DEV Community: Sandeep Yaramchitti The latest articles on DEV Community by Sandeep Yaramchitti (@sandeepkumaryaramchitti). https://dev.to/sandeepkumaryaramchitti https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F667357%2Fa5fd777a-c100-43b5-8f40-be551b2eb519.JPG DEV Community: Sandeep Yaramchitti https://dev.to/sandeepkumaryaramchitti en Building a Unified Notification System with GitHub Actions Sandeep Yaramchitti Sun, 06 Aug 2023 20:26:12 +0000 https://dev.to/sandeepkumaryaramchitti/building-a-unified-notification-system-with-github-actions-n3a https://dev.to/sandeepkumaryaramchitti/building-a-unified-notification-system-with-github-actions-n3a <p>Explore the power of GitHub actions actions by integrating with multiple notification services including Slack, Chime, Teams, AWS SNS and more..</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--c7oqwdc9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/amadrbqn5g7uuyaobkc6.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--c7oqwdc9--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/amadrbqn5g7uuyaobkc6.png" alt="Image description" width="795" height="475"></a></p> <h2> Introduction </h2> <p>In this blog, we will explore the process of building a GitHub actions for notifications services to publish actions workflow execution results for Slack, Discord, Teams, Chime, SNS. Also, I will share the steps to publish this to Github Actions market place.</p> <p>You can find this action available in Github Actions Market place</p> <p><strong>Uninotify Actions Marketplace</strong>: <a href="https://github.com/marketplace/actions/uninotify">https://github.com/marketplace/actions/uninotify</a></p> <p><strong>GitHub Repo</strong>: <a href="https://github.com/OSCloudysky/UniNotify">https://github.com/OSCloudysky/UniNotify</a></p> <h2> The Magic of GitHub Actions </h2> <p>GitHub Actions is an API for cause and effect on GitHub. You can orchestrate any workflow, based on any event, while GitHub manages the execution, provides rich feedback, and secures every step along the way.</p> <h2> The Power of Unified Notifications </h2> <p>The idea behind this implementation is to ability to use an action in any actions workflow to publish execution details to several notification services as shown in the diagram. Notification plays a big role in the CI/CD process and this allows teams to focus on building their workflow efficiently and not worry about integrations to their notification services.</p> <h2> Diving into the Implementation </h2> <p>The first step was to set up GitHub Actions repo and I have used the following template to bootstrap my github actions. This is highly recommended if you are planning to build custom actions using Typescript.</p> <p><strong>Actions Typescript github template</strong>: <a href="https://github.com/actions/typescript-action">https://github.com/actions/typescript-action</a></p> <p>Please find the repo link for my custom action to publish messages to multiple notification services. I have created a custom action in TypeScript that utilizes Octokit, a GitHub REST API client, to fetch details about the workflow, commit, and repository etc. UniNotify action is responsible to format the message including details such as workflow name, event name, run URL, commit messages etc. I have included support to send default messages and as part of next release, you will have the ability to send custom messages as well.</p> <p><strong>UniNotify repo</strong> : <a href="https://github.com/OSCloudysky/UniNotify">https://github.com/OSCloudysky/UniNotify</a></p> <p>Now, let’s dive into how this works and here is the entry point for the Action in main.ts file. As you can see here, it leverages Octokit, GitHub REST API Client. to fetch details about workflow, commit, and repo etc.</p> <p>Then, it basically calls respective services which I have created as each component for better code management and reusable code.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">core</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@actions/core</span><span class="dl">'</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">github</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@actions/github</span><span class="dl">'</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">service</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./services</span><span class="dl">'</span> <span class="k">import</span> <span class="p">{</span><span class="nx">Octokit</span><span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@octokit/rest</span><span class="dl">'</span> <span class="k">import</span> <span class="nx">fetch</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">node-fetch</span><span class="dl">'</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">run</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">messageType</span> <span class="o">=</span> <span class="nx">core</span><span class="p">.</span><span class="nx">getInput</span><span class="p">(</span><span class="dl">'</span><span class="s1">messageType</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">githubToken</span> <span class="o">=</span> <span class="nx">core</span><span class="p">.</span><span class="nx">getInput</span><span class="p">(</span><span class="dl">'</span><span class="s1">githubToken</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// Get more details information of the job</span> <span class="kd">const</span> <span class="nx">context</span> <span class="o">=</span> <span class="nx">github</span><span class="p">.</span><span class="nx">context</span> <span class="kd">const</span> <span class="nx">octokit</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Octokit</span><span class="p">({</span><span class="na">auth</span><span class="p">:</span> <span class="s2">`token </span><span class="p">${</span><span class="nx">githubToken</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="na">request</span><span class="p">:</span> <span class="p">{</span><span class="nx">fetch</span><span class="p">}})</span> <span class="kd">const</span> <span class="nx">commit</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">octokit</span><span class="p">.</span><span class="nx">repos</span><span class="p">.</span><span class="nx">getCommit</span><span class="p">({</span> <span class="na">owner</span><span class="p">:</span> <span class="nx">context</span><span class="p">.</span><span class="nx">repo</span><span class="p">.</span><span class="nx">owner</span><span class="p">,</span> <span class="na">repo</span><span class="p">:</span> <span class="nx">context</span><span class="p">.</span><span class="nx">repo</span><span class="p">.</span><span class="nx">repo</span><span class="p">,</span> <span class="na">ref</span><span class="p">:</span> <span class="nx">context</span><span class="p">.</span><span class="nx">sha</span> <span class="p">})</span> <span class="kd">const</span> <span class="nx">runUrl</span> <span class="o">=</span> <span class="s2">`https://github.com/</span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">repo</span><span class="p">.</span><span class="nx">owner</span><span class="p">}</span><span class="s2">/</span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">repo</span><span class="p">.</span><span class="nx">repo</span><span class="p">}</span><span class="s2">/actions/runs/</span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">runId</span><span class="p">}</span><span class="s2">`</span> <span class="kd">const</span> <span class="nx">message</span> <span class="o">=</span> <span class="s2">` Workflow Name: </span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">workflow</span><span class="p">}</span><span class="s2"> Event: </span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">eventName</span><span class="p">}</span><span class="s2"> Run URL: </span><span class="p">${</span><span class="nx">runUrl</span><span class="p">}</span><span class="s2"> Triggered By: </span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">actor</span><span class="p">}</span><span class="s2"> Commit URL: https://github.com/</span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">repo</span><span class="p">.</span><span class="nx">owner</span><span class="p">}</span><span class="s2">/</span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">repo</span><span class="p">.</span><span class="nx">repo</span><span class="p">}</span><span class="s2">/commit/</span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">sha</span><span class="p">}</span><span class="s2"> Commit Message: </span><span class="p">${</span><span class="nx">commit</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">commit</span><span class="p">.</span><span class="nx">message</span><span class="p">}</span><span class="s2"> `</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">core</span><span class="p">.</span><span class="nx">getInput</span><span class="p">(</span><span class="dl">'</span><span class="s1">slackToken</span><span class="dl">'</span><span class="p">)</span> <span class="k">if</span> <span class="p">(</span><span class="nx">messageType</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">slack</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">service</span><span class="p">.</span><span class="nx">sendSlackMessage</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">context</span><span class="p">,</span> <span class="nx">commit</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="nx">messageType</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">discord</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">webhookUrl</span> <span class="o">=</span> <span class="nx">core</span><span class="p">.</span><span class="nx">getInput</span><span class="p">(</span><span class="dl">'</span><span class="s1">discordWebhookUrl</span><span class="dl">'</span><span class="p">)</span> <span class="k">await</span> <span class="nx">service</span><span class="p">.</span><span class="nx">sendDiscordMessage</span><span class="p">(</span><span class="nx">webhookUrl</span><span class="p">,</span> <span class="nx">context</span><span class="p">,</span> <span class="nx">commit</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="nx">messageType</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">chime</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">webhookUrl</span> <span class="o">=</span> <span class="nx">core</span><span class="p">.</span><span class="nx">getInput</span><span class="p">(</span><span class="dl">'</span><span class="s1">chimeWebhookUrl</span><span class="dl">'</span><span class="p">)</span> <span class="k">await</span> <span class="nx">service</span><span class="p">.</span><span class="nx">sendChimeMessage</span><span class="p">(</span><span class="nx">webhookUrl</span><span class="p">,</span> <span class="nx">context</span><span class="p">,</span> <span class="nx">commit</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="nx">messageType</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">teams</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">webhookUrl</span> <span class="o">=</span> <span class="nx">core</span><span class="p">.</span><span class="nx">getInput</span><span class="p">(</span><span class="dl">'</span><span class="s1">teamsWebhookUrl</span><span class="dl">'</span><span class="p">)</span> <span class="k">await</span> <span class="nx">service</span><span class="p">.</span><span class="nx">sendTeamsMessage</span><span class="p">(</span><span class="nx">webhookUrl</span><span class="p">,</span> <span class="nx">message</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="nx">messageType</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">sns</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">core</span><span class="p">.</span><span class="nx">info</span><span class="p">(</span><span class="dl">'</span><span class="s1">Sending SNS message</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">snsParams</span> <span class="o">=</span> <span class="p">{</span> <span class="na">awsAccessKeyId</span><span class="p">:</span> <span class="nx">core</span><span class="p">.</span><span class="nx">getInput</span><span class="p">(</span><span class="dl">'</span><span class="s1">awsAccessKeyId</span><span class="dl">'</span><span class="p">),</span> <span class="na">awsSecretAccessKey</span><span class="p">:</span> <span class="nx">core</span><span class="p">.</span><span class="nx">getInput</span><span class="p">(</span><span class="dl">'</span><span class="s1">awsSecretAccessKey</span><span class="dl">'</span><span class="p">),</span> <span class="na">awsRegion</span><span class="p">:</span> <span class="nx">core</span><span class="p">.</span><span class="nx">getInput</span><span class="p">(</span><span class="dl">'</span><span class="s1">awsRegion</span><span class="dl">'</span><span class="p">),</span> <span class="na">snsTopicArn</span><span class="p">:</span> <span class="nx">core</span><span class="p">.</span><span class="nx">getInput</span><span class="p">(</span><span class="dl">'</span><span class="s1">snsTopicArn</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="p">(</span> <span class="nx">snsParams</span><span class="p">.</span><span class="nx">awsAccessKeyId</span> <span class="o">&amp;&amp;</span> <span class="nx">snsParams</span><span class="p">.</span><span class="nx">awsSecretAccessKey</span> <span class="o">&amp;&amp;</span> <span class="nx">snsParams</span><span class="p">.</span><span class="nx">awsRegion</span> <span class="o">&amp;&amp;</span> <span class="nx">snsParams</span><span class="p">.</span><span class="nx">snsTopicArn</span> <span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">service</span><span class="p">.</span><span class="nx">sendSNSMessage</span><span class="p">(</span><span class="nx">context</span><span class="p">,</span> <span class="nx">commit</span><span class="p">,</span> <span class="nx">snsParams</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">core</span><span class="p">.</span><span class="nx">setFailed</span><span class="p">(</span> <span class="dl">'</span><span class="s1">Unsupported messageType. Supported types are "slack" and "discord"</span><span class="dl">'</span> <span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">error</span> <span class="k">instanceof</span> <span class="nb">Error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">core</span><span class="p">.</span><span class="nx">setFailed</span><span class="p">(</span><span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">core</span><span class="p">.</span><span class="nx">setFailed</span><span class="p">(</span><span class="s2">`Unexpected error: </span><span class="p">${</span><span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">(</span><span class="nx">error</span><span class="p">)}</span><span class="s2">`</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">run</span><span class="p">()</span> </code></pre> </div> <p>Let’s look at one of the service and we will pick Slack for reference. Slack integration is done by token and you will find few more services that work with Webhook Urls to publish messages.</p> <p>Here in slack service, I am basically defining the type for Context and Commit data that I am using. Slack offers a nice library to publish messages and i have used embedded content to set a style for the message.</p> <blockquote> <p>Prior to this, follow the Slack documentation on how to create new slack app and create bot user with token <a href="https://api.slack.com/apps">here</a><br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span><span class="nx">WebClient</span><span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@slack/web-api</span><span class="dl">'</span> <span class="kd">type</span> <span class="nx">Context</span> <span class="o">=</span> <span class="p">{</span> <span class="na">workflow</span><span class="p">:</span> <span class="kr">string</span> <span class="na">eventName</span><span class="p">:</span> <span class="kr">string</span> <span class="na">runId</span><span class="p">:</span> <span class="kr">number</span> <span class="na">actor</span><span class="p">:</span> <span class="kr">string</span> <span class="na">sha</span><span class="p">:</span> <span class="kr">string</span> <span class="na">repo</span><span class="p">:</span> <span class="p">{</span> <span class="na">owner</span><span class="p">:</span> <span class="kr">string</span> <span class="na">repo</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">type</span> <span class="nx">Commit</span> <span class="o">=</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">commit</span><span class="p">:</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">sendSlackMessage</span><span class="p">(</span> <span class="nx">token</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">context</span><span class="p">:</span> <span class="nx">Context</span><span class="p">,</span> <span class="nx">commit</span><span class="p">:</span> <span class="nx">Commit</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// Styling the message</span> <span class="kd">const</span> <span class="nx">runUrl</span> <span class="o">=</span> <span class="s2">`https://github.com/</span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">repo</span><span class="p">.</span><span class="nx">owner</span><span class="p">}</span><span class="s2">/</span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">repo</span><span class="p">.