From fa2eccc00913c0a559310ccbcc08495099c37203 Mon Sep 17 00:00:00 2001
From: Brian Crissup <crissupb@amazon.com>
Date: Thu, 28 Jan 2021 08:44:07 -0500
Subject: [PATCH 1/2] Add insights layer Enable active X-Ray tracing Move to
 single security group Rename layer Add no-document option to reduce build
 time Make aliasing of function more resilient

---
 .circleci/config.yml                          |  5 ++-
 .gitignore                                    |  6 ++-
 lib/identity-idp-functions.rb                 |  2 +-
 source/buildspec.yml                          | 10 +++--
 .../{aws-ruby-sdk => doc_auth_layer}/Gemfile  |  0
 .../encryption_helper.rb                      |  0
 .../errors.rb                                 |  0
 .../faraday_helper.rb                         |  0
 .../function_helper.rb                        |  0
 .../logging_helper.rb                         |  0
 .../s3_helper.rb                              |  0
 .../ssm_helper.rb                             |  0
 .../{aws-ruby-sdk => doc_auth_layer}/timer.rb |  0
 source/template.yaml.erb                      | 45 ++++++++++---------
 14 files changed, 38 insertions(+), 30 deletions(-)
 rename source/{aws-ruby-sdk => doc_auth_layer}/Gemfile (100%)
 rename source/{aws-ruby-sdk => doc_auth_layer}/encryption_helper.rb (100%)
 rename source/{aws-ruby-sdk => doc_auth_layer}/errors.rb (100%)
 rename source/{aws-ruby-sdk => doc_auth_layer}/faraday_helper.rb (100%)
 rename source/{aws-ruby-sdk => doc_auth_layer}/function_helper.rb (100%)
 rename source/{aws-ruby-sdk => doc_auth_layer}/logging_helper.rb (100%)
 rename source/{aws-ruby-sdk => doc_auth_layer}/s3_helper.rb (100%)
 rename source/{aws-ruby-sdk => doc_auth_layer}/ssm_helper.rb (100%)
 rename source/{aws-ruby-sdk => doc_auth_layer}/timer.rb (100%)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 210682c..c882f54 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -65,7 +65,7 @@ jobs:
 commands:
   bundle-install:
     steps:
-      - run: gem update --system
+      - run: gem update --system --no-document
       - run: gem install bundler
       - run: bundle install --path vendor/bundle
 
@@ -74,7 +74,6 @@ commands:
       - run:
           name: "Configure AWS CLI"
           command: |
-            yum install openssl-devel -y
             aws configure set default.aws_access_key_id $AWS_ACCESS_KEY_ID
             aws configure set default.aws_secret_access_key $AWS_SECRET_ACCESS_KEY
             aws configure set default.region $AWS_DEFAULT_REGION
@@ -160,3 +159,5 @@ commands:
       - run:
           name: Run rubocop
           command: bundle exec rubocop
+
+          
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index d1287a0..f983320 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,11 +6,13 @@
 /pkg/
 /spec/reports/
 /tmp/
+/vendor/
+/Gemfile.lock/
+/source/template.yml
+/source/template.yaml
 
 # rspec failure tracking
 .rspec_status
 
 /Gemfile.lock
 .aws-sam
-
-source/template.yaml # generated from bin/generate-template
diff --git a/lib/identity-idp-functions.rb b/lib/identity-idp-functions.rb
index 2b8bfc5..7b655e4 100644
--- a/lib/identity-idp-functions.rb
+++ b/lib/identity-idp-functions.rb
@@ -13,7 +13,7 @@ def function_path(function_name)
   end
 
   def helper_path(helper_name)
-    File.expand_path(File.join(root_path, 'source', 'aws-ruby-sdk', "#{helper_name}.rb"))
+    File.expand_path(File.join(root_path, 'source', 'doc_auth_layer', "#{helper_name}.rb"))
   end
 
