feat: fetch the list of OFAC blocked countries from GitHub variables (#…

…153)
WalletConnect · Oct 30, 2023 · e2bddda · e2bddda
1 parent 0a117a1
commit e2bddda
Show file tree

Hide file tree

Showing 9 changed files with 24 additions and 8 deletions.
diff --git a/.github/workflows/sub-infra-apply.yml b/.github/workflows/sub-infra-apply.yml
@@ -79,6 +79,7 @@ jobs:
         id: configure-tfvars
         working-directory: ${{ vars.TF_DIRECTORY }}
         run: |
+          echo 'ofac_blocked_countries="${{ vars.OFAC_BLOCKED_COUNTRIES }}"' >> plan.auto.tfvars
           echo 'image_version="${{ inputs.version }}"' >> plan.auto.tfvars
           echo 'grafana_auth="${{ steps.grafana-get-key.outputs.key }}"' >> plan.auto.tfvars
 

diff --git a/.github/workflows/sub-infra-plan.yml b/.github/workflows/sub-infra-plan.yml
@@ -83,6 +83,7 @@ jobs:
       - name: Configure Terraform Variables
         working-directory: ${{ vars.TF_DIRECTORY }}
         run: |
+          echo 'ofac_blocked_countries="${{ vars.OFAC_BLOCKED_COUNTRIES }}"' >> plan.auto.tfvars
           echo 'image_version="${{ inputs.version }}"' >> plan.auto.tfvars
           echo 'grafana_auth="${{ steps.grafana-get-key.outputs.key }}"' >> plan.auto.tfvars
 

diff --git a/terraform/README.md b/terraform/README.md
@@ -26,7 +26,7 @@ Now you can apply the changes:
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.12.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.17.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | 3.5.1 |
 | <a name="provider_terraform"></a> [terraform](#provider\_terraform) | n/a |
 ## Modules
@@ -48,6 +48,7 @@ Now you can apply the changes:
 |------|-------------|------|---------|:--------:|
 | <a name="input_betterstack_cloudwatch_webhook"></a> [betterstack\_cloudwatch\_webhook](#input\_betterstack\_cloudwatch\_webhook) | The BetterStack webhook to send CloudWatch alerts to |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_betterstack_prometheus_webhook"></a> [betterstack\_prometheus\_webhook](#input\_betterstack\_prometheus\_webhook) | The BetterStack webhook to send Prometheus alerts to |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
+| <a name="input_geoip_db_key"></a> [geoip\_db\_key](#input\_geoip\_db\_key) | The name to the GeoIP database |  <pre lang="json">string</pre> |  <pre lang="json">"GeoLite2-City.mmdb"</pre> |  no |
 | <a name="input_grafana_auth"></a> [grafana\_auth](#input\_grafana\_auth) | The API Token for the Grafana instance |  <pre lang="json">string</pre> |  <pre lang="json">""</pre> |  no |
 | <a name="input_image_version"></a> [image\_version](#input\_image\_version) | The version of the image to deploy |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_keystore_primary_instance_class"></a> [keystore\_primary\_instance\_class](#input\_keystore\_primary\_instance\_class) | The instance class of the primary docdb instances |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
@@ -56,6 +57,7 @@ Now you can apply the changes:
 | <a name="input_keystore_replica_instance_count"></a> [keystore\_replica\_instance\_count](#input\_keystore\_replica\_instance\_count) | The number of replica docdb instances to deploy |  <pre lang="json">number</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_log_level"></a> [log\_level](#input\_log\_level) | Defines logging level for the application |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_notification_channels"></a> [notification\_channels](#input\_notification\_channels) | The notification channels to send alerts to |  <pre lang="json">list(any)</pre> |  <pre lang="json">[]</pre> |  no |
+| <a name="input_ofac_blocked_countries"></a> [ofac\_blocked\_countries](#input\_ofac\_blocked\_countries) | The list of countries to block |  <pre lang="json">string</pre> |  <pre lang="json">""</pre> |  no |
 ## Outputs
 
 No outputs.

