diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index d0a0cd4..0000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,18 +0,0 @@ -# CHANGELOG - -All notable changes to this project will be documented in this file. - -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), -and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - -It is part of the [TRE template repository](https://github.com/nationalarchives/da-tre-template) - -## [0.0.1] - 2023-01-31 - -### Added - -- The keep a change log CHANGELOG - -### Fixed - -- Minor typos diff --git a/README.md b/README.md index 63d2008..d5cdd80 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,14 @@ A 500 response body will be returned if any issues occur when calling the Lambda * numberofrefs parameter isn't an int * any dynamodb Exceptions (key not found, unable to update, etc) +The number of references that can be returned in a single call is limited, because: +* prevent a single call using up all possible references; +* limits to the permitted size of the response. + +Calling clients will need to handle this limit by making multiple calls to retrieve the required number of references if it is greater than the limit. + +The limit is stored here for use by calling clients: [reference_generator_limit](https://github.com/nationalarchives/da-terraform-configurations/blob/main/tdr/main.tf) + ## DynamoDb Table The DynamoDb stores the current counter used for generating unique references. The DynamoDb is encrypted so that it cannot be directly modified via the AWS console or AWS CLI. @@ -33,6 +41,13 @@ Below is an example of what the table looks like: |-------------|------------------| | fileCounter | 6 | +### Security + +The DynamoDb is monitored by a specific set of Cloud Custodian rules: +* `Reference-counter-table-kms-key-check`: Checks if reference counter table encrypted with specific KMS key. +* `Reference-counter-table-pitr-check`: Checks that point in time recovery (PITR) is enabled for reference counter table + +Full details and code are here: [Reference counter custodian rules](https://github.com/nationalarchives/tna-custodian/tree/master/custodian/policies/dynamodb/reference-counter) ## API Gateway @@ -43,6 +58,12 @@ It can be called directly by providing the parameter `numberofrefs={value}` by m The api gateway has a resource policy which restricts which services can call it. +Any new calling clients will need to provide an AWS IAM role which can call the API Gateway and this needs to be added to the API Gateway resource policy. + +## Reference Schema + +TBC + ## Deployment Deployment process of the service will depend on the hosting environment. @@ -100,3 +121,18 @@ It relies on the `da-terraform-configurations` and `da-terraform-modules` projec Commit and push all the changes made in the terraform directory to its GitHub repo, then (in the GitHub repo): Go the Actions tab -> Click ["Apply Terraform and deploy lambda"] -> Click "Run workflow" -> select the branch with the workflow file you want to use -> type the version to deploy -> Click the green "Run worklfow" button + +## Moving to new hosting project + +Should the reference generator service need to be moved to a different hosting project then the following steps will need to be taken: + +***NOTE*** Before the move the current counter value will need to be noted down to ensure the new DynamoDb table is seeded with the correct counter to prevent duplicate references + +* Add relevant Github Actions workflows for the new project to allow testing and deployment +* Update the [da-terraform-configurations](https://github.com/nationalarchives/da-terraform-configurations) repo with the new values for the reference generator service in the relevant project file: + * `reference_generator_limit` + * `reference_generator_intg_url` + * `reference_generator_staging_url` + * `reference_generator_prod_url` +* Ensure the Cloud Custodian rules are implemented for on the new hosting project: [DynamoDb > Security](#security) +* Set up relevant GitHub actions in the new hosting project: [Deployment](#deployment) diff --git a/project/Dependencies.scala b/project/Dependencies.scala index d3f202d..d5f0c7f 100644 --- a/project/Dependencies.scala +++ b/project/Dependencies.scala @@ -6,8 +6,9 @@ object Dependencies { private val testContainersVersion = "0.41.0" lazy val scalaTest = "org.scalatest" %% "scalatest" % "3.2.17" - lazy val awsSdkDynamoDbV2 = "software.amazon.awssdk" % "dynamodb" % "2.21.7" - lazy val awsSdkDynamoDbV1 = "com.amazonaws" % "aws-java-sdk-dynamodb" % "1.12.573" + + lazy val awsSdkDynamoDbV2 = "software.amazon.awssdk" % "dynamodb" % "2.21.12" + lazy val awsSdkDynamoDbV1 = "com.amazonaws" % "aws-java-sdk-dynamodb" % "1.12.578" lazy val lambdaJavaCore = "com.amazonaws" % "aws-lambda-java-core" % "1.2.3" lazy val lambdaJavaEvents = "com.amazonaws" % "aws-lambda-java-events" % "3.11.3" lazy val ocitools = "uk.gov.nationalarchives.oci" % "oci-tools-scala_2.13" % "0.3.0" diff --git a/terraform/da-terraform-modules b/terraform/da-terraform-modules index c65c877..e8322dd 160000 --- a/terraform/da-terraform-modules +++ b/terraform/da-terraform-modules @@ -1 +1 @@ -Subproject commit c65c877a4adf208923c16a0d097848de3b3dbe0b +Subproject commit e8322dd83cd921f609ba366896d110fcae2f83ee