v0.1.19 (#40)

* Adding path to serve back enx logo * Adding dependency * Fixing logo path * fixing enxlogo paths * fixing naming * fixing naming * Fixing log retention and naming in enxproxy path * Addin count metric * Fixing response for enx logo * Fixing response for enx logo * Fixing response for enx logo * Fixing response for enx logo * Fixing response for enx logo * Fixing image handling * Renaming enx path * extending logging data * extending logging data * extending logging data * extending logging data * Adding enx metrics * Fixing string * Fixig duplicate * Fixig filter naming
covidgreen · Feb 2, 2021 · 1293066 · 1293066
1 parent 40f5b48
commit 1293066
Show file tree

Hide file tree

Showing 2 changed files with 129 additions and 2 deletions.
diff --git a/gateway.tf b/gateway.tf
@@ -9,6 +9,7 @@ resource "aws_api_gateway_rest_api" "main" {
   binary_media_types = concat([
     "application/zip",
     "application/octet-stream",
+    "*/*",
   ], var.api_gateway_customizations_binary_types)
 
   endpoint_configuration {
@@ -446,6 +447,75 @@ resource "aws_api_gateway_integration_response" "admin_proxy_any_integration" {
    ]
 }
 
+
+## /enx/{key+}
+resource "aws_api_gateway_resource" "enx_root" {
+  rest_api_id = aws_api_gateway_rest_api.main.id
+  parent_id   = aws_api_gateway_rest_api.main.root_resource_id
+  path_part   = "enx"
+}
+
+resource "aws_api_gateway_resource" "enx_proxy" {
+  rest_api_id = aws_api_gateway_rest_api.main.id
+  parent_id   = aws_api_gateway_resource.enx_root.id
+  path_part   = "{key+}"
+}
+
+resource "aws_api_gateway_method" "enx_proxy_get" {
+  rest_api_id      = aws_api_gateway_rest_api.main.id
+  resource_id      = aws_api_gateway_resource.enx_proxy.id
+  http_method      = "GET"
+  authorization    = "NONE"
+  api_key_required = false
+  request_parameters = {
+    "method.request.path.key" = true
+  }
+}
+
+resource "aws_api_gateway_integration" "enx_proxy_get_integration" {
+  rest_api_id             = aws_api_gateway_rest_api.main.id
+  resource_id             = aws_api_gateway_resource.enx_proxy.id
+  http_method             = aws_api_gateway_method.enx_proxy_get.http_method
+  timeout_milliseconds    = var.api_gateway_timeout_milliseconds
+  integration_http_method = "GET"
+  type                    = "AWS"
+  uri                     = format("arn:aws:apigateway:%s:s3:path/%s/enx/{key}", var.aws_region, aws_s3_bucket.assets.id)
+  credentials             = aws_iam_role.gateway.arn
+  request_parameters = {
+    "integration.request.path.key" = "method.request.path.key",
+  }
+}
+
+resource "aws_api_gateway_method_response" "enx_proxy_get" {
+  rest_api_id = aws_api_gateway_rest_api.main.id
+  resource_id = aws_api_gateway_resource.enx_proxy.id
+  http_method = aws_api_gateway_method.enx_proxy_get.http_method
+  status_code = "200"
+
+  response_parameters = {
+    "method.response.header.Content-Length"            = false,
+    "method.response.header.Content-Type"              = false,
+    "method.response.header.Cache-Control"             = true,
+    "method.response.header.Pragma"                    = true,
+    "method.response.header.Strict-Transport-Security" = true
+  }
+}
+
+resource "aws_api_gateway_integration_response" "enx_proxy_get_integration" {
+  rest_api_id       = aws_api_gateway_rest_api.main.id
+  resource_id       = aws_api_gateway_resource.enx_proxy.id
+  http_method       = aws_api_gateway_method.enx_proxy_get.http_method
+  selection_pattern = aws_api_gateway_method_response.enx_proxy_get.status_code
+  status_code       = aws_api_gateway_method_response.enx_proxy_get.status_code
+  response_parameters = {
+    "method.response.header.Content-Length"            = "integration.response.header.Content-Length",
+    "method.response.header.Content-Type"              = "integration.response.header.Content-Type",
+    "method.response.header.Cache-Control"             = "'no-store'",
+    "method.response.header.Pragma"                    = "'no-cache'",
+    "method.response.header.Strict-Transport-Security" = format("'max-age=%s; includeSubDomains'", var.hsts_max_age)
+  }
+}
+
 ## /api
 resource "aws_api_gateway_resource" "api" {
   rest_api_id = aws_api_gateway_rest_api.main.id
@@ -986,6 +1056,7 @@ resource "aws_api_gateway_deployment" "live" {
     aws_api_gateway_integration.admin_ui_key_get_integration,
     aws_api_gateway_integration.admin_proxy_options_integration,
     aws_api_gateway_integration.admin_proxy_any_integration,
+    aws_api_gateway_integration.enx_proxy_get_integration,
     aws_api_gateway_integration.api_proxy_options_integration,
     aws_api_gateway_integration.api_proxy_any_integration,
     aws_api_gateway_integration.api_settings_get_integration,
@@ -1013,7 +1084,7 @@ resource "aws_api_gateway_stage" "live" {
   stage_name    = "live"
   access_log_settings {
     destination_arn = aws_cloudwatch_log_group.api_gateway.arn
-    format          = "[$context.requestTime] \"$context.httpMethod $context.resourcePath $context.protocol\" $context.status $context.responseLength $context.requestId"
+    format          = "[$context.requestTime] \"$context.httpMethod $context.path $context.protocol\" $context.status [$context.identity.userAgent] $context.responseLength $context.requestId"
   }
 
