name = dvo.resource_record_name + record = dvo.resource_record_value + type = dvo.resource_record_type + } + } + + allow_overwrite = true + name = each.value.name + records = [each.value.record] + ttl = 60 + type = each.value.type + zone_id = aws_route53_zone.www.zone_id +} + +resource "aws_acm_certificate_validation" "www" { + provider = aws.us-east-1 + certificate_arn = aws_acm_certificate.www.arn + validation_record_fqdns = [for record in aws_route53_record.www_cert : record.fqdn] +} diff --git a/infra/dynamodb.tf b/infra/dynamodb.tf new file mode 100644 index 0000000..b6659a3 --- /dev/null +++ b/infra/dynamodb.tf @@ -0,0 +1,59 @@ +resource "aws_dynamodb_table" "events" { + name = "events" + billing_mode = "PAY_PER_REQUEST" + hash_key = "id" + + attribute { + name = "id" + type = "S" + } + + ttl { + attribute_name = "expire" + enabled = true + } +} + +import { + to = aws_dynamodb_table.events + id = "events" +} + +resource "aws_dynamodb_table" "questions" { + name = "questions" + billing_mode = "PAY_PER_REQUEST" + hash_key = "id" + + attribute { + name = "id" + type = "S" + } + + attribute { + name = "eid" + type = "S" + } + + attribute { + name = "votes" + type = "N" + } + + ttl { + attribute_name = "expire" + enabled = true + } + + global_secondary_index { + name = "top" + hash_key = "eid" + range_key = "votes" + projection_type = "INCLUDE" + non_key_attributes = ["answered", "hidden"] + } +} + +import { + to = aws_dynamodb_table.questions + id = "questions" +} diff --git a/infra/index-everywhere.js b/infra/index-everywhere.js new file mode 100644 index 0000000..cd9b234 --- /dev/null +++ b/infra/index-everywhere.js @@ -0,0 +1,9 @@ +function handler(event) { + var req = event.request; + if ( + req.uri.startsWith('/event/') + ) { + req.uri = '/index.html'; + } + return req; +} diff --git a/infra/lambda.tf b/infra/lambda.tf new file mode 100644 index 0000000..31ea9dc --- /dev/null +++ b/infra/lambda.tf @@ -0,0 +1,148 @@ +data "aws_iam_policy_document" "xray" { + statement { + actions = [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + ] + resources = ["*"] + } +} + +resource "aws_iam_policy" "xray" { + # TODO + name = "AWSLambdaTracerAccessExecutionRole-14a6d1b5-3a03-4b02-94ca-fec2eced24ab" + path = "/service-role/" + policy = data.aws_iam_policy_document.xray.json +} + +import { + to = aws_iam_policy.xray + id = "arn:aws:iam::880545379339:policy/service-role/AWSLambdaTracerAccessExecutionRole-14a6d1b5-3a03-4b02-94ca-fec2eced24ab" +} + +data "aws_iam_policy_document" "cloudwatch" { + statement { + actions = [ + "logs:CreateLogGroup", + ] + resources = [aws_cloudwatch_log_group.lambda.arn] + } + + statement { + actions = [ + "logs:CreateLogStream", + "logs:PutLogEvents", + ] + resources = ["${aws_cloudwatch_log_group.lambda.arn}:*"] + } +} + +resource "aws_iam_policy" "cloudwatch" { + # TODO + name = "AWSLambdaBasicExecutionRole-b586114a-ba08-47b0-afe0-82c4d81857a0" + path = "/service-role/" + policy = data.aws_iam_policy_document.cloudwatch.json +} + +import { + to = aws_iam_policy.cloudwatch + id = "arn:aws:iam::880545379339:policy/service-role/AWSLambdaBasicExecutionRole-b586114a-ba08-47b0-afe0-82c4d81857a0" +} + +data "aws_iam_policy_document" "assume_role" { + statement { + principals { + type = "Service" + identifiers = ["lambda.amazonaws.com"] + } + actions = ["sts:AssumeRole"] + } +} + +resource "aws_iam_role" "www" { + name = "wewerewondering-api" + assume_role_policy = data.aws_iam_policy_document.assume_role.json + path = "/service-role/" + managed_policy_arns = [ + aws_iam_policy.cloudwatch.arn, + aws_iam_policy.xray.arn, + "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy" + ] +} + +import { + to = aws_iam_role.www + id = "wewerewondering-api" +} + +data "aws_iam_policy_document" "dynamodb" { + statement { + actions = [ + "dynamodb:UpdateItem", + "dynamodb:Scan", + "dynamodb:Query", + "dynamodb:PutItem", + "dynamodb:GetItem", + "dynamodb:BatchGetItem", + ] + resources = [ + aws_dynamodb_table.events.arn, + aws_dynamodb_table.questions.arn, + "${aws_dynamodb_table.questions.arn}/index/top" + ] + } +} + +resource "aws_iam_role_policy" "dynamodb" { + name = "api-db-access" + role = aws_iam_role.www.id + policy = data.aws_iam_policy_document.dynamodb.json +} + +import { + to = aws_iam_role_policy.dynamodb + id = "wewerewondering-api:api-db-access" +} + +check "lambda-built" { + assert { + condition = fileexists("${path.module}/../server/target/lambda/wewerewondering-api/bootstrap") + error_message = "Run `cargo lambda build --release --arm64` in ../server" + } +} + +data "archive_file" "lambda" { + type = "zip" + source_file = "${path.module}/../server/target/lambda/wewerewondering-api/bootstrap" + output_path = "lambda_function_payload.zip" +} + +resource "aws_lambda_function" "www" { + function_name = "wewerewondering-api" + role = aws_iam_role.www.arn + handler = "bootstrap" + runtime = "provided.al2" + architectures = ["arm64"] + timeout = 30 + layers = [ + "arn:aws:lambda:${data.aws_region.current.name}:580247275435:layer:LambdaInsightsExtension-Arm64:5" + ] + + filename = "lambda_function_payload.zip" + source_code_hash = data.archive_file.lambda.output_base64sha256 + + environment { + variables = { + RUST_LOG = "info,tower_http=debug,wewerewondering_api=trace" + } + } + + depends_on = [ + aws_cloudwatch_log_group.lambda, + ] +} + +import { + to = aws_lambda_function.www + id = "wewerewondering-api" +} diff --git a/infra/logging.tf b/infra/logging.tf new file mode 100644 index 0000000..8e81cc5 --- /dev/null +++ b/infra/logging.tf @@ -0,0 +1,86 @@ +locals { + logs = "wewerewondering-logs" +} + +data "aws_canonical_user_id" "current" {} + +resource "aws_s3_bucket" "logs" { + bucket = local.logs +} + +import { + to = aws_s3_bucket.logs + id = local.logs +} + +resource "aws_s3_bucket_ownership_controls" "logs" { + bucket = aws_s3_bucket.logs.id + + rule { + object_ownership = "BucketOwnerPreferred" + } +} + +import { + to = aws_s3_bucket_ownership_controls.logs + id = local.logs +} + +resource "aws_s3_bucket_acl" "logs" { + depends_on = [aws_s3_bucket_ownership_controls.logs] + + bucket = aws_s3_bucket.logs.id + + access_control_policy { + grant { + grantee { + id = data.aws_canonical_user_id.current.id + type = "CanonicalUser" + } + permission = "FULL_CONTROL" + } + + # https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html#AccessLogsBucketAndFileOwnership + grant { + grantee { + type = "CanonicalUser" + uri = "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0" + } + permission = "FULL_CONTROL" + } + + owner { + display_name = "admin" + id = data.aws_canonical_user_id.current.id + } + } +} + +import { + to = aws_s3_bucket_acl.logs + id = local.logs +} + +resource "aws_cloudwatch_log_group" "lambda" { + name = "/aws/lambda/wewerewondering-api" + # TODO + retention_in_days = 0 +} + +import { + to = aws_cloudwatch_log_group.lambda + id = "/aws/lambda/wewerewondering-api" +} + +resource "aws_cloudwatch_log_group" "apigw" { + name = "/aws/api-gateway/wewerewondering" + # TODO + retention_in_days = 0 +} + +import { + to = aws_cloudwatch_log_group.apigw + id = "/aws/api-gateway/wewerewondering" +} + +# arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs diff --git a/infra/main.tf b/infra/main.tf new file mode 100644 index 0000000..a1c8ab5 --- /dev/null +++ b/infra/main.tf @@ -0,0 +1,31 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5" + } + } + + required_version = ">= 1.6.6" +} + +provider "aws" { + region = "us-east-1" + assume_role { + role_arn = "arn:aws:iam::880545379339:role/OrganizationAccountAccessRole" + external_id = "terraform" + } +} + +# for ACM cert for CloudFront +# https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html#https-requirements-aws-region +provider "aws" { + region = "us-east-1" + alias = "us-east-1" + assume_role { + role_arn = "arn:aws:iam::880545379339:role/OrganizationAccountAccessRole" + external_id = "terraform" + } +} + +data "aws_region" "current" {} diff --git a/infra/static.tf b/infra/static.tf new file mode 100644 index 0000000..13b7bb9 --- /dev/null +++ b/infra/static.tf @@ -0,0 +1,77 @@ +locals { + static = "wewerewondering-static" +} + +resource "aws_s3_bucket" "static" { + bucket = local.static +} + +import { + to = aws_s3_bucket.static + id = local.static +} + +resource "aws_s3_bucket_ownership_controls" "static" { + bucket = aws_s3_bucket.static.id + + rule { + object_ownership = "BucketOwnerEnforced" + } +} + +import { + to = aws_s3_bucket_ownership_controls.static + id = local.static +} + +resource "aws_s3_bucket_acl" "static" { + depends_on = [aws_s3_bucket_ownership_controls.static] + + bucket = aws_s3_bucket.static.id + acl = "private" +} + +import { + to = aws_s3_bucket_acl.static + id = "${local.static},private" +} + +data "aws_iam_policy_document" "cloudfront_s3" { + policy_id = "PolicyForCloudFrontPrivateContent" + + statement { + sid = "AllowCloudFrontServicePrincipal" + + principals { + type = "Service" + identifiers = ["cloudfront.amazonaws.com"] + } + + actions = [ + "s3:GetObject", + "s3:ListBucket", + ] + + resources = [ + aws_s3_bucket.static.arn, + "${aws_s3_bucket.static.arn}/*", + ] + + condition { + test = "StringEquals" + variable = "AWS:SourceArn" + + values = [aws_cloudfront_distribution.www.arn] + } + } +} + +resource "aws_s3_bucket_policy" "cloudfront" { + bucket = aws_s3_bucket.static.id + policy = data.aws_iam_policy_document.cloudfront_s3.json +} + +import { + to = aws_s3_bucket_policy.cloudfront + id = local.static +} From 74a17799ae126b8297711ac516a8530e866b1b66 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 13:34:14 +0100 Subject: [PATCH 02/26] Manage S3 bucket contents as well --- infra/domain.tf | 14 ++++++++++++++ infra/static.tf | 51 ++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 64 insertions(+), 1 deletion(-) diff --git a/infra/domain.tf b/infra/domain.tf index ed3000f..10634f2 100644 --- a/infra/domain.tf +++ b/infra/domain.tf @@ -106,6 +106,20 @@ resource "aws_route53_record" "www_cert" { zone_id = aws_route53_zone.www.zone_id } +# TODO: requires 1.7: https://github.com/hashicorp/terraform/pull/33932#issuecomment-1761821359 +#import { +# for_each = { +# for dvo in aws_acm_certificate.www.domain_validation_options : dvo.domain_name => { +# name = dvo.resource_record_name +# record = dvo.resource_record_value +# type = dvo.resource_record_type +# } +# } +# +# to = aws_route53_record.www_cert[local.domain] +# id = "Z4KAPRWWNC7JR_${each.name}.${local.domain}_${each.type}" +#} + resource "aws_acm_certificate_validation" "www" { provider = aws.us-east-1 certificate_arn = aws_acm_certificate.www.arn diff --git a/infra/static.tf b/infra/static.tf index 13b7bb9..a28c363 100644 --- a/infra/static.tf +++ b/infra/static.tf @@ -3,7 +3,8 @@ locals { } resource "aws_s3_bucket" "static" { - bucket = local.static + bucket = local.static + force_destroy = true } import { @@ -75,3 +76,51 @@ import { to = aws_s3_bucket_policy.cloudfront id = local.static } + +check "static-built" { + assert { + condition = fileexists("${path.module}/../client/dist/index.html") + error_message = "Run `npm run build` in ../client" + } +} + +resource "aws_s3_object" "dist" { + for_each = fileset("${path.module}/../client/dist", "**") + + force_destroy = true + bucket = aws_s3_bucket.static.id + key = each.value + source = "${path.module}/../client/dist/${each.value}" + # etag makes the file update when it changes; see https://stackoverflow.com/questions/56107258/terraform-upload-file-to-s3-on-every-apply + etag = filemd5("${path.module}/../client/dist/${each.value}") +} + +# TODO: delete old files in assets/ ? + +# TODO: requires 1.7: https://github.com/hashicorp/terraform/pull/33932#issuecomment-1761821359 +#import { +# for_each = fileset("${path.module}/../client/dist", "**") +# +# to = aws_s3_object.dist[each.value] +# id = "${aws_s3_bucket.static.id}/${each.value}" +#} +import { + to = aws_s3_object.dist["index.html"] + id = "${aws_s3_bucket.static.id}/index.html" +} +import { + to = aws_s3_object.dist["robots.txt"] + id = "${aws_s3_bucket.static.id}/robots.txt" +} +import { + to = aws_s3_object.dist["favicon.ico"] + id = "${aws_s3_bucket.static.id}/favicon.ico" +} +import { + to = aws_s3_object.dist["favicon.png"] + id = "${aws_s3_bucket.static.id}/favicon.png" +} +import { + to = aws_s3_object.dist["apple-touch-icon.png"] + id = "${aws_s3_bucket.static.id}/apple-touch-icon.png" +} From 29d2f2c64b36d1eed558c9dd11987d5018227a46 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 13:37:42 +0100 Subject: [PATCH 03/26] Set max age on index.html --- infra/static.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/infra/static.tf b/infra/static.tf index a28c363..4aa82bd 100644 --- a/infra/static.tf +++ b/infra/static.tf @@ -93,6 +93,8 @@ resource "aws_s3_object" "dist" { source = "${path.module}/../client/dist/${each.value}" # etag makes the file update when it changes; see https://stackoverflow.com/questions/56107258/terraform-upload-file-to-s3-on-every-apply etag = filemd5("${path.module}/../client/dist/${each.value}") + + cache_control = each.value == "index.html" ? "max-age=300" : null } # TODO: delete old files in assets/ ? From f64dc22b004009d2c3845d62aef78d08dd84754d Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:01:05 +0100 Subject: [PATCH 04/26] Less boilerplate in routes --- infra/apigw.tf | 46 +++++++++++++++------------------------------- 1 file changed, 15 insertions(+), 31 deletions(-) diff --git a/infra/apigw.tf b/infra/apigw.tf index 82c9f89..b051f69 100644 --- a/infra/apigw.tf +++ b/infra/apigw.tf @@ -113,57 +113,41 @@ import { id = "je8z4t28h4/iih0hlf" } -resource "aws_apigatewayv2_route" "api_event_eid_questions_get" { +resource "aws_apigatewayv2_route" "api_route" { + for_each = { + get_eeq = "GET /api/event/{eid}/questions", + get_eeqs = "GET /api/event/{eid}/questions/{secret}", + post_toggle = "POST /api/event/{eid}/questions/{secret}/{qid}/toggle/{property}", + get_q = "GET /api/questions/{qids}", + post_vote = "POST /api/vote/{qid}/{updown}", + } + api_id = aws_apigatewayv2_api.www.id - route_key = "GET /api/event/{eid}/questions" + route_key = each.value target = "integrations/${aws_apigatewayv2_integration.www.id}" } import { - to = aws_apigatewayv2_route.api_event_eid_questions_get + to = aws_apigatewayv2_route.api_route["get_eeq"] id = "je8z4t28h4/ezhnbti" } -resource "aws_apigatewayv2_route" "api_event_eid_questions_secret_get" { - api_id = aws_apigatewayv2_api.www.id - route_key = "GET /api/event/{eid}/questions/{secret}" - target = "integrations/${aws_apigatewayv2_integration.www.id}" -} - import { - to = aws_apigatewayv2_route.api_event_eid_questions_secret_get + to = aws_apigatewayv2_route.api_route["get_eeqs"] id = "je8z4t28h4/fb0pv8e" } -resource "aws_apigatewayv2_route" "api_event_toggle_post" { - api_id = aws_apigatewayv2_api.www.id - route_key = "POST /api/event/{eid}/questions/{secret}/{qid}/toggle/{property}" - target = "integrations/${aws_apigatewayv2_integration.www.id}" -} - import { - to = aws_apigatewayv2_route.api_event_toggle_post + to = aws_apigatewayv2_route.api_route["post_toggle"] id = "je8z4t28h4/0y2fhvt" } -resource "aws_apigatewayv2_route" "api_questions_get" { - api_id = aws_apigatewayv2_api.www.id - route_key = "GET /api/questions/{qids}" - target = "integrations/${aws_apigatewayv2_integration.www.id}" -} - import { - to = aws_apigatewayv2_route.api_questions_get + to = aws_apigatewayv2_route.api_route["get_q"] id = "je8z4t28h4/5j62zea" } -resource "aws_apigatewayv2_route" "api_vote_post" { - api_id = aws_apigatewayv2_api.www.id - route_key = "POST /api/vote/{qid}/{updown}" - target = "integrations/${aws_apigatewayv2_integration.www.id}" -} - import { - to = aws_apigatewayv2_route.api_vote_post + to = aws_apigatewayv2_route.api_route["post_vote"] id = "je8z4t28h4/d6f5hnm" } From 9a32b931f2a6a63579b12d38b0003ac64fab5c3d Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:22:42 +0100 Subject: [PATCH 05/26] Auto-run build commands --- infra/lambda.tf | 14 ++++++++++---- infra/static.tf | 16 +++++++++++----- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/infra/lambda.tf b/infra/lambda.tf index 31ea9dc..3f8ff45 100644 --- a/infra/lambda.tf +++ b/infra/lambda.tf @@ -104,10 +104,15 @@ import { id = "wewerewondering-api:api-db-access" } -check "lambda-built" { - assert { - condition = fileexists("${path.module}/../server/target/lambda/wewerewondering-api/bootstrap") - error_message = "Run `cargo lambda build --release --arm64` in ../server" +resource "terraform_data" "cargo_lambda" { + triggers_replace = { + cargo_toml = "${base64sha256(file("${path.module}/../server/Cargo.toml"))}" + main_rs = "${base64sha256(file("${path.module}/../server/src/main.rs"))}" + } + + provisioner "local-exec" { + command = "cargo lambda build --release --arm64" + working_dir = "../server" } } @@ -115,6 +120,7 @@ data "archive_file" "lambda" { type = "zip" source_file = "${path.module}/../server/target/lambda/wewerewondering-api/bootstrap" output_path = "lambda_function_payload.zip" + depends_on = [terraform_data.cargo_lambda] } resource "aws_lambda_function" "www" { diff --git a/infra/static.tf b/infra/static.tf index 4aa82bd..f7d3e3b 100644 --- a/infra/static.tf +++ b/infra/static.tf @@ -77,15 +77,21 @@ import { id = local.static } -check "static-built" { - assert { - condition = fileexists("${path.module}/../client/dist/index.html") - error_message = "Run `npm run build` in ../client" +resource "terraform_data" "npm_build" { + triggers_replace = { + package_json = "${base64sha256(file("${path.module}/../client/package.json"))}" + index_html = "${base64sha256(file("${path.module}/../client/index.html"))}" + } + + provisioner "local-exec" { + command = "npm run build" + working_dir = "../client" } } resource "aws_s3_object" "dist" { - for_each = fileset("${path.module}/../client/dist", "**") + depends_on = [terraform_data.npm_build] + for_each = fileset("${path.module}/../client/dist", "**") force_destroy = true bucket = aws_s3_bucket.static.id From 6b57bccfab367c10eb9fb185495cc6acb69c7863 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:22:51 +0100 Subject: [PATCH 06/26] Fix min AWS version --- infra/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/main.tf b/infra/main.tf index a1c8ab5..e6dcc39 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5" + version = "~> 5.31.0" } } From 58aa1a6c4d95629b9719aa48f10f77f608f7cfd1 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:22:57 +0100 Subject: [PATCH 07/26] Set Glue table owner --- infra/athena.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/infra/athena.tf b/infra/athena.tf index 6e2c97f..9cd9cb9 100644 --- a/infra/athena.tf +++ b/infra/athena.tf @@ -44,6 +44,7 @@ resource "aws_glue_catalog_table" "cf_logs" { name = "cloudfront_logs" database_name = "default" table_type = "EXTERNAL_TABLE" + owner = "hadoop" parameters = { EXTERNAL = "TRUE" "skip.header.line.count" = 2 From 3cbaa8cfe3b6319489e4a3cee41eae5ee2be2b9f Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:25:38 +0100 Subject: [PATCH 08/26] Mostly finished apply --- infra/logging.tf | 2 - infra/terraform.tfstate | 3089 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 3089 insertions(+), 2 deletions(-) create mode 100644 infra/terraform.tfstate diff --git a/infra/logging.tf b/infra/logging.tf index 8e81cc5..b7a7c9c 100644 --- a/infra/logging.tf +++ b/infra/logging.tf @@ -28,7 +28,6 @@ import { resource "aws_s3_bucket_acl" "logs" { depends_on = [aws_s3_bucket_ownership_controls.logs] - bucket = aws_s3_bucket.logs.id access_control_policy { @@ -50,7 +49,6 @@ resource "aws_s3_bucket_acl" "logs" { } owner { - display_name = "admin" id = data.aws_canonical_user_id.current.id } } diff --git a/infra/terraform.tfstate b/infra/terraform.tfstate new file mode 100644 index 0000000..fc81fa0 --- /dev/null +++ b/infra/terraform.tfstate @@ -0,0 +1,3089 @@ +{ + "version": 4, + "terraform_version": "1.6.6", + "serial": 33, + "lineage": "ed8fbb99-5570-1b6d-6765-46ed4759afc0", + "outputs": {}, + "resources": [ + { + "mode": "data", + "type": "archive_file", + "name": "lambda", + "provider": "provider[\"registry.terraform.io/hashicorp/archive\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "exclude_symlink_directories": null, + "excludes": null, + "id": "417edebc76d9f2b1e07fa34001e46a1da844155c", + "output_base64sha256": "W7E2gnu4p+aHm166MT2kMU9QoAApHKXAUl7VRfMdomE=", + "output_base64sha512": "PvRbHz++YeKjr4uuKn/QQ9T53YyJ16wpBeAoeo0XjtegozirNOwjjZlwXMEZ6HIKhw09G/IDX20DhEjcvL5xjg==", + "output_file_mode": null, + "output_md5": "bc8ad72643fac84041383858e39e25d0", + "output_path": "lambda_function_payload.zip", + "output_sha": "417edebc76d9f2b1e07fa34001e46a1da844155c", + "output_sha256": "5bb136827bb8a7e6879b5eba313da4314f50a000291ca5c0525ed545f31da261", + "output_sha512": "3ef45b1f3fbe61e2a3af8bae2a7fd043d4f9dd8c89d7ac2905e0287a8d178ed7a0a338ab34ec238d99705cc119e8720a870d3d1bf2035f6d038448dcbcbe718e", + "output_size": 4715533, + "source": [], + "source_content": null, + "source_content_filename": null, + "source_dir": null, + "source_file": "./../server/target/lambda/wewerewondering-api/bootstrap", + "type": "zip" + }, + "sensitive_attributes": [] + } + ] + }, + { + "mode": "data", + "type": "aws_canonical_user_id", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "display_name": "admin", + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2" + }, + "sensitive_attributes": [] + } + ] + }, + { + "mode": "data", + "type": "aws_iam_policy_document", + "name": "apigw_assume", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "2699642182", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"apigateway.amazonaws.com\"\n }\n }\n ]\n}", + "override_policy_documents": null, + "policy_id": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "sts:AssumeRole" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "apigateway.amazonaws.com" + ], + "type": "Service" + } + ], + "resources": [], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [] + } + ] + }, + { + "mode": "data", + "type": "aws_iam_policy_document", + "name": "assume_role", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "2690255455", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\"\n }\n }\n ]\n}", + "override_policy_documents": null, + "policy_id": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "sts:AssumeRole" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "lambda.amazonaws.com" + ], + "type": "Service" + } + ], + "resources": [], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [] + } + ] + }, + { + "mode": "data", + "type": "aws_iam_policy_document", + "name": "cloudfront_s3", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "209197484", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Id\": \"PolicyForCloudFrontPrivateContent\",\n \"Statement\": [\n {\n \"Sid\": \"AllowCloudFrontServicePrincipal\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::wewerewondering-static/*\",\n \"arn:aws:s3:::wewerewondering-static\"\n ],\n \"Principal\": {\n \"Service\": \"cloudfront.amazonaws.com\"\n },\n \"Condition\": {\n \"StringEquals\": {\n \"AWS:SourceArn\": \"arn:aws:cloudfront::880545379339:distribution/E1ECZRHBXFKMHK\"\n }\n }\n }\n ]\n}", + "override_policy_documents": null, + "policy_id": "PolicyForCloudFrontPrivateContent", + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "s3:GetObject", + "s3:ListBucket" + ], + "condition": [ + { + "test": "StringEquals", + "values": [ + "arn:aws:cloudfront::880545379339:distribution/E1ECZRHBXFKMHK" + ], + "variable": "AWS:SourceArn" + } + ], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [ + { + "identifiers": [ + "cloudfront.amazonaws.com" + ], + "type": "Service" + } + ], + "resources": [ + "arn:aws:s3:::wewerewondering-static", + "arn:aws:s3:::wewerewondering-static/*" + ], + "sid": "AllowCloudFrontServicePrincipal" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [] + } + ] + }, + { + "mode": "data", + "type": "aws_iam_policy_document", + "name": "cloudwatch", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "1400258275", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"logs:CreateLogGroup\",\n \"Resource\": \"arn:aws:logs:us-east-1:880545379339:log-group:/aws/lambda/wewerewondering-api\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"logs:PutLogEvents\",\n \"logs:CreateLogStream\"\n ],\n \"Resource\": \"arn:aws:logs:us-east-1:880545379339:log-group:/aws/lambda/wewerewondering-api:*\"\n }\n ]\n}", + "override_policy_documents": null, + "policy_id": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "logs:CreateLogGroup" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:logs:us-east-1:880545379339:log-group:/aws/lambda/wewerewondering-api" + ], + "sid": "" + }, + { + "actions": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:logs:us-east-1:880545379339:log-group:/aws/lambda/wewerewondering-api:*" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [] + } + ] + }, + { + "mode": "data", + "type": "aws_iam_policy_document", + "name": "dynamodb", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "2474649612", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"dynamodb:UpdateItem\",\n \"dynamodb:Scan\",\n \"dynamodb:Query\",\n \"dynamodb:PutItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:BatchGetItem\"\n ],\n \"Resource\": [\n \"arn:aws:dynamodb:us-east-1:880545379339:table/questions/index/top\",\n \"arn:aws:dynamodb:us-east-1:880545379339:table/questions\",\n \"arn:aws:dynamodb:us-east-1:880545379339:table/events\"\n ]\n }\n ]\n}", + "override_policy_documents": null, + "policy_id": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "dynamodb:BatchGetItem", + "dynamodb:GetItem", + "dynamodb:PutItem", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:UpdateItem" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "arn:aws:dynamodb:us-east-1:880545379339:table/events", + "arn:aws:dynamodb:us-east-1:880545379339:table/questions", + "arn:aws:dynamodb:us-east-1:880545379339:table/questions/index/top" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [] + } + ] + }, + { + "mode": "data", + "type": "aws_iam_policy_document", + "name": "xray", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "1808201367", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"xray:PutTraceSegments\",\n \"xray:PutTelemetryRecords\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}", + "override_policy_documents": null, + "policy_id": null, + "source_policy_documents": null, + "statement": [ + { + "actions": [ + "xray:PutTelemetryRecords", + "xray:PutTraceSegments" + ], + "condition": [], + "effect": "Allow", + "not_actions": [], + "not_principals": [], + "not_resources": [], + "principals": [], + "resources": [ + "*" + ], + "sid": "" + } + ], + "version": "2012-10-17" + }, + "sensitive_attributes": [] + } + ] + }, + { + "mode": "data", + "type": "aws_region", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "US East (N. Virginia)", + "endpoint": "ec2.us-east-1.amazonaws.com", + "id": "us-east-1", + "name": "us-east-1" + }, + "sensitive_attributes": [] + } + ] + }, + { + "mode": "managed", + "type": "aws_acm_certificate", + "name": "www", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"].us-east-1", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:acm:us-east-1:880545379339:certificate/f3e11148-9740-4b7f-a1a6-da43e045cef0", + "certificate_authority_arn": "", + "certificate_body": null, + "certificate_chain": null, + "domain_name": "wewerewondering.com", + "domain_validation_options": [ + { + "domain_name": "wewerewondering.com", + "resource_record_name": "_c7b659fc5b836da864d8c39af1a6c6b8.wewerewondering.com.", + "resource_record_type": "CNAME", + "resource_record_value": "_2466ad9183460f6cd658e384440b4c12.yzdtlljtvc.acm-validations.aws." + } + ], + "early_renewal_duration": "", + "id": "arn:aws:acm:us-east-1:880545379339:certificate/f3e11148-9740-4b7f-a1a6-da43e045cef0", + "key_algorithm": "EC_prime256v1", + "not_after": "2024-11-11T23:59:59Z", + "not_before": "2023-10-14T00:00:00Z", + "options": [ + { + "certificate_transparency_logging_preference": "ENABLED" + } + ], + "pending_renewal": false, + "private_key": null, + "renewal_eligibility": "ELIGIBLE", + "renewal_summary": [ + { + "renewal_status": "SUCCESS", + "renewal_status_reason": "", + "updated_at": "2023-10-14T06:19:52Z" + } + ], + "status": "ISSUED", + "subject_alternative_names": [ + "wewerewondering.com" + ], + "tags": {}, + "tags_all": {}, + "type": "AMAZON_ISSUED", + "validation_emails": [], + "validation_method": "DNS", + "validation_option": [] + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + } + ] + }, + { + "mode": "managed", + "type": "aws_acm_certificate_validation", + "name": "www", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"].us-east-1", + "instances": [ + { + "schema_version": 0, + "attributes": { + "certificate_arn": "arn:aws:acm:us-east-1:880545379339:certificate/f3e11148-9740-4b7f-a1a6-da43e045cef0", + "id": "2023-10-14 06:19:51.605 +0000 UTC", + "timeouts": null, + "validation_record_fqdns": [ + "_c7b659fc5b836da864d8c39af1a6c6b8.wewerewondering.com" + ] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo0NTAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "aws_acm_certificate.www", + "aws_route53_record.www_cert", + "aws_route53_zone.www" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_api_gateway_account", + "name": "www", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "api_key_version": "4", + "cloudwatch_role_arn": "arn:aws:iam::880545379339:role/wewerewondering-api-gw", + "features": [ + "UsagePlans" + ], + "id": "api-gateway-account", + "throttle_settings": [ + { + "burst_limit": 5000, + "rate_limit": 10000 + } + ] + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "dependencies": [ + "aws_iam_role.apigw_cw", + "data.aws_iam_policy_document.apigw_assume" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_apigatewayv2_api", + "name": "www", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "api_endpoint": "https://je8z4t28h4.execute-api.us-east-1.amazonaws.com", + "api_key_selection_expression": "$request.header.x-api-key", + "arn": "arn:aws:apigateway:us-east-1::/apis/je8z4t28h4", + "body": null, + "cors_configuration": [], + "credentials_arn": null, + "description": "", + "disable_execute_api_endpoint": false, + "execution_arn": "arn:aws:execute-api:us-east-1:880545379339:je8z4t28h4", + "fail_on_warnings": null, + "id": "je8z4t28h4", + "name": "wewerewondering", + "protocol_type": "HTTP", + "route_key": null, + "route_selection_expression": "$request.method $request.path", + "tags": {}, + "tags_all": {}, + "target": null, + "version": "" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + } + ] + }, + { + "mode": "managed", + "type": "aws_apigatewayv2_integration", + "name": "www", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "api_id": "je8z4t28h4", + "connection_id": "", + "connection_type": "INTERNET", + "content_handling_strategy": "", + "credentials_arn": "", + "description": "", + "id": "4y6aomd", + "integration_method": "POST", + "integration_response_selection_expression": "", + "integration_subtype": "", + "integration_type": "AWS_PROXY", + "integration_uri": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:880545379339:function:wewerewondering-api/invocations", + "passthrough_behavior": "", + "payload_format_version": "2.0", + "request_parameters": {}, + "request_templates": {}, + "response_parameters": [], + "template_selection_expression": "", + "timeout_milliseconds": 30000, + "tls_config": [] + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_apigatewayv2_api.www", + "aws_cloudwatch_log_group.lambda", + "aws_iam_policy.cloudwatch", + "aws_iam_policy.xray", + "aws_iam_role.www", + "aws_lambda_function.www", + "data.archive_file.lambda", + "data.aws_iam_policy_document.assume_role", + "data.aws_iam_policy_document.cloudwatch", + "data.aws_iam_policy_document.xray", + "data.aws_region.current", + "terraform_data.cargo_lambda" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_apigatewayv2_route", + "name": "api_event_eid_get", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "api_id": "je8z4t28h4", + "api_key_required": false, + "authorization_scopes": [], + "authorization_type": "NONE", + "authorizer_id": "", + "id": "iih0hlf", + "model_selection_expression": "", + "operation_name": "", + "request_models": {}, + "request_parameter": [], + "route_key": "GET /api/event/{eid}", + "route_response_selection_expression": "", + "target": "integrations/4y6aomd" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "dependencies": [ + "aws_apigatewayv2_api.www", + "aws_apigatewayv2_integration.www", + "aws_cloudwatch_log_group.lambda", + "aws_iam_policy.cloudwatch", + "aws_iam_policy.xray", + "aws_iam_role.www", + "aws_lambda_function.www", + "data.archive_file.lambda", + "data.aws_iam_policy_document.assume_role", + "data.aws_iam_policy_document.cloudwatch", + "data.aws_iam_policy_document.xray", + "data.aws_region.current", + "terraform_data.cargo_lambda" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_apigatewayv2_route", + "name": "api_event_eid_post", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "api_id": "je8z4t28h4", + "api_key_required": false, + "authorization_scopes": [], + "authorization_type": "NONE", + "authorizer_id": "", + "id": "cyva0m4", + "model_selection_expression": "", + "operation_name": "", + "request_models": {}, + "request_parameter": [], + "route_key": "POST /api/event/{eid}", + "route_response_selection_expression": "", + "target": "integrations/4y6aomd" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_apigatewayv2_api.www", + "aws_apigatewayv2_integration.www", + "aws_cloudwatch_log_group.lambda", + "aws_iam_policy.cloudwatch", + "aws_iam_policy.xray", + "aws_iam_role.www", + "aws_lambda_function.www", + "data.archive_file.lambda", + "data.aws_iam_policy_document.assume_role", + "data.aws_iam_policy_document.cloudwatch", + "data.aws_iam_policy_document.xray", + "data.aws_region.current", + "terraform_data.cargo_lambda" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_apigatewayv2_route", + "name": "api_event_post", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "api_id": "je8z4t28h4", + "api_key_required": false, + "authorization_scopes": [], + "authorization_type": "NONE", + "authorizer_id": "", + "id": "lmcxybh", + "model_selection_expression": "", + "operation_name": "", + "request_models": {}, + "request_parameter": [], + "route_key": "POST /api/event", + "route_response_selection_expression": "", + "target": "integrations/4y6aomd" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_apigatewayv2_api.www", + "aws_apigatewayv2_integration.www", + "aws_cloudwatch_log_group.lambda", + "aws_iam_policy.cloudwatch", + "aws_iam_policy.xray", + "aws_iam_role.www", + "aws_lambda_function.www", + "data.archive_file.lambda", + "data.aws_iam_policy_document.assume_role", + "data.aws_iam_policy_document.cloudwatch", + "data.aws_iam_policy_document.xray", + "data.aws_region.current", + "terraform_data.cargo_lambda" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_apigatewayv2_route", + "name": "api_route", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": "get_eeq", + "schema_version": 0, + "attributes": { + "api_id": "je8z4t28h4", + "api_key_required": false, + "authorization_scopes": [], + "authorization_type": "NONE", + "authorizer_id": "", + "id": "ezhnbti", + "model_selection_expression": "", + "operation_name": "", + "request_models": {}, + "request_parameter": [], + "route_key": "GET /api/event/{eid}/questions", + "route_response_selection_expression": "", + "target": "integrations/4y6aomd" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_apigatewayv2_api.www", + "aws_apigatewayv2_integration.www", + "aws_cloudwatch_log_group.lambda", + "aws_iam_policy.cloudwatch", + "aws_iam_policy.xray", + "aws_iam_role.www", + "aws_lambda_function.www", + "data.archive_file.lambda", + "data.aws_iam_policy_document.assume_role", + "data.aws_iam_policy_document.cloudwatch", + "data.aws_iam_policy_document.xray", + "data.aws_region.current", + "terraform_data.cargo_lambda" + ] + }, + { + "index_key": "get_eeqs", + "schema_version": 0, + "attributes": { + "api_id": "je8z4t28h4", + "api_key_required": false, + "authorization_scopes": [], + "authorization_type": "NONE", + "authorizer_id": "", + "id": "fb0pv8e", + "model_selection_expression": "", + "operation_name": "", + "request_models": {}, + "request_parameter": [], + "route_key": "GET /api/event/{eid}/questions/{secret}", + "route_response_selection_expression": "", + "target": "integrations/4y6aomd" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_apigatewayv2_api.www", + "aws_apigatewayv2_integration.www", + "aws_cloudwatch_log_group.lambda", + "aws_iam_policy.cloudwatch", + "aws_iam_policy.xray", + "aws_iam_role.www", + "aws_lambda_function.www", + "data.archive_file.lambda", + "data.aws_iam_policy_document.assume_role", + "data.aws_iam_policy_document.cloudwatch", + "data.aws_iam_policy_document.xray", + "data.aws_region.current", + "terraform_data.cargo_lambda" + ] + }, + { + "index_key": "get_q", + "schema_version": 0, + "attributes": { + "api_id": "je8z4t28h4", + "api_key_required": false, + "authorization_scopes": [], + "authorization_type": "NONE", + "authorizer_id": "", + "id": "5j62zea", + "model_selection_expression": "", + "operation_name": "", + "request_models": {}, + "request_parameter": [], + "route_key": "GET /api/questions/{qids}", + "route_response_selection_expression": "", + "target": "integrations/4y6aomd" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_apigatewayv2_api.www", + "aws_apigatewayv2_integration.www", + "aws_cloudwatch_log_group.lambda", + "aws_iam_policy.cloudwatch", + "aws_iam_policy.xray", + "aws_iam_role.www", + "aws_lambda_function.www", + "data.archive_file.lambda", + "data.aws_iam_policy_document.assume_role", + "data.aws_iam_policy_document.cloudwatch", + "data.aws_iam_policy_document.xray", + "data.aws_region.current", + "terraform_data.cargo_lambda" + ] + }, + { + "index_key": "post_toggle", + "schema_version": 0, + "attributes": { + "api_id": "je8z4t28h4", + "api_key_required": false, + "authorization_scopes": [], + "authorization_type": "NONE", + "authorizer_id": "", + "id": "0y2fhvt", + "model_selection_expression": "", + "operation_name": "", + "request_models": {}, + "request_parameter": [], + "route_key": "POST /api/event/{eid}/questions/{secret}/{qid}/toggle/{property}", + "route_response_selection_expression": "", + "target": "integrations/4y6aomd" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_apigatewayv2_api.www", + "aws_apigatewayv2_integration.www", + "aws_cloudwatch_log_group.lambda", + "aws_iam_policy.cloudwatch", + "aws_iam_policy.xray", + "aws_iam_role.www", + "aws_lambda_function.www", + "data.archive_file.lambda", + "data.aws_iam_policy_document.assume_role", + "data.aws_iam_policy_document.cloudwatch", + "data.aws_iam_policy_document.xray", + "data.aws_region.current", + "terraform_data.cargo_lambda" + ] + }, + { + "index_key": "post_vote", + "schema_version": 0, + "attributes": { + "api_id": "je8z4t28h4", + "api_key_required": false, + "authorization_scopes": [], + "authorization_type": "NONE", + "authorizer_id": "", + "id": "d6f5hnm", + "model_selection_expression": "", + "operation_name": "", + "request_models": {}, + "request_parameter": [], + "route_key": "POST /api/vote/{qid}/{updown}", + "route_response_selection_expression": "", + "target": "integrations/4y6aomd" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_apigatewayv2_api.www", + "aws_apigatewayv2_integration.www", + "aws_cloudwatch_log_group.lambda", + "aws_iam_policy.cloudwatch", + "aws_iam_policy.xray", + "aws_iam_role.www", + "aws_lambda_function.www", + "data.archive_file.lambda", + "data.aws_iam_policy_document.assume_role", + "data.aws_iam_policy_document.cloudwatch", + "data.aws_iam_policy_document.xray", + "data.aws_region.current", + "terraform_data.cargo_lambda" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_apigatewayv2_stage", + "name": "www", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_log_settings": [ + { + "destination_arn": "arn:aws:logs:us-east-1:880545379339:log-group:/aws/api-gateway/wewerewondering", + "format": "{\"httpMethod\":\"$context.httpMethod\",\"ip\":\"$context.identity.sourceIp\",\"protocol\":\"$context.protocol\",\"requestId\":\"$context.requestId\",\"requestTime\":\"$context.requestTime\",\"responseLength\":\"$context.responseLength\",\"routeKey\":\"$context.routeKey\",\"status\":\"$context.status\"}" + } + ], + "api_id": "je8z4t28h4", + "arn": "arn:aws:apigateway:us-east-1::/apis/je8z4t28h4/stages/$default", + "auto_deploy": true, + "client_certificate_id": "", + "default_route_settings": [ + { + "data_trace_enabled": false, + "detailed_metrics_enabled": false, + "logging_level": "", + "throttling_burst_limit": 250, + "throttling_rate_limit": 50 + } + ], + "deployment_id": "d8pfd6", + "description": "", + "execution_arn": "arn:aws:execute-api:us-east-1:880545379339:je8z4t28h4/$default", + "id": "$default", + "invoke_url": "https://je8z4t28h4.execute-api.us-east-1.amazonaws.com/", + "name": "$default", + "route_settings": [], + "stage_variables": {}, + "tags": {}, + "tags_all": {} + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_apigatewayv2_api.www", + "aws_cloudwatch_log_group.apigw" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_athena_workgroup", + "name": "www", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:athena:us-east-1:880545379339:workgroup/primary", + "configuration": [ + { + "bytes_scanned_cutoff_per_query": 0, + "enforce_workgroup_configuration": false, + "engine_version": [ + { + "effective_engine_version": "Athena engine version 3", + "selected_engine_version": "AUTO" + } + ], + "execution_role": "", + "publish_cloudwatch_metrics_enabled": false, + "requester_pays_enabled": false, + "result_configuration": [ + { + "acl_configuration": [], + "encryption_configuration": [], + "expected_bucket_owner": "", + "output_location": "s3://wewerewondering-athena/" + } + ] + } + ], + "description": "", + "force_destroy": false, + "id": "primary", + "name": "primary", + "state": "ENABLED", + "tags": {}, + "tags_all": {} + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.athena" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudfront_cache_policy", + "name": "cache_when_requested", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "comment": "", + "default_ttl": 1, + "etag": "E23ZP02F085DFQ", + "id": "fcc8df6d-6613-4210-8246-f45d18f04835", + "max_ttl": 31536000, + "min_ttl": 1, + "name": "CacheWhenRequested", + "parameters_in_cache_key_and_forwarded_to_origin": [ + { + "cookies_config": [ + { + "cookie_behavior": "none", + "cookies": [] + } + ], + "enable_accept_encoding_brotli": true, + "enable_accept_encoding_gzip": true, + "headers_config": [ + { + "header_behavior": "none", + "headers": [] + } + ], + "query_strings_config": [ + { + "query_string_behavior": "none", + "query_strings": [] + } + ] + } + ] + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudfront_distribution", + "name": "www", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "aliases": [ + "wewerewondering.com" + ], + "arn": "arn:aws:cloudfront::880545379339:distribution/E1ECZRHBXFKMHK", + "caller_reference": "b22ca123-3e1b-4b61-9a26-dd4910c7e1f6", + "comment": null, + "continuous_deployment_policy_id": "", + "custom_error_response": [], + "default_cache_behavior": [ + { + "allowed_methods": [ + "GET", + "HEAD" + ], + "cache_policy_id": "658327ea-f89d-4fab-a63d-7e88639e58f6", + "cached_methods": [ + "GET", + "HEAD" + ], + "compress": true, + "default_ttl": 0, + "field_level_encryption_id": "", + "forwarded_values": [], + "function_association": [ + { + "event_type": "viewer-request", + "function_arn": "arn:aws:cloudfront::880545379339:function/index-everywhere" + } + ], + "lambda_function_association": [], + "max_ttl": 0, + "min_ttl": 0, + "origin_request_policy_id": "", + "realtime_log_config_arn": "", + "response_headers_policy_id": "67f7725c-6f97-4210-82d7-5512b31e9d03", + "smooth_streaming": false, + "target_origin_id": "wewerewondering", + "trusted_key_groups": [], + "trusted_signers": [], + "viewer_protocol_policy": "redirect-to-https" + } + ], + "default_root_object": "index.html", + "domain_name": "d1tpt5x1e858xw.cloudfront.net", + "enabled": true, + "etag": "E1R84SIZDEAB51", + "hosted_zone_id": "Z2FDTNDATAQYW2", + "http_version": "http2", + "id": "E1ECZRHBXFKMHK", + "in_progress_validation_batches": 0, + "is_ipv6_enabled": true, + "last_modified_time": "2022-11-17 02:12:09.809 +0000 UTC", + "logging_config": [ + { + "bucket": "wewerewondering-logs.s3.amazonaws.com", + "include_cookies": false, + "prefix": "" + } + ], + "ordered_cache_behavior": [ + { + "allowed_methods": [ + "DELETE", + "GET", + "HEAD", + "OPTIONS", + "PATCH", + "POST", + "PUT" + ], + "cache_policy_id": "fcc8df6d-6613-4210-8246-f45d18f04835", + "cached_methods": [ + "GET", + "HEAD" + ], + "compress": true, + "default_ttl": 0, + "field_level_encryption_id": "", + "forwarded_values": [], + "function_association": [], + "lambda_function_association": [], + "max_ttl": 0, + "min_ttl": 0, + "origin_request_policy_id": "", + "path_pattern": "/api/*", + "realtime_log_config_arn": "", + "response_headers_policy_id": "67f7725c-6f97-4210-82d7-5512b31e9d03", + "smooth_streaming": false, + "target_origin_id": "wewerewondering-api", + "trusted_key_groups": [], + "trusted_signers": [], + "viewer_protocol_policy": "https-only" + } + ], + "origin": [ + { + "connection_attempts": 3, + "connection_timeout": 10, + "custom_header": [], + "custom_origin_config": [ + { + "http_port": 80, + "https_port": 443, + "origin_keepalive_timeout": 5, + "origin_protocol_policy": "https-only", + "origin_read_timeout": 30, + "origin_ssl_protocols": [ + "TLSv1.2" + ] + } + ], + "domain_name": "je8z4t28h4.execute-api.us-east-1.amazonaws.com", + "origin_access_control_id": "", + "origin_id": "wewerewondering-api", + "origin_path": "", + "origin_shield": [], + "s3_origin_config": [] + }, + { + "connection_attempts": 3, + "connection_timeout": 10, + "custom_header": [], + "custom_origin_config": [], + "domain_name": "wewerewondering-static.s3.us-east-1.amazonaws.com", + "origin_access_control_id": "E2O0QG272YYJYR", + "origin_id": "wewerewondering", + "origin_path": "", + "origin_shield": [], + "s3_origin_config": [] + } + ], + "origin_group": [], + "price_class": "PriceClass_All", + "restrictions": [ + { + "geo_restriction": [ + { + "locations": [], + "restriction_type": "none" + } + ] + } + ], + "retain_on_delete": false, + "staging": false, + "status": "Deployed", + "tags": {}, + "tags_all": {}, + "trusted_key_groups": [ + { + "enabled": false, + "items": [] + } + ], + "trusted_signers": [ + { + "enabled": false, + "items": [] + } + ], + "viewer_certificate": [ + { + "acm_certificate_arn": "arn:aws:acm:us-east-1:880545379339:certificate/f3e11148-9740-4b7f-a1a6-da43e045cef0", + "cloudfront_default_certificate": false, + "iam_certificate_id": "", + "minimum_protocol_version": "TLSv1.2_2021", + "ssl_support_method": "sni-only" + } + ], + "wait_for_deployment": true, + "web_acl_id": "" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_acm_certificate.www", + "aws_acm_certificate_validation.www", + "aws_apigatewayv2_api.www", + "aws_cloudfront_cache_policy.cache_when_requested", + "aws_cloudfront_function.index_everywhere", + "aws_cloudfront_origin_access_control.static", + "aws_route53_record.www_cert", + "aws_route53_zone.www", + "aws_s3_bucket.logs", + "aws_s3_bucket.static", + "data.aws_region.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudfront_function", + "name": "index_everywhere", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:cloudfront::880545379339:function/index-everywhere", + "code": "function handler(event) {\n var req = event.request;\n if (\n req.uri.startsWith('/event/')\n ) {\n req.uri = '/index.html';\n }\n return req;\n}\n", + "comment": "", + "etag": "E13V1IB3VIYZZH", + "id": "index-everywhere", + "live_stage_etag": "E1F83G8C2ARO7P", + "name": "index-everywhere", + "publish": true, + "runtime": "cloudfront-js-1.0", + "status": "IN_PROGRESS" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudfront_origin_access_control", + "name": "static", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "description": "Managed by Terraform", + "etag": "E3UN6WX5RRO2AG", + "id": "E2O0QG272YYJYR", + "name": "wewerewondering-static.s3.us-east-1.amazonaws.com", + "origin_access_control_origin_type": "s3", + "signing_behavior": "always", + "signing_protocol": "sigv4" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_dashboard", + "name": "www", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "dashboard_arn": "arn:aws:cloudwatch::880545379339:dashboard/ApiGatewayHttp", + "dashboard_body": "{\"widgets\":[{\"type\":\"metric\",\"x\":0,\"y\":0,\"width\":8,\"height\":4,\"properties\":{\"metrics\":[[\"AWS/ApiGateway\",\"Count\",\"ApiId\",\"je8z4t28h4\",{\"period\":300,\"stat\":\"Sum\"}]],\"legend\":{\"position\":\"bottom\"},\"region\":\"us-east-1\",\"liveData\":false,\"title\":\"Count: Sum\",\"period\":300,\"view\":\"timeSeries\",\"stacked\":false}},{\"type\":\"metric\",\"x\":8,\"y\":0,\"width\":8,\"height\":4,\"properties\":{\"metrics\":[[\"AWS/ApiGateway\",\"5xx\",\"ApiId\",\"je8z4t28h4\",{\"period\":300,\"stat\":\"Sum\"}]],\"legend\":{\"position\":\"bottom\"},\"region\":\"us-east-1\",\"liveData\":false,\"title\":\"5XXError: Sum\",\"period\":300,\"view\":\"timeSeries\",\"stacked\":false}},{\"type\":\"metric\",\"x\":16,\"y\":0,\"width\":8,\"height\":4,\"properties\":{\"metrics\":[[\"AWS/ApiGateway\",\"4xx\",\"ApiId\",\"je8z4t28h4\",{\"period\":300,\"stat\":\"Sum\"}]],\"legend\":{\"position\":\"bottom\"},\"region\":\"us-east-1\",\"liveData\":false,\"title\":\"4XXError: Sum\",\"period\":300,\"view\":\"timeSeries\",\"stacked\":false}},{\"type\":\"metric\",\"x\":0,\"y\":4,\"width\":12,\"height\":4,\"properties\":{\"metrics\":[[\"AWS/ApiGateway\",\"Latency\",\"ApiId\",\"je8z4t28h4\",{\"period\":300,\"stat\":\"Average\"}]],\"legend\":{\"position\":\"bottom\"},\"region\":\"us-east-1\",\"liveData\":false,\"title\":\"Latency: Average\",\"period\":300,\"view\":\"timeSeries\",\"stacked\":false}},{\"type\":\"metric\",\"x\":12,\"y\":4,\"width\":12,\"height\":4,\"properties\":{\"metrics\":[[\"AWS/ApiGateway\",\"IntegrationLatency\",\"ApiId\",\"je8z4t28h4\",{\"period\":300,\"stat\":\"Average\"}]],\"legend\":{\"position\":\"bottom\"},\"region\":\"us-east-1\",\"liveData\":false,\"title\":\"IntegrationLatency: Average\",\"period\":300,\"view\":\"timeSeries\",\"stacked\":false}},{\"type\":\"metric\",\"x\":0,\"y\":8,\"width\":24,\"height\":4,\"properties\":{\"metrics\":[[\"AWS/ApiGateway\",\"DataProcessed\",\"ApiId\",\"je8z4t28h4\",{\"period\":300,\"stat\":\"Sum\"}]],\"legend\":{\"position\":\"bottom\"},\"region\":\"us-east-1\",\"liveData\":false,\"title\":\"DataProcessed: Sum\",\"period\":300,\"view\":\"timeSeries\",\"stacked\":false}}]}", + "dashboard_name": "ApiGatewayHttp", + "id": "ApiGatewayHttp" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "dependencies": [ + "aws_apigatewayv2_api.www", + "data.aws_region.