bcgov / quickstart-aws-serverless Goto Github PK

View Code? Open in Web Editor NEW

1.0 5.0 0.0 1.69 MB

sample project to use for aws serverless deployment

License: Apache License 2.0

HCL 38.81% HTML 0.91% JavaScript 0.79% Groovy 27.25% Vue 11.25% CSS 6.57% TypeScript 12.56% Sass 0.52% Go 1.34%

bcgov bcgov-wlrs aws flnr wlrs serverless

quickstart-aws-serverless's Introduction

Serverless Architecture

startup-sample-project-aws-serverless-OIDC

Lambda serverless app meant to accelerate teams onboarding to the BC Gov SEA AWS space. This repository use Github OpenID Connect to authenticate directly to AWS assuming an IAM role.

Authentication architecture

Setup

Fork this repo
Enable github actions

Github Secrets

you'll need to add two github secrets:

LICENCEPLATE is the 6 character licensecho "x"e plate associated with your project set e.g. abc123
S3_BACKEND_NAME is the name of the S3 Bucket name used to store the Terraform state.
TERRAFORM_DEPLOY_ROLE_ARN This is the ARN of IAM Role used to deploy resources through the Github action authenticate with the GitHub OpenID Connect. You also need to link that role to the correct IAM Policy.
- To access the TERRAFORM_DEPLOY_ROLE_ARN you need to create it beforehand manually. To create it you need can use this example of thrust relationship :
- The minimal access policy can be found here

{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Principal": {
              "Federated": "arn:aws:iam::<accound_id>:oidc-provider/token.actions.githubusercontent.com"
          },
          "Action": "sts:AssumeRoleWithWebIdentity",
          "Condition": {
              "StringLike": {
                  "token.actions.githubusercontent.com:sub": "repo:<Github_organization>/<repo_name>:ref:refs/heads/<Your_branch>"
              },
              "ForAllValues:StringEquals": {
                  "token.actions.githubusercontent.com:iss": "https://token.actions.githubusercontent.com",
                  "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
              }
          }
      }
  ]
}

Once the app has been built, you should be able to log into AWS with your IDIR account (2FA). Once in AWS search for Cloudfront and then click on Distributions (If you can not see it click the hamburger on the top left corner). The Distributions dashboard shows the Domain name, you can use that domain name to interact with you app.

Pipeline

The github actions will trigger on a pull request creation and merge.

Creating a pull request will run a terraform plan and outline everything that will be deployed into your AWS accounts, but will not create anything.
Merging into main will run a terraform apply and your AWS assets will be deployed into your dev and sandbox accounts.

NOTE: make sure you are creating pull requests/ merging within your fork

Testing

For how to use the test associated to this project, please check the README file under functional-tests

Testing Thanks

Thanks to BrowserStack for Testing Tool support via OpenSource Licensing

quickstart-aws-serverless's People

Contributors

Stargazers

Watchers

quickstart-aws-serverless's Issues

look at localstack for serverless work

https://github.com/localstack/localstack

Add project lifecycle badge

No Project Lifecycle Badge found in your readme!

Hello! I scanned your readme and could not find a project lifecycle badge. A project lifecycle badge will provide contributors to your project as well as other stakeholders (platform services, executive) insight into the lifecycle of your repository.

What is a Project Lifecycle Badge?

It is a simple image that neatly describes your project's stage in its lifecycle. More information can be found in the project lifecycle badges documentation.

What do I need to do?

I suggest you make a PR into your README.md and add a project lifecycle badge near the top where it is easy for your users to pick it up :). Once it is merged feel free to close this issue. I will not open up a new one :)

Create A lambda handler in Go Lang and Expose it through API Gateway

Basic PR pipeline

Access and build a first-pass pipeline. Ideally it will handle PR-isolated deployment, but there could be cost issues. Very TBD.

create basic terraform and terragrunt pipeline

Add missing topics

TL;DR

Topics greatly improve the discoverability of repos; please add the short code from the table below to the topics of your repo so that ministries can use GitHub's search to find out what repos belong to them and other visitors can find useful content (and reuse it!).

Why Topic

In short order we'll add our 800th repo. This large number clearly demonstrates the success of using GitHub and our Open Source initiative. This huge success means it's critical that we work to make our content as discoverable as possible. Through discoverability, we promote code reuse across a large decentralized organization like the Government of British Columbia as well as allow ministries to find the repos they own.