   lifecycle {
@@ -1023,6 +1094,61 @@ resource "aws_api_gateway_stage" "live" {
   }
 }
 
+resource "aws_cloudwatch_log_metric_filter" "enx_logo_all_filter" {
+  log_group_name = "${module.labels.id}-gw-access-logs"
+  name = "${module.labels.id}-enxlogoall-filter"
+  pattern = "[time ,method = \"*enx/logo*\", statusCode ,agent=\"*CFNetwork*\"]"
+  metric_transformation {
+    name = "enxlogoall"
+    namespace = "ApiGateway"
+    value = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "enx_logo_200_filter" {
+  log_group_name = "${module.labels.id}-gw-access-logs"
+  name = "${module.labels.id}-enxlogo200-filter"
+  pattern = "[time ,method = \"*enx/logo*\", statusCode = 200,agent=\"*CFNetwork*\"]"
+  metric_transformation {
+    name = "enxlogo200"
+    namespace = "ApiGateway"
+    value = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "enx_logo_304_filter" {
+  log_group_name = "${module.labels.id}-gw-access-logs"
+  name = "${module.labels.id}-enxlogo304-filter"
+  pattern = "[time ,method = \"*enx/logo*\", statusCode = 304,agent=\"*CFNetwork*\"]"
+  metric_transformation {
+    name = "enxlogo304"
+    namespace = "ApiGateway"
+    value = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "enx_logo_settings_filter" {
+  log_group_name = "${module.labels.id}-gw-access-logs"
+  name = "${module.labels.id}-enxlogosettings-filter"
+  pattern = "[time ,method = \"*enx/logo*\", statusCode = 200,agent=\"*Settings*CFNetwork*\"]"
+  metric_transformation {
+    name = "enxlogosettings"
+    namespace = "ApiGateway"
+    value = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "enx_logo_enbuddy_filter" {
+  log_group_name = "${module.labels.id}-gw-access-logs"
+  name = "${module.labels.id}-enxlogoenbuddy-filter"
+  pattern = "[time ,method = \"*enx/logo*\", statusCode = 200,agent=\"*HealthENBuddy*CFNetwork*\"]"
+  metric_transformation {
+    name = "enxlogoenbuddy"
+    namespace = "ApiGateway"
+    value = "1"
+  }
+}
+
 resource "aws_api_gateway_method_settings" "settings" {
   rest_api_id = aws_api_gateway_rest_api.main.id
   stage_name  = aws_api_gateway_stage.live.stage_name
@@ -1051,6 +1177,7 @@ resource "aws_api_gateway_authorizer" "main" {
   authorizer_credentials = aws_iam_role.authorizer.arn
 }
 
+
 # #########################################
 # Default Responses
 # #########################################

diff --git a/lambda-self-isolation.tf b/lambda-self-isolation.tf
@@ -26,7 +26,7 @@ module "self_isolation_notices" {
   #Memory and timeout
   memory_size = var.lambda_self_isolation_memory_size
   timeout     = var.lambda_self_isolation_timeout
-
+  log_retention_days = var.logs_retention_days
   security_group_ids = [module.lambda_sg.id]
   subnet_ids         = module.vpc.private_subnets