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_log_group", + "name": "apigw", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:logs:us-east-1:880545379339:log-group:/aws/api-gateway/wewerewondering", + "id": "/aws/api-gateway/wewerewondering", + "kms_key_id": "", + "log_group_class": "STANDARD", + "name": "/aws/api-gateway/wewerewondering", + "name_prefix": "", + "retention_in_days": 0, + "skip_destroy": false, + "tags": {}, + "tags_all": {} + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_log_group", + "name": "lambda", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:logs:us-east-1:880545379339:log-group:/aws/lambda/wewerewondering-api", + "id": "/aws/lambda/wewerewondering-api", + "kms_key_id": "", + "log_group_class": "STANDARD", + "name": "/aws/lambda/wewerewondering-api", + "name_prefix": "", + "retention_in_days": 0, + "skip_destroy": false, + "tags": {}, + "tags_all": {} + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + } + ] + }, + { + "mode": "managed", + "type": "aws_dynamodb_table", + "name": "events", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:dynamodb:us-east-1:880545379339:table/events", + "attribute": [ + { + "name": "id", + "type": "S" + } + ], + "billing_mode": "PAY_PER_REQUEST", + "deletion_protection_enabled": false, + "global_secondary_index": [], + "hash_key": "id", + "id": "events", + "import_table": [], + "local_secondary_index": [], + "name": "events", + "point_in_time_recovery": [ + { + "enabled": false + } + ], + "range_key": null, + "read_capacity": 0, + "replica": [], + "restore_date_time": null, + "restore_source_name": null, + "restore_to_latest_time": null, + "server_side_encryption": [], + "stream_arn": "", + "stream_enabled": false, + "stream_label": "", + "stream_view_type": "", + "table_class": "STANDARD", + "tags": {}, + "tags_all": {}, + "timeouts": null, + "ttl": [ + { + "attribute_name": "expire", + "enabled": true + } + ], + "write_capacity": 0 + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjYwMDAwMDAwMDAwMCwidXBkYXRlIjozNjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=" + } + ] + }, + { + "mode": "managed", + "type": "aws_dynamodb_table", + "name": "questions", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:dynamodb:us-east-1:880545379339:table/questions", + "attribute": [ + { + "name": "eid", + "type": "S" + }, + { + "name": "id", + "type": "S" + }, + { + "name": "votes", + "type": "N" + } + ], + "billing_mode": "PAY_PER_REQUEST", + "deletion_protection_enabled": false, + "global_secondary_index": [ + { + "hash_key": "eid", + "name": "top", + "non_key_attributes": [ + "answered", + "hidden" + ], + "projection_type": "INCLUDE", + "range_key": "votes", + "read_capacity": 0, + "write_capacity": 0 + } + ], + "hash_key": "id", + "id": "questions", + "import_table": [], + "local_secondary_index": [], + "name": "questions", + "point_in_time_recovery": [ + { + "enabled": false + } + ], + "range_key": null, + "read_capacity": 0, + "replica": [], + "restore_date_time": null, + "restore_source_name": null, + "restore_to_latest_time": null, + "server_side_encryption": [], + "stream_arn": "", + "stream_enabled": false, + "stream_label": "", + "stream_view_type": "", + "table_class": "STANDARD", + "tags": {}, + "tags_all": {}, + "timeouts": null, + "ttl": [ + { + "attribute_name": "expire", + "enabled": true + } + ], + "write_capacity": 0 + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjYwMDAwMDAwMDAwMCwidXBkYXRlIjozNjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=" + } + ] + }, + { + "mode": "managed", + "type": "aws_glue_catalog_table", + "name": "cf_logs", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:glue:us-east-1:880545379339:table/default/cloudfront_logs", + "catalog_id": "880545379339", + "database_name": "default", + "description": "", + "id": "880545379339:default:cloudfront_logs", + "name": "cloudfront_logs", + "open_table_format_input": [], + "owner": "hadoop", + "parameters": { + "EXTERNAL": "TRUE", + "skip.header.line.count": "2" + }, + "partition_index": [], + "partition_keys": [], + "retention": 0, + "storage_descriptor": [ + { + "bucket_columns": [], + "columns": [ + { + "comment": "", + "name": "date", + "parameters": {}, + "type": "date" + }, + { + "comment": "", + "name": "time", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "location", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "bytes", + "parameters": {}, + "type": "bigint" + }, + { + "comment": "", + "name": "request_ip", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "method", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "host", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "uri", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "status", + "parameters": {}, + "type": "int" + }, + { + "comment": "", + "name": "referrer", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "user_agent", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "query_string", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "cookie", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "result_type", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "request_id", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "host_header", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "request_protocol", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "request_bytes", + "parameters": {}, + "type": "bigint" + }, + { + "comment": "", + "name": "time_taken", + "parameters": {}, + "type": "float" + }, + { + "comment": "", + "name": "xforwarded_for", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "ssl_protocol", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "ssl_cipher", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "response_result_type", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "http_version", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "fle_status", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "fle_encrypted_fields", + "parameters": {}, + "type": "int" + }, + { + "comment": "", + "name": "c_port", + "parameters": {}, + "type": "int" + }, + { + "comment": "", + "name": "time_to_first_byte", + "parameters": {}, + "type": "float" + }, + { + "comment": "", + "name": "x_edge_detailed_result_type", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "sc_content_type", + "parameters": {}, + "type": "string" + }, + { + "comment": "", + "name": "sc_content_len", + "parameters": {}, + "type": "bigint" + }, + { + "comment": "", + "name": "sc_range_start", + "parameters": {}, + "type": "bigint" + }, + { + "comment": "", + "name": "sc_range_end", + "parameters": {}, + "type": "bigint" + } + ], + "compressed": false, + "input_format": "org.apache.hadoop.mapred.TextInputFormat", + "location": "s3://wewerewondering-logs/", + "number_of_buckets": 0, + "output_format": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", + "parameters": {}, + "schema_reference": [], + "ser_de_info": [ + { + "name": "", + "parameters": { + "field.delim": "\t", + "serialization.format": "\t" + }, + "serialization_library": "org.apache.hadoop.hive.serde2.lazy.LazySimpleSerDe" + } + ], + "skewed_info": [], + "sort_columns": [], + "stored_as_sub_directories": false + } + ], + "table_type": "EXTERNAL_TABLE", + "target_table": [], + "view_expanded_text": "", + "view_original_text": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.logs" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_policy", + "name": "cloudwatch", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::880545379339:policy/service-role/AWSLambdaBasicExecutionRole-b586114a-ba08-47b0-afe0-82c4d81857a0", + "description": "", + "id": "arn:aws:iam::880545379339:policy/service-role/AWSLambdaBasicExecutionRole-b586114a-ba08-47b0-afe0-82c4d81857a0", + "name": "AWSLambdaBasicExecutionRole-b586114a-ba08-47b0-afe0-82c4d81857a0", + "name_prefix": "", + "path": "/service-role/", + "policy": "{\"Statement\":[{\"Action\":\"logs:CreateLogGroup\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:us-east-1:880545379339:log-group:/aws/lambda/wewerewondering-api\"},{\"Action\":[\"logs:PutLogEvents\",\"logs:CreateLogStream\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:us-east-1:880545379339:log-group:/aws/lambda/wewerewondering-api:*\"}],\"Version\":\"2012-10-17\"}", + "policy_id": "ANPA42BEYGQFUFQP345G2", + "tags": {}, + "tags_all": {} + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_cloudwatch_log_group.lambda", + "data.aws_iam_policy_document.cloudwatch" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_policy", + "name": "xray", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::880545379339:policy/service-role/AWSLambdaTracerAccessExecutionRole-14a6d1b5-3a03-4b02-94ca-fec2eced24ab", + "description": "", + "id": "arn:aws:iam::880545379339:policy/service-role/AWSLambdaTracerAccessExecutionRole-14a6d1b5-3a03-4b02-94ca-fec2eced24ab", + "name": "AWSLambdaTracerAccessExecutionRole-14a6d1b5-3a03-4b02-94ca-fec2eced24ab", + "name_prefix": "", + "path": "/service-role/", + "policy": "{\"Statement\":{\"Action\":[\"xray:PutTraceSegments\",\"xray:PutTelemetryRecords\"],\"Effect\":\"Allow\",\"Resource\":[\"*\"]},\"Version\":\"2012-10-17\"}", + "policy_id": "ANPA42BEYGQFURDTSX7I6", + "tags": {}, + "tags_all": {} + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "dependencies": [ + "data.aws_iam_policy_document.xray" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_role", + "name": "apigw_cw", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::880545379339:role/wewerewondering-api-gw", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"apigateway.amazonaws.com\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}", + "create_date": "2022-11-12T17:49:12Z", + "description": "Allows API Gateway to push logs to CloudWatch Logs.", + "force_detach_policies": false, + "id": "wewerewondering-api-gw", + "inline_policy": [], + "managed_policy_arns": [ + "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs" + ], + "max_session_duration": 3600, + "name": "wewerewondering-api-gw", + "name_prefix": "", + "path": "/", + "permissions_boundary": "", + "tags": {}, + "tags_all": {}, + "unique_id": "AROA42BEYGQF3GYGY7VBN" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "dependencies": [ + "data.aws_iam_policy_document.apigw_assume" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_role", + "name": "www", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::880545379339:role/service-role/wewerewondering-api", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2022-11-12T00:59:22Z", + "description": "", + "force_detach_policies": false, + "id": "wewerewondering-api", + "inline_policy": [ + { + "name": "api-db-access", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"dynamodb:BatchGetItem\",\"dynamodb:PutItem\",\"dynamodb:GetItem\",\"dynamodb:Scan\",\"dynamodb:Query\",\"dynamodb:UpdateItem\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:dynamodb:*:880545379339:table/events\",\"arn:aws:dynamodb:*:880545379339:table/questions\",\"arn:aws:dynamodb:*:880545379339:table/questions/index/top\"],\"Sid\":\"VisualEditor0\"}]}" + } + ], + "managed_policy_arns": [ + "arn:aws:iam::880545379339:policy/service-role/AWSLambdaBasicExecutionRole-b586114a-ba08-47b0-afe0-82c4d81857a0", + "arn:aws:iam::880545379339:policy/service-role/AWSLambdaTracerAccessExecutionRole-14a6d1b5-3a03-4b02-94ca-fec2eced24ab", + "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy" + ], + "max_session_duration": 3600, + "name": "wewerewondering-api", + "name_prefix": "", + "path": "/service-role/", + "permissions_boundary": "", + "tags": {}, + "tags_all": {}, + "unique_id": "AROA42BEYGQF75AG26GYC" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "dependencies": [ + "aws_cloudwatch_log_group.lambda", + "aws_iam_policy.cloudwatch", + "aws_iam_policy.xray", + "data.aws_iam_policy_document.assume_role", + "data.aws_iam_policy_document.cloudwatch", + "data.aws_iam_policy_document.xray" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_role_policy", + "name": "dynamodb", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "wewerewondering-api:api-db-access", + "name": "api-db-access", + "name_prefix": "", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"dynamodb:UpdateItem\",\"dynamodb:Scan\",\"dynamodb:Query\",\"dynamodb:PutItem\",\"dynamodb:GetItem\",\"dynamodb:BatchGetItem\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:dynamodb:us-east-1:880545379339:table/questions/index/top\",\"arn:aws:dynamodb:us-east-1:880545379339:table/questions\",\"arn:aws:dynamodb:us-east-1:880545379339:table/events\"]}]}", + "role": "wewerewondering-api" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_cloudwatch_log_group.lambda", + "aws_dynamodb_table.events", + "aws_dynamodb_table.questions", + "aws_iam_policy.cloudwatch", + "aws_iam_policy.xray", + "aws_iam_role.www", + "data.aws_iam_policy_document.assume_role", + "data.aws_iam_policy_document.cloudwatch", + "data.aws_iam_policy_document.dynamodb", + "data.aws_iam_policy_document.xray" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_lambda_function", + "name": "www", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "architectures": [ + "arm64" + ], + "arn": "arn:aws:lambda:us-east-1:880545379339:function:wewerewondering-api", + "code_signing_config_arn": "", + "dead_letter_config": [], + "description": "", + "environment": [ + { + "variables": { + "RUST_LOG": "info,tower_http=debug,wewerewondering_api=trace" + } + } + ], + "ephemeral_storage": [ + { + "size": 512 + } + ], + "file_system_config": [], + "filename": "lambda_function_payload.zip", + "function_name": "wewerewondering-api", + "handler": "bootstrap", + "id": "wewerewondering-api", + "image_config": [], + "image_uri": "", + "invoke_arn": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:880545379339:function:wewerewondering-api/invocations", + "kms_key_arn": "", + "last_modified": "2023-12-30T14:23:47.000+0000", + "layers": [ + "arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension-Arm64:5" + ], + "memory_size": 128, + "package_type": "Zip", + "publish": false, + "qualified_arn": "arn:aws:lambda:us-east-1:880545379339:function:wewerewondering-api:36", + "qualified_invoke_arn": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:880545379339:function:wewerewondering-api:36/invocations", + "replace_security_groups_on_destroy": null, + "replacement_security_group_ids": null, + "reserved_concurrent_executions": -1, + "role": "arn:aws:iam::880545379339:role/service-role/wewerewondering-api", + "runtime": "provided.al2", + "s3_bucket": null, + "s3_key": null, + "s3_object_version": null, + "signing_job_arn": "", + "signing_profile_version_arn": "", + "skip_destroy": false, + "snap_start": [], + "source_code_hash": "W7E2gnu4p+aHm166MT2kMU9QoAApHKXAUl7VRfMdomE=", + "source_code_size": 4715533, + "tags": {}, + "tags_all": {}, + "timeout": 30, + "timeouts": null, + "tracing_config": [ + { + "mode": "PassThrough" + } + ], + "version": "36", + "vpc_config": [] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_cloudwatch_log_group.lambda", + "aws_iam_policy.cloudwatch", + "aws_iam_policy.xray", + "aws_iam_role.www", + "data.archive_file.lambda", + "data.aws_iam_policy_document.assume_role", + "data.aws_iam_policy_document.cloudwatch", + "data.aws_iam_policy_document.xray", + "data.aws_region.current", + "terraform_data.cargo_lambda" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route53_record", + "name": "www_cert", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": "wewerewondering.com", + "schema_version": 2, + "attributes": { + "alias": [], + "allow_overwrite": true, + "cidr_routing_policy": [], + "failover_routing_policy": [], + "fqdn": "_c7b659fc5b836da864d8c39af1a6c6b8.wewerewondering.com", + "geolocation_routing_policy": [], + "health_check_id": "", + "id": "Z0224639SZ3FM93JW8DU__c7b659fc5b836da864d8c39af1a6c6b8.wewerewondering.com._CNAME", + "latency_routing_policy": [], + "multivalue_answer_routing_policy": false, + "name": "_c7b659fc5b836da864d8c39af1a6c6b8.wewerewondering.com", + "records": [ + "_2466ad9183460f6cd658e384440b4c12.yzdtlljtvc.acm-validations.aws." + ], + "set_identifier": "", + "ttl": 60, + "type": "CNAME", + "weighted_routing_policy": [], + "zone_id": "Z0224639SZ3FM93JW8DU" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", + "dependencies": [ + "aws_acm_certificate.www", + "aws_route53_zone.www" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route53_record", + "name": "www_cf", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 2, + "attributes": { + "alias": [ + { + "evaluate_target_health": false, + "name": "d1tpt5x1e858xw.cloudfront.net", + "zone_id": "Z2FDTNDATAQYW2" + } + ], + "allow_overwrite": null, + "cidr_routing_policy": [], + "failover_routing_policy": [], + "fqdn": "wewerewondering.com", + "geolocation_routing_policy": [], + "health_check_id": "", + "id": "Z0224639SZ3FM93JW8DU_wewerewondering.com_A", + "latency_routing_policy": [], + "multivalue_answer_routing_policy": false, + "name": "wewerewondering.com", + "records": [], + "set_identifier": "", + "ttl": 0, + "type": "A", + "weighted_routing_policy": [], + "zone_id": "Z0224639SZ3FM93JW8DU" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", + "dependencies": [ + "aws_acm_certificate.www", + "aws_acm_certificate_validation.www", + "aws_apigatewayv2_api.www", + "aws_cloudfront_cache_policy.cache_when_requested", + "aws_cloudfront_distribution.www", + "aws_cloudfront_function.index_everywhere", + "aws_cloudfront_origin_access_control.static", + "aws_route53_record.www_cert", + "aws_route53_zone.www", + "aws_s3_bucket.logs", + "aws_s3_bucket.static", + "data.aws_region.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route53_record", + "name": "www_cf_v6", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 2, + "attributes": { + "alias": [ + { + "evaluate_target_health": false, + "name": "d1tpt5x1e858xw.cloudfront.net", + "zone_id": "Z2FDTNDATAQYW2" + } + ], + "allow_overwrite": null, + "cidr_routing_policy": [], + "failover_routing_policy": [], + "fqdn": "wewerewondering.com", + "geolocation_routing_policy": [], + "health_check_id": "", + "id": "Z0224639SZ3FM93JW8DU_wewerewondering.com_AAAA", + "latency_routing_policy": [], + "multivalue_answer_routing_policy": false, + "name": "wewerewondering.com", + "records": [], + "set_identifier": "", + "ttl": 0, + "type": "AAAA", + "weighted_routing_policy": [], + "zone_id": "Z0224639SZ3FM93JW8DU" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", + "dependencies": [ + "aws_acm_certificate.www", + "aws_acm_certificate_validation.www", + "aws_apigatewayv2_api.www", + "aws_cloudfront_cache_policy.cache_when_requested", + "aws_cloudfront_distribution.www", + "aws_cloudfront_function.index_everywhere", + "aws_cloudfront_origin_access_control.static", + "aws_route53_record.www_cert", + "aws_route53_zone.www", + "aws_s3_bucket.logs", + "aws_s3_bucket.static", + "data.aws_region.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route53_record", + "name": "www_mx", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 2, + "attributes": { + "alias": [], + "allow_overwrite": null, + "cidr_routing_policy": [], + "failover_routing_policy": [], + "fqdn": "wewerewondering.com", + "geolocation_routing_policy": [], + "health_check_id": "", + "id": "Z0224639SZ3FM93JW8DU_wewerewondering.com_MX", + "latency_routing_policy": [], + "multivalue_answer_routing_policy": false, + "name": "wewerewondering.com", + "records": [ + "10 mx1.improvmx.com", + "20 mx2.improvmx.com" + ], + "set_identifier": "", + "ttl": 3600, + "type": "MX", + "weighted_routing_policy": [], + "zone_id": "Z0224639SZ3FM93JW8DU" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", + "dependencies": [ + "aws_route53_zone.www" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route53_record", + "name": "www_spf", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 2, + "attributes": { + "alias": [], + "allow_overwrite": null, + "cidr_routing_policy": [], + "failover_routing_policy": [], + "fqdn": "wewerewondering.com", + "geolocation_routing_policy": [], + "health_check_id": "", + "id": "Z0224639SZ3FM93JW8DU_wewerewondering.com_TXT", + "latency_routing_policy": [], + "multivalue_answer_routing_policy": false, + "name": "wewerewondering.com", + "records": [ + "v=spf1 include:spf.improvmx.com ~all" + ], + "set_identifier": "", + "ttl": 3600, + "type": "TXT", + "weighted_routing_policy": [], + "zone_id": "Z0224639SZ3FM93JW8DU" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==", + "dependencies": [ + "aws_route53_zone.www" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route53_zone", + "name": "www", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:route53:::hostedzone/Z0224639SZ3FM93JW8DU", + "comment": "Managed by Terraform", + "delegation_set_id": "", + "force_destroy": false, + "id": "Z0224639SZ3FM93JW8DU", + "name": "wewerewondering.com", + "name_servers": [ + "ns-1118.awsdns-11.org", + "ns-1967.awsdns-53.co.uk", + "ns-494.awsdns-61.com", + "ns-908.awsdns-49.net" + ], + "primary_name_server": "ns-1967.awsdns-53.co.uk", + "tags": {}, + "tags_all": {}, + "vpc": [], + "zone_id": "Z0224639SZ3FM93JW8DU" + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket", + "name": "athena", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "acceleration_status": "", + "acl": null, + "arn": "arn:aws:s3:::wewerewondering-athena", + "bucket": "wewerewondering-athena", + "bucket_domain_name": "wewerewondering-athena.s3.amazonaws.com", + "bucket_prefix": "", + "bucket_regional_domain_name": "wewerewondering-athena.s3.us-east-1.amazonaws.com", + "cors_rule": [], + "force_destroy": null, + "grant": [ + { + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", + "permissions": [ + "FULL_CONTROL" + ], + "type": "CanonicalUser", + "uri": "" + } + ], + "hosted_zone_id": "Z3AQBSTGFYJSTF", + "id": "wewerewondering-athena", + "lifecycle_rule": [], + "logging": [], + "object_lock_configuration": [], + "object_lock_enabled": false, + "policy": "", + "region": "us-east-1", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [ + { + "rule": [ + { + "apply_server_side_encryption_by_default": [ + { + "kms_master_key_id": "", + "sse_algorithm": "AES256" + } + ], + "bucket_key_enabled": false + } + ] + } + ], + "tags": {}, + "tags_all": {}, + "timeouts": null, + "versioning": [ + { + "enabled": false, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInJlYWQiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMCJ9" + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket", + "name": "logs", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "acceleration_status": "", + "acl": null, + "arn": "arn:aws:s3:::wewerewondering-logs", + "bucket": "wewerewondering-logs", + "bucket_domain_name": "wewerewondering-logs.s3.amazonaws.com", + "bucket_prefix": "", + "bucket_regional_domain_name": "wewerewondering-logs.s3.us-east-1.amazonaws.com", + "cors_rule": [], + "force_destroy": null, + "grant": [ + { + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", + "permissions": [ + "FULL_CONTROL" + ], + "type": "CanonicalUser", + "uri": "" + }, + { + "id": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", + "permissions": [ + "FULL_CONTROL" + ], + "type": "CanonicalUser", + "uri": "" + } + ], + "hosted_zone_id": "Z3AQBSTGFYJSTF", + "id": "wewerewondering-logs", + "lifecycle_rule": [], + "logging": [], + "object_lock_configuration": [], + "object_lock_enabled": false, + "policy": "", + "region": "us-east-1", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [ + { + "rule": [ + { + "apply_server_side_encryption_by_default": [ + { + "kms_master_key_id": "", + "sse_algorithm": "AES256" + } + ], + "bucket_key_enabled": false + } + ] + } + ], + "tags": {}, + "tags_all": {}, + "timeouts": null, + "versioning": [ + { + "enabled": false, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInJlYWQiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMCJ9" + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket", + "name": "static", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "acceleration_status": "", + "acl": null, + "arn": "arn:aws:s3:::wewerewondering-static", + "bucket": "wewerewondering-static", + "bucket_domain_name": "wewerewondering-static.s3.amazonaws.com", + "bucket_prefix": "", + "bucket_regional_domain_name": "wewerewondering-static.s3.us-east-1.amazonaws.com", + "cors_rule": [], + "force_destroy": true, + "grant": [ + { + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", + "permissions": [ + "FULL_CONTROL" + ], + "type": "CanonicalUser", + "uri": "" + } + ], + "hosted_zone_id": "Z3AQBSTGFYJSTF", + "id": "wewerewondering-static", + "lifecycle_rule": [], + "logging": [], + "object_lock_configuration": [], + "object_lock_enabled": false, + "policy": "{\"Id\":\"PolicyForCloudFrontPrivateContent\",\"Statement\":[{\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudfront::880545379339:distribution/E1ECZRHBXFKMHK\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudfront.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::wewerewondering-static\",\"arn:aws:s3:::wewerewondering-static/*\"],\"Sid\":\"AllowCloudFrontServicePrincipal\"}],\"Version\":\"2012-10-17\"}", + "region": "us-east-1", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [ + { + "rule": [ + { + "apply_server_side_encryption_by_default": [ + { + "kms_master_key_id": "", + "sse_algorithm": "AES256" + } + ], + "bucket_key_enabled": false + } + ] + } + ], + "tags": {}, + "tags_all": {}, + "timeouts": null, + "versioning": [ + { + "enabled": true, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInJlYWQiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19" + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_acl", + "name": "athena", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_control_policy": [ + { + "grant": [ + { + "grantee": [ + { + "display_name": "admin", + "email_address": "", + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", + "type": "CanonicalUser", + "uri": "" + } + ], + "permission": "FULL_CONTROL" + } + ], + "owner": [ + { + "display_name": "admin", + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2" + } + ] + } + ], + "acl": "private", + "bucket": "wewerewondering-athena", + "expected_bucket_owner": "", + "id": "wewerewondering-athena,private" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "dependencies": [ + "aws_s3_bucket.athena", + "aws_s3_bucket_ownership_controls.athena" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_acl", + "name": "logs", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_control_policy": [ + { + "grant": [ + { + "grantee": [ + { + "display_name": "", + "email_address": "", + "id": "", + "type": "CanonicalUser", + "uri": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0" + } + ], + "permission": "FULL_CONTROL" + }, + { + "grantee": [ + { + "display_name": "admin", + "email_address": "", + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", + "type": "CanonicalUser", + "uri": "" + } + ], + "permission": "FULL_CONTROL" + } + ], + "owner": [ + { + "display_name": "admin", + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2" + } + ] + } + ], + "acl": "", + "bucket": "wewerewondering-logs", + "expected_bucket_owner": "", + "id": "wewerewondering-logs" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.logs", + "aws_s3_bucket_ownership_controls.logs", + "data.aws_canonical_user_id.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_acl", + "name": "static", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_control_policy": [ + { + "grant": [ + { + "grantee": [ + { + "display_name": "admin", + "email_address": "", + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", + "type": "CanonicalUser", + "uri": "" + } + ], + "permission": "FULL_CONTROL" + } + ], + "owner": [ + { + "display_name": "admin", + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2" + } + ] + } + ], + "acl": "private", + "bucket": "wewerewondering-static", + "expected_bucket_owner": "", + "id": "wewerewondering-static,private" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "dependencies": [ + "aws_s3_bucket.static", + "aws_s3_bucket_ownership_controls.static" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_ownership_controls", + "name": "athena", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "wewerewondering-athena", + "id": "wewerewondering-athena", + "rule": [ + { + "object_ownership": "BucketOwnerEnforced" + } + ] + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "dependencies": [ + "aws_s3_bucket.athena" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_ownership_controls", + "name": "logs", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "wewerewondering-logs", + "id": "wewerewondering-logs", + "rule": [ + { + "object_ownership": "BucketOwnerPreferred" + } + ] + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "dependencies": [ + "aws_s3_bucket.logs" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_ownership_controls", + "name": "static", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "wewerewondering-static", + "id": "wewerewondering-static", + "rule": [ + { + "object_ownership": "BucketOwnerEnforced" + } + ] + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "dependencies": [ + "aws_s3_bucket.static" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_policy", + "name": "cloudfront", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "wewerewondering-static", + "id": "wewerewondering-static", + "policy": "{\"Id\":\"PolicyForCloudFrontPrivateContent\",\"Statement\":[{\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudfront::880545379339:distribution/E1ECZRHBXFKMHK\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudfront.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::wewerewondering-static\",\"arn:aws:s3:::wewerewondering-static/*\"],\"Sid\":\"AllowCloudFrontServicePrincipal\"}],\"Version\":\"2012-10-17\"}" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_object", + "name": "dist", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": "apple-touch-icon.png", + "schema_version": 0, + "attributes": { + "acl": null, + "bucket": "wewerewondering-static", + "bucket_key_enabled": false, + "cache_control": "", + "checksum_algorithm": null, + "checksum_crc32": "", + "checksum_crc32c": "", + "checksum_sha1": "", + "checksum_sha256": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "image/png", + "etag": "52a5465ca4b8008b0a16f927ee7ff362", + "force_destroy": true, + "id": "apple-touch-icon.png", + "key": "apple-touch-icon.png", + "kms_key_id": null, + "metadata": {}, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "override_provider": [], + "server_side_encryption": "AES256", + "source": "./../client/dist/apple-touch-icon.png", + "source_hash": null, + "storage_class": "STANDARD", + "tags": {}, + "tags_all": {}, + "version_id": "KhtCoK4ke4VLN8dlAldhid7g5IpCByV3", + "website_redirect": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "terraform_data.npm_build" + ] + }, + { + "index_key": "assets/index.2bd4e337.css", + "schema_version": 0, + "attributes": { + "acl": null, + "bucket": "wewerewondering-static", + "bucket_key_enabled": false, + "cache_control": "", + "checksum_algorithm": null, + "checksum_crc32": "", + "checksum_crc32c": "", + "checksum_sha1": "", + "checksum_sha256": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "application/octet-stream", + "etag": "5a011ef78398105b0b753585d662a46a", + "force_destroy": true, + "id": "assets/index.2bd4e337.css", + "key": "assets/index.2bd4e337.css", + "kms_key_id": null, + "metadata": null, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "override_provider": [], + "server_side_encryption": "AES256", + "source": "./../client/dist/assets/index.2bd4e337.css", + "source_hash": null, + "storage_class": "STANDARD", + "tags": null, + "tags_all": {}, + "version_id": "fcrJkc3.SZPdI_cFbJmpQYdeIGpQ5dtT", + "website_redirect": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "terraform_data.npm_build" + ] + }, + { + "index_key": "assets/index.61e1a11f.js", + "schema_version": 0, + "attributes": { + "acl": null, + "bucket": "wewerewondering-static", + "bucket_key_enabled": false, + "cache_control": "", + "checksum_algorithm": null, + "checksum_crc32": "", + "checksum_crc32c": "", + "checksum_sha1": "", + "checksum_sha256": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "application/octet-stream", + "etag": "d1d29e8de8077de4849b08dc90b12067", + "force_destroy": true, + "id": "assets/index.61e1a11f.js", + "key": "assets/index.61e1a11f.js", + "kms_key_id": null, + "metadata": null, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "override_provider": [], + "server_side_encryption": "AES256", + "source": "./../client/dist/assets/index.61e1a11f.js", + "source_hash": null, + "storage_class": "STANDARD", + "tags": null, + "tags_all": {}, + "version_id": "ZasJSuKnoQkdPVIKPMI7yVtk4KK6mtq2", + "website_redirect": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "terraform_data.npm_build" + ] + }, + { + "index_key": "favicon.ico", + "schema_version": 0, + "attributes": { + "acl": null, + "bucket": "wewerewondering-static", + "bucket_key_enabled": false, + "cache_control": "", + "checksum_algorithm": null, + "checksum_crc32": "", + "checksum_crc32c": "", + "checksum_sha1": "", + "checksum_sha256": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "image/vnd.microsoft.icon", + "etag": "9a5d0dd396d479d9a60ce80e008475a9", + "force_destroy": true, + "id": "favicon.ico", + "key": "favicon.ico", + "kms_key_id": null, + "metadata": {}, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "override_provider": [], + "server_side_encryption": "AES256", + "source": "./../client/dist/favicon.ico", + "source_hash": null, + "storage_class": "STANDARD", + "tags": {}, + "tags_all": {}, + "version_id": "y_e3V3kB2q_Gch4xYPpe80iUtglgW.wJ", + "website_redirect": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "terraform_data.npm_build" + ] + }, + { + "index_key": "favicon.png", + "schema_version": 0, + "attributes": { + "acl": null, + "bucket": "wewerewondering-static", + "bucket_key_enabled": false, + "cache_control": "", + "checksum_algorithm": null, + "checksum_crc32": "", + "checksum_crc32c": "", + "checksum_sha1": "", + "checksum_sha256": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "image/png", + "etag": "728e06e6955b04591e1388ba988ce7d2", + "force_destroy": true, + "id": "favicon.png", + "key": "favicon.png", + "kms_key_id": null, + "metadata": {}, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "override_provider": [], + "server_side_encryption": "AES256", + "source": "./../client/dist/favicon.png", + "source_hash": null, + "storage_class": "STANDARD", + "tags": {}, + "tags_all": {}, + "version_id": "SdfKy.PJYlD20fnyvYfvn3hilqu6cMWu", + "website_redirect": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "terraform_data.npm_build" + ] + }, + { + "index_key": "index.html", + "schema_version": 0, + "attributes": { + "acl": null, + "bucket": "wewerewondering-static", + "bucket_key_enabled": false, + "cache_control": "max-age=300", + "checksum_algorithm": null, + "checksum_crc32": "", + "checksum_crc32c": "", + "checksum_sha1": "", + "checksum_sha256": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "text/html", + "etag": "88d8b88c12fd720a490b5d7581f7857c", + "force_destroy": true, + "id": "index.html", + "key": "index.html", + "kms_key_id": null, + "metadata": {}, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "override_provider": [], + "server_side_encryption": "AES256", + "source": "./../client/dist/index.html", + "source_hash": null, + "storage_class": "STANDARD", + "tags": {}, + "tags_all": {}, + "version_id": "m8BBRjbTQF_MR05o_gwp91brhmLMkwL0", + "website_redirect": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "terraform_data.npm_build" + ] + }, + { + "index_key": "robots.txt", + "schema_version": 0, + "attributes": { + "acl": null, + "bucket": "wewerewondering-static", + "bucket_key_enabled": false, + "cache_control": "", + "checksum_algorithm": null, + "checksum_crc32": "", + "checksum_crc32c": "", + "checksum_sha1": "", + "checksum_sha256": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "text/plain", + "etag": "e3022ff38873f5c22cfe88800696dd13", + "force_destroy": true, + "id": "robots.txt", + "key": "robots.txt", + "kms_key_id": null, + "metadata": {}, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "override_provider": [], + "server_side_encryption": "AES256", + "source": "./../client/dist/robots.txt", + "source_hash": null, + "storage_class": "STANDARD", + "tags": {}, + "tags_all": {}, + "version_id": "YbTpjMemdQpuKHR1Kwqp6TZE81ar6v8i", + "website_redirect": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "terraform_data.npm_build" + ] + } + ] + }, + { + "mode": "managed", + "type": "terraform_data", + "name": "cargo_lambda", + "provider": "provider[\"terraform.io/builtin/terraform\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "4c6bd9ba-1be1-7124-5979-44586fbcd4fb", + "input": null, + "output": null, + "triggers_replace": { + "value": { + "cargo_toml": "QpzO2eHyUPwln4nkgB6oheyQfJ9NO6yo3LAeLoizehU=", + "main_rs": "eQKjFptSzxjUOKnymQQqxAYOUsU9DU/nDSR1ggUB5VI=" + }, + "type": [ + "object", + { + "cargo_toml": "string", + "main_rs": "string" + } + ] + } + }, + "sensitive_attributes": [] + } + ] + }, + { + "mode": "managed", + "type": "terraform_data", + "name": "npm_build", + "provider": "provider[\"terraform.io/builtin/terraform\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "5619b8bf-1135-b120-d57c-da1900c8cb3c", + "input": null, + "output": null, + "triggers_replace": { + "value": { + "index_html": "4QdZTX10kZioZFfIvh/k+c9mdBVybNcJkHOd2g/JHQg=", + "package_json": "l+CUZ25vEla6sjntm9elr09fcwLu1+bzyggkJCj4CBI=" + }, + "type": [ + "object", + { + "index_html": "string", + "package_json": "string" + } + ] + } + }, + "sensitive_attributes": [] + } + ] + } + ], + "check_results": null +} From a202386fcfd930d06ef754ca67a1715492a82489 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:26:54 +0100 Subject: [PATCH 09/26] CanoncailUser needs id, not uri --- infra/logging.tf | 6 +++--- infra/terraform.tfstate | 36 ++++++++++++++++++++++++++---------- 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/infra/logging.tf b/infra/logging.tf index b7a7c9c..25ac532 100644 --- a/infra/logging.tf +++ b/infra/logging.tf @@ -28,7 +28,7 @@ import { resource "aws_s3_bucket_acl" "logs" { depends_on = [aws_s3_bucket_ownership_controls.logs] - bucket = aws_s3_bucket.logs.id + bucket = aws_s3_bucket.logs.id access_control_policy { grant { @@ -43,13 +43,13 @@ resource "aws_s3_bucket_acl" "logs" { grant { grantee { type = "CanonicalUser" - uri = "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0" + id = "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0" } permission = "FULL_CONTROL" } owner { - id = data.aws_canonical_user_id.current.id + id = data.aws_canonical_user_id.current.id } } } diff --git a/infra/terraform.tfstate b/infra/terraform.tfstate index fc81fa0..5b91107 100644 --- a/infra/terraform.tfstate +++ b/infra/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.6", - "serial": 33, + "serial": 35, "lineage": "ed8fbb99-5570-1b6d-6765-46ed4759afc0", "outputs": {}, "resources": [ @@ -398,7 +398,8 @@ "validation_option": [] }, "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "create_before_destroy": true } ] }, @@ -887,7 +888,7 @@ "throttling_rate_limit": 50 } ], - "deployment_id": "d8pfd6", + "deployment_id": "1um1l9", "description": "", "execution_arn": "arn:aws:execute-api:us-east-1:880545379339:je8z4t28h4/$default", "id": "$default", @@ -1056,7 +1057,7 @@ "default_root_object": "index.html", "domain_name": "d1tpt5x1e858xw.cloudfront.net", "enabled": true, - "etag": "E1R84SIZDEAB51", + "etag": "E1FFOF1JOH3IX2", "hosted_zone_id": "Z2FDTNDATAQYW2", "http_version": "http2", "id": "E1ECZRHBXFKMHK", @@ -1832,7 +1833,7 @@ "inline_policy": [ { "name": "api-db-access", - "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"dynamodb:BatchGetItem\",\"dynamodb:PutItem\",\"dynamodb:GetItem\",\"dynamodb:Scan\",\"dynamodb:Query\",\"dynamodb:UpdateItem\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:dynamodb:*:880545379339:table/events\",\"arn:aws:dynamodb:*:880545379339:table/questions\",\"arn:aws:dynamodb:*:880545379339:table/questions/index/top\"],\"Sid\":\"VisualEditor0\"}]}" + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"dynamodb:UpdateItem\",\"dynamodb:Scan\",\"dynamodb:Query\",\"dynamodb:PutItem\",\"dynamodb:GetItem\",\"dynamodb:BatchGetItem\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:dynamodb:us-east-1:880545379339:table/questions/index/top\",\"arn:aws:dynamodb:us-east-1:880545379339:table/questions\",\"arn:aws:dynamodb:us-east-1:880545379339:table/events\"]}]}" } ], "managed_policy_arns": [ @@ -2697,7 +2698,22 @@ "policy": "{\"Id\":\"PolicyForCloudFrontPrivateContent\",\"Statement\":[{\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudfront::880545379339:distribution/E1ECZRHBXFKMHK\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudfront.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::wewerewondering-static\",\"arn:aws:s3:::wewerewondering-static/*\"],\"Sid\":\"AllowCloudFrontServicePrincipal\"}],\"Version\":\"2012-10-17\"}" }, "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "dependencies": [ + "aws_acm_certificate.www", + "aws_acm_certificate_validation.www", + "aws_apigatewayv2_api.www", + "aws_cloudfront_cache_policy.cache_when_requested", + "aws_cloudfront_distribution.www", + "aws_cloudfront_function.index_everywhere", + "aws_cloudfront_origin_access_control.static", + "aws_route53_record.www_cert", + "aws_route53_zone.www", + "aws_s3_bucket.logs", + "aws_s3_bucket.static", + "data.aws_iam_policy_document.cloudfront_s3", + "data.aws_region.current" + ] } ] }, @@ -2776,7 +2792,7 @@ "id": "assets/index.2bd4e337.css", "key": "assets/index.2bd4e337.css", "kms_key_id": null, - "metadata": null, + "metadata": {}, "object_lock_legal_hold_status": "", "object_lock_mode": "", "object_lock_retain_until_date": "", @@ -2785,7 +2801,7 @@ "source": "./../client/dist/assets/index.2bd4e337.css", "source_hash": null, "storage_class": "STANDARD", - "tags": null, + "tags": {}, "tags_all": {}, "version_id": "fcrJkc3.SZPdI_cFbJmpQYdeIGpQ5dtT", "website_redirect": "" @@ -2821,7 +2837,7 @@ "id": "assets/index.61e1a11f.js", "key": "assets/index.61e1a11f.js", "kms_key_id": null, - "metadata": null, + "metadata": {}, "object_lock_legal_hold_status": "", "object_lock_mode": "", "object_lock_retain_until_date": "", @@ -2830,7 +2846,7 @@ "source": "./../client/dist/assets/index.61e1a11f.js", "source_hash": null, "storage_class": "STANDARD", - "tags": null, + "tags": {}, "tags_all": {}, "version_id": "ZasJSuKnoQkdPVIKPMI7yVtk4KK6mtq2", "website_redirect": "" From 0cf082589be836501cd71cfa097ba526366d0575 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:27:24 +0100 Subject: [PATCH 10/26] apply succeeded --- infra/terraform.tfstate | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/infra/terraform.tfstate b/infra/terraform.tfstate index 5b91107..084fcf5 100644 --- a/infra/terraform.tfstate +++ b/infra/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.6", - "serial": 35, + "serial": 36, "lineage": "ed8fbb99-5570-1b6d-6765-46ed4759afc0", "outputs": {}, "resources": [ @@ -1220,7 +1220,7 @@ "name": "index-everywhere", "publish": true, "runtime": "cloudfront-js-1.0", - "status": "IN_PROGRESS" + "status": "DEPLOYED" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -2517,11 +2517,11 @@ { "grantee": [ { - "display_name": "", + "display_name": "admin", "email_address": "", - "id": "", + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", "type": "CanonicalUser", - "uri": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0" + "uri": "" } ], "permission": "FULL_CONTROL" @@ -2529,9 +2529,9 @@ { "grantee": [ { - "display_name": "admin", + "display_name": "awslogsdelivery+s3_us-east-1", "email_address": "", - "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", + "id": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", "type": "CanonicalUser", "uri": "" } From 453bb3279780513e15762d470623a7cf7677b7b1 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:27:42 +0100 Subject: [PATCH 11/26] Ignore terraform backup state --- infra/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/infra/.gitignore b/infra/.gitignore index 09aa2cb..4c5e843 100644 --- a/infra/.gitignore +++ b/infra/.gitignore @@ -1,2 +1,3 @@ .terraform/ +terraform.tfstate.backup lambda_function_payload.zip From cec2ae72dc9cd823bce7d216cb88af49a323aa14 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:30:05 +0100 Subject: [PATCH 12/26] Remove all the imports --- infra/apigw.tf | 65 --------------------------------------------- infra/athena.tf | 25 ----------------- infra/cloudfront.tf | 20 -------------- infra/dashboard.tf | 5 ---- infra/domain.tf | 44 ------------------------------ infra/dynamodb.tf | 10 ------- infra/lambda.tf | 25 ----------------- infra/logging.tf | 27 ------------------- infra/static.tf | 48 --------------------------------- 9 files changed, 269 deletions(-) diff --git a/infra/apigw.tf b/infra/apigw.tf index b051f69..7bc97f8 100644 --- a/infra/apigw.tf +++ b/infra/apigw.tf @@ -3,11 +3,6 @@ resource "aws_apigatewayv2_api" "www" { protocol_type = "HTTP" } -import { - to = aws_apigatewayv2_api.www - id = "je8z4t28h4" -} - data "aws_iam_policy_document" "apigw_assume" { statement { principals { @@ -25,20 +20,10 @@ resource "aws_iam_role" "apigw_cw" { managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"] } -import { - to = aws_iam_role.apigw_cw - id = "wewerewondering-api-gw" -} - resource "aws_api_gateway_account" "www" { cloudwatch_role_arn = aws_iam_role.apigw_cw.arn } -import { - to = aws_api_gateway_account.www - id = "api-gateway-account" -} - resource "aws_apigatewayv2_stage" "www" { api_id = aws_apigatewayv2_api.www.id name = "$default" @@ -62,11 +47,6 @@ resource "aws_apigatewayv2_stage" "www" { } } -import { - to = aws_apigatewayv2_stage.www - id = "je8z4t28h4/$default" -} - resource "aws_apigatewayv2_integration" "www" { api_id = aws_apigatewayv2_api.www.id integration_type = "AWS_PROXY" @@ -75,44 +55,24 @@ resource "aws_apigatewayv2_integration" "www" { payload_format_version = "2.0" } -import { - to = aws_apigatewayv2_integration.www - id = "je8z4t28h4/4y6aomd" -} - resource "aws_apigatewayv2_route" "api_event_post" { api_id = aws_apigatewayv2_api.www.id route_key = "POST /api/event" target = "integrations/${aws_apigatewayv2_integration.www.id}" } -import { - to = aws_apigatewayv2_route.api_event_post - id = "je8z4t28h4/lmcxybh" -} - resource "aws_apigatewayv2_route" "api_event_eid_post" { api_id = aws_apigatewayv2_api.www.id route_key = "POST /api/event/{eid}" target = "integrations/${aws_apigatewayv2_integration.www.id}" } -import { - to = aws_apigatewayv2_route.api_event_eid_post - id = "je8z4t28h4/cyva0m4" -} - resource "aws_apigatewayv2_route" "api_event_eid_get" { api_id = aws_apigatewayv2_api.www.id route_key = "GET /api/event/{eid}" target = "integrations/${aws_apigatewayv2_integration.www.id}" } -import { - to = aws_apigatewayv2_route.api_event_eid_get - id = "je8z4t28h4/iih0hlf" -} - resource "aws_apigatewayv2_route" "api_route" { for_each = { get_eeq = "GET /api/event/{eid}/questions", @@ -126,28 +86,3 @@ resource "aws_apigatewayv2_route" "api_route" { route_key = each.value target = "integrations/${aws_apigatewayv2_integration.www.id}" } - -import { - to = aws_apigatewayv2_route.api_route["get_eeq"] - id = "je8z4t28h4/ezhnbti" -} - -import { - to = aws_apigatewayv2_route.api_route["get_eeqs"] - id = "je8z4t28h4/fb0pv8e" -} - -import { - to = aws_apigatewayv2_route.api_route["post_toggle"] - id = "je8z4t28h4/0y2fhvt" -} - -import { - to = aws_apigatewayv2_route.api_route["get_q"] - id = "je8z4t28h4/5j62zea" -} - -import { - to = aws_apigatewayv2_route.api_route["post_vote"] - id = "je8z4t28h4/d6f5hnm" -} diff --git a/infra/athena.tf b/infra/athena.tf index 9cd9cb9..df340f9 100644 --- a/infra/athena.tf +++ b/infra/athena.tf @@ -9,11 +9,6 @@ resource "aws_s3_bucket" "athena" { # https://docs.aws.amazon.com/athena/latest/ug/querying.html#query-results-specify-location } -import { - to = aws_s3_bucket.athena - id = local.athena -} - resource "aws_s3_bucket_ownership_controls" "athena" { bucket = aws_s3_bucket.athena.id @@ -22,11 +17,6 @@ resource "aws_s3_bucket_ownership_controls" "athena" { } } -import { - to = aws_s3_bucket_ownership_controls.athena - id = local.athena -} - resource "aws_s3_bucket_acl" "athena" { depends_on = [aws_s3_bucket_ownership_controls.athena] @@ -34,11 +24,6 @@ resource "aws_s3_bucket_acl" "athena" { acl = "private" } -import { - to = aws_s3_bucket_acl.athena - id = "${local.athena},private" -} - # https://docs.aws.amazon.com/athena/latest/ug/cloudfront-logs.html resource "aws_glue_catalog_table" "cf_logs" { name = "cloudfront_logs" @@ -197,11 +182,6 @@ resource "aws_glue_catalog_table" "cf_logs" { } } -import { - to = aws_glue_catalog_table.cf_logs - id = "880545379339:default:cloudfront_logs" -} - resource "aws_athena_workgroup" "www" { name = "primary" @@ -214,8 +194,3 @@ resource "aws_athena_workgroup" "www" { } } } - -import { - to = aws_athena_workgroup.www - id = "primary" -} diff --git a/infra/cloudfront.tf b/infra/cloudfront.tf index 91fc71d..a302d6f 100644 --- a/infra/cloudfront.tf +++ b/infra/cloudfront.tf @@ -10,11 +10,6 @@ resource "aws_cloudfront_origin_access_control" "static" { signing_protocol = "sigv4" } -import { - to = aws_cloudfront_origin_access_control.static - id = "E2O0QG272YYJYR" -} - resource "aws_cloudfront_cache_policy" "cache_when_requested" { name = "CacheWhenRequested" default_ttl = 1 @@ -35,22 +30,12 @@ resource "aws_cloudfront_cache_policy" "cache_when_requested" { } } -import { - to = aws_cloudfront_cache_policy.cache_when_requested - id = "fcc8df6d-6613-4210-8246-f45d18f04835" -} - resource "aws_cloudfront_function" "index_everywhere" { name = "index-everywhere" runtime = "cloudfront-js-1.0" code = file("${path.module}/index-everywhere.js") } -import { - to = aws_cloudfront_function.index_everywhere - id = "index-everywhere" -} - resource "aws_cloudfront_distribution" "www" { origin { origin_id = local.gw_origin_id @@ -129,8 +114,3 @@ resource "aws_cloudfront_distribution" "www" { ssl_support_method = "sni-only" } } - -import { - to = aws_cloudfront_distribution.www - id = "E1ECZRHBXFKMHK" -} diff --git a/infra/dashboard.tf b/infra/dashboard.tf index c791acb..ca54687 100644 --- a/infra/dashboard.tf +++ b/infra/dashboard.tf @@ -132,8 +132,3 @@ resource "aws_cloudwatch_dashboard" "www" { ] }) } - -import { - to = aws_cloudwatch_dashboard.www - id = "ApiGatewayHttp" -} diff --git a/infra/domain.tf b/infra/domain.tf index 10634f2..a2e92b5 100644 --- a/infra/domain.tf +++ b/infra/domain.tf @@ -6,11 +6,6 @@ resource "aws_route53_zone" "www" { name = local.domain } -import { - to = aws_route53_zone.www - id = "Z0224639SZ3FM93JW8DU" -} - resource "aws_route53_record" "www_mx" { zone_id = aws_route53_zone.www.zone_id name = local.domain @@ -22,11 +17,6 @@ resource "aws_route53_record" "www_mx" { ] } -import { - to = aws_route53_record.www_mx - id = "Z0224639SZ3FM93JW8DU_${local.domain}_MX" -} - resource "aws_route53_record" "www_spf" { zone_id = aws_route53_zone.www.zone_id name = local.domain @@ -37,11 +27,6 @@ resource "aws_route53_record" "www_spf" { ] } -import { - to = aws_route53_record.www_spf - id = "Z0224639SZ3FM93JW8DU_${local.domain}_TXT" -} - resource "aws_route53_record" "www_cf" { zone_id = aws_route53_zone.www.zone_id name = local.domain @@ -53,11 +38,6 @@ resource "aws_route53_record" "www_cf" { } } -import { - to = aws_route53_record.www_cf - id = "Z0224639SZ3FM93JW8DU_${local.domain}_A" -} - resource "aws_route53_record" "www_cf_v6" { zone_id = aws_route53_zone.www.zone_id name = local.domain @@ -69,11 +49,6 @@ resource "aws_route53_record" "www_cf_v6" { } } -import { - to = aws_route53_record.www_cf_v6 - id = "Z0224639SZ3FM93JW8DU_${local.domain}_AAAA" -} - resource "aws_acm_certificate" "www" { provider = aws.us-east-1 domain_name = local.domain @@ -84,11 +59,6 @@ resource "aws_acm_certificate" "www" { } } -import { - to = aws_acm_certificate.www - id = "arn:aws:acm:us-east-1:880545379339:certificate/f3e11148-9740-4b7f-a1a6-da43e045cef0" -} - resource "aws_route53_record" "www_cert" { for_each = { for dvo in aws_acm_certificate.www.domain_validation_options : dvo.domain_name => { @@ -106,20 +76,6 @@ resource "aws_route53_record" "www_cert" { zone_id = aws_route53_zone.www.zone_id } -# TODO: requires 1.7: https://github.com/hashicorp/terraform/pull/33932#issuecomment-1761821359 -#import { -# for_each = { -# for dvo in aws_acm_certificate.www.domain_validation_options : dvo.domain_name => { -# name = dvo.resource_record_name -# record = dvo.resource_record_value -# type = dvo.resource_record_type -# } -# } -# -# to = aws_route53_record.www_cert[local.domain] -# id = "Z4KAPRWWNC7JR_${each.name}.${local.domain}_${each.type}" -#} - resource "aws_acm_certificate_validation" "www" { provider = aws.us-east-1 certificate_arn = aws_acm_certificate.www.arn diff --git a/infra/dynamodb.tf b/infra/dynamodb.tf index b6659a3..235ad1e 100644 --- a/infra/dynamodb.tf +++ b/infra/dynamodb.tf @@ -14,11 +14,6 @@ resource "aws_dynamodb_table" "events" { } } -import { - to = aws_dynamodb_table.events - id = "events" -} - resource "aws_dynamodb_table" "questions" { name = "questions" billing_mode = "PAY_PER_REQUEST" @@ -52,8 +47,3 @@ resource "aws_dynamodb_table" "questions" { non_key_attributes = ["answered", "hidden"] } } - -import { - to = aws_dynamodb_table.questions - id = "questions" -} diff --git a/infra/lambda.tf b/infra/lambda.tf index 3f8ff45..1575599 100644 --- a/infra/lambda.tf +++ b/infra/lambda.tf @@ -15,11 +15,6 @@ resource "aws_iam_policy" "xray" { policy = data.aws_iam_policy_document.xray.json } -import { - to = aws_iam_policy.xray - id = "arn:aws:iam::880545379339:policy/service-role/AWSLambdaTracerAccessExecutionRole-14a6d1b5-3a03-4b02-94ca-fec2eced24ab" -} - data "aws_iam_policy_document" "cloudwatch" { statement { actions = [ @@ -44,11 +39,6 @@ resource "aws_iam_policy" "cloudwatch" { policy = data.aws_iam_policy_document.cloudwatch.json } -import { - to = aws_iam_policy.cloudwatch - id = "arn:aws:iam::880545379339:policy/service-role/AWSLambdaBasicExecutionRole-b586114a-ba08-47b0-afe0-82c4d81857a0" -} - data "aws_iam_policy_document" "assume_role" { statement { principals { @@ -70,11 +60,6 @@ resource "aws_iam_role" "www" { ] } -import { - to = aws_iam_role.www - id = "wewerewondering-api" -} - data "aws_iam_policy_document" "dynamodb" { statement { actions = [ @@ -99,11 +84,6 @@ resource "aws_iam_role_policy" "dynamodb" { policy = data.aws_iam_policy_document.dynamodb.json } -import { - to = aws_iam_role_policy.dynamodb - id = "wewerewondering-api:api-db-access" -} - resource "terraform_data" "cargo_lambda" { triggers_replace = { cargo_toml = "${base64sha256(file("${path.module}/../server/Cargo.toml"))}" @@ -147,8 +127,3 @@ resource "aws_lambda_function" "www" { aws_cloudwatch_log_group.lambda, ] } - -import { - to = aws_lambda_function.www - id = "wewerewondering-api" -} diff --git a/infra/logging.tf b/infra/logging.tf index 25ac532..c585226 100644 --- a/infra/logging.tf +++ b/infra/logging.tf @@ -8,11 +8,6 @@ resource "aws_s3_bucket" "logs" { bucket = local.logs } -import { - to = aws_s3_bucket.logs - id = local.logs -} - resource "aws_s3_bucket_ownership_controls" "logs" { bucket = aws_s3_bucket.logs.id @@ -21,11 +16,6 @@ resource "aws_s3_bucket_ownership_controls" "logs" { } } -import { - to = aws_s3_bucket_ownership_controls.logs - id = local.logs -} - resource "aws_s3_bucket_acl" "logs" { depends_on = [aws_s3_bucket_ownership_controls.logs] bucket = aws_s3_bucket.logs.id @@ -54,31 +44,14 @@ resource "aws_s3_bucket_acl" "logs" { } } -import { - to = aws_s3_bucket_acl.logs - id = local.logs -} - resource "aws_cloudwatch_log_group" "lambda" { name = "/aws/lambda/wewerewondering-api" # TODO retention_in_days = 0 } -import { - to = aws_cloudwatch_log_group.lambda - id = "/aws/lambda/wewerewondering-api" -} - resource "aws_cloudwatch_log_group" "apigw" { name = "/aws/api-gateway/wewerewondering" # TODO retention_in_days = 0 } - -import { - to = aws_cloudwatch_log_group.apigw - id = "/aws/api-gateway/wewerewondering" -} - -# arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs diff --git a/infra/static.tf b/infra/static.tf index f7d3e3b..47514c0 100644 --- a/infra/static.tf +++ b/infra/static.tf @@ -7,11 +7,6 @@ resource "aws_s3_bucket" "static" { force_destroy = true } -import { - to = aws_s3_bucket.static - id = local.static -} - resource "aws_s3_bucket_ownership_controls" "static" { bucket = aws_s3_bucket.static.id @@ -20,11 +15,6 @@ resource "aws_s3_bucket_ownership_controls" "static" { } } -import { - to = aws_s3_bucket_ownership_controls.static - id = local.static -} - resource "aws_s3_bucket_acl" "static" { depends_on = [aws_s3_bucket_ownership_controls.static] @@ -32,11 +22,6 @@ resource "aws_s3_bucket_acl" "static" { acl = "private" } -import { - to = aws_s3_bucket_acl.static - id = "${local.static},private" -} - data "aws_iam_policy_document" "cloudfront_s3" { policy_id = "PolicyForCloudFrontPrivateContent" @@ -72,11 +57,6 @@ resource "aws_s3_bucket_policy" "cloudfront" { policy = data.aws_iam_policy_document.cloudfront_s3.json } -import { - to = aws_s3_bucket_policy.cloudfront - id = local.static -} - resource "terraform_data" "npm_build" { triggers_replace = { package_json = "${base64sha256(file("${path.module}/../client/package.json"))}" @@ -104,31 +84,3 @@ resource "aws_s3_object" "dist" { } # TODO: delete old files in assets/ ? - -# TODO: requires 1.7: https://github.com/hashicorp/terraform/pull/33932#issuecomment-1761821359 -#import { -# for_each = fileset("${path.module}/../client/dist", "**") -# -# to = aws_s3_object.dist[each.value] -# id = "${aws_s3_bucket.static.id}/${each.value}" -#} -import { - to = aws_s3_object.dist["index.html"] - id = "${aws_s3_bucket.static.id}/index.html" -} -import { - to = aws_s3_object.dist["robots.txt"] - id = "${aws_s3_bucket.static.id}/robots.txt" -} -import { - to = aws_s3_object.dist["favicon.ico"] - id = "${aws_s3_bucket.static.id}/favicon.ico" -} -import { - to = aws_s3_object.dist["favicon.png"] - id = "${aws_s3_bucket.static.id}/favicon.png" -} -import { - to = aws_s3_object.dist["apple-touch-icon.png"] - id = "${aws_s3_bucket.static.id}/apple-touch-icon.png" -} From fdcd224290d5cae7385e508d43c39d31c4bfc72b Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:33:54 +0100 Subject: [PATCH 13/26] Upgrade to cloudfront js 2.0 --- infra/cloudfront.tf | 2 +- infra/terraform.tfstate | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/infra/cloudfront.tf b/infra/cloudfront.tf index a302d6f..3c100c5 100644 --- a/infra/cloudfront.tf +++ b/infra/cloudfront.tf @@ -32,7 +32,7 @@ resource "aws_cloudfront_cache_policy" "cache_when_requested" { resource "aws_cloudfront_function" "index_everywhere" { name = "index-everywhere" - runtime = "cloudfront-js-1.0" + runtime = "cloudfront-js-2.0" code = file("${path.module}/index-everywhere.js") } diff --git a/infra/terraform.tfstate b/infra/terraform.tfstate index 084fcf5..3a7f4aa 100644 --- a/infra/terraform.tfstate +++ b/infra/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.6", - "serial": 36, + "serial": 38, "lineage": "ed8fbb99-5570-1b6d-6765-46ed4759afc0", "outputs": {}, "resources": [ @@ -1214,13 +1214,13 @@ "arn": "arn:aws:cloudfront::880545379339:function/index-everywhere", "code": "function handler(event) {\n var req = event.request;\n if (\n req.uri.startsWith('/event/')\n ) {\n req.uri = '/index.html';\n }\n return req;\n}\n", "comment": "", - "etag": "E13V1IB3VIYZZH", + "etag": "E1VC38T7YXB528", "id": "index-everywhere", - "live_stage_etag": "E1F83G8C2ARO7P", + "live_stage_etag": "E1PA6795UKMFR9", "name": "index-everywhere", "publish": true, - "runtime": "cloudfront-js-1.0", - "status": "DEPLOYED" + "runtime": "cloudfront-js-2.0", + "status": "IN_PROGRESS" }, "sensitive_attributes": [], "private": "bnVsbA==" From eecf07d40b0b3e45bebecd2ffe9b2c92b626611b Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:39:52 +0100 Subject: [PATCH 14/26] Can't update IAM policy names yet --- infra/lambda.tf | 4 ++-- infra/terraform.tfstate | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/infra/lambda.tf b/infra/lambda.tf index 1575599..44a2df6 100644 --- a/infra/lambda.tf +++ b/infra/lambda.tf @@ -9,7 +9,7 @@ data "aws_iam_policy_document" "xray" { } resource "aws_iam_policy" "xray" { - # TODO + # TODO: https://github.com/hashicorp/terraform-provider-aws/issues/32906 name = "AWSLambdaTracerAccessExecutionRole-14a6d1b5-3a03-4b02-94ca-fec2eced24ab" path = "/service-role/" policy = data.aws_iam_policy_document.xray.json @@ -33,7 +33,7 @@ data "aws_iam_policy_document" "cloudwatch" { } resource "aws_iam_policy" "cloudwatch" { - # TODO + # TODO: https://github.com/hashicorp/terraform-provider-aws/issues/32906 name = "AWSLambdaBasicExecutionRole-b586114a-ba08-47b0-afe0-82c4d81857a0" path = "/service-role/" policy = data.aws_iam_policy_document.cloudwatch.json diff --git a/infra/terraform.tfstate b/infra/terraform.tfstate index 3a7f4aa..e9438e7 100644 --- a/infra/terraform.tfstate +++ b/infra/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.6", - "serial": 38, + "serial": 41, "lineage": "ed8fbb99-5570-1b6d-6765-46ed4759afc0", "outputs": {}, "resources": [ @@ -1057,7 +1057,7 @@ "default_root_object": "index.html", "domain_name": "d1tpt5x1e858xw.cloudfront.net", "enabled": true, - "etag": "E1FFOF1JOH3IX2", + "etag": "E3ENT7PO0SW2WD", "hosted_zone_id": "Z2FDTNDATAQYW2", "http_version": "http2", "id": "E1ECZRHBXFKMHK", From 36f52ca0e4cab6035806d4169b2c0847d9d7a803 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:42:46 +0100 Subject: [PATCH 15/26] Set 6mo retention on logs --- infra/logging.tf | 6 ++---- infra/terraform.tfstate | 12 ++++++------ 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/infra/logging.tf b/infra/logging.tf index c585226..508cf43 100644 --- a/infra/logging.tf +++ b/infra/logging.tf @@ -46,12 +46,10 @@ resource "aws_s3_bucket_acl" "logs" { resource "aws_cloudwatch_log_group" "lambda" { name = "/aws/lambda/wewerewondering-api" - # TODO - retention_in_days = 0 + retention_in_days = 180 } resource "aws_cloudwatch_log_group" "apigw" { name = "/aws/api-gateway/wewerewondering" - # TODO - retention_in_days = 0 + retention_in_days = 180 } diff --git a/infra/terraform.tfstate b/infra/terraform.tfstate index e9438e7..f3ebee2 100644 --- a/infra/terraform.tfstate +++ b/infra/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.6", - "serial": 41, + "serial": 45, "lineage": "ed8fbb99-5570-1b6d-6765-46ed4759afc0", "outputs": {}, "resources": [ @@ -1220,7 +1220,7 @@ "name": "index-everywhere", "publish": true, "runtime": "cloudfront-js-2.0", - "status": "IN_PROGRESS" + "status": "DEPLOYED" }, "sensitive_attributes": [], "private": "bnVsbA==" @@ -1290,13 +1290,13 @@ "log_group_class": "STANDARD", "name": "/aws/api-gateway/wewerewondering", "name_prefix": "", - "retention_in_days": 0, + "retention_in_days": 180, "skip_destroy": false, "tags": {}, "tags_all": {} }, "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + "private": "bnVsbA==" } ] }, @@ -1315,13 +1315,13 @@ "log_group_class": "STANDARD", "name": "/aws/lambda/wewerewondering-api", "name_prefix": "", - "retention_in_days": 0, + "retention_in_days": 180, "skip_destroy": false, "tags": {}, "tags_all": {} }, "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + "private": "bnVsbA==" } ] }, From 3e326928ddabc60dbf8ab05f2112c54940280fb1 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:51:11 +0100 Subject: [PATCH 16/26] Bring in saved queries --- infra/athena.tf | 20 ++++++++++++++-- infra/terraform.tfstate | 52 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 69 insertions(+), 3 deletions(-) diff --git a/infra/athena.tf b/infra/athena.tf index df340f9..e7fa9f1 100644 --- a/infra/athena.tf +++ b/infra/athena.tf @@ -1,5 +1,7 @@ locals { athena = "wewerewondering-athena" + db = "default" + tbl = "cloudfront_logs" } resource "aws_s3_bucket" "athena" { @@ -26,8 +28,8 @@ resource "aws_s3_bucket_acl" "athena" { # https://docs.aws.amazon.com/athena/latest/ug/cloudfront-logs.html resource "aws_glue_catalog_table" "cf_logs" { - name = "cloudfront_logs" - database_name = "default" + name = local.tbl + database_name = local.db table_type = "EXTERNAL_TABLE" owner = "hadoop" parameters = { @@ -194,3 +196,17 @@ resource "aws_athena_workgroup" "www" { } } } + +resource "aws_athena_named_query" "common_errs" { + name = "Common errors" + workgroup = aws_athena_workgroup.www.name + database = local.db + query = "SELECT request_ip, method, uri, status, COUNT(*) AS n FROM \"${local.db}\".\"${local.tbl}\" where status >= 400 AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) > current_timestamp - interval '8' hour GROUP BY status, method, uri, request_ip HAVING COUNT(*) > 1 ORDER BY n DESC;" +} + +resource "aws_athena_named_query" "recent_errs" { + name = "Recent errors" + workgroup = aws_athena_workgroup.www.name + database = local.db + query = "SELECT from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) AT TIME ZONE 'America/Los_Angeles' as \"when\", request_ip, method, uri, status FROM \"${local.db}\".\"${local.tbl}\" where status >= 400 AND status <= 599 AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) > current_timestamp - interval '1' hour ORDER BY \"when\" desc limit 25;" +} diff --git a/infra/terraform.tfstate b/infra/terraform.tfstate index f3ebee2..cac7c81 100644 --- a/infra/terraform.tfstate +++ b/infra/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.6", - "serial": 45, + "serial": 46, "lineage": "ed8fbb99-5570-1b6d-6765-46ed4759afc0", "outputs": {}, "resources": [ @@ -908,6 +908,56 @@ } ] }, + { + "mode": "managed", + "type": "aws_athena_named_query", + "name": "common_errs", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "database": "default", + "description": "", + "id": "51927d87-adf4-4fb8-9510-417390f074c9", + "name": "Common errors", + "query": "SELECT request_ip, method, uri, status, COUNT(*) AS n FROM \"default\".\"cloudfront_logs\" where status \u003e= 400 AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) \u003e current_timestamp - interval '8' hour GROUP BY status, method, uri, request_ip HAVING COUNT(*) \u003e 1 ORDER BY n DESC;", + "workgroup": "primary" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "dependencies": [ + "aws_athena_workgroup.www", + "aws_s3_bucket.athena" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_athena_named_query", + "name": "recent_errs", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "database": "default", + "description": "", + "id": "eba5cb50-1d66-436a-85ae-7c4b6fce7e2f", + "name": "Recent errors", + "query": "SELECT from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) AT TIME ZONE 'America/Los_Angeles' as \"when\", request_ip, method, uri, status FROM \"default\".\"cloudfront_logs\" where status \u003e= 400 AND status \u003c= 599 AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) \u003e current_timestamp - interval '1' hour ORDER BY \"when\" desc limit 25;", + "workgroup": "primary" + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "dependencies": [ + "aws_athena_workgroup.www", + "aws_s3_bucket.athena" + ] + } + ] + }, { "mode": "managed", "type": "aws_athena_workgroup", From 417cbd8a4a82b3c12338a7f42da0f765ba7b7f2d Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:56:13 +0100 Subject: [PATCH 17/26] fmt --- infra/logging.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/logging.tf b/infra/logging.tf index 508cf43..b4f5558 100644 --- a/infra/logging.tf +++ b/infra/logging.tf @@ -45,11 +45,11 @@ resource "aws_s3_bucket_acl" "logs" { } resource "aws_cloudwatch_log_group" "lambda" { - name = "/aws/lambda/wewerewondering-api" + name = "/aws/lambda/wewerewondering-api" retention_in_days = 180 } resource "aws_cloudwatch_log_group" "apigw" { - name = "/aws/api-gateway/wewerewondering" + name = "/aws/api-gateway/wewerewondering" retention_in_days = 180 } From 351465a391bde79dd9c4399b11d4b9a1dcf64451 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:56:21 +0100 Subject: [PATCH 18/26] Nicely format saved queries --- infra/athena.tf | 42 +++++++++++++++++++++++++++++++++-------- infra/terraform.tfstate | 14 +++++++------- 2 files changed, 41 insertions(+), 15 deletions(-) diff --git a/infra/athena.tf b/infra/athena.tf index e7fa9f1..f6b8e81 100644 --- a/infra/athena.tf +++ b/infra/athena.tf @@ -1,7 +1,7 @@ locals { athena = "wewerewondering-athena" - db = "default" - tbl = "cloudfront_logs" + db = "default" + tbl = "cloudfront_logs" } resource "aws_s3_bucket" "athena" { @@ -198,15 +198,41 @@ resource "aws_athena_workgroup" "www" { } resource "aws_athena_named_query" "common_errs" { - name = "Common errors" + name = "Common errors" workgroup = aws_athena_workgroup.www.name - database = local.db - query = "SELECT request_ip, method, uri, status, COUNT(*) AS n FROM \"${local.db}\".\"${local.tbl}\" where status >= 400 AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) > current_timestamp - interval '8' hour GROUP BY status, method, uri, request_ip HAVING COUNT(*) > 1 ORDER BY n DESC;" + database = local.db + query = <<-EOF + SELECT + request_ip, + method, + uri, + status, + COUNT(*) AS n + FROM "${local.db}"."${local.tbl}" + WHERE status >= 400 + AND from_iso8601_timestamp(concat(to_iso8601("date"), 'T', time)) > current_timestamp - interval '8' hour + GROUP BY status, method, uri, request_ip + HAVING COUNT(*) > 1 + ORDER BY n DESC; + EOF } resource "aws_athena_named_query" "recent_errs" { - name = "Recent errors" + name = "Recent errors" workgroup = aws_athena_workgroup.www.name - database = local.db - query = "SELECT from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) AT TIME ZONE 'America/Los_Angeles' as \"when\", request_ip, method, uri, status FROM \"${local.db}\".\"${local.tbl}\" where status >= 400 AND status <= 599 AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) > current_timestamp - interval '1' hour ORDER BY \"when\" desc limit 25;" + database = local.db + query = <<-EOF + SELECT + from_iso8601_timestamp(concat(to_iso8601("date"), 'T', time)) AT TIME ZONE 'America/Los_Angeles' as "when", + request_ip, + method, + uri, + status + FROM "${local.db}"."${local.tbl}" + WHERE status >= 400 + AND status <= 599 + AND from_iso8601_timestamp(concat(to_iso8601("date"), 'T', time)) > current_timestamp - interval '1' hour + ORDER BY "when" DESC + LIMIT 25; + EOF } diff --git a/infra/terraform.tfstate b/infra/terraform.tfstate index cac7c81..73ea831 100644 --- a/infra/terraform.tfstate +++ b/infra/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.6", - "serial": 46, + "serial": 51, "lineage": "ed8fbb99-5570-1b6d-6765-46ed4759afc0", "outputs": {}, "resources": [ @@ -919,13 +919,13 @@ "attributes": { "database": "default", "description": "", - "id": "51927d87-adf4-4fb8-9510-417390f074c9", + "id": "58a35f71-576c-435f-a35f-ebb8c9e17a63", "name": "Common errors", - "query": "SELECT request_ip, method, uri, status, COUNT(*) AS n FROM \"default\".\"cloudfront_logs\" where status \u003e= 400 AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) \u003e current_timestamp - interval '8' hour GROUP BY status, method, uri, request_ip HAVING COUNT(*) \u003e 1 ORDER BY n DESC;", + "query": "SELECT\n request_ip,\n method,\n uri,\n status,\n COUNT(*) AS n\nFROM \"default\".\"cloudfront_logs\"\nWHERE status \u003e= 400\n AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) \u003e current_timestamp - interval '8' hour\nGROUP BY status, method, uri, request_ip\nHAVING COUNT(*) \u003e 1\nORDER BY n DESC;\n", "workgroup": "primary" }, "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "private": "bnVsbA==", "dependencies": [ "aws_athena_workgroup.www", "aws_s3_bucket.athena" @@ -944,13 +944,13 @@ "attributes": { "database": "default", "description": "", - "id": "eba5cb50-1d66-436a-85ae-7c4b6fce7e2f", + "id": "122e22d7-4d07-498a-87e2-4843a943176e", "name": "Recent errors", - "query": "SELECT from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) AT TIME ZONE 'America/Los_Angeles' as \"when\", request_ip, method, uri, status FROM \"default\".\"cloudfront_logs\" where status \u003e= 400 AND status \u003c= 599 AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) \u003e current_timestamp - interval '1' hour ORDER BY \"when\" desc limit 25;", + "query": "SELECT\n from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) AT TIME ZONE 'America/Los_Angeles' as \"when\",\n request_ip,\n method,\n uri,\n status\nFROM \"default\".