Migrate OWASP Nest to Zappa for serverless deployment

.github/workflows/run-ci-cd.yaml

@@ -55,6 +55,11 @@ jobs:
           restore-keys: |
             pre-commit-${{ runner.os }}-
 
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@v4
+        with:
+          tflint_version: v0.59.1
+
       - name: Run pre-commit
         uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd
 

.gitignore

@@ -17,15 +17,23 @@ __pycache__
 .python_history
 .python-version
 .ruff_cache
+**/.terraform/
+*.tfstate
+*.tfstate.*
 .venv/
 .vscode
 *.code-workspace
 *.key
 *.log
 *.pdf
 *.pem
+backend/*nest-backend-dev*.zip
+backend/*nest-backend-dev*.tar.gz
+backend/*nest-backend-staging*.zip
+backend/*nest-backend-staging*.tar.gz
 backend/data/backup*
 backend/staticfiles
+backend/zappa_settings.json
 frontend/blob-report/
 frontend/coverage
 frontend/dist
@@ -36,6 +44,7 @@ frontend/pnpm-debug.log*
 frontend/test-results/
 frontend/yarn-debug.log*
 frontend/yarn-error.log*
+infrastructure/terraform.tfvars
 logs
 node_modules/
 TODO

.pre-commit-config.yaml

@@ -9,6 +9,16 @@ repos:
           - --strict
         exclude: (.github|pnpm-lock.yaml)
 
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.92.0
+    hooks:
+      - id: terraform_fmt
+        files: ^infrastructure/.*\.tf$
+      - id: terraform_validate
+        files: ^infrastructure/.*\.tf$
+      - id: terraform_tflint
+        files: ^infrastructure/.*\.tf$
+
   - repo: https://github.com/astral-sh/ruff-pre-commit
     rev: v0.14.0
     hooks:

backend/pyproject.toml

@@ -48,6 +48,7 @@ strawberry-graphql = { extras = [ "django" ], version = "^0.283.2" }
 strawberry-graphql-django = "^0.66.0"
 thefuzz = "^0.22.1"
 pyparsing = "^3.2.3"
+zappa = "^0.60.2"
 
 [tool.poetry.group.dev.dependencies]
 djlint = "^1.36.4"

backend/zappa_settings.example.json

@@ -0,0 +1,39 @@
+{
+  "staging": {
+    "app_function": "wsgi.application",
+    "django_settings": "settings.staging",
+    "environment_variables": {
+      "DJANGO_ALGOLIA_APPLICATION_ID": "${DJANGO_ALGOLIA_APPLICATION_ID}",
+      "DJANGO_ALGOLIA_WRITE_API_KEY": "${DJANGO_ALGOLIA_WRITE_API_KEY}",
+      "DJANGO_ALLOWED_HOSTS": "${DJANGO_ALLOWED_HOSTS}",
+      "DJANGO_AWS_ACCESS_KEY_ID": "${DJANGO_AWS_ACCESS_KEY_ID}",
+      "DJANGO_AWS_SECRET_ACCESS_KEY": "${DJANGO_AWS_SECRET_ACCESS_KEY}",
+      "DJANGO_CONFIGURATION": "Staging",
+      "DJANGO_DB_HOST": "${DJANGO_DB_HOST}",
+      "DJANGO_DB_NAME": "${DJANGO_DB_NAME}",
+      "DJANGO_DB_USER": "${DJANGO_DB_USER}",
+      "DJANGO_DB_PORT": "${DJANGO_DB_PORT}",
+      "DJANGO_DB_PASSWORD": "${DJANGO_DB_PASSWORD}",
+      "DJANGO_OPEN_AI_SECRET_KEY": "${DJANGO_OPEN_AI_SECRET_KEY}",
+      "DJANGO_REDIS_HOST": "${DJANGO_REDIS_HOST}",
+      "DJANGO_REDIS_PASSWORD": "${DJANGO_REDIS_PASSWORD}",
+      "DJANGO_SECRET_KEY": "${DJANGO_SECRET_KEY}",
+      "DJANGO_SENTRY_DSN": "${DJANGO_SENTRY_DSN}",
+      "DJANGO_SLACK_BOT_TOKEN": "${DJANGO_SLACK_BOT_TOKEN}",
+      "DJANGO_SLACK_SIGNING_SECRET": "${DJANGO_SLACK_SIGNING_SECRET}"
+    },
+    "manage_roles": true,
+    "project_name": "nest-backend",
+    "runtime": "python3.13",
+    "s3_bucket": "${ZAPPA_S3_BUCKET}",
+    "slim_handler": true,
+    "vpc_config": {
+      "SecurityGroupIds": ["${AWS_VPC_SECURITY_GROUP}"],
+      "SubnetIds": [
+        "${AWS_VPC_SUBNET_A}",
+        "${AWS_VPC_SUBNET_B}",
+        "${AWS_VPC_SUBNET_C}"
+      ]
+    }
+  }
+}