diff --git a/terraform/ecs/README.md b/terraform/ecs/README.md
@@ -31,11 +31,14 @@ This module creates an ECS cluster and an autoscaling group of EC2 instances to
 | <a name="input_allowed_lb_ingress_cidr_blocks"></a> [allowed\_lb\_ingress\_cidr\_blocks](#input\_allowed\_lb\_ingress\_cidr\_blocks) | A list of CIDR blocks to allow ingress access to the load-balancer. |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes and tags, which are merged. |  <pre lang="json">any</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_ecr_repository_url"></a> [ecr\_repository\_url](#input\_ecr\_repository\_url) | The URL of the ECR repository where the app image is stored |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
+| <a name="input_geoip_db_bucket_name"></a> [geoip\_db\_bucket\_name](#input\_geoip\_db\_bucket\_name) | The name of the S3 bucket where the GeoIP database is stored |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
+| <a name="input_geoip_db_key"></a> [geoip\_db\_key](#input\_geoip\_db\_key) | The key of the GeoIP database in the S3 bucket |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_image_version"></a> [image\_version](#input\_image\_version) | The version of the app image to deploy |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_keystore_addr"></a> [keystore\_addr](#input\_keystore\_addr) | The address of the MongoDB instance to use for the persistent keystore |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_log_level"></a> [log\_level](#input\_log\_level) | Defines logging level for the application |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_max_capacity"></a> [max\_capacity](#input\_max\_capacity) | Maximum number of instances in the autoscaling group |  <pre lang="json">number</pre> |  <pre lang="json">8</pre> |  no |
 | <a name="input_min_capacity"></a> [min\_capacity](#input\_min\_capacity) | Minimum number of instances in the autoscaling group |  <pre lang="json">number</pre> |  <pre lang="json">2</pre> |  no |
+| <a name="input_ofac_blocked_countries"></a> [ofac\_blocked\_countries](#input\_ofac\_blocked\_countries) | The list of countries to block |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_port"></a> [port](#input\_port) | The port the app listens on |  <pre lang="json">number</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_private_subnets"></a> [private\_subnets](#input\_private\_subnets) | The IDs of the private subnets to deploy to |  <pre lang="json">list(string)</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_prometheus_endpoint"></a> [prometheus\_endpoint](#input\_prometheus\_endpoint) | The endpoint of the Prometheus server to use for monitoring |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |

diff --git a/terraform/ecs/cluster.tf b/terraform/ecs/cluster.tf
@@ -81,7 +81,7 @@ resource "aws_ecs_task_definition" "app_task" {
         { "name" = "GEOIP_DB_BUCKET", "value" = var.geoip_db_bucket_name },
         { "name" = "GEOIP_DB_KEY", "value" = var.geoip_db_key },
 
-        { "name" = "BLOCKED_COUNTRIES", "value" = "KP,IR,CU,SY" },
+        { "name" = "BLOCKED_COUNTRIES", "value" = var.ofac_blocked_countries },
       ],
 
       portMappings = [

diff --git a/terraform/ecs/variables.tf b/terraform/ecs/variables.tf
@@ -91,6 +91,11 @@ variable "log_level" {
   type        = string
 }
 
+variable "ofac_blocked_countries" {
+  description = "The list of countries to block"
+  type        = string
+}
+
 #---------------------------------------
 # Monitoring
 

diff --git a/terraform/monitoring/README.md b/terraform/monitoring/README.md
@@ -38,9 +38,7 @@ Configure the Grafana dashboards for the application
 | <a name="input_prometheus_endpoint"></a> [prometheus\_endpoint](#input\_prometheus\_endpoint) | The endpoint for the Prometheus server. |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 ## Outputs
 
-| Name | Description |
-|------|-------------|
-| <a name="output_dashboard_definition"></a> [dashboard\_definition](#output\_dashboard\_definition) | The JSON definition of the dashboard. |
+No outputs.
 
 
 <!-- END_TF_DOCS -->
diff --git a/terraform/res_application.tf b/terraform/res_application.tf
@@ -27,9 +27,10 @@ module "ecs" {
   allowed_lb_ingress_cidr_blocks  = module.vpc.vpc_cidr_block
 
   # Application
-  port          = 8080
-  keystore_addr = module.keystore.connection_url
-  log_level     = var.log_level
+  port                   = 8080
+  keystore_addr          = module.keystore.connection_url
+  log_level              = var.log_level
+  ofac_blocked_countries = var.ofac_blocked_countries
 
   # Monitoring
   prometheus_endpoint = aws_prometheus_workspace.prometheus.prometheus_endpoint

diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -31,6 +31,11 @@ variable "log_level" {
   type        = string
 }
 
+variable "ofac_blocked_countries" {
+  description = "The list of countries to block"
+  type        = string
+  default     = ""
+}
 
 #-------------------------------------------------------------------------------
 # Keystore