\"cloudfront_logs\"\nWHERE status \u003e= 400\n AND status \u003c= 599\n AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) \u003e current_timestamp - interval '1' hour\nORDER BY \"when\" DESC\nLIMIT 25;\n", "workgroup": "primary" }, "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "private": "bnVsbA==", "dependencies": [ "aws_athena_workgroup.www", "aws_s3_bucket.athena" From 72752b5d3a96fe705f9ca39b5bf334c6428de134 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 15:57:29 +0100 Subject: [PATCH 19/26] Modernize queries for stable site --- infra/athena.tf | 6 +++--- infra/terraform.tfstate | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/infra/athena.tf b/infra/athena.tf index f6b8e81..1c73a50 100644 --- a/infra/athena.tf +++ b/infra/athena.tf @@ -210,7 +210,7 @@ resource "aws_athena_named_query" "common_errs" { COUNT(*) AS n FROM "${local.db}"."${local.tbl}" WHERE status >= 400 - AND from_iso8601_timestamp(concat(to_iso8601("date"), 'T', time)) > current_timestamp - interval '8' hour + AND from_iso8601_timestamp(concat(to_iso8601("date"), 'T', time)) > current_timestamp - interval '14' day GROUP BY status, method, uri, request_ip HAVING COUNT(*) > 1 ORDER BY n DESC; @@ -223,7 +223,7 @@ resource "aws_athena_named_query" "recent_errs" { database = local.db query = <<-EOF SELECT - from_iso8601_timestamp(concat(to_iso8601("date"), 'T', time)) AT TIME ZONE 'America/Los_Angeles' as "when", + from_iso8601_timestamp(concat(to_iso8601("date"), 'T', time)) AT TIME ZONE 'Europe/Oslo' as "when", request_ip, method, uri, @@ -231,7 +231,7 @@ resource "aws_athena_named_query" "recent_errs" { FROM "${local.db}"."${local.tbl}" WHERE status >= 400 AND status <= 599 - AND from_iso8601_timestamp(concat(to_iso8601("date"), 'T', time)) > current_timestamp - interval '1' hour + AND from_iso8601_timestamp(concat(to_iso8601("date"), 'T', time)) > current_timestamp - interval '8' hour ORDER BY "when" DESC LIMIT 25; EOF diff --git a/infra/terraform.tfstate b/infra/terraform.tfstate index 73ea831..e088231 100644 --- a/infra/terraform.tfstate +++ b/infra/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.6", - "serial": 51, + "serial": 56, "lineage": "ed8fbb99-5570-1b6d-6765-46ed4759afc0", "outputs": {}, "resources": [ @@ -919,9 +919,9 @@ "attributes": { "database": "default", "description": "", - "id": "58a35f71-576c-435f-a35f-ebb8c9e17a63", + "id": "7fe4a7b7-e3f3-4e3e-8768-9fa12ae8665a", "name": "Common errors", - "query": "SELECT\n request_ip,\n method,\n uri,\n status,\n COUNT(*) AS n\nFROM \"default\".\"cloudfront_logs\"\nWHERE status \u003e= 400\n AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) \u003e current_timestamp - interval '8' hour\nGROUP BY status, method, uri, request_ip\nHAVING COUNT(*) \u003e 1\nORDER BY n DESC;\n", + "query": "SELECT\n request_ip,\n method,\n uri,\n status,\n COUNT(*) AS n\nFROM \"default\".\"cloudfront_logs\"\nWHERE status \u003e= 400\n AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) \u003e current_timestamp - interval '14' day\nGROUP BY status, method, uri, request_ip\nHAVING COUNT(*) \u003e 1\nORDER BY n DESC;\n", "workgroup": "primary" }, "sensitive_attributes": [], @@ -944,9 +944,9 @@ "attributes": { "database": "default", "description": "", - "id": "122e22d7-4d07-498a-87e2-4843a943176e", + "id": "0695117f-4181-4af2-aa2f-9ccf63a5c7f9", "name": "Recent errors", - "query": "SELECT\n from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) AT TIME ZONE 'America/Los_Angeles' as \"when\",\n request_ip,\n method,\n uri,\n status\nFROM \"default\".\"cloudfront_logs\"\nWHERE status \u003e= 400\n AND status \u003c= 599\n AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) \u003e current_timestamp - interval '1' hour\nORDER BY \"when\" DESC\nLIMIT 25;\n", + "query": "SELECT\n from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) AT TIME ZONE 'Europe/Oslo' as \"when\",\n request_ip,\n method,\n uri,\n status\nFROM \"default\".\"cloudfront_logs\"\nWHERE status \u003e= 400\n AND status \u003c= 599\n AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) \u003e current_timestamp - interval '8' hour\nORDER BY \"when\" DESC\nLIMIT 25;\n", "workgroup": "primary" }, "sensitive_attributes": [], From 6d0b8656abd2363656f28a1d28e4b13c0f47c464 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 16:12:33 +0100 Subject: [PATCH 20/26] Ignore all terraform backups --- infra/.gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/.gitignore b/infra/.gitignore index 4c5e843..06ddd79 100644 --- a/infra/.gitignore +++ b/infra/.gitignore @@ -1,3 +1,3 @@ .terraform/ -terraform.tfstate.backup +terraform.tfstate.*backup lambda_function_payload.zip From 4c1485b44198c4f2dc9114ce7e2b9e4d8ec9ee75 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 16:18:11 +0100 Subject: [PATCH 21/26] After terraform state rm *s3* --- infra/terraform.tfstate | 808 +--------------------------------------- 1 file changed, 1 insertion(+), 807 deletions(-) diff --git a/infra/terraform.tfstate b/infra/terraform.tfstate index e088231..a09b8d9 100644 --- a/infra/terraform.tfstate +++ b/infra/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.6", - "serial": 56, + "serial": 67, "lineage": "ed8fbb99-5570-1b6d-6765-46ed4759afc0", "outputs": {}, "resources": [ @@ -2284,812 +2284,6 @@ } ] }, - { - "mode": "managed", - "type": "aws_s3_bucket", - "name": "athena", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "acceleration_status": "", - "acl": null, - "arn": "arn:aws:s3:::wewerewondering-athena", - "bucket": "wewerewondering-athena", - "bucket_domain_name": "wewerewondering-athena.s3.amazonaws.com", - "bucket_prefix": "", - "bucket_regional_domain_name": "wewerewondering-athena.s3.us-east-1.amazonaws.com", - "cors_rule": [], - "force_destroy": null, - "grant": [ - { - "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", - "permissions": [ - "FULL_CONTROL" - ], - "type": "CanonicalUser", - "uri": "" - } - ], - "hosted_zone_id": "Z3AQBSTGFYJSTF", - "id": "wewerewondering-athena", - "lifecycle_rule": [], - "logging": [], - "object_lock_configuration": [], - "object_lock_enabled": false, - "policy": "", - "region": "us-east-1", - "replication_configuration": [], - "request_payer": "BucketOwner", - "server_side_encryption_configuration": [ - { - "rule": [ - { - "apply_server_side_encryption_by_default": [ - { - "kms_master_key_id": "", - "sse_algorithm": "AES256" - } - ], - "bucket_key_enabled": false - } - ] - } - ], - "tags": {}, - "tags_all": {}, - "timeouts": null, - "versioning": [ - { - "enabled": false, - "mfa_delete": false - } - ], - "website": [], - "website_domain": null, - "website_endpoint": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInJlYWQiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMCJ9" - } - ] - }, - { - "mode": "managed", - "type": "aws_s3_bucket", - "name": "logs", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "acceleration_status": "", - "acl": null, - "arn": "arn:aws:s3:::wewerewondering-logs", - "bucket": "wewerewondering-logs", - "bucket_domain_name": "wewerewondering-logs.s3.amazonaws.com", - "bucket_prefix": "", - "bucket_regional_domain_name": "wewerewondering-logs.s3.us-east-1.amazonaws.com", - "cors_rule": [], - "force_destroy": null, - "grant": [ - { - "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", - "permissions": [ - "FULL_CONTROL" - ], - "type": "CanonicalUser", - "uri": "" - }, - { - "id": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "permissions": [ - "FULL_CONTROL" - ], - "type": "CanonicalUser", - "uri": "" - } - ], - "hosted_zone_id": "Z3AQBSTGFYJSTF", - "id": "wewerewondering-logs", - "lifecycle_rule": [], - "logging": [], - "object_lock_configuration": [], - "object_lock_enabled": false, - "policy": "", - "region": "us-east-1", - "replication_configuration": [], - "request_payer": "BucketOwner", - "server_side_encryption_configuration": [ - { - "rule": [ - { - "apply_server_side_encryption_by_default": [ - { - "kms_master_key_id": "", - "sse_algorithm": "AES256" - } - ], - "bucket_key_enabled": false - } - ] - } - ], - "tags": {}, - "tags_all": {}, - "timeouts": null, - "versioning": [ - { - "enabled": false, - "mfa_delete": false - } - ], - "website": [], - "website_domain": null, - "website_endpoint": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInJlYWQiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMCJ9" - } - ] - }, - { - "mode": "managed", - "type": "aws_s3_bucket", - "name": "static", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "acceleration_status": "", - "acl": null, - "arn": "arn:aws:s3:::wewerewondering-static", - "bucket": "wewerewondering-static", - "bucket_domain_name": "wewerewondering-static.s3.amazonaws.com", - "bucket_prefix": "", - "bucket_regional_domain_name": "wewerewondering-static.s3.us-east-1.amazonaws.com", - "cors_rule": [], - "force_destroy": true, - "grant": [ - { - "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", - "permissions": [ - "FULL_CONTROL" - ], - "type": "CanonicalUser", - "uri": "" - } - ], - "hosted_zone_id": "Z3AQBSTGFYJSTF", - "id": "wewerewondering-static", - "lifecycle_rule": [], - "logging": [], - "object_lock_configuration": [], - "object_lock_enabled": false, - "policy": "{\"Id\":\"PolicyForCloudFrontPrivateContent\",\"Statement\":[{\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudfront::880545379339:distribution/E1ECZRHBXFKMHK\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudfront.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::wewerewondering-static\",\"arn:aws:s3:::wewerewondering-static/*\"],\"Sid\":\"AllowCloudFrontServicePrincipal\"}],\"Version\":\"2012-10-17\"}", - "region": "us-east-1", - "replication_configuration": [], - "request_payer": "BucketOwner", - "server_side_encryption_configuration": [ - { - "rule": [ - { - "apply_server_side_encryption_by_default": [ - { - "kms_master_key_id": "", - "sse_algorithm": "AES256" - } - ], - "bucket_key_enabled": false - } - ] - } - ], - "tags": {}, - "tags_all": {}, - "timeouts": null, - "versioning": [ - { - "enabled": true, - "mfa_delete": false - } - ], - "website": [], - "website_domain": null, - "website_endpoint": null - }, - "sensitive_attributes": [], - "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInJlYWQiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19" - } - ] - }, - { - "mode": "managed", - "type": "aws_s3_bucket_acl", - "name": "athena", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "access_control_policy": [ - { - "grant": [ - { - "grantee": [ - { - "display_name": "admin", - "email_address": "", - "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", - "type": "CanonicalUser", - "uri": "" - } - ], - "permission": "FULL_CONTROL" - } - ], - "owner": [ - { - "display_name": "admin", - "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2" - } - ] - } - ], - "acl": "private", - "bucket": "wewerewondering-athena", - "expected_bucket_owner": "", - "id": "wewerewondering-athena,private" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", - "dependencies": [ - "aws_s3_bucket.athena", - "aws_s3_bucket_ownership_controls.athena" - ] - } - ] - }, - { - "mode": "managed", - "type": "aws_s3_bucket_acl", - "name": "logs", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "access_control_policy": [ - { - "grant": [ - { - "grantee": [ - { - "display_name": "admin", - "email_address": "", - "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", - "type": "CanonicalUser", - "uri": "" - } - ], - "permission": "FULL_CONTROL" - }, - { - "grantee": [ - { - "display_name": "awslogsdelivery+s3_us-east-1", - "email_address": "", - "id": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", - "type": "CanonicalUser", - "uri": "" - } - ], - "permission": "FULL_CONTROL" - } - ], - "owner": [ - { - "display_name": "admin", - "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2" - } - ] - } - ], - "acl": "", - "bucket": "wewerewondering-logs", - "expected_bucket_owner": "", - "id": "wewerewondering-logs" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_s3_bucket.logs", - "aws_s3_bucket_ownership_controls.logs", - "data.aws_canonical_user_id.current" - ] - } - ] - }, - { - "mode": "managed", - "type": "aws_s3_bucket_acl", - "name": "static", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "access_control_policy": [ - { - "grant": [ - { - "grantee": [ - { - "display_name": "admin", - "email_address": "", - "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", - "type": "CanonicalUser", - "uri": "" - } - ], - "permission": "FULL_CONTROL" - } - ], - "owner": [ - { - "display_name": "admin", - "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2" - } - ] - } - ], - "acl": "private", - "bucket": "wewerewondering-static", - "expected_bucket_owner": "", - "id": "wewerewondering-static,private" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", - "dependencies": [ - "aws_s3_bucket.static", - "aws_s3_bucket_ownership_controls.static" - ] - } - ] - }, - { - "mode": "managed", - "type": "aws_s3_bucket_ownership_controls", - "name": "athena", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "bucket": "wewerewondering-athena", - "id": "wewerewondering-athena", - "rule": [ - { - "object_ownership": "BucketOwnerEnforced" - } - ] - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", - "dependencies": [ - "aws_s3_bucket.athena" - ] - } - ] - }, - { - "mode": "managed", - "type": "aws_s3_bucket_ownership_controls", - "name": "logs", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "bucket": "wewerewondering-logs", - "id": "wewerewondering-logs", - "rule": [ - { - "object_ownership": "BucketOwnerPreferred" - } - ] - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", - "dependencies": [ - "aws_s3_bucket.logs" - ] - } - ] - }, - { - "mode": "managed", - "type": "aws_s3_bucket_ownership_controls", - "name": "static", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "bucket": "wewerewondering-static", - "id": "wewerewondering-static", - "rule": [ - { - "object_ownership": "BucketOwnerEnforced" - } - ] - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", - "dependencies": [ - "aws_s3_bucket.static" - ] - } - ] - }, - { - "mode": "managed", - "type": "aws_s3_bucket_policy", - "name": "cloudfront", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "schema_version": 0, - "attributes": { - "bucket": "wewerewondering-static", - "id": "wewerewondering-static", - "policy": "{\"Id\":\"PolicyForCloudFrontPrivateContent\",\"Statement\":[{\"Action\":[\"s3:GetObject\",\"s3:ListBucket\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudfront::880545379339:distribution/E1ECZRHBXFKMHK\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudfront.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::wewerewondering-static\",\"arn:aws:s3:::wewerewondering-static/*\"],\"Sid\":\"AllowCloudFrontServicePrincipal\"}],\"Version\":\"2012-10-17\"}" - }, - "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", - "dependencies": [ - "aws_acm_certificate.www", - "aws_acm_certificate_validation.www", - "aws_apigatewayv2_api.www", - "aws_cloudfront_cache_policy.cache_when_requested", - "aws_cloudfront_distribution.www", - "aws_cloudfront_function.index_everywhere", - "aws_cloudfront_origin_access_control.static", - "aws_route53_record.www_cert", - "aws_route53_zone.www", - "aws_s3_bucket.logs", - "aws_s3_bucket.static", - "data.aws_iam_policy_document.cloudfront_s3", - "data.aws_region.current" - ] - } - ] - }, - { - "mode": "managed", - "type": "aws_s3_object", - "name": "dist", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [ - { - "index_key": "apple-touch-icon.png", - "schema_version": 0, - "attributes": { - "acl": null, - "bucket": "wewerewondering-static", - "bucket_key_enabled": false, - "cache_control": "", - "checksum_algorithm": null, - "checksum_crc32": "", - "checksum_crc32c": "", - "checksum_sha1": "", - "checksum_sha256": "", - "content": null, - "content_base64": null, - "content_disposition": "", - "content_encoding": "", - "content_language": "", - "content_type": "image/png", - "etag": "52a5465ca4b8008b0a16f927ee7ff362", - "force_destroy": true, - "id": "apple-touch-icon.png", - "key": "apple-touch-icon.png", - "kms_key_id": null, - "metadata": {}, - "object_lock_legal_hold_status": "", - "object_lock_mode": "", - "object_lock_retain_until_date": "", - "override_provider": [], - "server_side_encryption": "AES256", - "source": "./../client/dist/apple-touch-icon.png", - "source_hash": null, - "storage_class": "STANDARD", - "tags": {}, - "tags_all": {}, - "version_id": "KhtCoK4ke4VLN8dlAldhid7g5IpCByV3", - "website_redirect": "" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_s3_bucket.static", - "terraform_data.npm_build" - ] - }, - { - "index_key": "assets/index.2bd4e337.css", - "schema_version": 0, - "attributes": { - "acl": null, - "bucket": "wewerewondering-static", - "bucket_key_enabled": false, - "cache_control": "", - "checksum_algorithm": null, - "checksum_crc32": "", - "checksum_crc32c": "", - "checksum_sha1": "", - "checksum_sha256": "", - "content": null, - "content_base64": null, - "content_disposition": "", - "content_encoding": "", - "content_language": "", - "content_type": "application/octet-stream", - "etag": "5a011ef78398105b0b753585d662a46a", - "force_destroy": true, - "id": "assets/index.2bd4e337.css", - "key": "assets/index.2bd4e337.css", - "kms_key_id": null, - "metadata": {}, - "object_lock_legal_hold_status": "", - "object_lock_mode": "", - "object_lock_retain_until_date": "", - "override_provider": [], - "server_side_encryption": "AES256", - "source": "./../client/dist/assets/index.2bd4e337.css", - "source_hash": null, - "storage_class": "STANDARD", - "tags": {}, - "tags_all": {}, - "version_id": "fcrJkc3.SZPdI_cFbJmpQYdeIGpQ5dtT", - "website_redirect": "" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_s3_bucket.static", - "terraform_data.npm_build" - ] - }, - { - "index_key": "assets/index.61e1a11f.js", - "schema_version": 0, - "attributes": { - "acl": null, - "bucket": "wewerewondering-static", - "bucket_key_enabled": false, - "cache_control": "", - "checksum_algorithm": null, - "checksum_crc32": "", - "checksum_crc32c": "", - "checksum_sha1": "", - "checksum_sha256": "", - "content": null, - "content_base64": null, - "content_disposition": "", - "content_encoding": "", - "content_language": "", - "content_type": "application/octet-stream", - "etag": "d1d29e8de8077de4849b08dc90b12067", - "force_destroy": true, - "id": "assets/index.61e1a11f.js", - "key": "assets/index.61e1a11f.js", - "kms_key_id": null, - "metadata": {}, - "object_lock_legal_hold_status": "", - "object_lock_mode": "", - "object_lock_retain_until_date": "", - "override_provider": [], - "server_side_encryption": "AES256", - "source": "./../client/dist/assets/index.61e1a11f.js", - "source_hash": null, - "storage_class": "STANDARD", - "tags": {}, - "tags_all": {}, - "version_id": "ZasJSuKnoQkdPVIKPMI7yVtk4KK6mtq2", - "website_redirect": "" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_s3_bucket.static", - "terraform_data.npm_build" - ] - }, - { - "index_key": "favicon.ico", - "schema_version": 0, - "attributes": { - "acl": null, - "bucket": "wewerewondering-static", - "bucket_key_enabled": false, - "cache_control": "", - "checksum_algorithm": null, - "checksum_crc32": "", - "checksum_crc32c": "", - "checksum_sha1": "", - "checksum_sha256": "", - "content": null, - "content_base64": null, - "content_disposition": "", - "content_encoding": "", - "content_language": "", - "content_type": "image/vnd.microsoft.icon", - "etag": "9a5d0dd396d479d9a60ce80e008475a9", - "force_destroy": true, - "id": "favicon.ico", - "key": "favicon.ico", - "kms_key_id": null, - "metadata": {}, - "object_lock_legal_hold_status": "", - "object_lock_mode": "", - "object_lock_retain_until_date": "", - "override_provider": [], - "server_side_encryption": "AES256", - "source": "./../client/dist/favicon.ico", - "source_hash": null, - "storage_class": "STANDARD", - "tags": {}, - "tags_all": {}, - "version_id": "y_e3V3kB2q_Gch4xYPpe80iUtglgW.wJ", - "website_redirect": "" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_s3_bucket.static", - "terraform_data.npm_build" - ] - }, - { - "index_key": "favicon.png", - "schema_version": 0, - "attributes": { - "acl": null, - "bucket": "wewerewondering-static", - "bucket_key_enabled": false, - "cache_control": "", - "checksum_algorithm": null, - "checksum_crc32": "", - "checksum_crc32c": "", - "checksum_sha1": "", - "checksum_sha256": "", - "content": null, - "content_base64": null, - "content_disposition": "", - "content_encoding": "", - "content_language": "", - "content_type": "image/png", - "etag": "728e06e6955b04591e1388ba988ce7d2", - "force_destroy": true, - "id": "favicon.png", - "key": "favicon.png", - "kms_key_id": null, - "metadata": {}, - "object_lock_legal_hold_status": "", - "object_lock_mode": "", - "object_lock_retain_until_date": "", - "override_provider": [], - "server_side_encryption": "AES256", - "source": "./../client/dist/favicon.png", - "source_hash": null, - "storage_class": "STANDARD", - "tags": {}, - "tags_all": {}, - "version_id": "SdfKy.PJYlD20fnyvYfvn3hilqu6cMWu", - "website_redirect": "" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_s3_bucket.static", - "terraform_data.npm_build" - ] - }, - { - "index_key": "index.html", - "schema_version": 0, - "attributes": { - "acl": null, - "bucket": "wewerewondering-static", - "bucket_key_enabled": false, - "cache_control": "max-age=300", - "checksum_algorithm": null, - "checksum_crc32": "", - "checksum_crc32c": "", - "checksum_sha1": "", - "checksum_sha256": "", - "content": null, - "content_base64": null, - "content_disposition": "", - "content_encoding": "", - "content_language": "", - "content_type": "text/html", - "etag": "88d8b88c12fd720a490b5d7581f7857c", - "force_destroy": true, - "id": "index.html", - "key": "index.html", - "kms_key_id": null, - "metadata": {}, - "object_lock_legal_hold_status": "", - "object_lock_mode": "", - "object_lock_retain_until_date": "", - "override_provider": [], - "server_side_encryption": "AES256", - "source": "./../client/dist/index.html", - "source_hash": null, - "storage_class": "STANDARD", - "tags": {}, - "tags_all": {}, - "version_id": "m8BBRjbTQF_MR05o_gwp91brhmLMkwL0", - "website_redirect": "" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_s3_bucket.static", - "terraform_data.npm_build" - ] - }, - { - "index_key": "robots.txt", - "schema_version": 0, - "attributes": { - "acl": null, - "bucket": "wewerewondering-static", - "bucket_key_enabled": false, - "cache_control": "", - "checksum_algorithm": null, - "checksum_crc32": "", - "checksum_crc32c": "", - "checksum_sha1": "", - "checksum_sha256": "", - "content": null, - "content_base64": null, - "content_disposition": "", - "content_encoding": "", - "content_language": "", - "content_type": "text/plain", - "etag": "e3022ff38873f5c22cfe88800696dd13", - "force_destroy": true, - "id": "robots.txt", - "key": "robots.txt", - "kms_key_id": null, - "metadata": {}, - "object_lock_legal_hold_status": "", - "object_lock_mode": "", - "object_lock_retain_until_date": "", - "override_provider": [], - "server_side_encryption": "AES256", - "source": "./../client/dist/robots.txt", - "source_hash": null, - "storage_class": "STANDARD", - "tags": {}, - "tags_all": {}, - "version_id": "YbTpjMemdQpuKHR1Kwqp6TZE81ar6v8i", - "website_redirect": "" - }, - "sensitive_attributes": [], - "private": "bnVsbA==", - "dependencies": [ - "aws_s3_bucket.static", - "terraform_data.npm_build" - ] - } - ] - }, { "mode": "managed", "type": "terraform_data", From 39be68a4e20c246e8a71030fe8e4e3277daca26b Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 16:18:26 +0100 Subject: [PATCH 22/26] Prepare move to new region --- infra/athena.tf | 2 +- infra/logging.tf | 2 +- infra/main.tf | 2 +- infra/static.tf | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/infra/athena.tf b/infra/athena.tf index 1c73a50..29890a8 100644 --- a/infra/athena.tf +++ b/infra/athena.tf @@ -1,5 +1,5 @@ locals { - athena = "wewerewondering-athena" + athena = "wewerewondering-${data.aws_region.current.name}-athena" db = "default" tbl = "cloudfront_logs" } diff --git a/infra/logging.tf b/infra/logging.tf index b4f5558..9cc2a17 100644 --- a/infra/logging.tf +++ b/infra/logging.tf @@ -1,5 +1,5 @@ locals { - logs = "wewerewondering-logs" + logs = "wewerewondering-${data.aws_region.current.name}-logs" } data "aws_canonical_user_id" "current" {} diff --git a/infra/main.tf b/infra/main.tf index e6dcc39..7c64bb3 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -10,7 +10,7 @@ terraform { } provider "aws" { - region = "us-east-1" + region = "eu-north-1" assume_role { role_arn = "arn:aws:iam::880545379339:role/OrganizationAccountAccessRole" external_id = "terraform" diff --git a/infra/static.tf b/infra/static.tf index 47514c0..333afb9 100644 --- a/infra/static.tf +++ b/infra/static.tf @@ -1,5 +1,5 @@ locals { - static = "wewerewondering-static" + static = "wewerewondering-${data.aws_region.current.name}-static" } resource "aws_s3_bucket" "static" { From 7872add2c40fbcb16f412e241945c8513ce8022c Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 16:43:01 +0100 Subject: [PATCH 23/26] Remove unused (and invalid) bucket ACLs --- infra/athena.tf | 7 ------- infra/static.tf | 7 ------- 2 files changed, 14 deletions(-) diff --git a/infra/athena.tf b/infra/athena.tf index 29890a8..66f3214 100644 --- a/infra/athena.tf +++ b/infra/athena.tf @@ -19,13 +19,6 @@ resource "aws_s3_bucket_ownership_controls" "athena" { } } -resource "aws_s3_bucket_acl" "athena" { - depends_on = [aws_s3_bucket_ownership_controls.athena] - - bucket = aws_s3_bucket.athena.id - acl = "private" -} - # https://docs.aws.amazon.com/athena/latest/ug/cloudfront-logs.html resource "aws_glue_catalog_table" "cf_logs" { name = local.tbl diff --git a/infra/static.tf b/infra/static.tf index 333afb9..da9941e 100644 --- a/infra/static.tf +++ b/infra/static.tf @@ -15,13 +15,6 @@ resource "aws_s3_bucket_ownership_controls" "static" { } } -resource "aws_s3_bucket_acl" "static" { - depends_on = [aws_s3_bucket_ownership_controls.static] - - bucket = aws_s3_bucket.static.id - acl = "private" -} - data "aws_iam_policy_document" "cloudfront_s3" { policy_id = "PolicyForCloudFrontPrivateContent" From 726cf2ab39f69112bee5deecfceab24de615a164 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 16:43:14 +0100 Subject: [PATCH 24/26] Create Glue catalog database as well --- infra/athena.