</span><span class="nx">repo</span><span class="p">}</span><span class="s2">/actions/runs/</span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">runId</span><span class="p">}</span><span class="s2">`</span> <span class="kd">const</span> <span class="nx">message</span> <span class="o">=</span> <span class="p">{</span> <span class="na">text</span><span class="p">:</span> <span class="dl">'</span><span class="s1">GitHub Actions Workflow Execution Details</span><span class="dl">'</span><span class="p">,</span> <span class="na">blocks</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">divider</span><span class="dl">'</span> <span class="c1">// divider at the top</span> <span class="p">},</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">section</span><span class="dl">'</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">mrkdwn</span><span class="dl">'</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="s2">`*Workflow Name:* </span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">workflow</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">section</span><span class="dl">'</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">mrkdwn</span><span class="dl">'</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="s2">`*Event:* </span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">eventName</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">section</span><span class="dl">'</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">mrkdwn</span><span class="dl">'</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="s2">`*Run URL:* &lt;</span><span class="p">${</span><span class="nx">runUrl</span><span class="p">}</span><span class="s2">&gt;`</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">section</span><span class="dl">'</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">mrkdwn</span><span class="dl">'</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="s2">`*Triggered By:* </span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">actor</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">section</span><span class="dl">'</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">mrkdwn</span><span class="dl">'</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="s2">`*Commit URL:* &lt;https://github.com/</span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">repo</span><span class="p">.</span><span class="nx">owner</span><span class="p">}</span><span class="s2">/</span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">repo</span><span class="p">.</span><span class="nx">repo</span><span class="p">}</span><span class="s2">/commit/</span><span class="p">${</span><span class="nx">context</span><span class="p">.</span><span class="nx">sha</span><span class="p">}</span><span class="s2">&gt;`</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">section</span><span class="dl">'</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">mrkdwn</span><span class="dl">'</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="s2">`*Commit Message:* </span><span class="p">${</span><span class="nx">commit</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">commit</span><span class="p">.</span><span class="nx">message</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">divider</span><span class="dl">'</span> <span class="c1">// divider at the top</span> <span class="p">}</span> <span class="p">]</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">web</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">WebClient</span><span class="p">(</span><span class="nx">token</span><span class="p">)</span> <span class="k">await</span> <span class="nx">web</span><span class="p">.</span><span class="nx">chat</span><span class="p">.</span><span class="nx">postMessage</span><span class="p">({</span> <span class="na">channel</span><span class="p">:</span> <span class="dl">'</span><span class="s1">#general</span><span class="dl">'</span><span class="p">,</span> <span class="na">text</span><span class="p">:</span> <span class="nx">message</span><span class="p">.</span><span class="nx">text</span><span class="p">,</span> <span class="na">blocks</span><span class="p">:</span> <span class="nx">message</span><span class="p">.</span><span class="nx">blocks</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>You will also need to define the input fields in action.yml file and here is a code snippet for the entire yml to support all the notification services listed above.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Uninotify'</span> <span class="na">description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Send</span><span class="nv"> </span><span class="s">notification</span><span class="nv"> </span><span class="s">to</span><span class="nv"> </span><span class="s">all</span><span class="nv"> </span><span class="s">messaging</span><span class="nv"> </span><span class="s">platforms'</span> <span class="na">author</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Sandeep</span><span class="nv"> </span><span class="s">Yaramchitti'</span> <span class="na">inputs</span><span class="pi">:</span> <span class="na">githubToken</span><span class="pi">:</span> <span class="na">description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Github</span><span class="nv"> </span><span class="s">API</span><span class="nv"> </span><span class="s">token'</span> <span class="na">required</span><span class="pi">:</span> <span class="no">true</span> <span class="na">slackToken</span><span class="pi">:</span> <span class="na">description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Slack</span><span class="nv"> </span><span class="s">API</span><span class="nv"> </span><span class="s">token'</span> <span class="na">required</span><span class="pi">:</span> <span class="no">false</span> <span class="na">messageType</span><span class="pi">:</span> <span class="na">description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Type</span><span class="nv"> </span><span class="s">of</span><span class="nv"> </span><span class="s">message</span><span class="nv"> </span><span class="s">to</span><span class="nv"> </span><span class="s">send</span><span class="nv"> </span><span class="s">(slack,</span><span class="nv"> </span><span class="s">teams,</span><span class="nv"> </span><span class="s">chime)'</span> <span class="na">required</span><span class="pi">:</span> <span class="no">true</span> <span class="na">message</span><span class="pi">:</span> <span class="na">description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Message</span><span class="nv"> </span><span class="s">to</span><span class="nv"> </span><span class="s">send'</span> <span class="na">required</span><span class="pi">:</span> <span class="no">false</span> <span class="na">discordWebhookUrl</span><span class="pi">:</span> <span class="na">description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Webhook</span><span class="nv"> </span><span class="s">URL</span><span class="nv"> </span><span class="s">for</span><span class="nv"> </span><span class="s">discord'</span> <span class="na">required</span><span class="pi">:</span> <span class="no">false</span> <span class="na">chimeWebhookUrl</span><span class="pi">:</span> <span class="na">description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Webhook</span><span class="nv"> </span><span class="s">URL</span><span class="nv"> </span><span class="s">for</span><span class="nv"> </span><span class="s">chime'</span> <span class="na">required</span><span class="pi">:</span> <span class="no">false</span> <span class="na">teamsWebhookUrl</span><span class="pi">:</span> <span class="na">description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Webhook</span><span class="nv"> </span><span class="s">URL</span><span class="nv"> </span><span class="s">for</span><span class="nv"> </span><span class="s">teams'</span> <span class="na">required</span><span class="pi">:</span> <span class="no">false</span> <span class="na">awsAccessKeyId</span><span class="pi">:</span> <span class="na">description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">AWS</span><span class="nv"> </span><span class="s">Access</span><span class="nv"> </span><span class="s">Key</span><span class="nv"> </span><span class="s">ID'</span> <span class="na">required</span><span class="pi">:</span> <span class="no">false</span> <span class="na">awsSecretAccessKey</span><span class="pi">:</span> <span class="na">description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">AWS</span><span class="nv"> </span><span class="s">Secret</span><span class="nv"> </span><span class="s">Access</span><span class="nv"> </span><span class="s">Key'</span> <span class="na">required</span><span class="pi">:</span> <span class="no">false</span> <span class="na">awsRegion</span><span class="pi">:</span> <span class="na">description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">AWS</span><span class="nv"> </span><span class="s">Region'</span> <span class="na">required</span><span class="pi">:</span> <span class="no">false</span> <span class="na">snsTopicArn</span><span class="pi">:</span> <span class="na">description</span><span class="pi">:</span> <span class="s1">'</span><span class="s">AWS</span><span class="nv"> </span><span class="s">SNS</span><span class="nv"> </span><span class="s">Topic</span><span class="nv"> </span><span class="s">ARN'</span> <span class="na">required</span><span class="pi">:</span> <span class="no">false</span> <span class="na">runs</span><span class="pi">:</span> <span class="na">using</span><span class="pi">:</span> <span class="s1">'</span><span class="s">node16'</span> <span class="na">main</span><span class="pi">:</span> <span class="s1">'</span><span class="s">dist/index.js'</span> </code></pre> </div> <p>Now, time to create a workflow to test this integration. Here is a workflow example on how to use UniNotify Action for slack integration.</p> <p>Check out the Uninotify actions documentation for more information on required parameters.</p> <p><strong>Uninotify Github Actions</strong>: <a href="https://github.com/marketplace/actions/uninotify">https://github.com/marketplace/actions/uninotify</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s1">'</span><span class="s">build-test'</span> <span class="na">on</span><span class="pi">:</span> <span class="c1"># rebuild any PRs and main branch changes</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">releases/*'</span> <span class="na">workflow_dispatch</span><span class="pi">:</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">notify</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Send Notification to slack</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">OSCloudysky/UniNotify@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">githubToken</span><span class="pi">:</span> <span class="s">${{ secrets.GITHUB_TOKEN }}</span> <span class="na">messageType</span><span class="pi">:</span> <span class="s1">'</span><span class="s">slack'</span> <span class="na">slackToken</span><span class="pi">:</span> <span class="s">${{ secrets.SLACK_API_TOKEN }}</span> </code></pre> </div> <p>Once you run the above workflow, you should see the following slack message in the channel you directed the messages to be sent.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--9O5xBmJI--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/q0ksghi8b845hd5lcah7.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--9O5xBmJI--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/q0ksghi8b845hd5lcah7.png" alt="Image description" width="800" height="664"></a></p> <h2> Challenges </h2> <p>The biggest challenge was handling different message formatting requirements for each platform. I had to read through each platform’s API documentation to understand how to format messages effectively.</p> <p>Another challenge was managing tokens securely. I decided to use GitHub’s secret management capabilities to securely store our tokens.</p> <p>Please do check out the action and let me in case. you have any feedback.</p> automation githubactions devops architecture Discord Bot for AWS Blogs: Leveraging Terraform, Ansible, EC2, and GitHub Actions Sandeep Yaramchitti Mon, 24 Jul 2023 12:59:58 +0000 https://dev.to/sandeepkumaryaramchitti/discord-bot-for-aws-blogs-leveraging-terraform-ansible-ec2-and-github-actions-3kkn https://dev.to/sandeepkumaryaramchitti/discord-bot-for-aws-blogs-leveraging-terraform-ansible-ec2-and-github-actions-3kkn <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--iGg0S0z6--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/r8ugznu8nb1fzz9upfds.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--iGg0S0z6--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/r8ugznu8nb1fzz9upfds.png" alt="Image description" width="800" height="391"></a></p> <p>Build a discord bot that brings AWS devops blogs right into your Discord server. Starting from setting up our infrastructure using Terraform, we leverage Ansible to configure EC2 instances precisely as per our needs and use GitHub Actions, which facilitates continuous integration and deployment (CI/CD), ensuring that our bot is always running the latest code.</p> <p>**</p> <h2> Introduction </h2> <p>**<br> In this blog post, we will create a dynamic discord bot specifically to fetch AWS DevOps blogs and bring them right into your discord server with ChatOps as the Discord Bot is a form of ChatOps working within your chat environment to keep you updated on AWS blogs.</p> <p>Check out the Github code for reference : <a href="https://github.com/SandeepKumarYaramchitti/terraform-experiments">Discord BOT</a></p> <p>Discord.js documentation: <a href="https://discord.js.org/docs/packages/core/0.6.0">Discord.js</a></p> <p>**</p> <h2> Setting up the Infrastructure </h2> <p>**<br> While there are a few examples of setting this up manually, lets dive into how this can be achieved through Infrastructure as Code with Terraform for provisioning EC2, associated AWS resources and we will leverage Ansible to configure the EC2 instance.</p> <p><strong>Terraform</strong><br> In this blog, we will use the power of Terraform to provision our resources with expressive HCL syntax to define infrastructure’s desired state. This way, our infrastructure becomes easily replicable and version-controlled, promoting consistency and minimizing potential errors that can occur with manual configurations.</p> <p>Here is the project structure that I have currently and lets define the resources required in each blocks.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--aBz6ylKD--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zzm1e4dbyjc33tyiumvs.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--aBz6ylKD--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/zzm1e4dbyjc33tyiumvs.png" alt="Image description" width="800" height="457"></a></p> <p><strong>main.tf</strong><br> Let us add the following in the main.tf file and please find the explanation for the code block right after the code snippet.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1"># Add provider</span> <span class="k">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-east-1"</span> <span class="p">}</span> <span class="c1"># VPC</span> <span class="k">resource</span> <span class="s2">"aws_vpc"</span> <span class="s2">"cloudysky-vpc"</span> <span class="p">{</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"10.0.0.0/16"</span> <span class="nx">enable_dns_hostnames</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">enable_dns_support</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"cloudysky-vpc"</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Subnet</span> <span class="c1"># Refer http://blog.itsjustcode.net/blog/2017/11/18/terraform-cidrsubnet-deconstructed/</span> <span class="k">resource</span> <span class="s2">"aws_subnet"</span> <span class="s2">"cloudysky-subnet"</span> <span class="p">{</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">cloudysky</span><span class="err">-</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="nx">cidrsubnet</span><span class="p">(</span><span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">cloudysky</span><span class="err">-</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">cidr_block</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="nx">availability_zone</span> <span class="p">=</span> <span class="s2">"us-east-1a"</span> <span class="nx">map_public_ip_on_launch</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="c1"># Security Group</span> <span class="k">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"cloudsky-ingress-all"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"cloudsky-ingress-allow-all"</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">cloudysky</span><span class="err">-</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">22</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">22</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">80</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">80</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">443</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">443</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="c1">// Terraform requires egress to be defined as it is disabled by default..</span> <span class="nx">egress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"-1"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># EC2 Instance for testing</span> <span class="k">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"cloudysky-ec2"</span> <span class="p">{</span> <span class="nx">ami</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">ami_id</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t2.micro"</span> <span class="nx">key_name</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">ami_key_pair</span> <span class="nx">subnet_id</span> <span class="p">=</span> <span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">cloudysky</span><span class="err">-</span><span class="nx">subnet</span><span class="p">.