From de0d1b0eb44c36bf85a4e2d9c32aa96a6c1c3670 Mon Sep 17 00:00:00 2001 From: ingalls Date: Sat, 19 Oct 2024 10:10:43 -0600 Subject: [PATCH] Setup Healthy Tasks --- .deploy | 3 +- cloudformation/lib/api.js | 57 +++++++++++++++----------------- package-lock.json | 69 ++++++++++++++++----------------------- 3 files changed, 57 insertions(+), 72 deletions(-) diff --git a/.deploy b/.deploy index 8df451b..45d03fb 100644 --- a/.deploy +++ b/.deploy @@ -7,7 +7,8 @@ "Key": "Project", "Value": "coe-auth" }, - "Owner" + "Owner", + "Client" ], "artifacts": { "docker": [ diff --git a/cloudformation/lib/api.js b/cloudformation/lib/api.js index 4d96b6c..c5df1b1 100644 --- a/cloudformation/lib/api.js +++ b/cloudformation/lib/api.js @@ -6,11 +6,11 @@ export default { Description: 'ACM SSL Certificate for HTTP Protocol', Type: 'String' }, - LDAP_ORGANISATION: { + LDAPOrganisation: { Description: 'LDAP Org', Type: 'String' }, - LDAP_DOMAIN: { + LDAPDomain: { Description: 'LDAP Org', Type: 'String' } @@ -43,10 +43,9 @@ export default { Properties: { Name: cf.stackName, Type: 'network', - Scheme: 'internal', Subnets: [ - cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-subnet-private-a'])), - cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-subnet-private-b'])) + cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-subnet-public-a'])), + cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-subnet-public-b'])) ] } @@ -61,6 +60,7 @@ export default { Certificates: [{ CertificateArn: cf.join(['arn:', cf.partition, ':acm:', cf.region, ':', cf.accountId, ':certificate/', cf.ref('SSLCertificateIdentifier')]) }], + SslPolicy: 'ELBSecurityPolicy-TLS-1-2-2017-01', LoadBalancerArn: cf.ref('ELB'), Port: 636, Protocol: 'TLS' @@ -72,7 +72,10 @@ export default { Properties: { HealthCheckEnabled: true, HealthCheckIntervalSeconds: 30, + HealthCheckTimeoutSeconds: 10, + HealthyThresholdCount: 3, HealthCheckProtocol: 'TCP', + HealthCheckPort: 389, Port: 389, Protocol: 'TCP', TargetType: 'ip', @@ -158,17 +161,27 @@ export default { }], ExecutionRoleArn: cf.getAtt('ExecRole', 'Arn'), TaskRoleArn: cf.getAtt('TaskRole', 'Arn'), + Volumes: [{ + Name: cf.stackName, + EFSVolumeConfiguration: { + FilesystemId: cf.ref('EFS') + } + }], ContainerDefinitions: [{ Name: 'api', Image: cf.join([cf.accountId, '.dkr.ecr.', cf.region, '.amazonaws.com/coe-ecr-auth:', cf.ref('GitSha')]), + MountPoints: [{ + ContainerPath: '/var/lib/ldap', + SourceVolume: cf.stackName + }], PortMappings: [{ ContainerPort: 389 }], Environment: [ { Name: 'StackName', Value: cf.stackName }, { Name: 'AWS_DEFAULT_REGION', Value: cf.region }, - { Name: 'LDAP_ORGANISATION', Value: cf.ref('LDAP_ORGANISATION') }, - { Name: 'LDAP_DOMAIN', Value: cf.ref('LDAP_DOMAIN') }, + { Name: 'LDAP_ORGANISATION', Value: cf.ref('LDAPOrganisation') }, + { Name: 'LDAP_DOMAIN', Value: cf.ref('LDAPDomain') }, { Name: 'LDAP_ADMIN_USERNAME', Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/admin:SecretString:username:AWSCURRENT}}') }, { Name: 'LDAP_ADMIN_PASSWORD', Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/admin:SecretString:password:AWSCURRENT}}') }, { Name: 'LDAP_CONFIG_PASSWORD', Value: cf.sub('{{resolve:secretsmanager:${AWS::StackName}/admin:SecretString:password:AWSCURRENT}}') } @@ -200,8 +213,8 @@ export default { AssignPublicIp: 'ENABLED', SecurityGroups: [cf.ref('ServiceSecurityGroup')], Subnets: [ - cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-subnet-private-a'])), - cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-subnet-private-b'])) + cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-subnet-public-a'])), + cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-subnet-public-b'])) ] } }, @@ -218,6 +231,11 @@ export default { GroupDescription: cf.join('-', [cf.stackName, 'ec2-sg']), VpcId: cf.importValue(cf.join(['coe-vpc-', cf.ref('Environment'), '-vpc'])), SecurityGroupIngress: [{ + CidrIp: '0.0.0.0/0', + IpProtocol: 'tcp', + FromPort: 636, + ToPort: 636 + },{ CidrIp: '0.0.0.0/0', IpProtocol: 'tcp', FromPort: 389, @@ -225,27 +243,6 @@ export default { }] } }, - ETLFunctionRole: { - Type: 'AWS::IAM::Role', - Properties: { - RoleName: cf.stackName, - AssumeRolePolicyDocument: { - Version: '2012-10-17', - Statement: [{ - Effect: 