From 3c6981252ee656be2dcbef7068cd163ad853a090 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Bana=C5=9B?= <96051496+BanaSeba@users.noreply.github.com> Date: Fri, 27 Dec 2024 16:04:37 +0100 Subject: [PATCH] feat: [sc-26013] Fix Deployment Error for NameGuard Lambda (#508) * Added fixes for lambda * Added directory walk for lambda deployment for docker build * Fixed directory walk * Fixed docker file path * Another fix * Another path fix * Fixed path issues * Fixed role name * Fixed policy name for logging --- apps/api.nameguard.io/serverless.yml | 181 ------------------ .../terraform/deploy_lambda.sh | 5 +- .../terraform/modules/lambda_api/main.tf | 6 +- apps/api.nameguard.io/terraform/variables.tf | 2 +- 4 files changed, 9 insertions(+), 185 deletions(-) delete mode 100644 apps/api.nameguard.io/serverless.yml diff --git a/apps/api.nameguard.io/serverless.yml b/apps/api.nameguard.io/serverless.yml deleted file mode 100644 index 76108148d..000000000 --- a/apps/api.nameguard.io/serverless.yml +++ /dev/null @@ -1,181 +0,0 @@ -service: oss-nameguard - -stages: - staging: - alias: api-staging.nameguard.io - lambda-role: DefaultNameGuardRoleStaging - lambda-policy-name: NameGuardPolicyStaging - prod: - alias: api.nameguard.io - lambda-role: DefaultNameGuardRole - lambda-policy-name: NameGuardPolicy - -custom: - stage: ${opt:stage} - apiDomain: ${self:stages.${self:custom.stage}.alias} - hostedZoneName: nameguard.io. - hostedZoneId: Z00825691ZLCWE2VKJQW0 - prune: - automatic: true - number: 5 - region: us-east-1 - -provider: - name: aws - stage: ${self:custom.stage} - architecture: arm64 - ecr: - images: - oss-nameguard: - path: ../../packages/nameguard-python/ - file: ../../apps/api.nameguard.io/Dockerfile - platform: linux/arm64 - -plugins: - - serverless-prune-plugin - -functions: - oss-nameguard: - image: - name: oss-nameguard - name: oss-nameguard-${self:custom.stage} - memorySize: 1769 - timeout: 60 - url: true - role: DefaultNameGuardRole - provisionedConcurrency: 1 - tags: - Stage: ${self:custom.stage} - environment: - PROVIDER_URI_MAINNET: ${env:PROVIDER_URI_MAINNET} - PROVIDER_URI_SEPOLIA: ${env:PROVIDER_URI_SEPOLIA} - ALCHEMY_URI_MAINNET: ${env:ALCHEMY_URI_MAINNET} - ALCHEMY_URI_SEPOLIA: ${env:ALCHEMY_URI_SEPOLIA} - ENS_SUBGRAPH_URL_MAINNET: ${env:ENS_SUBGRAPH_URL_MAINNET} - ENS_SUBGRAPH_URL_SEPOLIA: ${env:ENS_SUBGRAPH_URL_SEPOLIA} - -resources: - Resources: - DefaultNameGuardRole: - Type: AWS::IAM::Role - Properties: - Path: /my/default/path/ - RoleName: ${self:stages.${self:custom.stage}.lambda-role} - AssumeRolePolicyDocument: - Version: "2012-10-17" - Statement: - - Effect: Allow - Principal: - Service: - - lambda.amazonaws.com - Action: sts:AssumeRole - Policies: - - PolicyName: ${self:stages.${self:custom.stage}.lambda-policy-name} - PolicyDocument: - Version: "2012-10-17" - Statement: - - Effect: Allow # note that these rights are given in the default policy and are required if you want logs out of your lambda(s) - Action: - - logs:CreateLogGroup - - logs:CreateLogStream - - logs:PutLogEvents - - logs:TagResource - Resource: - - "Fn::Join": - - ":" - - - "arn:aws:logs" - - Ref: "AWS::Region" - - Ref: "AWS::AccountId" - - "log-group:/aws/lambda/*:*:*" - - Effect: "Allow" - Action: - - "s3:PutObject" - Resource: - Fn::Join: - - "" - - - "arn:aws:s3:::" - - "Ref": "ServerlessDeploymentBucket" - - Effect: Allow - Action: - - ecr:BatchGetImage - - ecr:GetDownloadUrlForLayer - Resource: ["*"] - - ACMCertificate: - Type: "AWS::CertificateManager::Certificate" - Properties: - DomainName: ${self:custom.apiDomain} - DomainValidationOptions: - - DomainName: ${self:custom.apiDomain} - HostedZoneId: ${self:custom.hostedZoneId} - ValidationMethod: DNS - - ApiCloudFrontDistribution: - Type: AWS::CloudFront::Distribution - DeletionPolicy: Delete - Properties: - DistributionConfig: - Enabled: true - PriceClass: PriceClass_100 - HttpVersion: http2 - Comment: Api distribution for ${self:custom.apiDomain} - Origins: - - Id: ApiGateway - DomainName: - !Select [ - 2, - !Split [ - "/", - !GetAtt OssDashnameguardLambdaFunctionUrl.FunctionUrl, - ], - ] - OriginPath: "" - CustomOriginConfig: - HTTPPort: 80 - HTTPSPort: 443 - OriginProtocolPolicy: https-only - OriginSSLProtocols: [TLSv1, TLSv1.1, TLSv1.2] - DefaultCacheBehavior: - TargetOriginId: ApiGateway - ViewerProtocolPolicy: redirect-to-https - Compress: true - DefaultTTL: 0 - AllowedMethods: - - HEAD - - DELETE - - POST - - GET - - OPTIONS - - PUT - - PATCH - CachedMethods: - - HEAD - - OPTIONS - - GET - ForwardedValues: - QueryString: true - Headers: - - Accept - - x-api-key - - Authorization - Cookies: - Forward: none - Aliases: - - ${self:custom.apiDomain} - ViewerCertificate: - SslSupportMethod: sni-only - MinimumProtocolVersion: TLSv1.2_2019 - AcmCertificateArn: !Ref ACMCertificate - ApiRecordSetGroup: - Type: AWS::Route53::RecordSetGroup - DeletionPolicy: Delete - DependsOn: - - ApiCloudFrontDistribution - Properties: - HostedZoneName: ${self:custom.hostedZoneName} - RecordSets: - - Name: ${self:custom.apiDomain} - Type: A - AliasTarget: - HostedZoneId: Z2FDTNDATAQYW2 #default for cloudfront - DNSName: { "Fn::GetAtt": [ApiCloudFrontDistribution, DomainName] } # set the domain of your cloudfront distribution diff --git a/apps/api.nameguard.io/terraform/deploy_lambda.sh b/apps/api.nameguard.io/terraform/deploy_lambda.sh index f336f9518..8ebd61aae 100644 --- a/apps/api.nameguard.io/terraform/deploy_lambda.sh +++ b/apps/api.nameguard.io/terraform/deploy_lambda.sh @@ -198,10 +198,13 @@ if [ ! -f "../Dockerfile" ]; then fi echo "Building Docker image..." -if ! docker build ../ -t nameguard; then +cd ../../../packages/nameguard-python +cp ../../apps/api.nameguard.io/Dockerfile ./Dockerfile +if ! docker build . -t nameguard; then echo "Error: Docker build failed" exit 1 fi +cd ../../apps/api.nameguard.io/terraform echo "Tagging Docker image..." if ! docker tag nameguard:latest ${ECR_URL}:latest; then diff --git a/apps/api.nameguard.io/terraform/modules/lambda_api/main.tf b/apps/api.nameguard.io/terraform/modules/lambda_api/main.tf index e296ba409..b8c04ec3a 100644 --- a/apps/api.nameguard.io/terraform/modules/lambda_api/main.tf +++ b/apps/api.nameguard.io/terraform/modules/lambda_api/main.tf @@ -20,7 +20,7 @@ locals { } resource "aws_iam_role" "iam_for_lambda" { - name = "iam_for_lambda-${var.env}" + name = "nameguard-lambda-role-${var.env}" assume_role_policy = data.aws_iam_policy_document.assume_role.json tags = local.common_tags } @@ -40,7 +40,7 @@ data "aws_iam_policy_document" "lambda_logging" { } resource "aws_iam_policy" "lambda_logging" { - name = "lambda_logging-${var.env}" + name = "nameguard_lambda_logging-${var.env}" path = "/" description = "IAM policy for logging from a lambda" policy = data.aws_iam_policy_document.lambda_logging.json @@ -106,6 +106,8 @@ resource "aws_cloudfront_distribution" "api_distribution" { https_port = 443 origin_protocol_policy = "https-only" origin_ssl_protocols = ["TLSv1.2"] + origin_read_timeout = 60 + origin_keepalive_timeout = 60 } } diff --git a/apps/api.nameguard.io/terraform/variables.tf b/apps/api.nameguard.io/terraform/variables.tf index 3739acf3f..680e0bf9e 100644 --- a/apps/api.nameguard.io/terraform/variables.tf +++ b/apps/api.nameguard.io/terraform/variables.tf @@ -9,7 +9,7 @@ variable "image_uri" { } variable "domain_name" { - description = "Custom domain name for API Gateway" + description = "Custom domain name for API" type = string }