</span><span class="nx">id</span> <span class="nx">vpc_security_group_ids</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">cloudsky</span><span class="err">-</span><span class="nx">ingress</span><span class="err">-</span><span class="nx">all</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"cloudysky-ec2"</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># To access the instance, we would need an elastic IP</span> <span class="k">resource</span> <span class="s2">"aws_eip"</span> <span class="s2">"cloudysky-eip"</span> <span class="p">{</span> <span class="nx">instance</span> <span class="p">=</span> <span class="nx">aws_instance</span><span class="p">.</span><span class="nx">cloudysky</span><span class="err">-</span><span class="nx">ec2</span><span class="p">.</span><span class="nx">id</span> <span class="nx">vpc</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="c1"># Route traffic from internet to the vpc</span> <span class="k">resource</span> <span class="s2">"aws_internet_gateway"</span> <span class="s2">"cloudysky-igw"</span> <span class="p">{</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">cloudysky</span><span class="err">-</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"cloudysky-igw"</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Setting up route table</span> <span class="k">resource</span> <span class="s2">"aws_route_table"</span> <span class="s2">"cloudysky-rt"</span> <span class="p">{</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">cloudysky</span><span class="err">-</span><span class="nx">vpc</span><span class="p">.</span><span class="nx">id</span> <span class="nx">route</span> <span class="p">{</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"0.0.0.0/0"</span> <span class="nx">gateway_id</span> <span class="p">=</span> <span class="nx">aws_internet_gateway</span><span class="p">.</span><span class="nx">cloudysky</span><span class="err">-</span><span class="nx">igw</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"cloudysky-rt"</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Associate the route table with the subnet</span> <span class="k">resource</span> <span class="s2">"aws_route_table_association"</span> <span class="s2">"cloudysky-rt-assoc"</span> <span class="p">{</span> <span class="nx">subnet_id</span> <span class="p">=</span> <span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">cloudysky</span><span class="err">-</span><span class="nx">subnet</span><span class="p">.</span><span class="nx">id</span> <span class="nx">route_table_id</span> <span class="p">=</span> <span class="nx">aws_route_table</span><span class="p">.</span><span class="nx">cloudysky</span><span class="err">-</span><span class="nx">rt</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> </code></pre> </div> <p><strong>Provider</strong>: This block tells Terraform to use the AWS provider and to operate in the “us-east-1” region. The AWS provider is responsible for creating and managing resources on AWS.</p> <p><strong>VPC</strong>: A VPC (Virtual Private Cloud) is created, which is essentially a private network in AWS where you can launch your resources. The CIDR block “10.0.0.0/16” determines the IP range for the VPC. The parameters enable_dns_hostnames and enable_dns_support are set to true to enable DNS resolution and hostname support within the VPC.</p> <p><strong>Subnet</strong>: A subnet is created within the VPC. The subnet is assigned a subset of the IP range defined in the VPC (determined by the cidrsubnet function). The subnet is set to be in the “us-east-1a” availability zone and will automatically assign public IP addresses to instances launched within it.</p> <p><strong>Security Group</strong>: A security group acting as a virtual firewall for the EC2 instance is created. This security group is configured to allow incoming traffic on ports 22 (SSH), 80 (HTTP), and 443 (HTTPS) from any IP address (0.0.0.0/0). It also allows all outbound traffic.</p> <p><strong>EC2 Instance</strong>: An EC2 instance (a virtual server) is created with the specified AMI (Amazon Machine Image) and instance type. It’s launched within the created subnet and associated with the security group. You can SSH into this instance using the specified key pair.</p> <p><strong>Elastic IP (EIP)</strong>: An Elastic IP address is a static, public IPv4 address, which is allocated to your AWS account. In this case, an EIP is associated with the EC2 instance to provide a fixed public IP address, useful if you restart your instance or it fails for some reason.</p> <p><strong>Internet Gateway</strong>: An internet gateway is a horizontally scaleable, redundant, and highly available VPC component that allows communication between your VPC and the internet. It’s attached to your VPC.</p> <p><strong>Route Table</strong>: A route table contains rules, called routes, that determine where network traffic from your subnet or gateway is directed. In this case, a route table is created which sends all traffic (0.0.0.0/0) to the Internet Gateway.</p> <p><strong>Route Table Association</strong>: Finally, the route table is associated with the subnet, which means that the routing rules defined in the route table will now apply to the subnet.</p> <p>**</p> <h2> provider.tf </h2> <p>**<br> At the time of writing this blog, please refer the version that was used.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">terraform</span> <span class="p">{</span> <span class="nx">required_providers</span> <span class="p">{</span> <span class="nx">aws</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"hashicorp/aws"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"5.8.0"</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">cloud</span> <span class="p">{</span> <span class="nx">organization</span> <span class="p">=</span> <span class="s2">"cloudysky"</span> <span class="nx">workspaces</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"terraform-sandeep-aws"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>This code block is mainly about setting up your Terraform project with the necessary provider (AWS in this case) and configuring it to use Terraform Cloud for storing state and running operations.</p> <p><strong>required_providers</strong>: This block specifies which providers are necessary for your Terraform project. A provider is a plugin that Terraform uses to manage resources. In this case, it specifies that the AWS provider is required. The source attribute indicates that the AWS provider should be downloaded from the HashiCorp registry and the version attribute specifies that version 5.8.0 of the AWS provider should be used.</p> <p><strong>cloud</strong>: This block is used to configure the backend for your Terraform state. The state is a necessary component of Terraform that tracks the resources it has created. In this case, it is being configured to use Terraform Cloud, which is a service provided by HashiCorp for storing your Terraform state and running your Terraform operations. The organization attribute is used to specify the name of the Terraform Cloud organization to use.</p> <p><strong>workspaces</strong>: This block is used to specify which workspace in Terraform Cloud to use. A workspace in Terraform Cloud is a place where Terraform runs are executed. The name attribute is used to specify the name of the workspace. In this case, it specifies that the workspace “terraform-sandeep-aws” should be used.</p> <p><strong>variables.tf</strong></p> <p>This Terraform code defines two variables: ami_id and ami_key_pair. Here is a walkthrough of what each piece does:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">variable</span> <span class="s2">"ami_id"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"ami-06ca3ca175f37dd66"</span> <span class="p">}</span> <span class="k">variable</span> <span class="s2">"ami_key_pair"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">"terraform-ec2"</span> <span class="p">}</span> </code></pre> </div> <p><strong>variable “ami_id”</strong>: This block declares a variable named ami_id. Variables in Terraform are a way to provide customizable, user-defined values that can be used within Terraform code. Please specify the AMI ID you would like to use.</p> <p><strong>variable “ami_key_pair”</strong>: Similarly, this block declares another variable named ami_key_pair. This variable is also of type string, and its default value is set to terraform-ec2. This terraform code expects you to create EC2 key pair manually from the AWS console and save the private key information securely.</p> <h2> <strong>output.tf</strong> </h2> <p>This Terraform code block defines an output value. In Terraform, outputs are like return values for a Terraform module. Once you run terraform apply, the outputs are displayed on the command line as a convenient way for users to retrieve and use these values.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">output</span> <span class="s2">"instance_public_ip"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_instance</span><span class="p">.</span><span class="nx">cloudysky</span><span class="err">-</span><span class="nx">ec2</span><span class="p">.</span><span class="nx">public_ip</span> <span class="p">}</span> </code></pre> </div> <p>Let’s break it down:</p> <p><strong>output “instance_public_ip”</strong>: This line is declaring an output named instance_public_ip. The string in the quotes is the identifier for this output, which you’ll use when referencing the output value.</p> <p><strong>value = aws_instance.cloudysky-ec2.public_ip</strong>: This is assigning a value to the output. In this case, the value is the public_ip attribute of the aws_instance resource named cloudysky-ec2</p> <p>If you have followed so far, then you should have an fair idea on the terraform resources defined. We will use actions workflow to provision these resources, also store the terraform state in terraform cloud workspace.</p> <h2> <strong>Ansible</strong> </h2> <p>Ansible is an open-source software provisioning, configuration management, and application deployment tool. In this case, we will be using Ansible playbook to configure our EC2 instance which will be created by terraform. Primarily, we will be using playbook to install Nodejs 16 on EC2 and followed by PM2 installation process manager for production Node.js applications.</p> <p>Here is walkthrough of the code after the code snippet.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install Node.js on EC2 instance</span> <span class="na">hosts</span><span class="pi">:</span> <span class="s">ec2_instance</span> <span class="na">gather_facts</span><span class="pi">:</span> <span class="s">no</span> <span class="na">become</span><span class="pi">:</span> <span class="s">yes</span> <span class="na">vars</span><span class="pi">:</span> <span class="na">ansible_ssh_private_key_file</span><span class="pi">:</span> <span class="s">/home/runner/.ssh/id_rsa</span> <span class="na">ansible_python_interpreter</span><span class="pi">:</span> <span class="s">/usr/bin/python3</span> <span class="na">ansible_user</span><span class="pi">:</span> <span class="s">ec2-user</span> <span class="na">ansible_ssh_common_args</span><span class="pi">:</span> <span class="s1">'</span><span class="s">-o</span><span class="nv"> </span><span class="s">StrictHostKeyChecking=no'</span> <span class="na">tasks</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Wait for SSH to come up</span> <span class="na">wait_for</span><span class="pi">:</span> <span class="na">host</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">inventory_hostname</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">port</span><span class="pi">:</span> <span class="m">22</span> <span class="na">delay</span><span class="pi">:</span> <span class="m">60</span> <span class="na">timeout</span><span class="pi">:</span> <span class="m">900</span> <span class="na">state</span><span class="pi">:</span> <span class="s">started</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Gathering Facts</span> <span class="na">setup</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Update all packages</span> <span class="na">dnf</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s1">'</span><span class="s">*'</span> <span class="na">state</span><span class="pi">:</span> <span class="s">latest</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install tar and xz for unpacking Node.js binaries</span> <span class="na">dnf</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">tar</span> <span class="pi">-</span> <span class="s">xz</span> <span class="na">state</span><span class="pi">:</span> <span class="s">present</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Download Node.js binary tarball</span> <span class="na">get_url</span><span class="pi">:</span> <span class="na">url</span><span class="pi">:</span> <span class="s">https://nodejs.org/dist/v16.14.2/node-v16.14.2-linux-x64.tar.xz</span> <span class="na">dest</span><span class="pi">:</span> <span class="s">/tmp/node-v16.14.2-linux-x64.tar.xz</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Extract Node.js binary tarball</span> <span class="na">command</span><span class="pi">:</span> <span class="na">cmd</span><span class="pi">:</span> <span class="s">tar -xf /tmp/node-v16.14.2-linux-x64.tar.xz -C /usr/local --strip-components </span><span class="m">1</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Verify Node.js installation</span> <span class="na">command</span><span class="pi">:</span> <span class="na">cmd</span><span class="pi">:</span> <span class="s">node -v</span> <span class="na">register</span><span class="pi">:</span> <span class="s">node_version</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Display Node.js version</span> <span class="na">debug</span><span class="pi">:</span> <span class="na">msg</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Node.js</span><span class="nv"> </span><span class="s">version</span><span class="nv"> </span><span class="s">is</span><span class="nv"> </span><span class="s">{{</span><span class="nv"> </span><span class="s">node_version.stdout</span><span class="nv"> </span><span class="s">}}'</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install PM2 globally</span> <span class="na">npm</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">pm2</span> <span class="na">global</span><span class="pi">:</span> <span class="s">yes</span> </code></pre> </div> <p>Let’s break down this ansible playbook</p> <p>The following tasks of the playbook are carried out on hosts belonging to the group ec2_instance.</p> <p><strong>Wait for SSH to come up</strong>: This task uses the wait_for module to pause the playbook execution until SSH is available on the host.</p> <p><strong>Gathering Facts</strong>: The setup module is used here to gather facts about the host. This was explicitly requested as a task, as gather_facts: no was specified at the beginning of the play.</p> <p><strong>Update all packages</strong>: The dnf module is used to update all installed packages on the host.</p> <p><strong>Install tar and xz</strong>: The dnf module is again used to install the specified packages (tar and xz), which will later be used for unpacking the Node.js binaries.</p> <p><strong>Download Node.js binary tarball</strong>: The get_url module is used to download the Node.js binaries from the specified URL to the temporary location /tmp.</p> <p><strong>Extract Node.js binary tarball</strong>: The command module is used to extract the downloaded Node.js binaries to /usr/local.</p> <p><strong>Verify Node.js installation</strong>: The command module is used again to verify the installed Node.js version, with the output registered into the node_version variable.</p> <p><strong>Display Node.js version</strong>: The debug module is used to display the installed Node.js version, retrieved from node_version.stdout.</p> <p><strong>Install PM2 globally</strong>: Finally, the npm module is used to install PM2 (a process manager for Node.js applications) globally on the host.<br> This playbook, therefore, provides an automated way to install and configure Node.js on an EC2 instance.</p> <h2> <strong>Creating the Discord Bot</strong> </h2> <p>Now let’s look at how to create discord bot using discord.js (a popular nodejs library to build discord bots )</p> <p>We will be using the bot to fetch AWS blogs specifically devops blogs and for easier understanding, I have kept it simple to fetch top 5 devops blogs when you send the request in the ChatOps but there are several enhancements that can be made to this.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">Discord</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">discord.js</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Discord</span><span class="p">.</span><span class="nx">Client</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">Parser</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">rss-parser</span><span class="dl">'</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">parser</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Parser</span><span class="p">();</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">dotenv</span><span class="dl">'</span><span class="p">).</span><span class="nx">config</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">AWS_DEVOPS_BLOGS_RSS_URL</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">https://aws.amazon.com/blogs/devops/category/devops/feed/</span><span class="dl">'</span><span class="p">;</span> <span class="nx">client</span><span class="p">.</span><span class="nx">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">ready</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="s2">`Bot is ready and logged in as </span><span class="p">${</span><span class="nx">client</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">tag</span><span class="p">}</span><span class="s2">!