What to do

Below is a table of abbreviation a.k.a short codes for each ministry; they're the ones used in all @gov.bc.ca email addresses. Please add the short codes of the ministry or organization that "owns" this repo as a topic.

That's it, you're done!!!

How to use

Once topics are added, you can use them in GitHub's search. For example, enter something like org:bcgov topic:citz to find all the repos that belong to Citizens' Services. You can refine this search by adding key words specific to a subject you're interested in. To learn more about searching through repos check out GitHub's doc on searching.

Pro Tip 🤓

If your org is not in the list below, or the table contains errors, please create an issue here.
While you're doing this, add additional topics that would help someone searching for "something". These can be the language used javascript or R; something like opendata or data for data only repos; or any other key words that are useful.
Add a meaningful description to your repo. This is hugely valuable to people looking through our repositories.
If your application is live, add the production URL.

Ministry Short Codes

Short Code	Organization Name
AEST	Advanced Education, Skills & Training
AGRI	Agriculture
ALC	Agriculture Land Commission
AG	Attorney General
MCF	Children & Family Development
CITZ	Citizens' Services
DBC	Destination BC
EMBC	Emergency Management BC
EAO	Environmental Assessment Office
EDUC	Education
EMPR	Energy, Mines & Petroleum Resources
ENV	Environment & Climate Change Strategy
FIN	Finance
FLNR	Forests, Lands, Natural Resource Operations & Rural Development
HLTH	Health
IRR	Indigenous Relations & Reconciliation
JEDC	Jobs, Economic Development & Competitiveness
LBR	Labour Policy & Legislation
LDB	BC Liquor Distribution Branch
MMHA	Mental Health & Addictions
MAH	Municipal Affairs & Housing
BCPC	Pension Corporation
PSA	Public Service Agency
PSSG	Public Safety and Solicitor General
SDPR	Social Development & Poverty Reduction
TCA	Tourism, Arts & Culture
TRAN	Transportation & Infrastructure

NOTE See an error or omission? Please create an issue here to get it remedied.

Lets use common phrasing

TL;DR 🏎️

Teams are encouraged to favour modern inclusive phrasing both in their communication as well as in any source checked into their repositories. You'll find a table at the end of this text with preferred phrasing to socialize with your team.

Words Matter

We're aligning our development community to favour inclusive phrasing for common technical expressions. There is a table below that outlines the phrases that are being retired along with the preferred alternatives.

During your team scrum, technical meetings, documentation, the code you write, etc. use the inclusive phrasing from the table below. That's it - it really is that easy.

For the curious mind, the Public Service Agency (PSA) has published a guide describing how Words Matter in our daily communication. Its an insightful read and a good reminder to be curious and open minded.

What about the master branch?

The word "master" is not inherently bad or non-inclusive. For example people get a masters degree; become a master of their craft; or master a skill. It's generally when the word "master" is used along side the word "slave" that it becomes non-inclusive.

Some teams choose to use the word main for the default branch of a repo as opposed to the more commonly used master branch. While it's not required or recommended, your team is empowered to do what works for them. If you do rename the master branch consider using main so that we have consistency among the repos within our organization.

Preferred Phrasing

Non-Inclusive		Inclusive
Whitelist	=>	Allowlist
Blacklist	=>	Denylist
Master / Slave	=>	Leader / Follower; Primary / Standby; etc
Grandfathered	=>	Legacy status
Sanity check	=>	Quick check; Confidence check; etc
Dummy value	=>	Placeholder value; Sample value; etc

Pro Tip 🤓

This list is not comprehensive. If you're aware of other outdated nomenclature please create an issue (PR preferred) with your suggestion.

bcgov / quickstart-aws-serverless Goto Github PK

quickstart-aws-serverless's Introduction

Serverless Architecture

startup-sample-project-aws-serverless-OIDC

Authentication architecture

Setup

Github Secrets

Pipeline

Testing

Testing Thanks

quickstart-aws-serverless's People

Contributors

Stargazers

Watchers

quickstart-aws-serverless's Issues

No Project Lifecycle Badge found in your readme!

What is a Project Lifecycle Badge?

What do I need to do?

TL;DR

Why Topic

What to do

How to use

Pro Tip 🤓

Ministry Short Codes

TL;DR 🏎️

Words Matter

What about the master branch?

Preferred Phrasing

Pro Tip 🤓

Recommend Projects

Recommend Topics

Recommend Org

Jobs