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/infra/athena.tf b/infra/athena.tf index 66f3214..31f8771 100644 --- a/infra/athena.tf +++ b/infra/athena.tf @@ -19,6 +19,10 @@ resource "aws_s3_bucket_ownership_controls" "athena" { } } +resource "aws_glue_catalog_database" "default" { + name = local.db +} + # https://docs.aws.amazon.com/athena/latest/ug/cloudfront-logs.html resource "aws_glue_catalog_table" "cf_logs" { name = local.tbl @@ -29,6 +33,7 @@ resource "aws_glue_catalog_table" "cf_logs" { EXTERNAL = "TRUE" "skip.header.line.count" = 2 } + depends_on = [aws_glue_catalog_database.default] storage_descriptor { input_format = "org.apache.hadoop.mapred.TextInputFormat" location = "s3://${aws_s3_bucket.logs.id}/" From 3c81ad0a28760156a20b17b418a8a20afd08c96f Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 16:43:32 +0100 Subject: [PATCH 25/26] Give API GW permission to invoke lambda --- infra/apigw.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/infra/apigw.tf b/infra/apigw.tf index 7bc97f8..dd01583 100644 --- a/infra/apigw.tf +++ b/infra/apigw.tf @@ -86,3 +86,11 @@ resource "aws_apigatewayv2_route" "api_route" { route_key = each.value target = "integrations/${aws_apigatewayv2_integration.www.id}" } + +resource "aws_lambda_permission" "www" { + statement_id = "AllowExecutionFromAPIGateway" + action = "lambda:InvokeFunction" + function_name = aws_lambda_function.www.function_name + principal = "apigateway.amazonaws.com" + source_arn = "${aws_apigatewayv2_stage.www.execution_arn}/*" +} From 838df9245f6dc486c65f9030c173d1c76798ca05 Mon Sep 17 00:00:00 2001 From: Jon Gjengset Date: Sat, 30 Dec 2023 16:43:49 +0100 Subject: [PATCH 26/26] Apply in eu-north-1 --- infra/terraform.tfstate | 1004 +++++++++++++++++++++++++++++++++++---- 1 file changed, 911 insertions(+), 93 deletions(-) diff --git a/infra/terraform.tfstate b/infra/terraform.tfstate index a09b8d9..438134c 100644 --- a/infra/terraform.tfstate +++ b/infra/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.6.6", - "serial": 67, + "serial": 122, "lineage": "ed8fbb99-5570-1b6d-6765-46ed4759afc0", "outputs": {}, "resources": [ @@ -46,7 +46,7 @@ { "schema_version": 0, "attributes": { - "display_name": "admin", + "display_name": "", "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2" }, "sensitive_attributes": [] @@ -146,8 +146,8 @@ { "schema_version": 0, "attributes": { - "id": "209197484", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Id\": \"PolicyForCloudFrontPrivateContent\",\n \"Statement\": [\n {\n \"Sid\": \"AllowCloudFrontServicePrincipal\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::wewerewondering-static/*\",\n \"arn:aws:s3:::wewerewondering-static\"\n ],\n \"Principal\": {\n \"Service\": \"cloudfront.amazonaws.com\"\n },\n \"Condition\": {\n \"StringEquals\": {\n \"AWS:SourceArn\": \"arn:aws:cloudfront::880545379339:distribution/E1ECZRHBXFKMHK\"\n }\n }\n }\n ]\n}", + "id": "3895331988", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Id\": \"PolicyForCloudFrontPrivateContent\",\n \"Statement\": [\n {\n \"Sid\": \"AllowCloudFrontServicePrincipal\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListBucket\",\n \"s3:GetObject\"\n ],\n \"Resource\": [\n \"arn:aws:s3:::wewerewondering-eu-north-1-static/*\",\n \"arn:aws:s3:::wewerewondering-eu-north-1-static\"\n ],\n \"Principal\": {\n \"Service\": \"cloudfront.amazonaws.com\"\n },\n \"Condition\": {\n \"StringEquals\": {\n \"AWS:SourceArn\": \"arn:aws:cloudfront::880545379339:distribution/E1ECZRHBXFKMHK\"\n }\n }\n }\n ]\n}", "override_policy_documents": null, "policy_id": "PolicyForCloudFrontPrivateContent", "source_policy_documents": null, @@ -179,8 +179,8 @@ } ], "resources": [ - "arn:aws:s3:::wewerewondering-static", - "arn:aws:s3:::wewerewondering-static/*" + "arn:aws:s3:::wewerewondering-eu-north-1-static", + "arn:aws:s3:::wewerewondering-eu-north-1-static/*" ], "sid": "AllowCloudFrontServicePrincipal" } @@ -200,8 +200,8 @@ { "schema_version": 0, "attributes": { - "id": "1400258275", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"logs:CreateLogGroup\",\n \"Resource\": \"arn:aws:logs:us-east-1:880545379339:log-group:/aws/lambda/wewerewondering-api\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"logs:PutLogEvents\",\n \"logs:CreateLogStream\"\n ],\n \"Resource\": \"arn:aws:logs:us-east-1:880545379339:log-group:/aws/lambda/wewerewondering-api:*\"\n }\n ]\n}", + "id": "3265722285", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": \"logs:CreateLogGroup\",\n \"Resource\": \"arn:aws:logs:eu-north-1:880545379339:log-group:/aws/lambda/wewerewondering-api\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"logs:PutLogEvents\",\n \"logs:CreateLogStream\"\n ],\n \"Resource\": \"arn:aws:logs:eu-north-1:880545379339:log-group:/aws/lambda/wewerewondering-api:*\"\n }\n ]\n}", "override_policy_documents": null, "policy_id": null, "source_policy_documents": null, @@ -217,7 +217,7 @@ "not_resources": [], "principals": [], "resources": [ - "arn:aws:logs:us-east-1:880545379339:log-group:/aws/lambda/wewerewondering-api" + "arn:aws:logs:eu-north-1:880545379339:log-group:/aws/lambda/wewerewondering-api" ], "sid": "" }, @@ -233,7 +233,7 @@ "not_resources": [], "principals": [], "resources": [ - "arn:aws:logs:us-east-1:880545379339:log-group:/aws/lambda/wewerewondering-api:*" + "arn:aws:logs:eu-north-1:880545379339:log-group:/aws/lambda/wewerewondering-api:*" ], "sid": "" } @@ -253,8 +253,8 @@ { "schema_version": 0, "attributes": { - "id": "2474649612", - "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"dynamodb:UpdateItem\",\n \"dynamodb:Scan\",\n \"dynamodb:Query\",\n \"dynamodb:PutItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:BatchGetItem\"\n ],\n \"Resource\": [\n \"arn:aws:dynamodb:us-east-1:880545379339:table/questions/index/top\",\n \"arn:aws:dynamodb:us-east-1:880545379339:table/questions\",\n \"arn:aws:dynamodb:us-east-1:880545379339:table/events\"\n ]\n }\n ]\n}", + "id": "207875518", + "json": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"dynamodb:UpdateItem\",\n \"dynamodb:Scan\",\n \"dynamodb:Query\",\n \"dynamodb:PutItem\",\n \"dynamodb:GetItem\",\n \"dynamodb:BatchGetItem\"\n ],\n \"Resource\": [\n \"arn:aws:dynamodb:eu-north-1:880545379339:table/questions/index/top\",\n \"arn:aws:dynamodb:eu-north-1:880545379339:table/questions\",\n \"arn:aws:dynamodb:eu-north-1:880545379339:table/events\"\n ]\n }\n ]\n}", "override_policy_documents": null, "policy_id": null, "source_policy_documents": null, @@ -275,9 +275,9 @@ "not_resources": [], "principals": [], "resources": [ - "arn:aws:dynamodb:us-east-1:880545379339:table/events", - "arn:aws:dynamodb:us-east-1:880545379339:table/questions", - "arn:aws:dynamodb:us-east-1:880545379339:table/questions/index/top" + "arn:aws:dynamodb:eu-north-1:880545379339:table/events", + "arn:aws:dynamodb:eu-north-1:880545379339:table/questions", + "arn:aws:dynamodb:eu-north-1:880545379339:table/questions/index/top" ], "sid": "" } @@ -335,10 +335,10 @@ { "schema_version": 0, "attributes": { - "description": "US East (N. Virginia)", - "endpoint": "ec2.us-east-1.amazonaws.com", - "id": "us-east-1", - "name": "us-east-1" + "description": "Europe (Stockholm)", + "endpoint": "ec2.eu-north-1.amazonaws.com", + "id": "eu-north-1", + "name": "eu-north-1" }, "sensitive_attributes": [] } @@ -452,7 +452,7 @@ ] }, "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "private": "bnVsbA==", "dependencies": [ "aws_iam_role.apigw_cw", "data.aws_iam_policy_document.apigw_assume" @@ -469,17 +469,17 @@ { "schema_version": 0, "attributes": { - "api_endpoint": "https://je8z4t28h4.execute-api.us-east-1.amazonaws.com", + "api_endpoint": "https://o19hhgzpd7.execute-api.eu-north-1.amazonaws.com", "api_key_selection_expression": "$request.header.x-api-key", - "arn": "arn:aws:apigateway:us-east-1::/apis/je8z4t28h4", + "arn": "arn:aws:apigateway:eu-north-1::/apis/o19hhgzpd7", "body": null, "cors_configuration": [], "credentials_arn": null, "description": "", "disable_execute_api_endpoint": false, - "execution_arn": "arn:aws:execute-api:us-east-1:880545379339:je8z4t28h4", + "execution_arn": "arn:aws:execute-api:eu-north-1:880545379339:o19hhgzpd7", "fail_on_warnings": null, - "id": "je8z4t28h4", + "id": "o19hhgzpd7", "name": "wewerewondering", "protocol_type": "HTTP", "route_key": null, @@ -490,7 +490,7 @@ "version": "" }, "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==" + "private": "bnVsbA==" } ] }, @@ -503,18 +503,18 @@ { "schema_version": 0, "attributes": { - "api_id": "je8z4t28h4", + "api_id": "o19hhgzpd7", "connection_id": "", "connection_type": "INTERNET", "content_handling_strategy": "", "credentials_arn": "", "description": "", - "id": "4y6aomd", + "id": "tsl0pws", "integration_method": "POST", "integration_response_selection_expression": "", "integration_subtype": "", "integration_type": "AWS_PROXY", - "integration_uri": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:880545379339:function:wewerewondering-api/invocations", + "integration_uri": "arn:aws:apigateway:eu-north-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-north-1:880545379339:function:wewerewondering-api/invocations", "passthrough_behavior": "", "payload_format_version": "2.0", "request_parameters": {}, @@ -552,22 +552,22 @@ { "schema_version": 0, "attributes": { - "api_id": "je8z4t28h4", + "api_id": "o19hhgzpd7", "api_key_required": false, "authorization_scopes": [], "authorization_type": "NONE", "authorizer_id": "", - "id": "iih0hlf", + "id": "cp9a6ld", "model_selection_expression": "", "operation_name": "", "request_models": {}, "request_parameter": [], "route_key": "GET /api/event/{eid}", "route_response_selection_expression": "", - "target": "integrations/4y6aomd" + "target": "integrations/tsl0pws" }, "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "private": "bnVsbA==", "dependencies": [ "aws_apigatewayv2_api.www", "aws_apigatewayv2_integration.www", @@ -595,19 +595,19 @@ { "schema_version": 0, "attributes": { - "api_id": "je8z4t28h4", + "api_id": "o19hhgzpd7", "api_key_required": false, "authorization_scopes": [], "authorization_type": "NONE", "authorizer_id": "", - "id": "cyva0m4", + "id": "0o598vj", "model_selection_expression": "", "operation_name": "", "request_models": {}, "request_parameter": [], "route_key": "POST /api/event/{eid}", "route_response_selection_expression": "", - "target": "integrations/4y6aomd" + "target": "integrations/tsl0pws" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -638,19 +638,19 @@ { "schema_version": 0, "attributes": { - "api_id": "je8z4t28h4", + "api_id": "o19hhgzpd7", "api_key_required": false, "authorization_scopes": [], "authorization_type": "NONE", "authorizer_id": "", - "id": "lmcxybh", + "id": "21aff6l", "model_selection_expression": "", "operation_name": "", "request_models": {}, "request_parameter": [], "route_key": "POST /api/event", "route_response_selection_expression": "", - "target": "integrations/4y6aomd" + "target": "integrations/tsl0pws" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -682,19 +682,19 @@ "index_key": "get_eeq", "schema_version": 0, "attributes": { - "api_id": "je8z4t28h4", + "api_id": "o19hhgzpd7", "api_key_required": false, "authorization_scopes": [], "authorization_type": "NONE", "authorizer_id": "", - "id": "ezhnbti", + "id": "fua8trl", "model_selection_expression": "", "operation_name": "", "request_models": {}, "request_parameter": [], "route_key": "GET /api/event/{eid}/questions", "route_response_selection_expression": "", - "target": "integrations/4y6aomd" + "target": "integrations/tsl0pws" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -718,19 +718,19 @@ "index_key": "get_eeqs", "schema_version": 0, "attributes": { - "api_id": "je8z4t28h4", + "api_id": "o19hhgzpd7", "api_key_required": false, "authorization_scopes": [], "authorization_type": "NONE", "authorizer_id": "", - "id": "fb0pv8e", + "id": "tdcfcha", "model_selection_expression": "", "operation_name": "", "request_models": {}, "request_parameter": [], "route_key": "GET /api/event/{eid}/questions/{secret}", "route_response_selection_expression": "", - "target": "integrations/4y6aomd" + "target": "integrations/tsl0pws" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -754,19 +754,19 @@ "index_key": "get_q", "schema_version": 0, "attributes": { - "api_id": "je8z4t28h4", + "api_id": "o19hhgzpd7", "api_key_required": false, "authorization_scopes": [], "authorization_type": "NONE", "authorizer_id": "", - "id": "5j62zea", + "id": "whnecs5", "model_selection_expression": "", "operation_name": "", "request_models": {}, "request_parameter": [], "route_key": "GET /api/questions/{qids}", "route_response_selection_expression": "", - "target": "integrations/4y6aomd" + "target": "integrations/tsl0pws" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -790,19 +790,19 @@ "index_key": "post_toggle", "schema_version": 0, "attributes": { - "api_id": "je8z4t28h4", + "api_id": "o19hhgzpd7", "api_key_required": false, "authorization_scopes": [], "authorization_type": "NONE", "authorizer_id": "", - "id": "0y2fhvt", + "id": "7r7n45g", "model_selection_expression": "", "operation_name": "", "request_models": {}, "request_parameter": [], "route_key": "POST /api/event/{eid}/questions/{secret}/{qid}/toggle/{property}", "route_response_selection_expression": "", - "target": "integrations/4y6aomd" + "target": "integrations/tsl0pws" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -826,19 +826,19 @@ "index_key": "post_vote", "schema_version": 0, "attributes": { - "api_id": "je8z4t28h4", + "api_id": "o19hhgzpd7", "api_key_required": false, "authorization_scopes": [], "authorization_type": "NONE", "authorizer_id": "", - "id": "d6f5hnm", + "id": "rexgczk", "model_selection_expression": "", "operation_name": "", "request_models": {}, "request_parameter": [], "route_key": "POST /api/vote/{qid}/{updown}", "route_response_selection_expression": "", - "target": "integrations/4y6aomd" + "target": "integrations/tsl0pws" }, "sensitive_attributes": [], "private": "bnVsbA==", @@ -871,12 +871,12 @@ "attributes": { "access_log_settings": [ { - "destination_arn": "arn:aws:logs:us-east-1:880545379339:log-group:/aws/api-gateway/wewerewondering", + "destination_arn": "arn:aws:logs:eu-north-1:880545379339:log-group:/aws/api-gateway/wewerewondering", "format": "{\"httpMethod\":\"$context.httpMethod\",\"ip\":\"$context.identity.sourceIp\",\"protocol\":\"$context.protocol\",\"requestId\":\"$context.requestId\",\"requestTime\":\"$context.requestTime\",\"responseLength\":\"$context.responseLength\",\"routeKey\":\"$context.routeKey\",\"status\":\"$context.status\"}" } ], - "api_id": "je8z4t28h4", - "arn": "arn:aws:apigateway:us-east-1::/apis/je8z4t28h4/stages/$default", + "api_id": "o19hhgzpd7", + "arn": "arn:aws:apigateway:eu-north-1::/apis/o19hhgzpd7/stages/$default", "auto_deploy": true, "client_certificate_id": "", "default_route_settings": [ @@ -888,11 +888,11 @@ "throttling_rate_limit": 50 } ], - "deployment_id": "1um1l9", + "deployment_id": "xopd61", "description": "", - "execution_arn": "arn:aws:execute-api:us-east-1:880545379339:je8z4t28h4/$default", + "execution_arn": "arn:aws:execute-api:eu-north-1:880545379339:o19hhgzpd7/$default", "id": "$default", - "invoke_url": "https://je8z4t28h4.execute-api.us-east-1.amazonaws.com/", + "invoke_url": "https://o19hhgzpd7.execute-api.eu-north-1.amazonaws.com/", "name": "$default", "route_settings": [], "stage_variables": {}, @@ -919,7 +919,7 @@ "attributes": { "database": "default", "description": "", - "id": "7fe4a7b7-e3f3-4e3e-8768-9fa12ae8665a", + "id": "e47cc71b-7176-42a9-b161-aa19b0521bf3", "name": "Common errors", "query": "SELECT\n request_ip,\n method,\n uri,\n status,\n COUNT(*) AS n\nFROM \"default\".\"cloudfront_logs\"\nWHERE status \u003e= 400\n AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) \u003e current_timestamp - interval '14' day\nGROUP BY status, method, uri, request_ip\nHAVING COUNT(*) \u003e 1\nORDER BY n DESC;\n", "workgroup": "primary" @@ -928,7 +928,8 @@ "private": "bnVsbA==", "dependencies": [ "aws_athena_workgroup.www", - "aws_s3_bucket.athena" + "aws_s3_bucket.athena", + "data.aws_region.current" ] } ] @@ -944,7 +945,7 @@ "attributes": { "database": "default", "description": "", - "id": "0695117f-4181-4af2-aa2f-9ccf63a5c7f9", + "id": "b4eecd35-9deb-4b8b-9397-cfdb80dea0bb", "name": "Recent errors", "query": "SELECT\n from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) AT TIME ZONE 'Europe/Oslo' as \"when\",\n request_ip,\n method,\n uri,\n status\nFROM \"default\".\"cloudfront_logs\"\nWHERE status \u003e= 400\n AND status \u003c= 599\n AND from_iso8601_timestamp(concat(to_iso8601(\"date\"), 'T', time)) \u003e current_timestamp - interval '8' hour\nORDER BY \"when\" DESC\nLIMIT 25;\n", "workgroup": "primary" @@ -953,7 +954,8 @@ "private": "bnVsbA==", "dependencies": [ "aws_athena_workgroup.www", - "aws_s3_bucket.athena" + "aws_s3_bucket.athena", + "data.aws_region.current" ] } ] @@ -967,7 +969,7 @@ { "schema_version": 0, "attributes": { - "arn": "arn:aws:athena:us-east-1:880545379339:workgroup/primary", + "arn": "arn:aws:athena:eu-north-1:880545379339:workgroup/primary", "configuration": [ { "bytes_scanned_cutoff_per_query": 0, @@ -986,7 +988,7 @@ "acl_configuration": [], "encryption_configuration": [], "expected_bucket_owner": "", - "output_location": "s3://wewerewondering-athena/" + "output_location": "s3://wewerewondering-eu-north-1-athena/" } ] } @@ -1002,7 +1004,8 @@ "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ - "aws_s3_bucket.athena" + "aws_s3_bucket.athena", + "data.aws_region.current" ] } ] @@ -1107,16 +1110,16 @@ "default_root_object": "index.html", "domain_name": "d1tpt5x1e858xw.cloudfront.net", "enabled": true, - "etag": "E3ENT7PO0SW2WD", + "etag": "E2PI56HX4A1L6S", "hosted_zone_id": "Z2FDTNDATAQYW2", "http_version": "http2", "id": "E1ECZRHBXFKMHK", "in_progress_validation_batches": 0, "is_ipv6_enabled": true, - "last_modified_time": "2022-11-17 02:12:09.809 +0000 UTC", + "last_modified_time": "2023-12-30 15:18:45.217 +0000 UTC", "logging_config": [ { - "bucket": "wewerewondering-logs.s3.amazonaws.com", + "bucket": "wewerewondering-eu-north-1-logs.s3.amazonaws.com", "include_cookies": false, "prefix": "" } @@ -1173,7 +1176,7 @@ ] } ], - "domain_name": "je8z4t28h4.execute-api.us-east-1.amazonaws.com", + "domain_name": "o19hhgzpd7.execute-api.eu-north-1.amazonaws.com", "origin_access_control_id": "", "origin_id": "wewerewondering-api", "origin_path": "", @@ -1185,7 +1188,7 @@ "connection_timeout": 10, "custom_header": [], "custom_origin_config": [], - "domain_name": "wewerewondering-static.s3.us-east-1.amazonaws.com", + "domain_name": "wewerewondering-eu-north-1-static.s3.eu-north-1.amazonaws.com", "origin_access_control_id": "E2O0QG272YYJYR", "origin_id": "wewerewondering", "origin_path": "", @@ -1287,9 +1290,9 @@ "schema_version": 0, "attributes": { "description": "Managed by Terraform", - "etag": "E3UN6WX5RRO2AG", + "etag": "E1F83G8C2ARO7P", "id": "E2O0QG272YYJYR", - "name": "wewerewondering-static.s3.us-east-1.amazonaws.com", + "name": "wewerewondering-eu-north-1-static.s3.eu-north-1.amazonaws.com", "origin_access_control_origin_type": "s3", "signing_behavior": "always", "signing_protocol": "sigv4" @@ -1297,7 +1300,8 @@ "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ - "aws_s3_bucket.static" + "aws_s3_bucket.static", + "data.aws_region.current" ] } ] @@ -1312,12 +1316,12 @@ "schema_version": 0, "attributes": { "dashboard_arn": "arn:aws:cloudwatch::880545379339:dashboard/ApiGatewayHttp", - "dashboard_body": "{\"widgets\":[{\"type\":\"metric\",\"x\":0,\"y\":0,\"width\":8,\"height\":4,\"properties\":{\"metrics\":[[\"AWS/ApiGateway\",\"Count\",\"ApiId\",\"je8z4t28h4\",{\"period\":300,\"stat\":\"Sum\"}]],\"legend\":{\"position\":\"bottom\"},\"region\":\"us-east-1\",\"liveData\":false,\"title\":\"Count: Sum\",\"period\":300,\"view\":\"timeSeries\",\"stacked\":false}},{\"type\":\"metric\",\"x\":8,\"y\":0,\"width\":8,\"height\":4,\"properties\":{\"metrics\":[[\"AWS/ApiGateway\",\"5xx\",\"ApiId\",\"je8z4t28h4\",{\"period\":300,\"stat\":\"Sum\"}]],\"legend\":{\"position\":\"bottom\"},\"region\":\"us-east-1\",\"liveData\":false,\"title\":\"5XXError: Sum\",\"period\":300,\"view\":\"timeSeries\",\"stacked\":false}},{\"type\":\"metric\",\"x\":16,\"y\":0,\"width\":8,\"height\":4,\"properties\":{\"metrics\":[[\"AWS/ApiGateway\",\"4xx\",\"ApiId\",\"je8z4t28h4\",{\"period\":300,\"stat\":\"Sum\"}]],\"legend\":{\"position\":\"bottom\"},\"region\":\"us-east-1\",\"liveData\":false,\"title\":\"4XXError: Sum\",\"period\":300,\"view\":\"timeSeries\",\"stacked\":false}},{\"type\":\"metric\",\"x\":0,\"y\":4,\"width\":12,\"height\":4,\"properties\":{\"metrics\":[[\"AWS/ApiGateway\",\"Latency\",\"ApiId\",\"je8z4t28h4\",{\"period\":300,\"stat\":\"Average\"}]],\"legend\":{\"position\":\"bottom\"},\"region\":\"us-east-1\",\"liveData\":false,\"title\":\"Latency: Average\",\"period\":300,\"view\":\"timeSeries\",\"stacked\":false}},{\"type\":\"metric\",\"x\":12,\"y\":4,\"width\":12,\"height\":4,\"properties\":{\"metrics\":[[\"AWS/ApiGateway\",\"IntegrationLatency\",\"ApiId\",\"je8z4t28h4\",{\"period\":300,\"stat\":\"Average\"}]],\"legend\":{\"position\":\"bottom\"},\"region\":\"us-east-1\",\"liveData\":false,\"title\":\"IntegrationLatency: Average\",\"period\":300,\"view\":\"timeSeries\",\"stacked\":false}},{\"type\":\"metric\",\"x\":0,\"y\":8,\"width\":24,\"height\":4,\"properties\":{\"metrics\":[[\"AWS/ApiGateway\",\"DataProcessed\",\"ApiId\",\"je8z4t28h4\",{\"period\":300,\"stat\":\"Sum\"}]],\"legend\":{\"position\":\"bottom\"},\"region\":\"us-east-1\",\"liveData\":false,\"title\":\"DataProcessed: Sum\",\"period\":300,\"view\":\"timeSeries\",\"stacked\":false}}]}", + "dashboard_body": "{\"widgets\":[{\"height\":4,\"properties\":{\"legend\":{\"position\":\"bottom\"},\"liveData\":false,\"metrics\":[[\"AWS/ApiGateway\",\"Count\",\"ApiId\",\"o19hhgzpd7\",{\"period\":300,\"stat\":\"Sum\"}]],\"period\":300,\"region\":\"eu-north-1\",\"stacked\":false,\"title\":\"Count: Sum\",\"view\":\"timeSeries\"},\"type\":\"metric\",\"width\":8,\"x\":0,\"y\":0},{\"height\":4,\"properties\":{\"legend\":{\"position\":\"bottom\"},\"liveData\":false,\"metrics\":[[\"AWS/ApiGateway\",\"5xx\",\"ApiId\",\"o19hhgzpd7\",{\"period\":300,\"stat\":\"Sum\"}]],\"period\":300,\"region\":\"eu-north-1\",\"stacked\":false,\"title\":\"5XXError: Sum\",\"view\":\"timeSeries\"},\"type\":\"metric\",\"width\":8,\"x\":8,\"y\":0},{\"height\":4,\"properties\":{\"legend\":{\"position\":\"bottom\"},\"liveData\":false,\"metrics\":[[\"AWS/ApiGateway\",\"4xx\",\"ApiId\",\"o19hhgzpd7\",{\"period\":300,\"stat\":\"Sum\"}]],\"period\":300,\"region\":\"eu-north-1\",\"stacked\":false,\"title\":\"4XXError: Sum\",\"view\":\"timeSeries\"},\"type\":\"metric\",\"width\":8,\"x\":16,\"y\":0},{\"height\":4,\"properties\":{\"legend\":{\"position\":\"bottom\"},\"liveData\":false,\"metrics\":[[\"AWS/ApiGateway\",\"Latency\",\"ApiId\",\"o19hhgzpd7\",{\"period\":300,\"stat\":\"Average\"}]],\"period\":300,\"region\":\"eu-north-1\",\"stacked\":false,\"title\":\"Latency: Average\",\"view\":\"timeSeries\"},\"type\":\"metric\",\"width\":12,\"x\":0,\"y\":4},{\"height\":4,\"properties\":{\"legend\":{\"position\":\"bottom\"},\"liveData\":false,\"metrics\":[[\"AWS/ApiGateway\",\"IntegrationLatency\",\"ApiId\",\"o19hhgzpd7\",{\"period\":300,\"stat\":\"Average\"}]],\"period\":300,\"region\":\"eu-north-1\",\"stacked\":false,\"title\":\"IntegrationLatency: Average\",\"view\":\"timeSeries\"},\"type\":\"metric\",\"width\":12,\"x\":12,\"y\":4},{\"height\":4,\"properties\":{\"legend\":{\"position\":\"bottom\"},\"liveData\":false,\"metrics\":[[\"AWS/ApiGateway\",\"DataProcessed\",\"ApiId\",\"o19hhgzpd7\",{\"period\":300,\"stat\":\"Sum\"}]],\"period\":300,\"region\":\"eu-north-1\",\"stacked\":false,\"title\":\"DataProcessed: Sum\",\"view\":\"timeSeries\"},\"type\":\"metric\",\"width\":24,\"x\":0,\"y\":8}]}", "dashboard_name": "ApiGatewayHttp", "id": "ApiGatewayHttp" }, "sensitive_attributes": [], - "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ==", + "private": "bnVsbA==", "dependencies": [ "aws_apigatewayv2_api.www", "data.aws_region.current" @@ -1334,7 +1338,7 @@ { "schema_version": 0, "attributes": { - "arn": "arn:aws:logs:us-east-1:880545379339:log-group:/aws/api-gateway/wewerewondering", + "arn": "arn:aws:logs:eu-north-1:880545379339:log-group:/aws/api-gateway/wewerewondering", "id": "/aws/api-gateway/wewerewondering", "kms_key_id": "", "log_group_class": "STANDARD", @@ -1359,7 +1363,7 @@ { "schema_version": 0, "attributes": { - "arn": "arn:aws:logs:us-east-1:880545379339:log-group:/aws/lambda/wewerewondering-api", + "arn": "arn:aws:logs:eu-north-1:880545379339:log-group:/aws/lambda/wewerewondering-api", "id": "/aws/lambda/wewerewondering-api", "kms_key_id": "", "log_group_class": "STANDARD", @@ -1384,7 +1388,7 @@ { "schema_version": 1, "attributes": { - "arn": "arn:aws:dynamodb:us-east-1:880545379339:table/events", + "arn": "arn:aws:dynamodb:eu-north-1:880545379339:table/events", "attribute": [ { "name": "id", @@ -1441,7 +1445,7 @@ { "schema_version": 1, "attributes": { - "arn": "arn:aws:dynamodb:us-east-1:880545379339:table/questions", + "arn": "arn:aws:dynamodb:eu-north-1:880545379339:table/questions", "attribute": [ { "name": "eid", @@ -1510,6 +1514,43 @@ } ] }, + { + "mode": "managed", + "type": "aws_glue_catalog_database", + "name": "default", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:glue:eu-north-1:880545379339:database/default", + "catalog_id": "880545379339", + "create_table_default_permission": [ + { + "permissions": [ + "ALL" + ], + "principal": [ + { + "data_lake_principal_identifier": "IAM_ALLOWED_PRINCIPALS" + } + ] + } + ], + "description": "", + "id": "880545379339:default", + "location_uri": "", + "name": "default", + "parameters": {}, + "tags": {}, + "tags_all": {}, + "target_database": [] + }, + "sensitive_attributes": [], + "private": "bnVsbA==" + } + ] + }, { "mode": "managed", "type": "aws_glue_catalog_table", @@ -1519,7 +1560,7 @@ { "schema_version": 0, "attributes": { - "arn": "arn:aws:glue:us-east-1:880545379339:table/default/cloudfront_logs", + "arn": "arn:aws:glue:eu-north-1:880545379339:table/default/cloudfront_logs", "catalog_id": "880545379339", "database_name": "default", "description": "", @@ -1739,7 +1780,7 @@ ], "compressed": false, "input_format": "org.apache.hadoop.mapred.TextInputFormat", - "location": "s3://wewerewondering-logs/", + "location": "s3://wewerewondering-eu-north-1-logs/", "number_of_buckets": 0, "output_format": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", "parameters": {}, @@ -1767,7 +1808,9 @@ "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ - "aws_s3_bucket.logs" + "aws_glue_catalog_database.default", + "aws_s3_bucket.logs", + "data.aws_region.current" ] } ] @@ -1787,7 +1830,7 @@ "name": "AWSLambdaBasicExecutionRole-b586114a-ba08-47b0-afe0-82c4d81857a0", "name_prefix": "", "path": "/service-role/", - "policy": "{\"Statement\":[{\"Action\":\"logs:CreateLogGroup\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:us-east-1:880545379339:log-group:/aws/lambda/wewerewondering-api\"},{\"Action\":[\"logs:PutLogEvents\",\"logs:CreateLogStream\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:us-east-1:880545379339:log-group:/aws/lambda/wewerewondering-api:*\"}],\"Version\":\"2012-10-17\"}", + "policy": "{\"Statement\":[{\"Action\":\"logs:CreateLogGroup\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:eu-north-1:880545379339:log-group:/aws/lambda/wewerewondering-api\"},{\"Action\":[\"logs:PutLogEvents\",\"logs:CreateLogStream\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:logs:eu-north-1:880545379339:log-group:/aws/lambda/wewerewondering-api:*\"}],\"Version\":\"2012-10-17\"}", "policy_id": "ANPA42BEYGQFUFQP345G2", "tags": {}, "tags_all": {} @@ -1883,7 +1926,7 @@ "inline_policy": [ { "name": "api-db-access", - "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"dynamodb:UpdateItem\",\"dynamodb:Scan\",\"dynamodb:Query\",\"dynamodb:PutItem\",\"dynamodb:GetItem\",\"dynamodb:BatchGetItem\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:dynamodb:us-east-1:880545379339:table/questions/index/top\",\"arn:aws:dynamodb:us-east-1:880545379339:table/questions\",\"arn:aws:dynamodb:us-east-1:880545379339:table/events\"]}]}" + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"dynamodb:UpdateItem\",\"dynamodb:Scan\",\"dynamodb:Query\",\"dynamodb:PutItem\",\"dynamodb:GetItem\",\"dynamodb:BatchGetItem\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:dynamodb:eu-north-1:880545379339:table/questions/index/top\",\"arn:aws:dynamodb:eu-north-1:880545379339:table/questions\",\"arn:aws:dynamodb:eu-north-1:880545379339:table/events\"]}]}" } ], "managed_policy_arns": [ @@ -1925,7 +1968,7 @@ "id": "wewerewondering-api:api-db-access", "name": "api-db-access", "name_prefix": "", - "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"dynamodb:UpdateItem\",\"dynamodb:Scan\",\"dynamodb:Query\",\"dynamodb:PutItem\",\"dynamodb:GetItem\",\"dynamodb:BatchGetItem\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:dynamodb:us-east-1:880545379339:table/questions/index/top\",\"arn:aws:dynamodb:us-east-1:880545379339:table/questions\",\"arn:aws:dynamodb:us-east-1:880545379339:table/events\"]}]}", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"dynamodb:UpdateItem\",\"dynamodb:Scan\",\"dynamodb:Query\",\"dynamodb:PutItem\",\"dynamodb:GetItem\",\"dynamodb:BatchGetItem\"],\"Effect\":\"Allow\",\"Resource\":[\"arn:aws:dynamodb:eu-north-1:880545379339:table/questions/index/top\",\"arn:aws:dynamodb:eu-north-1:880545379339:table/questions\",\"arn:aws:dynamodb:eu-north-1:880545379339:table/events\"]}]}", "role": "wewerewondering-api" }, "sensitive_attributes": [], @@ -1957,7 +2000,7 @@ "architectures": [ "arm64" ], - "arn": "arn:aws:lambda:us-east-1:880545379339:function:wewerewondering-api", + "arn": "arn:aws:lambda:eu-north-1:880545379339:function:wewerewondering-api", "code_signing_config_arn": "", "dead_letter_config": [], "description": "", @@ -1980,17 +2023,17 @@ "id": "wewerewondering-api", "image_config": [], "image_uri": "", - "invoke_arn": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:880545379339:function:wewerewondering-api/invocations", + "invoke_arn": "arn:aws:apigateway:eu-north-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-north-1:880545379339:function:wewerewondering-api/invocations", "kms_key_arn": "", - "last_modified": "2023-12-30T14:23:47.000+0000", + "last_modified": "2023-12-30T15:37:33.284+0000", "layers": [ - "arn:aws:lambda:us-east-1:580247275435:layer:LambdaInsightsExtension-Arm64:5" + "arn:aws:lambda:eu-north-1:580247275435:layer:LambdaInsightsExtension-Arm64:5" ], "memory_size": 128, "package_type": "Zip", "publish": false, - "qualified_arn": "arn:aws:lambda:us-east-1:880545379339:function:wewerewondering-api:36", - "qualified_invoke_arn": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:880545379339:function:wewerewondering-api:36/invocations", + "qualified_arn": "arn:aws:lambda:eu-north-1:880545379339:function:wewerewondering-api:$LATEST", + "qualified_invoke_arn": "arn:aws:apigateway:eu-north-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-north-1:880545379339:function:wewerewondering-api:$LATEST/invocations", "replace_security_groups_on_destroy": null, "replacement_security_group_ids": null, "reserved_concurrent_executions": -1, @@ -2014,7 +2057,7 @@ "mode": "PassThrough" } ], - "version": "36", + "version": "$LATEST", "vpc_config": [] }, "sensitive_attributes": [], @@ -2034,6 +2077,49 @@ } ] }, + { + "mode": "managed", + "type": "aws_lambda_permission", + "name": "www", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "action": "lambda:InvokeFunction", + "event_source_token": null, + "function_name": "wewerewondering-api", + "function_url_auth_type": null, + "id": "AllowExecutionFromAPIGateway", + "principal": "apigateway.amazonaws.com", + "principal_org_id": null, + "qualifier": "", + "source_account": null, + "source_arn": "arn:aws:execute-api:eu-north-1:880545379339:o19hhgzpd7/$default/*", + "statement_id": "AllowExecutionFromAPIGateway", + "statement_id_prefix": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_apigatewayv2_api.www", + "aws_apigatewayv2_stage.www", + "aws_cloudwatch_log_group.apigw", + "aws_cloudwatch_log_group.lambda", + "aws_iam_policy.cloudwatch", + "aws_iam_policy.xray", + "aws_iam_role.www", + "aws_lambda_function.www", + "data.archive_file.lambda", + "data.aws_iam_policy_document.assume_role", + "data.aws_iam_policy_document.cloudwatch", + "data.aws_iam_policy_document.xray", + "data.aws_region.current", + "terraform_data.cargo_lambda" + ] + } + ] + }, { "mode": "managed", "type": "aws_route53_record", @@ -2284,6 +2370,738 @@ } ] }, + { + "mode": "managed", + "type": "aws_s3_bucket", + "name": "athena", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "acceleration_status": null, + "acl": null, + "arn": "arn:aws:s3:::wewerewondering-eu-north-1-athena", + "bucket": "wewerewondering-eu-north-1-athena", + "bucket_domain_name": "wewerewondering-eu-north-1-athena.s3.amazonaws.com", + "bucket_prefix": "", + "bucket_regional_domain_name": "wewerewondering-eu-north-1-athena.s3.eu-north-1.amazonaws.com", + "cors_rule": [], + "force_destroy": false, + "grant": [ + { + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", + "permissions": [ + "FULL_CONTROL" + ], + "type": "CanonicalUser", + "uri": "" + } + ], + "hosted_zone_id": "Z3BAZG2TWCNX0D", + "id": "wewerewondering-eu-north-1-athena", + "lifecycle_rule": [], + "logging": [], + "object_lock_configuration": [], + "object_lock_enabled": false, + "policy": "", + "region": "eu-north-1", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [ + { + "rule": [ + { + "apply_server_side_encryption_by_default": [ + { + "kms_master_key_id": "", + "sse_algorithm": "AES256" + } + ], + "bucket_key_enabled": false + } + ] + } + ], + "tags": {}, + "tags_all": {}, + "timeouts": null, + "versioning": [ + { + "enabled": false, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInJlYWQiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.aws_region.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket", + "name": "logs", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "acceleration_status": null, + "acl": null, + "arn": "arn:aws:s3:::wewerewondering-eu-north-1-logs", + "bucket": "wewerewondering-eu-north-1-logs", + "bucket_domain_name": "wewerewondering-eu-north-1-logs.s3.amazonaws.com", + "bucket_prefix": "", + "bucket_regional_domain_name": "wewerewondering-eu-north-1-logs.s3.eu-north-1.amazonaws.com", + "cors_rule": [], + "force_destroy": false, + "grant": [ + { + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", + "permissions": [ + "FULL_CONTROL" + ], + "type": "CanonicalUser", + "uri": "" + }, + { + "id": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", + "permissions": [ + "FULL_CONTROL" + ], + "type": "CanonicalUser", + "uri": "" + } + ], + "hosted_zone_id": "Z3BAZG2TWCNX0D", + "id": "wewerewondering-eu-north-1-logs", + "lifecycle_rule": [], + "logging": [], + "object_lock_configuration": [], + "object_lock_enabled": false, + "policy": "", + "region": "eu-north-1", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [ + { + "rule": [ + { + "apply_server_side_encryption_by_default": [ + { + "kms_master_key_id": "", + "sse_algorithm": "AES256" + } + ], + "bucket_key_enabled": false + } + ] + } + ], + "tags": {}, + "tags_all": {}, + "timeouts": null, + "versioning": [ + { + "enabled": false, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInJlYWQiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.aws_region.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket", + "name": "static", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "acceleration_status": null, + "acl": null, + "arn": "arn:aws:s3:::wewerewondering-eu-north-1-static", + "bucket": "wewerewondering-eu-north-1-static", + "bucket_domain_name": "wewerewondering-eu-north-1-static.s3.amazonaws.com", + "bucket_prefix": "", + "bucket_regional_domain_name": "wewerewondering-eu-north-1-static.s3.eu-north-1.amazonaws.com", + "cors_rule": [], + "force_destroy": true, + "grant": [ + { + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", + "permissions": [ + "FULL_CONTROL" + ], + "type": "CanonicalUser", + "uri": "" + } + ], + "hosted_zone_id": "Z3BAZG2TWCNX0D", + "id": "wewerewondering-eu-north-1-static", + "lifecycle_rule": [], + "logging": [], + "object_lock_configuration": [], + "object_lock_enabled": false, + "policy": "{\"Id\":\"PolicyForCloudFrontPrivateContent\",\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetObject\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudfront::880545379339:distribution/E1ECZRHBXFKMHK\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudfront.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::wewerewondering-eu-north-1-static/*\",\"arn:aws:s3:::wewerewondering-eu-north-1-static\"],\"Sid\":\"AllowCloudFrontServicePrincipal\"}],\"Version\":\"2012-10-17\"}", + "region": "eu-north-1", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [ + { + "rule": [ + { + "apply_server_side_encryption_by_default": [ + { + "kms_master_key_id": "", + "sse_algorithm": "AES256" + } + ], + "bucket_key_enabled": false + } + ] + } + ], + "tags": {}, + "tags_all": {}, + "timeouts": null, + "versioning": [ + { + "enabled": false, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInJlYWQiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.aws_region.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_acl", + "name": "logs", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_control_policy": [ + { + "grant": [ + { + "grantee": [ + { + "display_name": "", + "email_address": "", + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2", + "type": "CanonicalUser", + "uri": "" + } + ], + "permission": "FULL_CONTROL" + }, + { + "grantee": [ + { + "display_name": "", + "email_address": "", + "id": "c4c1ede66af53448b93c283ce9448c4ba468c9432aa01d700d3878632f77d2d0", + "type": "CanonicalUser", + "uri": "" + } + ], + "permission": "FULL_CONTROL" + } + ], + "owner": [ + { + "display_name": "", + "id": "b9eabe8fd0ee6354b459c3d797e75df89ee644b91a018bf5ff42d12b5b47daa2" + } + ] + } + ], + "acl": "", + "bucket": "wewerewondering-eu-north-1-logs", + "expected_bucket_owner": "", + "id": "wewerewondering-eu-north-1-logs" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.logs", + "aws_s3_bucket_ownership_controls.logs", + "data.aws_canonical_user_id.current", + "data.aws_region.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_ownership_controls", + "name": "athena", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "wewerewondering-eu-north-1-athena", + "id": "wewerewondering-eu-north-1-athena", + "rule": [ + { + "object_ownership": "BucketOwnerEnforced" + } + ] + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.athena", + "data.aws_region.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_ownership_controls", + "name": "logs", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "wewerewondering-eu-north-1-logs", + "id": "wewerewondering-eu-north-1-logs", + "rule": [ + { + "object_ownership": "BucketOwnerPreferred" + } + ] + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.logs", + "data.aws_region.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_ownership_controls", + "name": "static", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "wewerewondering-eu-north-1-static", + "id": "wewerewondering-eu-north-1-static", + "rule": [ + { + "object_ownership": "BucketOwnerEnforced" + } + ] + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "data.aws_region.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_policy", + "name": "cloudfront", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "wewerewondering-eu-north-1-static", + "id": "wewerewondering-eu-north-1-static", + "policy": "{\"Id\":\"PolicyForCloudFrontPrivateContent\",\"Statement\":[{\"Action\":[\"s3:ListBucket\",\"s3:GetObject\"],\"Condition\":{\"StringEquals\":{\"AWS:SourceArn\":\"arn:aws:cloudfront::880545379339:distribution/E1ECZRHBXFKMHK\"}},\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"cloudfront.amazonaws.com\"},\"Resource\":[\"arn:aws:s3:::wewerewondering-eu-north-1-static/*\",\"arn:aws:s3:::wewerewondering-eu-north-1-static\"],\"Sid\":\"AllowCloudFrontServicePrincipal\"}],\"Version\":\"2012-10-17\"}" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_acm_certificate.www", + "aws_acm_certificate_validation.www", + "aws_apigatewayv2_api.www", + "aws_cloudfront_cache_policy.cache_when_requested", + "aws_cloudfront_distribution.www", + "aws_cloudfront_function.index_everywhere", + "aws_cloudfront_origin_access_control.static", + "aws_route53_record.www_cert", + "aws_route53_zone.www", + "aws_s3_bucket.logs", + "aws_s3_bucket.static", + "data.aws_iam_policy_document.cloudfront_s3", + "data.aws_region.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_object", + "name": "dist", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": "apple-touch-icon.png", + "schema_version": 0, + "attributes": { + "acl": null, + "bucket": "wewerewondering-eu-north-1-static", + "bucket_key_enabled": false, + "cache_control": "", + "checksum_algorithm": null, + "checksum_crc32": "", + "checksum_crc32c": "", + "checksum_sha1": "", + "checksum_sha256": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "application/octet-stream", + "etag": "52a5465ca4b8008b0a16f927ee7ff362", + "force_destroy": true, + "id": "apple-touch-icon.png", + "key": "apple-touch-icon.png", + "kms_key_id": null, + "metadata": {}, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "override_provider": [], + "server_side_encryption": "AES256", + "source": "./../client/dist/apple-touch-icon.png", + "source_hash": null, + "storage_class": "STANDARD", + "tags": {}, + "tags_all": {}, + "version_id": "", + "website_redirect": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "data.aws_region.current", + "terraform_data.npm_build" + ] + }, + { + "index_key": "assets/index.2bd4e337.css", + "schema_version": 0, + "attributes": { + "acl": null, + "bucket": "wewerewondering-eu-north-1-static", + "bucket_key_enabled": false, + "cache_control": "", + "checksum_algorithm": null, + "checksum_crc32": "", + "checksum_crc32c": "", + "checksum_sha1": "", + "checksum_sha256": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "application/octet-stream", + "etag": "5a011ef78398105b0b753585d662a46a", + "force_destroy": true, + "id": "assets/index.2bd4e337.css", + "key": "assets/index.2bd4e337.css", + "kms_key_id": null, + "metadata": {}, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "override_provider": [], + "server_side_encryption": "AES256", + "source": "./../client/dist/assets/index.2bd4e337.css", + "source_hash": null, + "storage_class": "STANDARD", + "tags": {}, + "tags_all": {}, + "version_id": "", + "website_redirect": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "data.aws_region.current", + "terraform_data.npm_build" + ] + }, + { + "index_key": "assets/index.61e1a11f.js", + "schema_version": 0, + "attributes": { + "acl": null, + "bucket": "wewerewondering-eu-north-1-static", + "bucket_key_enabled": false, + "cache_control": "", + "checksum_algorithm": null, + "checksum_crc32": "", + "checksum_crc32c": "", + "checksum_sha1": "", + "checksum_sha256": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "application/octet-stream", + "etag": "d1d29e8de8077de4849b08dc90b12067", + "force_destroy": true, + "id": "assets/index.61e1a11f.js", + "key": "assets/index.61e1a11f.js", + "kms_key_id": null, + "metadata": {}, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "override_provider": [], + "server_side_encryption": "AES256", + "source": "./../client/dist/assets/index.61e1a11f.js", + "source_hash": null, + "storage_class": "STANDARD", + "tags": {}, + "tags_all": {}, + "version_id": "", + "website_redirect": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "data.aws_region.current", + "terraform_data.npm_build" + ] + }, + { + "index_key": "favicon.ico", + "schema_version": 0, + "attributes": { + "acl": null, + "bucket": "wewerewondering-eu-north-1-static", + "bucket_key_enabled": false, + "cache_control": "", + "checksum_algorithm": null, + "checksum_crc32": "", + "checksum_crc32c": "", + "checksum_sha1": "", + "checksum_sha256": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "application/octet-stream", + "etag": "9a5d0dd396d479d9a60ce80e008475a9", + "force_destroy": true, + "id": "favicon.ico", + "key": "favicon.ico", + "kms_key_id": null, + "metadata": {}, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "override_provider": [], + "server_side_encryption": "AES256", + "source": "./../client/dist/favicon.ico", + "source_hash": null, + "storage_class": "STANDARD", + "tags": {}, + "tags_all": {}, + "version_id": "", + "website_redirect": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "data.aws_region.current", + "terraform_data.npm_build" + ] + }, + { + "index_key": "favicon.png", + "schema_version": 0, + "attributes": { + "acl": null, + "bucket": "wewerewondering-eu-north-1-static", + "bucket_key_enabled": false, + "cache_control": "", + "checksum_algorithm": null, + "checksum_crc32": "", + "checksum_crc32c": "", + "checksum_sha1": "", + "checksum_sha256": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "application/octet-stream", + "etag": "728e06e6955b04591e1388ba988ce7d2", + "force_destroy": true, + "id": "favicon.png", + "key": "favicon.png", + "kms_key_id": null, + "metadata": {}, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "override_provider": [], + "server_side_encryption": "AES256", + "source": "./../client/dist/favicon.png", + "source_hash": null, + "storage_class": "STANDARD", + "tags": {}, + "tags_all": {}, + "version_id": "", + "website_redirect": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "data.aws_region.current", + "terraform_data.npm_build" + ] + }, + { + "index_key": "index.html", + "schema_version": 0, + "attributes": { + "acl": null, + "bucket": "wewerewondering-eu-north-1-static", + "bucket_key_enabled": false, + "cache_control": "max-age=300", + "checksum_algorithm": null, + "checksum_crc32": "", + "checksum_crc32c": "", + "checksum_sha1": "", + "checksum_sha256": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "application/octet-stream", + "etag": "88d8b88c12fd720a490b5d7581f7857c", + "force_destroy": true, + "id": "index.html", + "key": "index.html", + "kms_key_id": null, + "metadata": {}, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "override_provider": [], + "server_side_encryption": "AES256", + "source": "./../client/dist/index.html", + "source_hash": null, + "storage_class": "STANDARD", + "tags": {}, + "tags_all": {}, + "version_id": "", + "website_redirect": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "data.aws_region.current", + "terraform_data.npm_build" + ] + }, + { + "index_key": "robots.txt", + "schema_version": 0, + "attributes": { + "acl": null, + "bucket": "wewerewondering-eu-north-1-static", + "bucket_key_enabled": false, + "cache_control": "", + "checksum_algorithm": null, + "checksum_crc32": "", + "checksum_crc32c": "", + "checksum_sha1": "", + "checksum_sha256": "", + "content": null, + "content_base64": null, + "content_disposition": "", + "content_encoding": "", + "content_language": "", + "content_type": "application/octet-stream", + "etag": "e3022ff38873f5c22cfe88800696dd13", + "force_destroy": true, + "id": "robots.txt", + "key": "robots.txt", + "kms_key_id": null, + "metadata": {}, + "object_lock_legal_hold_status": "", + "object_lock_mode": "", + "object_lock_retain_until_date": "", + "override_provider": [], + "server_side_encryption": "AES256", + "source": "./../client/dist/robots.txt", + "source_hash": null, + "storage_class": "STANDARD", + "tags": {}, + "tags_all": {}, + "version_id": "", + "website_redirect": "" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.static", + "data.aws_region.current", + "terraform_data.npm_build" + ] + } + ] + }, { "mode": "managed", "type": "terraform_data",