`</span><span class="p">);</span> <span class="p">});</span> <span class="nx">client</span><span class="p">.</span><span class="nx">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">message</span><span class="dl">'</span><span class="p">,</span> <span class="k">async</span> <span class="p">(</span><span class="nx">msg</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">content</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">!devops</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">feed</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">parser</span><span class="p">.</span><span class="nx">parseURL</span><span class="p">(</span><span class="nx">AWS_DEVOPS_BLOGS_RSS_URL</span><span class="p">);</span> <span class="nx">feed</span> <span class="o">=</span> <span class="nx">feed</span><span class="p">.</span><span class="nx">items</span><span class="p">.</span><span class="nx">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">5</span><span class="p">);</span> <span class="nx">feed</span><span class="p">.</span><span class="nx">forEach</span><span class="p">((</span><span class="nx">item</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">embed</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Discord</span><span class="p">.</span><span class="nx">MessageEmbed</span><span class="p">()</span> <span class="p">.</span><span class="nx">setColor</span><span class="p">(</span><span class="dl">'</span><span class="s1">#0099ff</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">setTitle</span><span class="p">(</span><span class="nx">item</span><span class="p">.</span><span class="nx">title</span><span class="p">)</span> <span class="p">.</span><span class="nx">setURL</span><span class="p">(</span><span class="nx">item</span><span class="p">.</span><span class="nx">link</span><span class="p">)</span> <span class="p">.</span><span class="nx">setAuthor</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS DevOps Blog</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">https://aws.amazon.com/favicon.ico</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">setDescription</span><span class="p">(</span><span class="nx">item</span><span class="p">.</span><span class="nx">contentSnippet</span><span class="p">)</span> <span class="p">.</span><span class="nx">setThumbnail</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://aws.amazon.com/favicon.ico</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">setTimestamp</span><span class="p">(</span><span class="k">new</span> <span class="nb">Date</span><span class="p">(</span><span class="nx">item</span><span class="p">.</span><span class="nx">pubDate</span><span class="p">))</span> <span class="p">.</span><span class="nx">setFooter</span><span class="p">(</span><span class="dl">'</span><span class="s1">AWS DevOps Blog</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">https://aws.amazon.com/favicon.ico</span><span class="dl">'</span><span class="p">);</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">channel</span><span class="p">.</span><span class="nx">send</span><span class="p">(</span><span class="nx">embed</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> <span class="nx">client</span><span class="p">.</span><span class="nx">login</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DISCORD_BOT_TOKEN</span><span class="p">);</span> </code></pre> </div> <p><strong>Set Up</strong>: The necessary packages and modules are imported, including the Discord.js for interacting with the Discord API, and rss-parser to parse the RSS feed from the AWS DevOps blog. An instance of the Discord client and RSS Parser are created.</p> <p><strong>Initialization</strong>: The bot logs in using a token from the environment variables and indicates it’s ready in the console.</p> <p><strong>Listening for Messages</strong>: The bot starts listening for messages on any server it’s connected to. It reacts specifically to a message containing “!devops”.</p> <p><strong>Processing the “!devops” Command</strong>: Upon receiving the “!devops” command, the bot fetches the RSS feed from the AWS DevOps blog, parses it and slices the first five items (the five most recent blog posts).</p> <p><strong>Creating and Sending Message Embeds</strong>: For each of these five blog posts, it generates a rich content message, known as an ‘embed’, that contains the blog post’s title, URL, description, and other details. These embeds are then sent to the same channel where the “!devops” command was used.</p> <p><strong>Error Handling</strong>: If there’s an error at any point during the “!devops” command processing, it’s caught and logged to the console.</p> <h2> <strong>Github Actions</strong> </h2> <p>I have used Github Actions to build the discord bot application code, upload to github artifacts and then download the artifacts and deploy it to target host (EC2)</p> <p>Prior to the that, I have also used Github actions to provision the required infrastructure, configuration.</p> <h2> <strong>Infrastructure Provisioning and Configuration</strong> </h2> <p>Lets look at the Github Actions workflow and pretty long workflow :) The idea was to share one of the approaches to do it and it can be improved with reusable workflows for better organization of workflow.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Provision EC2</span> <span class="na">on</span><span class="pi">:</span> <span class="s">workflow_dispatch</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">runterraform</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v3</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">List out directory</span> <span class="na">run</span><span class="pi">:</span> <span class="s">ls</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set up Terraform</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">hashicorp/setup-terraform@v2</span> <span class="na">with</span><span class="pi">:</span> <span class="na">cli_config_credentials_token</span><span class="pi">:</span> <span class="s">${{ secrets.TF_API_TOKEN }}</span> <span class="na">terraform_wrapper</span><span class="pi">:</span> <span class="no">false</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform init</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform init -upgrade</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform apply</span> <span class="na">id</span><span class="pi">:</span> <span class="s">terraform</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform apply -auto-approve</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Configure AWS credentials</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/configure-aws-credentials@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">aws-access-key-id</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_ACCESS_KEY_ID }}</span> <span class="na">aws-secret-access-key</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_SECRET_ACCESS_KEY }}</span> <span class="na">aws-region</span><span class="pi">:</span> <span class="s">us-east-1</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Output Instance Public IP</span> <span class="na">id</span><span class="pi">:</span> <span class="s">ip</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">IP=$(terraform output -raw instance_public_ip)</span> <span class="s">echo "::set-output name=PUBLIC_IP::$IP"</span> <span class="s">echo "The public IP is $IP"</span> <span class="na">env</span><span class="pi">:</span> <span class="na">TF_API_TOKEN</span><span class="pi">:</span> <span class="s">${{ secrets.TF_API_TOKEN }}</span> <span class="na">outputs</span><span class="pi">:</span> <span class="na">public_ip</span><span class="pi">:</span> <span class="s">${{ steps.ip.outputs.PUBLIC_IP }}</span> <span class="na">ansible</span><span class="pi">:</span> <span class="na">needs</span><span class="pi">:</span> <span class="s">runterraform</span> <span class="c1"># Make this job depend on the `terraform` job</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Set up SSH</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">mkdir -p ~/.ssh/</span> <span class="s">echo "${{ secrets.SSH_PRIVATE_KEY }}" &gt; ~/.ssh/id_rsa</span> <span class="s">chmod 600 ~/.ssh/id_rsa</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout code</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v3</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Use the IP</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">echo "The public IP from the terraform job is ${{ needs.runterraform.outputs.public_ip }}"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setup Python</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/setup-python@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">python-version</span><span class="pi">:</span> <span class="s">3.x</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Install Ansible</span> <span class="na">run</span><span class="pi">:</span> <span class="s">python -m pip install --upgrade pip &amp;&amp; pip install ansible</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Create Ansible Inventory</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">echo '[ec2_instance]' &gt; inventory.ini</span> <span class="s">echo '${{ needs.runterraform.outputs.public_ip }}' &gt;&gt; inventory.ini</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Ansible Playbook</span> <span class="na">run</span><span class="pi">:</span> <span class="s">ansible-playbook -i inventory.ini playbook.yml</span> <span class="na">env</span><span class="pi">:</span> <span class="na">ANSIBLE_HOST_KEY_CHECKING</span><span class="pi">:</span> <span class="s">False</span> </code></pre> </div> <p>There are 2 workflow jobs in this workflow template and one is for Terraform used in Infrastructure provisioning and 2nd job is for Ansible to infrastructure configuration.</p> <p><strong>Terraform job</strong> is responsible to checkout the source code from github repo mentioned above and then use setup-terraform actions to plan and apply the changes to provision the required AWS resources. It uses Terraform Teams token and it was created in the terraform cloud console and I have stored it in the github secrets. Refer this terraform docs for team token — <a href="https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/api-tokens">Terraform token for CI / CD</a> It also outputs the public IP that was assigned on the EC2 instance is created.</p> <p><strong>Ansible Job</strong> is responsible to create a SSH connection to the target EC2 instance, install ansible on github runner, create ansible inventory for EC2 host and then run the playbook on target to perform required configuration.</p> <h2> <strong>Discord BOT application build and deployment</strong> </h2> <p>Let’s look at how to use Github actions to build this NodeJs code and deploy to EC2 and leverage PM2 — Advanced Node Process Manager to start the BOT.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="nx">name</span><span class="err">:</span> <span class="nx">Build</span> <span class="nx">and</span> <span class="nx">Deploy</span> <span class="nx">to</span> <span class="nx">EC2</span> <span class="nx">on</span><span class="err">:</span> <span class="nx">workflow_dispatch</span> <span class="nx">jobs</span><span class="err">:</span> <span class="nx">build</span><span class="err">:</span> <span class="nx">name</span><span class="err">:</span> <span class="nx">Build</span> <span class="nx">runs</span><span class="err">-</span><span class="nx">on</span><span class="err">:</span> <span class="nx">ubuntu</span><span class="err">-</span><span class="nx">latest</span> <span class="nx">steps</span><span class="err">:</span> <span class="err">-</span> <span class="nx">name</span><span class="err">:</span> <span class="nx">Checkout</span> <span class="nx">code</span> <span class="nx">uses</span><span class="err">:</span> <span class="nx">actions</span><span class="err">/</span><span class="nx">checkout</span><span class="err">@</span><span class="nx">v3</span> <span class="err">-</span> <span class="nx">name</span><span class="err">:</span> <span class="nx">Setup</span> <span class="nx">Node</span><span class="err">.</span><span class="nx">js</span> <span class="nx">uses</span><span class="err">:</span> <span class="nx">actions</span><span class="err">/</span><span class="nx">setup</span><span class="err">-</span><span class="nx">node</span><span class="err">@</span><span class="nx">v3</span> <span class="nx">with</span><span class="err">:</span> <span class="nx">node</span><span class="err">-</span><span class="nx">version</span><span class="err">:</span> <span class="s1">'16'</span> <span class="err">-</span> <span class="nx">name</span><span class="err">:</span> <span class="nx">Install</span> <span class="nx">dependencies</span> <span class="nx">run</span><span class="err">:</span> <span class="err">|</span> <span class="nx">cd</span> <span class="nx">src</span> <span class="nx">npm</span> <span class="nx">ci</span> <span class="err">-</span> <span class="nx">name</span><span class="err">:</span> <span class="nx">Build</span> <span class="nx">project</span> <span class="nx">run</span><span class="err">:</span> <span class="err">|</span> <span class="nx">cd</span> <span class="nx">src</span> <span class="nx">npm</span> <span class="nx">run</span> <span class="nx">build</span> <span class="err">-</span> <span class="nx">name</span><span class="err">:</span> <span class="nx">Upload</span> <span class="nx">build</span> <span class="nx">files</span> <span class="nx">uses</span><span class="err">:</span> <span class="nx">actions</span><span class="err">/</span><span class="nx">upload</span><span class="err">-</span><span class="nx">artifact</span><span class="err">@</span><span class="nx">v3</span> <span class="nx">with</span><span class="err">:</span> <span class="nx">name</span><span class="err">:</span> <span class="nx">build</span> <span class="nx">path</span><span class="err">:</span> <span class="nx">src</span><span class="err">/</span><span class="nx">dist</span><span class="err">/</span> <span class="nx">deploy</span><span class="err">:</span> <span class="nx">name</span><span class="err">:</span> <span class="nx">Deploy</span> <span class="nx">needs</span><span class="err">:</span> <span class="nx">build</span> <span class="nx">runs</span><span class="err">-</span><span class="nx">on</span><span class="err">:</span> <span class="nx">ubuntu</span><span class="err">-</span><span class="nx">latest</span> <span class="nx">steps</span><span class="err">:</span> <span class="err">-</span> <span class="nx">name</span><span class="err">:</span> <span class="nx">Download</span> <span class="nx">build</span> <span class="nx">files</span> <span class="nx">uses</span><span class="err">:</span> <span class="nx">actions</span><span class="err">/</span><span class="nx">download</span><span class="err">-</span><span class="nx">artifact</span><span class="err">@</span><span class="nx">v3</span> <span class="nx">with</span><span class="err">:</span> <span class="nx">name</span><span class="err">:</span> <span class="nx">build</span> <span class="err">-</span> <span class="nx">name</span><span class="err">:</span> <span class="nx">Deploy</span> <span class="nx">to</span> <span class="nx">EC2</span> <span class="nx">run</span><span class="err">:</span> <span class="err">|</span> <span class="nx">echo</span> <span class="s2">"</span><span class="k">${</span><span class="err">{</span> <span class="nx">secrets</span><span class="p">.</span><span class="nx">SSH_PRIVATE_KEY</span> <span class="k">}</span><span class="s2">}"</span> <span class="err">&gt;</span> <span class="nx">id_rsa</span> <span class="nx">chmod</span> <span class="mi">600</span> <span class="nx">id_rsa</span> <span class="nx">ls</span> <span class="nx">ssh</span> <span class="err">-</span><span class="nx">o</span> <span class="nx">StrictHostKeyChecking</span><span class="err">=</span><span class="nx">no</span> <span class="err">-</span><span class="nx">i</span> <span class="nx">id_rsa</span> <span class="nx">$</span><span class="p">{{</span> <span class="nx">secrets</span><span class="p">.</span><span class="nx">EC2_USER</span> <span class="p">}}</span><span class="err">@</span><span class="nx">$</span><span class="p">{{</span> <span class="nx">secrets</span><span class="p">.</span><span class="nx">EC2_HOST</span> <span class="p">}}</span> <span class="s2">"echo export DISCORD_BOT_TOKEN=</span><span class="k">${</span><span class="err">{</span> <span class="nx">secrets</span><span class="p">.</span><span class="nx">DISCORD_BOT_TOKEN</span> <span class="k">}</span><span class="s2">} &gt;&gt; ~/.bashrc &amp;&amp; source ~/.bashrc"</span> <span class="nx">ssh</span> <span class="err">-</span><span class="nx">o</span> <span class="nx">StrictHostKeyChecking</span><span class="err">=</span><span class="nx">no</span> <span class="err">-</span><span class="nx">i</span> <span class="nx">id_rsa</span> <span class="nx">$</span><span class="p">{{</span> <span class="nx">secrets</span><span class="p">.</span><span class="nx">EC2_USER</span> <span class="p">}}</span><span class="err">@</span><span class="nx">$</span><span class="p">{{</span> <span class="nx">secrets</span><span class="p">.