   def root_path
diff --git a/source/buildspec.yml b/source/buildspec.yml
index 9a99d09..4e1912b 100644
--- a/source/buildspec.yml
+++ b/source/buildspec.yml
@@ -30,7 +30,11 @@ phases:
       - |
         for i in $(echo $APPLICATION_FUNCTIONS | tr ',' '\n')
         do
-          version=$(aws lambda get-function --function-name $i:$ENVIRONMENT --query 'Configuration.Version' --output text)
-          echo $version
-          aws lambda create-alias --function-name $i --name $gitsha_segment --function-version $version
+          if aws lambda get-alias --function-name $i --name $gitsha_segment --output text --query 'FunctionVersion'; then
+            version=$(aws lambda get-function --function-name $i:$ENVIRONMENT --query 'Configuration.Version' --output text)
+            aws lambda update-alias --function-name $i --name $gitsha_segment --function-version $version
+          else
+            version=$(aws lambda get-function --function-name $i:$ENVIRONMENT --query 'Configuration.Version' --output text)
+            aws lambda create-alias --function-name $i --name $gitsha_segment --function-version $version
+          fi
         done
diff --git a/source/aws-ruby-sdk/Gemfile b/source/doc_auth_layer/Gemfile
similarity index 100%
rename from source/aws-ruby-sdk/Gemfile
rename to source/doc_auth_layer/Gemfile
diff --git a/source/aws-ruby-sdk/encryption_helper.rb b/source/doc_auth_layer/encryption_helper.rb
similarity index 100%
rename from source/aws-ruby-sdk/encryption_helper.rb
rename to source/doc_auth_layer/encryption_helper.rb
diff --git a/source/aws-ruby-sdk/errors.rb b/source/doc_auth_layer/errors.rb
similarity index 100%
rename from source/aws-ruby-sdk/errors.rb
rename to source/doc_auth_layer/errors.rb
diff --git a/source/aws-ruby-sdk/faraday_helper.rb b/source/doc_auth_layer/faraday_helper.rb
similarity index 100%
rename from source/aws-ruby-sdk/faraday_helper.rb
rename to source/doc_auth_layer/faraday_helper.rb
diff --git a/source/aws-ruby-sdk/function_helper.rb b/source/doc_auth_layer/function_helper.rb
similarity index 100%
rename from source/aws-ruby-sdk/function_helper.rb
rename to source/doc_auth_layer/function_helper.rb
diff --git a/source/aws-ruby-sdk/logging_helper.rb b/source/doc_auth_layer/logging_helper.rb
similarity index 100%
rename from source/aws-ruby-sdk/logging_helper.rb
rename to source/doc_auth_layer/logging_helper.rb
diff --git a/source/aws-ruby-sdk/s3_helper.rb b/source/doc_auth_layer/s3_helper.rb
similarity index 100%
rename from source/aws-ruby-sdk/s3_helper.rb
rename to source/doc_auth_layer/s3_helper.rb
diff --git a/source/aws-ruby-sdk/ssm_helper.rb b/source/doc_auth_layer/ssm_helper.rb
similarity index 100%
rename from source/aws-ruby-sdk/ssm_helper.rb
rename to source/doc_auth_layer/ssm_helper.rb
diff --git a/source/aws-ruby-sdk/timer.rb b/source/doc_auth_layer/timer.rb
similarity index 100%
rename from source/aws-ruby-sdk/timer.rb
rename to source/doc_auth_layer/timer.rb
diff --git a/source/template.yaml.erb b/source/template.yaml.erb
index 7c8a47c..bc6aeed 100644
--- a/source/template.yaml.erb
+++ b/source/template.yaml.erb
@@ -38,6 +38,7 @@ Globals:
     Timeout: 60
     MemorySize: 128
     Runtime: ruby2.7
+    Tracing: Active
     Environment:
       Variables:
         http_proxy: !Sub
@@ -93,7 +94,8 @@ Resources:
         Type: AllAtOnce
       VersionDescription: !Ref gitsha
       Layers:
-        - !Ref AWSRubySDKLayer
+        - !Ref DocAuthLayer
+        - "arn:aws:lambda:us-west-2:580247275435:layer:LambdaInsightsExtension:14"
       Environment:
         Variables:
           S3_BUCKET_NAME: !Sub
@@ -105,6 +107,7 @@ Resources:
             - ${Environment}-idp-doc-capture
             - Environment: !Ref environment
       Policies:
+        - CloudWatchLambdaInsightsExecutionRolePolicy
         - Statement:
           - Sid: S3ObjectAccess
             Effect: Allow
@@ -163,7 +166,7 @@ Resources:
               - "*"
       VpcConfig:
         SecurityGroupIds:
-          - !GetAtt <%= function.camelize %>SecurityGroup.GroupId
+          - !GetAtt DocAuthSecurityGroup.GroupId
         SubnetIds:
           - !Sub
               - '{{resolve:ssm:/${Environment}/network/subnet/private1/id:1}}'
@@ -186,22 +189,6 @@ Resources:
         - Environment: !Ref environment
       Value: !GetAtt <%= function.camelize %>Function.Arn
 
-  <%= function.camelize %>SecurityGroup:
-    Type: AWS::EC2::SecurityGroup
-    Properties:
-      VpcId: !Sub
-        - '{{resolve:ssm:/${Environment}/network/vpc/id:1}}'
-        - Environment: !Ref environment
-      GroupDescription: <%= function.titleize %> Lambda Function
-      SecurityGroupEgress:
-        - IpProtocol: tcp
-          FromPort: 443
-          ToPort: 443
-          CidrIp: 0.0.0.0/0
-        - IpProtocol: tcp
-          FromPort: 3128
-          ToPort: 3128
-          CidrIp: 172.16.32.0/22
   <%= function.camelize %>Alarm:
     Type: AWS::CloudWatch::Alarm
     Properties:
@@ -221,14 +208,28 @@ Resources:
       Statistic: Sum
       Threshold: 1
 <% end %>
-  AWSRubySDKLayer:
+
+  DocAuthSecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      VpcId: !Sub
+        - '{{resolve:ssm:/${Environment}/network/vpc/id:1}}'
+        - Environment: !Ref environment
+      GroupDescription: Idp Doc Auth Security Group
+      SecurityGroupEgress:
+        - IpProtocol: tcp
+          FromPort: 3128
+          ToPort: 3128
+          CidrIp: 172.16.32.0/22
+
+  DocAuthLayer:
     Type: "AWS::Serverless::LayerVersion"
     Properties:
       LayerName: !Sub
-        - ${Environment}-idp-ruby-sdk
+        - ${Environment}-idp-doc-auth
         - Environment: !Ref environment
-      Description: AWS Ruby SDK
-      ContentUri: aws-ruby-sdk
+      Description: Doc Auth Layer
+      ContentUri: doc_auth_layer
       CompatibleRuntimes:
         - ruby2.7
       RetentionPolicy: Retain

From 626186fa1daab5fb27fd98ccebc27435cc05b9c9 Mon Sep 17 00:00:00 2001
From: Brian Crissup <crissupb@amazon.com>
Date: Mon, 1 Feb 2021 14:03:34 -0500
Subject: [PATCH 2/2] Update version

---
 lib/identity-idp-functions/version.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/identity-idp-functions/version.rb b/lib/identity-idp-functions/version.rb
index fb23b9e..e28a672 100644
--- a/lib/identity-idp-functions/version.rb
+++ b/lib/identity-idp-functions/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module IdentityIdpFunctions
-  VERSION = '0.8.0'
+  VERSION = '0.9.0'
 end