'Allow', - Principal: { - Service: 'lambda.amazonaws.com' - }, - Action: 'sts:AssumeRole' - }] - }, - Path: '/', - Policies: [], - ManagedPolicyArns: [ - cf.join(['arn:', cf.partition, ':iam::aws:policy/service-role/AWSLambdaBasicExecutionRole']) - ] - } - } }, Outputs: { API: { diff --git a/package-lock.json b/package-lock.json index 250d35f..50501b3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1677,6 +1677,19 @@ "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" } }, + "node_modules/@eslint-community/eslint-utils/node_modules/eslint-visitor-keys": { + "version": "3.4.3", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", + "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, "node_modules/@eslint-community/regexpp": { "version": "4.11.1", "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.11.1.tgz", @@ -1703,9 +1716,9 @@ } }, "node_modules/@eslint/core": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.6.0.tgz", - "integrity": "sha512-8I2Q8ykA4J0x0o7cg67FPVnehcqWTBehu/lmY+bolPFHGjh49YzGBMXTvpqVgEbBdvNCSxj6iFgiIyHzf03lzg==", + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.7.0.tgz", + "integrity": "sha512-xp5Jirz5DyPYlPiKat8jaq0EmYvDXKKpzTbxXMpT9eqlRJkRKIz9AGMdlvYjih+im+QlhWrpvVjl8IPC/lHlUw==", "dev": true, "license": "Apache-2.0", "engines": { @@ -1787,9 +1800,9 @@ } }, "node_modules/@eslint/js": { - "version": "9.12.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.12.0.tgz", - "integrity": "sha512-eohesHH8WFRUprDNyEREgqP6beG6htMeUYeCpkEgBCieCMme5r9zFWjzAJp//9S+Kub4rqE+jXe9Cp1a7IYIIA==", + "version": "9.13.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.13.0.tgz", + "integrity": "sha512-IFLyoY4d72Z5y/6o/BazFBezupzI/taV8sGumxTAVw3lXG9A6md1Dc34T9s1FoD/an9pJH8RHbAxsaEbBed9lA==", "dev": true, "license": "MIT", "engines": { @@ -4031,18 +4044,18 @@ } }, "node_modules/eslint": { - "version": "9.12.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.12.0.tgz", - "integrity": "sha512-UVIOlTEWxwIopRL1wgSQYdnVDcEvs2wyaO6DGo5mXqe3r16IoCNWkR29iHhyaP4cICWjbgbmFUGAhh0GJRuGZw==", + "version": "9.13.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.13.0.tgz", + "integrity": "sha512-EYZK6SX6zjFHST/HRytOdA/zE72Cq/bfw45LSyuwrdvcclb/gqV8RRQxywOBEWO2+WDpva6UZa4CcDeJKzUCFA==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.11.0", "@eslint/config-array": "^0.18.0", - "@eslint/core": "^0.6.0", + "@eslint/core": "^0.7.0", "@eslint/eslintrc": "^3.1.0", - "@eslint/js": "9.12.0", + "@eslint/js": "9.13.0", "@eslint/plugin-kit": "^0.2.0", "@humanfs/node": "^0.16.5", "@humanwhocodes/module-importer": "^1.0.1", @@ -4305,13 +4318,13 @@ } }, "node_modules/eslint-visitor-keys": { - "version": "3.4.3", - "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", - "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.1.0.tgz", + "integrity": "sha512-Q7lok0mqMUSf5a/AdAZkA5a/gHcO6snwQClVNNvFKCAVlxXucdU8pKydU5ZVZjBx5xr37vGbFFWtLQYreLzrZg==", "dev": true, "license": "Apache-2.0", "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" }, "funding": { "url": "https://opencollective.com/eslint" @@ -4351,19 +4364,6 @@ "url": "https://github.com/chalk/chalk?sponsor=1" } }, - "node_modules/eslint/node_modules/eslint-visitor-keys": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.1.0.tgz", - "integrity": "sha512-Q7lok0mqMUSf5a/AdAZkA5a/gHcO6snwQClVNNvFKCAVlxXucdU8pKydU5ZVZjBx5xr37vGbFFWtLQYreLzrZg==", - "dev": true, - "license": "Apache-2.0", - "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" - }, - "funding": { - "url": "https://opencollective.com/eslint" - } - }, "node_modules/eslint/node_modules/glob-parent": { "version": "6.0.2", "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", @@ -4425,19 +4425,6 @@ "url": "https://opencollective.com/eslint" } }, - "node_modules/espree/node_modules/eslint-visitor-keys": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.1.0.tgz", - "integrity": "sha512-Q7lok0mqMUSf5a/AdAZkA5a/gHcO6snwQClVNNvFKCAVlxXucdU8pKydU5ZVZjBx5xr37vGbFFWtLQYreLzrZg==", - "dev": true, - "license": "Apache-2.0", - "engines": { - "node": "^18.18.0 || ^20.9.0 || >=21.1.0" - }, - "funding": { - "url": "https://opencollective.com/eslint" - } - }, "node_modules/esquery": { "version": "1.6.0", "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.6.0.tgz",