</span><span class="nx">EC2_HOST</span> <span class="p">}}</span> <span class="s1">'mkdir -p /home/ec2-user/discord-bot'</span> <span class="nx">scp</span> <span class="err">-</span><span class="nx">o</span> <span class="nx">StrictHostKeyChecking</span><span class="err">=</span><span class="nx">no</span> <span class="err">-</span><span class="nx">i</span> <span class="nx">id_rsa</span> <span class="err">-</span><span class="nx">r</span> <span class="nx">dist</span><span class="cm">/* ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }}:/home/ec2-user/discord-bot ssh -o StrictHostKeyChecking=no -i id_rsa ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} 'cd /home/ec2-user/discord-bot &amp;&amp; npm ci --production &amp;&amp; pm2 kill &amp;&amp; pm2 start main.js' shell: bash </span></code></pre> </div> <p>This worklfow has couple of jobs called Build and deploy. Build job is responsible to checkout source code, build nodejs application, upload artifacts to github artifacts. Deploy job is responsible for deploying the application to EC2 using SSH using private key that I have stored in Secrets. Alternatively, you can use AWS CodeDeploy to deploy to target EC2 instance but I have gone with SSH route.</p> <p>Once everything is all set, You should see the Discord Bot online and get a response for every command you send that has !DevOps</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--yxZMfxsY--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ii4uhwtf8sndp4k5whuv.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--yxZMfxsY--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/ii4uhwtf8sndp4k5whuv.png" alt="Image description" width="800" height="601"></a></p> <p>Watch out for more interesting blogs and happy reading!</p> aws iac terraform githubactions Provisioning and Accessing Cloud9 Development Environment with a Public-Facing URL using Terraform and Github actions Sandeep Yaramchitti Fri, 07 Jul 2023 19:35:33 +0000 https://dev.to/sandeepkumaryaramchitti/provisioning-and-accessing-cloud9-development-environment-with-a-public-facing-url-using-terraform-and-github-actions-19fn https://dev.to/sandeepkumaryaramchitti/provisioning-and-accessing-cloud9-development-environment-with-a-public-facing-url-using-terraform-and-github-actions-19fn <p>AWS Cloud9 IDE provides a powerful and collaborative environment for software development. Provisioning Cloud9 with Terraform and automating the process with GitHub Actions can streamline the setup, configuration, and maintenance of your development environment. In this blog post, we will explore how to leverage Terraform and GitHub Actions to provision and manage Cloud9 IDE, enabling faster and more efficient development workflows.</p> <h2> Setting up Terraform for Cloud9 provisioning </h2> <p>Follow the Terraforms official guide <a href="https://developer.hashicorp.com/terraform/tutorials/aws-get-started"><strong>_Get Started - AWS _</strong></a>for quick start and installation process for Terraform, configuring it to link your AWS account. </p> <p>Once, you have the required prerequisites - Lets start writing the terraform code to provision Cloud9 instance.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">resource</span> <span class="s2">"aws_cloud9_environment_ec2"</span> <span class="s2">"cloudysky_cloud9_instance"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"cloudysky_cloud9_instance"</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t2.medium"</span> <span class="nx">automatic_stop_time_minutes</span> <span class="p">=</span> <span class="mi">30</span> <span class="nx">subnet_id</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">existing_subnet</span><span class="p">.</span><span class="nx">id</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Environment</span> <span class="p">=</span> <span class="s2">"dev"</span> <span class="nx">Owner</span> <span class="p">=</span> <span class="s2">"CloudySky"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Check out the official Terraform documentation for the available arguments for this resource <a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloud9_environment_ec2.html"><strong><em>aws_cloud9_environment_ec2</em></strong></a></p> <p>In my example above, I have included name, instance type, automatic stop time minutes to shut down the instance after 30 minutes since last used and fetch subnet id dynamically. Also, i have included couple of tags for this resource. </p> <p>To get the subnet ID you can use various approaches and for easier understanding, I have used data block so that terraform reads from the given source which can be exported and referred with the local name.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">data</span> <span class="s2">"aws_subnet"</span> <span class="s2">"existing_subnet"</span> <span class="p">{</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"vpc-id"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"vpc-048c23df4f54370a4"</span><span class="p">]</span> <span class="c1"># Replace with the ID of the VPC</span> <span class="p">}</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"tag:Name"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"project-subnet-public1-us-east-1a"</span><span class="p">]</span> <span class="c1"># Replace with the desired subnet name</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>In addition to this, if you would like to make the Cloud9 URL with public access - please add the following ingress SG rule as well. You could also use AWS Cognito user pool to authenticate users. (Watch out for a blog in that soon :) )</p> <p>To allow public access, first get the security group associated with the EC2 instance dynamically and then add a SG rule to allow traffic from public internet.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">data</span> <span class="s2">"aws_security_group"</span> <span class="s2">"cloud9_secgroup"</span> <span class="p">{</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"tag:aws:cloud9:environment"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span> <span class="nx">aws_cloud9_environment_ec2</span><span class="p">.</span><span class="nx">cloudysky_cloud9_instance</span><span class="p">.</span><span class="nx">id</span> <span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Allow public access to port 8080</span> <span class="k">resource</span> <span class="s2">"aws_security_group_rule"</span> <span class="s2">"cloud9_inbound"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"ingress"</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="nx">security_group_id</span> <span class="p">=</span> <span class="k">data</span><span class="p">.</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">cloud9_secgroup</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> </code></pre> </div> <p>In addition to the above, define the following output variables for EC2 ID, ARN and Cloud9 URL.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1"># EC2 ID</span> <span class="k">output</span> <span class="s2">"id"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_cloud9_environment_ec2</span><span class="p">.</span><span class="nx">cloudysky_cloud9_instance</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="c1"># EC2 ARN</span> <span class="k">output</span> <span class="s2">"arn"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_cloud9_environment_ec2</span><span class="p">.</span><span class="nx">cloudysky_cloud9_instance</span><span class="p">.</span><span class="nx">arn</span> <span class="p">}</span> <span class="c1"># cloud9 url</span> <span class="k">output</span> <span class="s2">"cloud9_url"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="s2">"https://</span><span class="k">${</span><span class="kd">var</span><span class="p">.</span><span class="nx">region</span><span class="k">}</span><span class="s2">.console.aws.amazon.com/cloud9/ide/</span><span class="k">${</span><span class="nx">aws_cloud9_environment_ec2</span><span class="p">.</span><span class="nx">cloudysky_cloud9_instance</span><span class="p">.</span><span class="nx">id</span><span class="k">}</span><span class="s2">"</span> <span class="p">}</span> </code></pre> </div> <h2> Automating Cloud9 Provisioning with GitHub Actions </h2> <p>GitHub Actions provides a powerful automation platform that integrates seamlessly with your GitHub repositories. By leveraging GitHub Actions, you can automate the provisioning of Cloud9 environments, ensuring consistent and reliable setups for your development workflows. Here's how you can automate Cloud9 provisioning using GitHub Actions.</p> <p><strong>Create a Workflow File:</strong></p> <p>In your GitHub repository, create a new workflow file in the .github/workflows directory. You can name it something like cloud9-provisioning.yml. This file will define the steps and triggers for the Cloud9 provisioning workflow. <strong>_ _</strong></p> <p><strong>Define Workflow Triggers:</strong></p> <p>The idea here is to run the <strong><em>terraform plan for any PR request created and update the pull request comment with the plan details and terraform apply --auto-approve when the pull request is merged.</em></strong></p> <p><strong>Configure Workflow Steps:</strong></p> <p>Inside the workflow file, define the steps required to provision the Cloud9 environment. Here is a quick snippet on how I have done this.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Terraform</span><span class="nv"> </span><span class="s">Cloud9</span><span class="nv"> </span><span class="s">Provisioning"</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">master</span> <span class="na">pull_request</span><span class="pi">:</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">terraform</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Terraform</span><span class="nv"> </span><span class="s">Cloud9</span><span class="nv"> </span><span class="s">Provisioning"</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">permissions</span><span class="pi">:</span> <span class="na">pull-requests</span><span class="pi">:</span> <span class="s">write</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v3</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Setup Terraform</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">hashicorp/setup-terraform@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">cli_config_credentials_token</span><span class="pi">:</span> <span class="s">${{ secrets.TF_API_TOKEN }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Format</span> <span class="na">id</span><span class="pi">:</span> <span class="s">fmt</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform fmt -check</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Init</span> <span class="na">id</span><span class="pi">:</span> <span class="s">init</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform init</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Validate</span> <span class="na">id</span><span class="pi">:</span> <span class="s">validate</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform validate -no-color</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Plan</span> <span class="na">id</span><span class="pi">:</span> <span class="s">plan</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.event_name == 'pull_request'</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform plan -no-color -input=false</span> <span class="na">continue-on-error</span><span class="pi">:</span> <span class="no">true</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Update Pull Request</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/github-script@v6</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.event_name == 'pull_request'</span> <span class="na">env</span><span class="pi">:</span> <span class="na">PLAN</span><span class="pi">:</span> <span class="s">${{ steps.plan.outputs.stdout }}</span> <span class="na">with</span><span class="pi">:</span> <span class="na">github-token</span><span class="pi">:</span> <span class="s">${{ secrets.GITHUB_TOKEN }}</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`</span> <span class="s">#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`</span> <span class="s">#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`</span> <span class="s">#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`</span> <span class="s">&lt;details&gt;&lt;summary&gt;Show Plan&lt;/summary&gt;</span> <span class="s">\`\`\`terraform\n</span> <span class="s">${process.env.PLAN}</span> <span class="s">\`\`\`</span> <span class="s">&lt;/details&gt;</span> <span class="s">*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;</span> <span class="s">github.rest.issues.createComment({</span> <span class="s">issue_number: context.issue.number,</span> <span class="s">owner: context.repo.owner,</span> <span class="s">repo: context.repo.repo,</span> <span class="s">body: output</span> <span class="s">})</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Plan Status</span> <span class="na">if</span><span class="pi">:</span> <span class="s">steps.plan.outcome == 'failure'</span> <span class="na">run</span><span class="pi">:</span> <span class="s">exit </span><span class="m">1</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Terraform Apply</span> <span class="na">if</span><span class="pi">:</span> <span class="s">github.ref == 'refs/heads/master' &amp;&amp; github.event_name == 'push'</span> <span class="na">run</span><span class="pi">:</span> <span class="s">terraform apply -auto-approve -input=false</span> </code></pre> </div> <blockquote> <p>Please make sure to configure <strong>_TF_API_TOKEN _</strong>in github secrets and following the steps mentioned on official documentation for Terraform and Github. </p> </blockquote> <p><strong>Test and Deploy Workflow:</strong></p> <p>Commit and push the workflow file to your repository. GitHub Actions will automatically pick up the workflow configuration and start running it based on the specified triggers. Monitor the workflow runs and verify that the Cloud9 environment is provisioned successfully.</p> <p>**Check out the source code here : **<a href="https://github.com/SandeepKumarYaramchitti/terraform-ec2-cloud9ide">https://github.com/SandeepKumarYaramchitti/terraform-ec2-cloud9ide</a></p> <p>By automating the Cloud9 provisioning process with GitHub Actions, you can ensure consistent and reproducible setups for your development environments. This automation saves time and effort, enabling developers to focus on writing code rather than manually setting up environments.</p> aws terraform githubactions iac Provisioning OpenSearch as Infrastructure as Code (IaC) and Securing Data Access with API Gateway and Lambda Sandeep Yaramchitti Sun, 25 Jun 2023 20:05:48 +0000 https://dev.to/sandeepkumaryaramchitti/provisioning-opensearch-as-infrastructure-as-code-iac-and-securing-data-access-with-api-gateway-and-lambda-5aao https://dev.to/sandeepkumaryaramchitti/provisioning-opensearch-as-infrastructure-as-code-iac-and-securing-data-access-with-api-gateway-and-lambda-5aao <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--OBREN9Oz--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qji7arar3akkq4oz38im.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--OBREN9Oz--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/qji7arar3akkq4oz38im.png" alt="Image description" width="800" height="515"></a>This blog is a continuation of my blog series on "How I built my Cloudysky portal from ground up using some of the modern tech stacks. Please have a look at the following blogs to get the overview of the architecture. </p> <ul> <li><a href="https://dev.to/sandeepkumaryaramchitti/how-i-built-my-cloudsky-portfolio-and-leveraged-aws-services-for-infrastructure-and-automation-5bb7">How I built my Cloudsky portfolio and leveraged AWS services for infrastructure and automation ?</a></li> <li><a href="https://dev.to/sandeepkumaryaramchitti/automating-aws-step-functions-programmatically-initiating-workflows-for-seamless-orchestration-43c1">Automating AWS Step Functions: Programmatically Initiating Workflows for Seamless Orchestration</a></li> </ul> <p>In this blog, I will focus on provisioning OpenSearch as Infrastructure as Code (IaC) through CloudFormation Template automate the deployment and configuration of an OpenSearch cluster while ensuring secure access to the cluster's data through API Gateway and Lambda functions. </p> <h2> Provisioning OpenSearch Cluster </h2> <p>In this example, I will be using aws cli to provision OpenSearch Cluster with the CloudFormation template.</p> <ol> <li>Create a CloudFormation template in YAML or JSON format. This template will define your OpenSearch cluster's infrastructure.</li> <li>Include the necessary resources, such as an AWS::OpenSearchService::Domain resource, to provision the OpenSearch cluster.</li> <li>Configure the desired properties for the OpenSearch cluster, such as instance types, storage options, and network settings.</li> <li>Add any additional resources or configurations required for your specific use case.</li> </ol> <blockquote> <p><strong>_Remember to review the OpenSearch EngineVersion you would be using. Also, review the charges for OpenSearch services to avoid unnecessary charges for the service usage. Also, as a best practice keep the Opensearch domain endpoint username and password secured. In this example, I have kept them in Secrets Manager for my reference only. _</strong><br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2010-09-09'</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">DomainName</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">A name for the Amazon OpenSearch domain</span> <span class="na">MasterUsername</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Master usernames must be between 1 and 16 characters.</span> <span class="na">MasterPassword</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Master password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, one number, and one special character.