feat: new resources for dev.snaps.consensys.net (#20)

Consensys · Oct 7, 2022 · 7736e85 · 7736e85
1 parent e71a87c
commit 7736e85
Show file tree

Hide file tree

Showing 9 changed files with 219 additions and 13 deletions.
diff --git a/terraform/live/functions/redirect.js b/terraform/live/functions/redirect.js
@@ -0,0 +1,5 @@
+function handler(event) {
+    var request = event.request;
+        if (request.uri == "/starknet" || request.uri == "/starknet/") { request.uri = request.uri.replace(/.*starknet.*/,'/starknet/index.html'); }
+        return request;
+}
diff --git a/terraform/live/lambdas/headers.js b/terraform/live/lambdas/headers.js
@@ -0,0 +1,14 @@
+'use strict';
+exports.handler = (event, context, callback) => {
+    const response = event.Records[0].cf.response;
+    const headers = response.headers;
+
+
+    headers['x-frame-options'] = [{
+        key:   'X-Frame-Options',
+        value: "SAMEORIGIN"
+    }];
+
+
+    callback(null, response);
+};
diff --git a/terraform/live/main.tf b/terraform/live/main.tf
@@ -8,13 +8,23 @@ locals {
   dev_domain_name     = "app-dev.${local.hosted_zone_name}"
   staging_domain_name = "app-staging.${local.hosted_zone_name}"
   prod_domain_name    = "app.${local.hosted_zone_name}"
+
+  # snaps 
+  snaps_hosted_zone_name = "snaps.consensys.net"
+  snaps_hosted_zone_id   = aws_route53_zone.snaps.zone_id
+  dev_snaps_domain_name  = "dev.${local.snaps_hosted_zone_name}"
 }
 
 resource "aws_route53_zone" "main" {
   name = local.hosted_zone_name
   tags = module.tags.common
 }
 
+resource "aws_route53_zone" "snaps" {
+  name = local.snaps_hosted_zone_name
+  tags = module.tags.common
+}
+
 #############
 ## Certificate
 #############
@@ -34,17 +44,66 @@ module "cert" {
   tags                      = module.tags.common
 }
 
+module "snaps_cert" {
+  source  = "terraform-aws-modules/acm/aws"
+  version = "3.5.0"
+
+  providers = {
+    aws = aws.use1
+  }
+
+  subject_alternative_names = ["*.${local.snaps_hosted_zone_name}"]
+  wait_for_validation       = true
+  domain_name               = local.snaps_hosted_zone_name
+  zone_id                   = local.snaps_hosted_zone_id
+  tags                      = module.tags.common
+}
+
+#############
+## Cloufront configurations
+#############
+
+resource "aws_cloudfront_function" "starknet_redirect" {
+  name    = "starknet-snap-redirect"
+  runtime = "cloudfront-js-1.0"
+  comment = "starknet-snap-redirect"
+  publish = true
+  code    = file("${path.module}/functions/redirect.js")
+}
+
+module "security_header_lambda" {
+  source = "../modules/lambda-at-edge"
+
+  bucket_name            = local.dev_domain_name
+  lambda_name            = "security_headers"
+  lambda_description     = "lambda adding security headers"
+  lambda_code_source_dir = "${path.root}/lambdas"
+  tags                   = module.tags.common
+}
+
 #############
 ## Dev
 #############
 
 module "s3_dev" {
   source = "../modules/aws-s3-website"
 
-  bucket_name     = local.dev_domain_name
-  domain_name     = local.dev_domain_name
-  certificate_arn = module.cert.acm_certificate_arn
+  bucket_name         = local.dev_domain_name
+  domain_name         = local.dev_domain_name
+  certificate_arn     = module.cert.acm_certificate_arn
+  hosted_zone_id      = local.hosted_zone_id
+  lambda_function_arn = [module.security_header_lambda.function_arn]
+  tags                = module.tags.common
+}
+
+module "s3_snaps_page_dev" {
+  source = "../modules/aws-s3-website"
+
+  bucket_name     = local.dev_snaps_domain_name
+  domain_name     = local.dev_snaps_domain_name
+  certificate_arn = module.snaps_cert.acm_certificate_arn
   hosted_zone_id  = local.hosted_zone_id
+  function_arn    = [aws_cloudfront_function.starknet_redirect.arn]
   tags            = module.tags.common
 }
 
@@ -55,11 +114,12 @@ module "s3_dev" {
 module "s3_staging" {
   source = "../modules/aws-s3-website"
 
-  bucket_name     = local.staging_domain_name
-  domain_name     = local.staging_domain_name
-  certificate_arn = module.cert.acm_certificate_arn
-  hosted_zone_id  = local.hosted_zone_id
-  tags            = module.tags.common
+  bucket_name         = local.staging_domain_name
+  domain_name         = local.staging_domain_name
+  certificate_arn     = module.cert.acm_certificate_arn
+  hosted_zone_id      = local.hosted_zone_id
+  lambda_function_arn = [module.security_header_lambda.function_arn]
+  tags                = module.tags.common
 }
 