cspell/cspell.json

@@ -34,6 +34,7 @@
     "python",
     "rust",
     "software-terms",
+    "terraform",
     "win32"
   ],
   "enabled": true,
@@ -58,6 +59,7 @@
     "@cspell/dict-k8s/cspell-ext.json",
     "@cspell/dict-people-names/cspell-ext.json",
     "@cspell/dict-software-terms/cspell-ext.json",
+    "@cspell/dict-terraform/cspell-ext.json",
     "@cspell/dict-win32/cspell-ext.json"
   ],
   "useGitignore": true

cspell/custom-dict.txt

@@ -66,6 +66,7 @@ gunicorn
 heroui
 hsl
 igoat
+igw
 inlinehilite
 isanori
 jumpstart

cspell/package.json

@@ -8,6 +8,7 @@
     "@cspell/dict-k8s": "^1.0.12",
     "@cspell/dict-people-names": "^1.1.14",
     "@cspell/dict-software-terms": "^4.2.5",
+    "@cspell/dict-terraform": "^1.1.3",
     "@cspell/dict-win32": "^2.0.9",
     "cspell": "^8.19.4"
   }

infrastructure/README.md

@@ -0,0 +1,105 @@
+# Infrastructure
+
+This document provides instructions on how to manage the infrastructure for this project using Terraform and Zappa.
+
+## Terraform
+
+### Prerequisites
+
+- Terraform
+- An AWS account with credentials configured locally.
+
+### Usage
+
+1.  **Initialize Terraform:**
+
+    ```bash
+    terraform init
+    ```
+
+2.  **Plan the changes:**
+
+    ```bash
+    terraform plan
+    ```
+
+3.  **Apply the changes:**
+
+    ```bash
+    terraform apply
+    ```
+
+### Variables
+
+You can override the default values by creating a `terraform.tfvars` file in the `infrastructure/` directory.
+
+# TODO: Provide an example terraform.tfvars with important vars
+
+
+### Outputs
+
+Get the output values using the `terraform output` command. These outputs will be used for Zappa configuration.
+
+
+```bash
+terraform output
+```
+
+```bash
+terraform output -raw db_password redis_auth_token
+```
+
+## Zappa Deployment
+
+The Django backend deployment is managed by Zappa, this also includes the API Gateway, IAM roles, and Lambda Function provision.
+
+### Install poetry dependencies
+
+1.  **Install dependencies using Poetry:**
+
+    ```bash
+    poetry install
+    ```
+
+2.  **Activate the virtual environment:**
+
+    ```bash
+    eval $(poetry env activate)
+    ```
+
+3.  **Create a `zappa_settings.json` file:**
+
+    ```bash
+    cp zappa_settings.example.json zappa_settings.json
+    ```
+
+Replace all variables in the copied `zappa_settings.json` with appropriate secrets.
+# TODO: explain this step
+
+4.  **Deploy staging:**
+
+    ```bash
+    zappa deploy staging
+    ```
+
+Once deployed, Zappa will provide you with a URL. You can use this URL to test the API.
+
+### Updating
+After making necessary changes, you may run the following command to update the deployment.
+```bash
+zappa update staging
+```
+
+### Cleaning Up
+
+To delete the deployment, you can use the following command:
+
+```bash
+zappa undeploy local
+```
+
+Then run this command to destroy the terraform infrastructure:
+
+```bash
+terraform destroy
+```