</span> <span class="na">NoEcho</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Resources</span><span class="pi">:</span> <span class="na">OpenSearchServiceDomain</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::OpenSearchService::Domain</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">DomainName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">DomainName</span> <span class="na">EngineVersion</span><span class="pi">:</span> <span class="s1">'</span><span class="s">OpenSearch_2.3'</span> <span class="na">ClusterConfig</span><span class="pi">:</span> <span class="na">DedicatedMasterEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">InstanceCount</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2'</span> <span class="na">ZoneAwarenessEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="s1">'</span><span class="s">r6g.large.search'</span> <span class="na">DedicatedMasterType</span><span class="pi">:</span> <span class="s1">'</span><span class="s">r6g.large.search'</span> <span class="na">DedicatedMasterCount</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3'</span> <span class="na">EBSOptions</span><span class="pi">:</span> <span class="na">EBSEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Iops</span><span class="pi">:</span> <span class="s1">'</span><span class="s">0'</span> <span class="na">VolumeSize</span><span class="pi">:</span> <span class="s1">'</span><span class="s">20'</span> <span class="na">VolumeType</span><span class="pi">:</span> <span class="s1">'</span><span class="s">gp2'</span> <span class="na">AccessPolicies</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2012-10-17'</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">AWS</span><span class="pi">:</span> <span class="s1">'</span><span class="s">*'</span> <span class="na">Action</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">es:*'</span> <span class="na">Resource</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s1">'</span><span class="s">arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/${DomainName}/*'</span> <span class="na">EncryptionAtRestOptions</span><span class="pi">:</span> <span class="na">Enabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">NodeToNodeEncryptionOptions</span><span class="pi">:</span> <span class="na">Enabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">DomainEndpointOptions</span><span class="pi">:</span> <span class="na">EnforceHTTPS</span><span class="pi">:</span> <span class="no">true</span> <span class="na">AdvancedSecurityOptions</span><span class="pi">:</span> <span class="na">Enabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">InternalUserDatabaseEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">MasterUserOptions</span><span class="pi">:</span> <span class="na">MasterUserName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MasterUsername</span> <span class="na">MasterUserPassword</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MasterPassword</span> <span class="na">MySecretMasterUsername</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s1">'</span><span class="s">AWS::SecretsManager::Secret'</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="s">os-username</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Master username for Amazon Opensearch cluster</span> <span class="na">SecretString</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MasterUsername</span> <span class="na">MySecretMasterPassword</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s1">'</span><span class="s">AWS::SecretsManager::Secret'</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="s">os-password</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Master password for Amazon Opensearch cluster</span> <span class="na">SecretString</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MasterPassword</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">DomainEndpoint</span><span class="pi">:</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">OpenSearchServiceDomain.DomainEndpoint</span> </code></pre> </div> <p><strong>Step 1: Upload the CloudFormation Template to S3</strong></p> <ol> <li>If you haven't already, create an S3 bucket where you can upload the CloudFormation template.</li> <li>Use the AWS CLI to upload the template file to your S3 bucket. For example: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws s3 <span class="nb">cp</span> &lt;local_template_file&gt; s3://&lt;your_bucket_name&gt;/&lt;template_file_name&gt; </code></pre> </div> <p><strong>Step 2: Create the CloudFormation Stack</strong></p> <ol> <li>Use the AWS CLI to create the CloudFormation stack, specifying the template URL and desired stack parameters. For example: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws cloudformation create-stack <span class="nt">--stack-name</span> &lt;stack_name&gt; <span class="nt">--template-url</span> https://s3.amazonaws.com/&lt;your_bucket_name&gt;/&lt;template_file_name&gt; <span class="nt">--parameters</span> <span class="nv">ParameterKey</span><span class="o">=</span>&lt;parameter_name&gt;,ParameterValue<span class="o">=</span>&lt;parameter_value&gt; <span class="nt">--capabilities</span> CAPABILITY_NAMED_IAM </code></pre> </div> <ul> <li>Replace with a unique name for your CloudFormation stack.</li> <li>Update the --template-url parameter with the appropriate URL for your S3 bucket and template file.</li> <li>Provide the necessary parameters and their values using the --parameters option. Adjust the parameters according to your CloudFormation template.</li> <li>Wait for the CloudFormation stack creation to complete. You can use the following command to check the stack status: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws cloudformation describe-stacks <span class="nt">--stack-name</span> &lt;stack_name&gt; <span class="nt">--query</span> <span class="s2">"Stacks[0].StackStatus"</span> </code></pre> </div> <p><strong>Step 3: Access the Provisioned OpenSearch Cluster</strong></p> <ol> <li>Once the stack creation is complete, use the AWS Management Console or AWS CLI to retrieve the endpoint URL of your provisioned OpenSearch cluster.</li> </ol> <h2> Data Ingestion into OpenSearch </h2> <p>In this example, I have used the sanity CMS data coming from webhook event to ingest into OpenSearch and based on your use case, you could modify it.</p> <p>Here is a sample Lambda code that ingests data into OpenSearch Cluster. </p> <ul> <li>I found opensearch-py client library has good support to interact with Opensearch cluster in python. </li> <li>As a first step, you would connect to the OpenSearch domain endpoint using the client library using the secrets stored in SecretsManager and then perform insert and update operation conditionally. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="nn">json</span> <span class="kn">import</span> <span class="nn">boto3</span> <span class="kn">from</span> <span class="nn">opensearchpy</span> <span class="kn">import</span> <span class="n">OpenSearch</span><span class="p">,</span> <span class="n">helpers</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="n">domain_endpoint</span> <span class="o">=</span> <span class="s">"YOUR_OPENSEARCH_DOMAIN_ENDPOINT"</span> <span class="n">sanity_blog_playload</span> <span class="o">=</span> <span class="n">event</span><span class="p">[</span><span class="s">'Payload'</span><span class="p">]</span> <span class="n">sanity_blog_title</span> <span class="o">=</span> <span class="n">sanity_blog_playload</span><span class="p">[</span><span class="s">'title'</span><span class="p">]</span> <span class="n">sanity_blog_description</span> <span class="o">=</span> <span class="n">sanity_blog_playload</span><span class="p">[</span><span class="s">'description'</span><span class="p">]</span> <span class="n">sanity_blog_body</span> <span class="o">=</span> <span class="n">sanity_blog_playload</span><span class="p">[</span><span class="s">'body'</span><span class="p">]</span> <span class="n">sanity_blog_id</span> <span class="o">=</span> <span class="n">sanity_blog_playload</span><span class="p">[</span><span class="s">'id'</span><span class="p">]</span> <span class="n">sanity_blog_categories</span> <span class="o">=</span> <span class="n">sanity_blog_playload</span><span class="p">[</span><span class="s">'categories'</span><span class="p">]</span> <span class="n">sanity_blog_created_at</span> <span class="o">=</span> <span class="n">sanity_blog_playload</span><span class="p">[</span><span class="s">'createdAt'</span><span class="p">]</span> <span class="n">sanity_blog_updated_at</span> <span class="o">=</span> <span class="n">sanity_blog_playload</span><span class="p">[</span><span class="s">'updatedAt'</span><span class="p">]</span> <span class="n">categories</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">category</span> <span class="ow">in</span> <span class="n">sanity_blog_categories</span><span class="p">:</span> <span class="n">categories</span><span class="p">.</span><span class="n">append</span><span class="p">(</span><span class="n">category</span><span class="p">[</span><span class="s">'title'</span><span class="p">])</span> <span class="n">sanity_cms_data</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="s">"id"</span><span class="p">:</span> <span class="n">sanity_blog_id</span><span class="p">,</span> <span class="s">"title"</span><span class="p">:</span> <span class="n">sanity_blog_title</span><span class="p">,</span> <span class="s">"description"</span><span class="p">:</span> <span class="n">sanity_blog_description</span><span class="p">,</span> <span class="s">"body"</span><span class="p">:</span> <span class="n">sanity_blog_body</span><span class="p">,</span> <span class="s">"categories"</span><span class="p">:</span> <span class="n">categories</span><span class="p">,</span> <span class="s">"createdAt"</span><span class="p">:</span> <span class="n">sanity_blog_created_at</span><span class="p">,</span> <span class="s">"updatedAt"</span><span class="p">:</span> <span class="n">sanity_blog_updated_at</span> <span class="p">}</span> <span class="p">]</span> <span class="c1"># Get Secret from secret manager </span> <span class="k">def</span> <span class="nf">get_secrets</span><span class="p">(</span><span class="n">secret_name</span><span class="p">):</span> <span class="n">region_name</span> <span class="o">=</span> <span class="s">"us-east-1"</span> <span class="n">session</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="n">session</span><span class="p">.</span><span class="n">Session</span><span class="p">()</span> <span class="n">client</span> <span class="o">=</span> <span class="n">session</span><span class="p">.</span><span class="n">client</span><span class="p">(</span> <span class="n">service_name</span><span class="o">=</span><span class="s">'secretsmanager'</span><span class="p">,</span> <span class="n">region_name</span><span class="o">=</span><span class="n">region_name</span> <span class="p">)</span> <span class="n">get_secret_value_response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">get_secret_value</span><span class="p">(</span> <span class="n">SecretId</span><span class="o">=</span><span class="n">secret_name</span><span class="p">)</span> <span class="k">return</span> <span class="n">get_secret_value_response</span> <span class="c1"># Get connection string </span> <span class="k">def</span> <span class="nf">get_connection_string</span><span class="p">():</span> <span class="n">user</span> <span class="o">=</span> <span class="n">get_secrets</span><span class="p">(</span><span class="n">secret_name</span><span class="o">=</span><span class="s">"os-username"</span><span class="p">)[</span><span class="s">'SecretString'</span><span class="p">]</span> <span class="n">password</span> <span class="o">=</span> <span class="n">get_secrets</span><span class="p">(</span><span class="n">secret_name</span><span class="o">=</span><span class="s">"os-password"</span><span class="p">)[</span><span class="s">'SecretString'</span><span class="p">]</span> <span class="n">connection_string</span> <span class="o">=</span> <span class="s">"https://{}:{}@{}:443"</span><span class="p">.</span><span class="nb">format</span><span class="p">(</span> <span class="n">user</span><span class="p">,</span> <span class="n">password</span><span class="p">,</span> <span class="n">domain_endpoint</span><span class="p">)</span> <span class="k">return</span> <span class="n">connection_string</span> <span class="c1"># Insert Documents </span> <span class="k">def</span> <span class="nf">insert_documents</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="n">client</span><span class="p">,</span> <span class="n">index</span><span class="p">):</span> <span class="k">def</span> <span class="nf">gendata</span><span class="p">():</span> <span class="k">for</span> <span class="n">document</span> <span class="ow">in</span> <span class="n">data</span><span class="p">:</span> <span class="nb">id</span> <span class="o">=</span> <span class="n">document</span><span class="p">[</span><span class="s">"id"</span><span class="p">]</span> <span class="k">yield</span> <span class="p">{</span> <span class="s">"_id"</span><span class="p">:</span> <span class="nb">id</span><span class="p">,</span> <span class="s">"_index"</span><span class="p">:</span> <span class="n">index</span><span class="p">,</span> <span class="s">"_source"</span><span class="p">:</span> <span class="n">document</span> <span class="p">}</span> <span class="n">response</span> <span class="o">=</span> <span class="n">helpers</span><span class="p">.</span><span class="n">bulk</span><span class="p">(</span><span class="n">client</span><span class="p">,</span> <span class="n">gendata</span><span class="p">())</span> <span class="k">print</span><span class="p">(</span><span class="s">"</span><span class="se">\n</span><span class="s">Indexing Documents"</span><span class="p">)</span> <span class="k">print</span><span class="p">(</span><span class="n">response</span><span class="p">)</span> <span class="c1"># update Document </span> <span class="k">def</span> <span class="nf">update_documents</span><span class="p">(</span><span class="n">connection_string</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="n">client</span><span class="p">):</span> <span class="k">def</span> <span class="nf">gendata</span><span class="p">():</span> <span class="k">for</span> <span class="n">document</span> <span class="ow">in</span> <span class="n">data</span><span class="p">:</span> <span class="n">index_id</span> <span class="o">=</span> <span class="n">document</span><span class="p">[</span><span class="s">"id"</span><span class="p">]</span> <span class="c1"># Delete 'id' column because we don't want to index it </span> <span class="k">yield</span> <span class="p">{</span> <span class="s">"_op_type"</span><span class="p">:</span> <span class="s">"update"</span><span class="p">,</span> <span class="s">"_id"</span><span class="p">:</span> <span class="n">index_id</span><span class="p">,</span> <span class="s">"_index"</span><span class="p">:</span> <span class="n">index</span><span class="p">,</span> <span class="s">"doc"</span><span class="p">:</span> <span class="n">document</span><span class="p">,</span> <span class="p">}</span> <span class="n">response</span> <span class="o">=</span> <span class="n">helpers</span><span class="p">.</span><span class="n">bulk</span><span class="p">(</span><span class="n">client</span><span class="p">,</span> <span class="n">gendata</span><span class="p">(),</span> <span class="n">request_timeout</span><span class="o">=</span><span class="mi">60</span><span class="p">)</span> <span class="k">print</span><span class="p">(</span><span class="s">'</span><span class="se">\n</span><span class="s">Updating document'</span><span class="p">)</span> <span class="k">print</span><span class="p">(</span><span class="n">response</span><span class="p">)</span> <span class="c1"># Execution of the index data </span> <span class="n">connection_string</span> <span class="o">=</span> <span class="n">get_connection_string</span><span class="p">()</span> <span class="n">client</span> <span class="o">=</span> <span class="n">OpenSearch</span><span class="p">([</span><span class="n">connection_string</span><span class="p">])</span> <span class="c1"># Search for the document </span> <span class="n">document_exists</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">exists</span><span class="p">(</span><span class="n">index</span><span class="o">=</span><span class="n">index</span><span class="p">,</span> <span class="nb">id</span><span class="o">=</span><span class="n">sanity_blog_id</span><span class="p">)</span> <span class="k">if</span> <span class="n">document_exists</span><span class="p">:</span> <span class="k">print</span><span class="p">(</span><span class="s">"Document already exists"</span><span class="p">)</span> <span class="n">update_documents</span><span class="p">(</span><span class="n">connection_string</span><span class="p">,</span> <span class="n">sanity_cms_data</span><span class="p">,</span> <span class="n">client</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="k">print</span><span class="p">(</span><span class="s">"Document does not exist"</span><span class="p">)</span> <span class="n">insert_documents</span><span class="p">(</span><span class="n">sanity_cms_data</span><span class="p">,</span> <span class="n">client</span><span class="p">,</span> <span class="n">index</span><span class="p">)</span> </code></pre> </div> <p>You can verify the data ingestion by logging into the OpenSearch domain endpoint URL. </p> <h2> Secure access to the cluster's data through API Gateway and Lambda functions </h2> <p>To access the data securely, you could use various strategies and the following uses API gateway and Lambda and this is used by my <a href="https://cloudysky.link/">Cloudysky web app</a> to make calls to OpenSearch to get search results. </p> <p>Here is the CloudFormation template for the API gateway with custom route53 domain and also, uses API key to secure the API access. Also, it has the Lambda function resource which will used to search the data in OpenSearch cluster.