 #############
@@ -69,9 +129,11 @@ module "s3_staging" {
 module "s3_prod" {
   source = "../modules/aws-s3-website"
 
-  bucket_name     = local.prod_domain_name
-  domain_name     = local.prod_domain_name
-  certificate_arn = module.cert.acm_certificate_arn
-  hosted_zone_id  = local.hosted_zone_id
-  tags            = module.tags.common
+  bucket_name         = local.prod_domain_name
+  domain_name         = local.prod_domain_name
+  certificate_arn     = module.cert.acm_certificate_arn
+  hosted_zone_id      = local.hosted_zone_id
+  lambda_function_arn = [module.security_header_lambda.function_arn]
+  tags                = module.tags.common
 }
+
diff --git a/terraform/modules/aws-s3-website/main.tf b/terraform/modules/aws-s3-website/main.tf
@@ -99,6 +99,23 @@ resource "aws_cloudfront_distribution" "dist" {
         forward = "none"
       }
     }
+
+    dynamic "lambda_function_association" {
+      for_each = try(var.lambda_function_arn, null)
+      content {
+        event_type   = "viewer-request"
+        lambda_arn   = lambda_function_association.value["function_arn"]
+        include_body = false
+      }
+    }
+
+    dynamic "function_association" {
+      for_each = try(var.function_arn, null)
+      content {
+        event_type   = "viewer-request"
+        function_arn = function_association.value["function_arn"]
+      }
+    }
   }
 
   restrictions {
@@ -112,6 +129,7 @@ resource "aws_cloudfront_distribution" "dist" {
     ssl_support_method       = "sni-only"
     minimum_protocol_version = "TLSv1.2_2021"
   }
+
 }
 
 resource "aws_route53_record" "dist" {

diff --git a/terraform/modules/aws-s3-website/variables.tf b/terraform/modules/aws-s3-website/variables.tf
@@ -36,3 +36,15 @@ variable "certificate_arn" {
   type        = string
   default     = ""
 }
+
+variable "function_arn" {
+  description = "Function arn"
+  type        = list(string)
+  default     = []
+}
+
+variable "lambda_function_arn" {
+  description = "Lambda function arn"
+  type        = list(string)
+  default     = []
+}
diff --git a/terraform/modules/lambda-at-edge/README.md b/terraform/modules/lambda-at-edge/README.md
@@ -0,0 +1,39 @@
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+| Name |
+|------|
+| [module.lambda](https://registry.terraform.io/modules/transcend-io/lambda-at-edge/aws/latest) | module |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_s3_bucket.bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/aws_s3_bucket) | resource |
+| [aws_s3_bucket_acl.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/aws_s3_bucket_acl) | resource |
+| [aws_s3_bucket_versioning.main_versioning](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/aws_s3_bucket_versioning) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="bucket_name"></a> [bucket\_name](#input\_bucket\_name) | Bucket name | `string` | n/a | yes |
+| <a name="lambda_name"></a> [lambda\_name](#input\_lambda\_name) | Lambda name | `string` | n/a | yes |
+| <a name="lambda_description"></a> [lambda\_description](#input\lambda\description) | Lambda description | `string` | n/a | yes |
+| <a name="lambda_code_source_dir"></a> [lambda\_code\_source\_dir](#lambda\_code\_source\_dir) | Lambda code source dir | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags | `map(any)` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="function_arn"></a> [function\_arn](#function\_arn) | n/a |
diff --git a/terraform/modules/lambda-at-edge/main.tf b/terraform/modules/lambda-at-edge/main.tf
@@ -0,0 +1,28 @@
+resource "aws_s3_bucket" "bucket" {
+  bucket        = var.bucket_name
+  tags          = var.tags
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "main" {
+  bucket = aws_s3_bucket.bucket.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_versioning" "main_versioning" {
+  bucket = aws_s3_bucket.bucket.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+module "lambda" {
+  source                 = "transcend-io/lambda-at-edge/aws"
+  version                = "0.5.0"
+  name                   = var.lambda_name
+  description            = var.lambda_description
+  runtime                = "nodejs16.x"
+  lambda_code_source_dir = var.lambda_code_source_dir
+  s3_artifact_bucket     = aws_s3_bucket.bucket.bucket
+  file_globs             = ["**"]
+}
diff --git a/terraform/modules/lambda-at-edge/output.tf b/terraform/modules/lambda-at-edge/output.tf
@@ -0,0 +1,3 @@
+output "function_arn" {
+  value = module.lambda.function_arn
+}
diff --git a/terraform/modules/lambda-at-edge/variables.tf b/terraform/modules/lambda-at-edge/variables.tf
@@ -0,0 +1,25 @@
+variable "bucket_name" {
+  description = "Bucket name"
+  type        = string
+}
+
+variable "lambda_name" {
+  description = "Lambda name"
+  type        = string
+}
+
+variable "lambda_description" {
+  description = "Lambda name"
+  type        = string
+}
+
+variable "lambda_code_source_dir" {
+  description = "Lambda location folder path"
+  type        = string
+}
+
+variable "tags" {
+  description = "Tags."
+  type        = map(any)
+  default     = {}
+}