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2010-09-09'</span> <span class="na">Transform</span><span class="pi">:</span> <span class="s">AWS::Serverless-2016-10-31</span> <span class="na">Description</span><span class="pi">:</span> <span class="pi">&gt;</span> <span class="s">cloudysky-web-opensearch-api</span> <span class="s">Sample SAM Template for cloudysky-web-opensearch-api</span> <span class="c1"># More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst</span> <span class="na">Globals</span><span class="pi">:</span> <span class="na">Function</span><span class="pi">:</span> <span class="na">Timeout</span><span class="pi">:</span> <span class="m">3</span> <span class="na">MemorySize</span><span class="pi">:</span> <span class="m">128</span> <span class="na">Tracing</span><span class="pi">:</span> <span class="s">Active</span> <span class="na">Api</span><span class="pi">:</span> <span class="na">TracingEnabled</span><span class="pi">:</span> <span class="no">true</span> <span class="na">Resources</span><span class="pi">:</span> <span class="na">ApiCertificate</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::CertificateManager::Certificate</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">DomainName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">api-prod.cloudysky.link</span> <span class="na">ValidationMethod</span><span class="pi">:</span> <span class="s">DNS</span> <span class="na">ApiGatewayApi</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Serverless::Api</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">StageName</span><span class="pi">:</span> <span class="s">prod</span> <span class="na">Cors</span><span class="pi">:</span> <span class="s2">"</span><span class="s">'*'"</span> <span class="na">Domain</span><span class="pi">:</span> <span class="na">DomainName</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">CUSTOM_DOMAIN</span> <span class="na">CertificateArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ApiCertificate</span> <span class="na">EndpointConfiguration</span><span class="pi">:</span> <span class="s">EDGE</span> <span class="na">Route53</span><span class="pi">:</span> <span class="na">HostedZoneId</span><span class="pi">:</span> <span class="s">HOSTED_ZONE</span> <span class="na">Auth</span><span class="pi">:</span> <span class="na">ApiKeyRequired</span><span class="pi">:</span> <span class="no">true</span> <span class="c1"># sets for all methods</span> <span class="na">UsagePlan</span><span class="pi">:</span> <span class="na">CreateUsagePlan</span><span class="pi">:</span> <span class="s">PER_API</span> <span class="c1"># Quota:</span> <span class="c1"># Limit: 1000</span> <span class="c1"># Period: DAY</span> <span class="c1"># Throttle:</span> <span class="c1"># RateLimit: 5</span> <span class="c1"># CacheClusterEnabled: true</span> <span class="c1"># CacheClusterSize: '0.5'</span> <span class="c1"># MethodSettings:</span> <span class="c1"># - ResourcePath: /search</span> <span class="c1"># HttpMethod: GET</span> <span class="c1"># CachingEnabled: true</span> <span class="c1"># CacheTtlInSeconds: 300 </span> <span class="na">OpenSearchAPIFunction</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Serverless::Function</span> <span class="c1"># More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CodeUri</span><span class="pi">:</span> <span class="s">opensearch_api/</span> <span class="na">Handler</span><span class="pi">:</span> <span class="s">app.lambda_handler</span> <span class="na">Runtime</span><span class="pi">:</span> <span class="s">python3.9</span> <span class="na">Architectures</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">x86_64</span> <span class="na">Events</span><span class="pi">:</span> <span class="na">OpenSearchAPI</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Api</span> <span class="c1"># More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/search</span> <span class="na">Method</span><span class="pi">:</span> <span class="s">get</span> <span class="na">RestApiId</span><span class="pi">:</span> <span class="na">Ref</span><span class="pi">:</span> <span class="s">ApiGatewayApi</span> <span class="na">Policies</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">AmazonOpenSearchServiceFullAccess</span> <span class="pi">-</span> <span class="na">CloudWatchPutMetricPolicy</span><span class="pi">:</span> <span class="pi">{}</span> <span class="pi">-</span> <span class="s">SecretsManagerReadWrite</span> <span class="pi">-</span> <span class="s">AmazonSSMReadOnlyAccess</span> <span class="na">ApplicationResourceGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ResourceGroups::Group</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Name</span><span class="pi">:</span> <span class="s">Fn::Join:</span> <span class="s">- ''</span> <span class="s">- - ApplicationInsights-SAM-</span> <span class="s">- Ref</span><span class="err">:</span> <span class="s">AWS::StackName</span> <span class="na">ResourceQuery</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">CLOUDFORMATION_STACK_1_0</span> <span class="na">ApplicationInsightsMonitoring</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ApplicationInsights::Application</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">ResourceGroupName</span><span class="pi">:</span> <span class="s">Fn::Join:</span> <span class="s">- ''</span> <span class="s">- - ApplicationInsights-SAM-</span> <span class="s">- Ref</span><span class="err">:</span> <span class="s">AWS::StackName</span> <span class="na">AutoConfigurationEnabled</span><span class="pi">:</span> <span class="s1">'</span><span class="s">true'</span> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">ApplicationResourceGroup</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="c1"># ServerlessRestApi is an implicit API created out of Events key under Serverless::Function</span> <span class="c1"># Find out more about other implicit resources you can reference within SAM</span> <span class="c1"># https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api</span> <span class="na">HelloWorldApi</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">API Gateway endpoint URL for Prod stage for Hello World function</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s2">"</span><span class="s">https://${ApiGatewayApi}.execute-api.${AWS::Region}.amazonaws.com/prod/"</span> <span class="na">OpenSearchAPIFunction</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Hello World Lambda Function ARN</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">OpenSearchAPIFunction.Arn</span> <span class="na">OpenSearchAPIFunctionIamRole</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Implicit IAM Role created for Hello World function</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">OpenSearchAPIFunctionRole.Arn</span> </code></pre> </div> <p>Here is the snippet for the actual Lambda function that gets invoked based on API gateway event. You could use various query DSL strategies to perform a full text search and in this case, match_phrase_prefix query worked fine for me.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="nn">json</span> <span class="kn">import</span> <span class="nn">boto3</span> <span class="kn">from</span> <span class="nn">opensearchpy</span> <span class="kn">import</span> <span class="n">OpenSearch</span><span class="p">,</span> <span class="n">helpers</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="n">domain_endpoint</span> <span class="o">=</span> <span class="s">'YOUR_DOMAIN_ENDPOINT'</span> <span class="n">index</span> <span class="o">=</span> <span class="s">'cloudysky-cms-data'</span> <span class="n">queryString</span> <span class="o">=</span> <span class="n">event</span><span class="p">[</span><span class="s">'queryStringParameters'</span><span class="p">][</span><span class="s">'q'</span><span class="p">]</span> <span class="c1"># Get Secrets from Secrets Manager </span> <span class="k">def</span> <span class="nf">get_secrets</span><span class="p">(</span><span class="n">secret_name</span><span class="p">):</span> <span class="n">region_name</span> <span class="o">=</span> <span class="s">"us-east-1"</span> <span class="n">session</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="n">session</span><span class="p">.</span><span class="n">Session</span><span class="p">()</span> <span class="n">client</span> <span class="o">=</span> <span class="n">session</span><span class="p">.</span><span class="n">client</span><span class="p">(</span> <span class="n">service_name</span><span class="o">=</span><span class="s">'secretsmanager'</span><span class="p">,</span> <span class="n">region_name</span><span class="o">=</span><span class="n">region_name</span> <span class="p">)</span> <span class="n">get_secret_value_response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">get_secret_value</span><span class="p">(</span> <span class="n">SecretId</span><span class="o">=</span><span class="n">secret_name</span><span class="p">)</span> <span class="k">return</span> <span class="n">get_secret_value_response</span> <span class="c1"># Get Connection String </span> <span class="k">def</span> <span class="nf">get_connection_string</span><span class="p">():</span> <span class="n">user</span> <span class="o">=</span> <span class="n">get_secrets</span><span class="p">(</span><span class="n">secret_name</span><span class="o">=</span><span class="s">"os-username"</span><span class="p">)[</span><span class="s">'SecretString'</span><span class="p">]</span> <span class="n">password</span> <span class="o">=</span> <span class="n">get_secrets</span><span class="p">(</span><span class="n">secret_name</span><span class="o">=</span><span class="s">"os-password"</span><span class="p">)[</span><span class="s">'SecretString'</span><span class="p">]</span> <span class="n">connection_string</span> <span class="o">=</span> <span class="s">"https://{}:{}@{}:443"</span><span class="p">.</span><span class="nb">format</span><span class="p">(</span> <span class="n">user</span><span class="p">,</span> <span class="n">password</span><span class="p">,</span> <span class="n">domain_endpoint</span><span class="p">)</span> <span class="k">return</span> <span class="n">connection_string</span> <span class="c1"># Search Documents within OpenSearch </span> <span class="k">def</span> <span class="nf">search_documents</span><span class="p">(</span><span class="n">data</span><span class="p">):</span> <span class="n">connection_string</span> <span class="o">=</span> <span class="n">get_connection_string</span><span class="p">()</span> <span class="n">client</span> <span class="o">=</span> <span class="n">OpenSearch</span><span class="p">([</span><span class="n">connection_string</span><span class="p">])</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">search</span><span class="p">(</span><span class="n">index</span><span class="o">=</span><span class="n">index</span><span class="p">,</span> <span class="n">body</span><span class="o">=</span><span class="p">{</span> <span class="s">"query"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"match_phrase_prefix"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"title"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"query"</span><span class="p">:</span> <span class="n">data</span><span class="p">,</span> <span class="s">"slop"</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span> <span class="s">"max_expansions"</span><span class="p">:</span> <span class="mi">10</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">})</span> <span class="k">return</span> <span class="n">response</span> <span class="n">response_data</span> <span class="o">=</span> <span class="n">search_documents</span><span class="p">(</span><span class="n">queryString</span><span class="p">)</span> <span class="n">hits</span> <span class="o">=</span> <span class="n">response_data</span><span class="p">[</span><span class="s">'hits'</span><span class="p">][</span><span class="s">'hits'</span><span class="p">]</span> <span class="n">response</span> <span class="o">=</span> <span class="p">{</span> <span class="s">"statusCode"</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="s">"headers"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"Access-Control-Allow-Origin"</span><span class="p">:</span> <span class="s">'*'</span> <span class="p">},</span> <span class="s">"isBase64Encoded"</span><span class="p">:</span> <span class="bp">False</span> <span class="p">}</span> <span class="n">response</span><span class="p">[</span><span class="s">'body'</span><span class="p">]</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="n">dumps</span><span class="p">(</span><span class="n">hits</span><span class="p">)</span> <span class="k">return</span> <span class="n">response</span> <span class="c1"># return { </span> <span class="c1"># "statusCode": 200, </span> <span class="c1"># "body": json.dumps({ </span> <span class="c1"># "message": queryString, </span> <span class="c1"># }), </span> <span class="c1"># } </span></code></pre> </div> <p>If you have followed above steps correctly, you would end up with a API URL like mine :- <a href="https://cloudysky.link/api/opensearch-results?q=DevOps">https://**<strong><em>.</em></strong>**/api/opensearch-results?q=DevOps</a></p> <p>This integrated approach offers several benefits. It allows you to provision and manage your OpenSearch cluster and associated resources in a consistent and repeatable manner. API Gateway provides a secure and scalable interface for accessing the OpenSearch data, ensuring fine-grained control over access permissions and enforcing security measures. Lambda functions offer flexibility and extensibility, enabling you to implement custom business logic or data transformations as needed.</p> <p>By combining IaC, API Gateway, and Lambda, you can streamline the provisioning of OpenSearch clusters, enhance security, and provide a scalable and controlled API interface for accessing and managing your data.</p> aws architecture amazon elasticsearch Automating AWS Step Functions: Programmatically Initiating Workflows for Seamless Orchestration Sandeep Yaramchitti Fri, 23 Jun 2023 20:04:47 +0000 https://dev.to/sandeepkumaryaramchitti/automating-aws-step-functions-programmatically-initiating-workflows-for-seamless-orchestration-43c1 https://dev.to/sandeepkumaryaramchitti/automating-aws-step-functions-programmatically-initiating-workflows-for-seamless-orchestration-43c1 <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--DtJZoVHw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/sq77xv0kyllv1iz37nyh.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--DtJZoVHw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/sq77xv0kyllv1iz37nyh.png" alt="Image description" width="800" height="365"></a>Recently, I came across a scenario that required using a programmatic approach, such as invoking Step Functions directly from a Lambda function over triggering Step Functions via API Gateway directly. </p> <p>While developing the <a href="https://cloudysky.link/">Cloudysky portal</a>, I came across a scenario that basically processes the Sanity CMS webhook data and initiate a state machine workflow to cross post and publish my blogs into various blogging and logging platform such as medium, Devto, Hashnode and AWS opensearch for logging. Initial intent was to just trigger and pass the data from API gateway directly to the step function workflow and that didn't really scale as I ended up doing same repeated data transformation in each state machine lambda functions. So, I thought of adding a Lambda function between the API gateway and State Machine which can do that data transformation and initiate state machine workflow by passing the transformed data. </p> <p>Here is how I was able to build this solution and I have used Cloudformation to build the required infrastructure. </p> <p>The below code snippet creates the API gateway resource<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">SanityEventApiGateway</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Serverless::Api</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">StageName</span><span class="pi">:</span> <span class="s">Prod</span> <span class="na">GatewayResponses</span><span class="pi">:</span> <span class="na">DEFAULT_2XX</span><span class="pi">:</span> <span class="na">ResponseParameters</span><span class="pi">:</span> <span class="na">Headers</span><span class="pi">:</span> <span class="na">Access-Control-Allow-Origin</span><span class="pi">:</span> <span class="s2">"</span><span class="s">'*'"</span> <span class="na">StatusCode</span><span class="pi">:</span> <span class="m">200</span> <span class="na">ResponseTemplates</span><span class="pi">:</span> <span class="na">application/json</span><span class="pi">:</span> <span class="s1">'</span><span class="s">{</span><span class="nv"> </span><span class="s">"message":</span><span class="nv"> </span><span class="s">"Sucessfully</span><span class="nv"> </span><span class="s">processed</span><span class="nv"> </span><span class="s">the</span><span class="nv"> </span><span class="s">event"</span><span class="nv"> </span><span class="s">}'</span> </code></pre> </div> <p>Here is the step function initiator lambda function that runs when any webhook event is received from Sanity CMS once configured. Also, note that StepFunctionInitiatorFunction will require _StepFunctionsExecutionPolicy to allow permission to kick of the workflow. _In addition, I have also provided SecretsManagerReadWrite which is used to fetch required credentials for data transformation.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">StepFunctionInitiatorFunction</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Serverless::Function</span> <span class="c1"># More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CodeUri</span><span class="pi">:</span> <span class="s">stepfunction-initiator-lambda/</span> <span class="na">Handler</span><span class="pi">:</span> <span class="s">app.lambdaHandler</span> <span class="na">Runtime</span><span class="pi">:</span> <span class="s">nodejs16.x</span> <span class="na">Architectures</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">x86_64</span> <span class="na">Policies</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">SecretsManagerReadWrite</span> <span class="pi">-</span> <span class="na">StepFunctionsExecutionPolicy</span><span class="pi">:</span> <span class="na">StateMachineName</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">StateMachine.Name</span> <span class="na">Environment</span><span class="pi">:</span> <span class="na">Variables</span><span class="pi">:</span> <span class="na">StateMachineArn</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">StateMachine.Arn</span> <span class="na">Events</span><span class="pi">:</span> <span class="na">HelloWorld</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">Api</span> <span class="c1"># More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">RestApiId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s2">"</span><span class="s">SanityEventApiGateway"</span> <span class="na">Path</span><span class="pi">:</span> <span class="s">/webhook</span> <span class="na">Method</span><span class="pi">:</span> <span class="s">post</span> </code></pre> </div> <p>Also, refer the state machine and StatesExecutionRole defined in the Cloudformation template. State machine will require the reference to Amazon State Language file that defines the workflow and has StatesExecutionRole that allows _lambda:InvokeFunction for each of the lambda functions within the workflow. _<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">StateMachine</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::Serverless::StateMachine</span> <span class="c1"># More info about State Machine Resource: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-statemachine.html</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">DefinitionUri</span><span class="pi">:</span> <span class="s">statemachine/stateMachine.asl.json</span> <span class="na">DefinitionSubstitutions</span><span class="pi">:</span> <span class="na">MediumArticleLambdaFunctionArn</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">MediumArticleLambdaFunction.Arn</span> <span class="na">DevtoArticleLambdaFunctionArn</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">DevtoArticleLambdaFunction.Arn</span> <span class="na">HashnodeArticleLambdaFunctionArn</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">HashnodeArticleLambdaFunction.Arn</span> <span class="na">OpenSearchLoadArticleFunctionArn</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">OpenSearchLoadArticleFunction.Arn</span> <span class="na">Role</span><span class="pi">:</span> <span class="s">Fn::GetAtt: [ StatesExecutionRole, Arn ]</span> <span class="na">Logging</span><span class="pi">:</span> <span class="na">Destinations</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">CloudWatchLogsLogGroup</span><span class="pi">:</span> <span class="na">LogGroupArn</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">StateMachineLogGroup.Arn</span> <span class="na">IncludeExecutionData</span><span class="pi">:</span> <span class="no">false</span> <span class="na">Level</span><span class="pi">:</span> <span class="s1">'</span><span class="s">ALL'</span> <span class="err"> </span><span class="na">StatesExecutionRole</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s2">"</span><span class="s">AWS::IAM::Role"</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2012-10-17"</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Allow"</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!Sub</span> <span class="s">states.${AWS::Region}.amazonaws.com</span> <span class="na">Action</span><span class="pi">:</span> <span class="s2">"</span><span class="s">sts:AssumeRole"</span> <span class="na">Path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/"</span> <span class="na">Policies</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">PolicyName</span><span class="pi">:</span> <span class="s">LambdaExecute</span> <span class="na">PolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2012-10-17"</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Action</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">lambda:InvokeFunction"</span> <span class="na">Resource</span><span class="pi">:</span> <span class="pi">-</span> <span class="kt">!GetAtt</span> <span class="s">MediumArticleLambdaFunction.Arn</span> <span class="pi">-</span> <span class="kt">!GetAtt</span> <span class="s">DevtoArticleLambdaFunction.Arn</span> <span class="pi">-</span> <span class="kt">!GetAtt</span> <span class="s">HashnodeArticleLambdaFunction.Arn</span> <span class="pi">-</span> <span class="kt">!GetAtt</span> <span class="s">OpenSearchLoadArticleFunction.Arn</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Action</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">cloudwatch:*"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">logs:*"</span> <span class="na">Resource</span><span class="pi">:</span> <span class="s2">"</span><span class="s">*"</span> </code></pre> </div> <p>Now, lets see the code which does the programatic call to start the workflow. This is just a snippet and can be refactored based on the need. </p> <ul> <li>The below snippet for Lambda function receives the Sanity CMS webhook event data and trims down the data to required ones. </li> <li>For easier reference, I have excluded the data transformation section and this is basically to show that any type of data manipulation can be done here. </li> <li>Also, fetches additional data from sanity connecting through sanity client and gets required credentials from secrets manager. </li> <li>Finally, it creates an instance to connect to Step Functions using AWS-SDK.</li> <li>Last step of this flow is to call the stepfunctions.startExecution function with the data you would want to pass it to the step function workflow. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">let</span> <span class="nx">response</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">blogData</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">AWS</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">aws-sdk</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">moment</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">moment</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">createClient</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">@sanity/client</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">secretManagerClient</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">AWS</span><span class="p">.</span><span class="nx">SecretsManager</span><span class="p">();</span> <span class="nx">exports</span><span class="p">.</span><span class="nx">lambdaHandler</span> <span class="o">=</span> <span class="k">async</span> <span class="p">(</span><span class="nx">event</span><span class="p">,</span> <span class="nx">context</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Step Function execution section</span> <span class="kd">const</span> <span class="nx">sfnArn</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">StateMachineArn</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">rightNow</span> <span class="o">=</span> <span class="nx">moment</span><span class="p">().</span><span class="nx">format</span><span class="p">(</span><span class="dl">'</span><span class="s1">YYYYMMDD-hhmmss</span><span class="dl">'</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">blog</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">parse</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">body</span><span class="p">);</span> <span class="c1">// Write data transformation logic</span> <span class="c1">// Get the secret value for sanity</span> <span class="kd">const</span> <span class="nx">secret_name</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">sanity-cms</span><span class="dl">'</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">response</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">secretManagerClient</span> <span class="p">.</span><span class="nx">getSecretValue</span><span class="p">({</span> <span class="na">SecretId</span><span class="p">:</span> <span class="nx">secret_name</span><span class="p">,</span> <span class="p">})</span> <span class="p">.</span><span class="nx">promise</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="nx">error</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">secret</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">parse</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">SecretString</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">SANITY_PROJECT_ID</span> <span class="o">=</span> <span class="nx">secret</span><span class="p">.</span><span class="nx">SANITY_PROJECT_ID</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">SANITY_DATASET</span> <span class="o">=</span> <span class="nx">secret</span><span class="p">.</span><span class="nx">SANITY_DATASET</span><span class="p">;</span> <span class="c1">// Create a sanity client</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dataset</span><span class="p">:</span> <span class="nx">SANITY_DATASET</span><span class="p">,</span> <span class="na">projectId</span><span class="p">:</span> <span class="nx">SANITY_PROJECT_ID</span><span class="p">,</span> <span class="na">apiVersion</span><span class="p">:</span> <span class="dl">'</span><span class="s1">2022-11-16</span><span class="dl">'</span><span class="p">,</span> <span class="na">useCdn</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="nx">createClient</span><span class="p">(</span><span class="nx">config</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">query</span> <span class="o">=</span> <span class="s2">`*[_type == 'post' &amp;&amp; _id == '</span><span class="p">${</span><span class="nx">blogID</span><span class="p">}</span><span class="s2">']{ categories[] -&gt; { title, slug } }`</span><span class="p">;</span> <span class="c1">// Get the categories</span> <span class="kd">const</span> <span class="nx">categories</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">client</span><span class="p">.</span><span class="nx">fetch</span><span class="p">(</span><span class="nx">query</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">blog</span><span class="p">.</span><span class="nx">_id</span><span class="p">,</span> <span class="na">title</span><span class="p">:</span> <span class="nx">blog</span><span class="p">.</span><span class="nx">title</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="nx">blog</span><span class="p">.</span><span class="nx">description</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="nx">blog</span><span class="p">.</span><span class="nx">body</span><span class="p">,</span> <span class="na">categories</span><span class="p">:</span> <span class="nx">categories</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">categories</span><span class="p">,</span> <span class="na">createdAt</span><span class="p">:</span> <span class="nx">blog</span><span class="p">.</span><span class="nx">_createdAt</span><span class="p">,</span> <span class="na">updatedAt</span><span class="p">:</span> <span class="nx">blog</span><span class="p">.</span><span class="nx">_updatedAt</span><span class="p">,</span> <span class="na">mainImage</span><span class="p">:</span> <span class="nx">blog</span><span class="p">.</span><span class="nx">mainImage</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">params</span> <span class="o">=</span> <span class="p">{</span> <span class="na">stateMachineArn</span><span class="p">:</span> <span class="nx">sfnArn</span><span class="p">,</span> <span class="na">input</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">(</span><span class="nx">data</span><span class="p">),</span> <span class="na">name</span><span class="p">:</span> <span class="nx">blogID</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">-</span><span class="dl">'</span> <span class="o">+</span> <span class="nx">rightNow</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">stepfunctions</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">AWS</span><span class="p">.</span><span class="nx">StepFunctions</span><span class="p">();</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">stepfunctions</span><span class="p">.</span><span class="nx">startExecution</span><span class="p">(</span><span class="nx">params</span><span class="p">).</span><span class="nx">promise</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">error</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">response</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>There are several scenarios where using a programmatic approach, such as invoking Step Functions directly from a Lambda function, may be preferable over triggering Step Functions via API Gateway:<br> Fine-grained control: When you need precise control over the invocation of your Step Functions workflow and want to perform custom logic or transformations on the input data before triggering the workflow, a programmatic approach provides more flexibility. <br> Complex data transformations: If you have complex data transformations or data preprocessing requirements before triggering the workflow, using a Lambda function allows you to handle these tasks efficiently. You can perform format conversions, or data validation as needed within the Lambda function before passing the processed data to the Step Function.<br> Orchestration with multiple services: If your workflow involves coordination and interaction with multiple AWS services or external systems, a programmatic approach can be beneficial. The Lambda function can act as the central orchestrator, integrating with various services and systems, making API calls, retrieving data, and applying business logic to decide when and how to trigger the Step Functions workflow.</p> <p>Watch out for more blogs in this space….</p> aws serverless stepfunctions sanity How I built my Cloudsky portfolio and leveraged AWS services for infrastructure and automation Sandeep Yaramchitti Thu, 22 Jun 2023 12:38:38 +0000 https://dev.to/sandeepkumaryaramchitti/how-i-built-my-cloudsky-portfolio-and-leveraged-aws-services-for-infrastructure-and-automation-5bb7 https://dev.to/sandeepkumaryaramchitti/how-i-built-my-cloudsky-portfolio-and-leveraged-aws-services-for-infrastructure-and-automation-5bb7 <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--icTR2UuH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8r11swz2zzpnsvf0dyq2.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--icTR2UuH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8r11swz2zzpnsvf0dyq2.png" alt="Image description" width="800" height="427"></a>Are you interested in building your own portfolio application from ground up using modern tech stack? Here is a blog explaining the process I followed to build my <a href="https://cloudysky.link/">Cloudysky</a> web app. </p> <p>My inspiration for this app is to have the ability to create blog posts, cross post to multiple blogging platforms in a fully automated way, organize and manage my blog posts at one consolidated place in admin studio, logging events, analytics, service uptime calculator and AWS resources cost calculator for my portal, showcase some of the modern features in tech, integration with external services and in the process stay current with tech.</p> <p>Now, lets talk about the tech stack in details and implementation process. </p> <h2> <strong>Web application in Next.Js</strong> </h2> <p>Next.js is a powerful and popular framework for building production ready applications with cutting edge features and few of them used on this app are server side rendering, Incremental Static Regeneration, optimize website performance by pre-rendering pages, enabling faster initial load times, automatic code splitting etc. I have used Tailwindcss for styling and micro link for link previews etc. to name a few. </p> <p>Check out the github repo for more information :- <a href="https://github.com/SandeepKumarYaramchitti/cloudysky-web-app">https://github.com/SandeepKumarYaramchitti/cloudysky-web-app</a></p> <h2> Composable CMS with Sanity </h2> <p>Sanity CMS is a flexible and composable headless content management system that allows to structure and manage content for the websites or applications. Why i went with Sanity for CMS ? </p> <p>Using the composable CMS capabilities of Sanity in conjunction with Next.js greatly enhanced the content management and development workflow for my application. With Sanity Studio, its powerful content editing interface, I was able to create customized and intuitive editing experiences tailored to my specific project requirements. The studio provides a user-friendly interface for content authors to create, edit, and organize content in a structured manner. </p> <p>I also used Next.js provided server-side rendering and static site generation (ISR) capabilities, allowing to fetch data from Sanity during the build process and pre-render pages with the latest content. This ensures that my application always displays up-to-date content without compromising performance.</p> <h2> AWS Amplify Web hosting and Route 53 </h2> <p>Amplify Web Hosting is a feature of AWS Amplify that allows to deploy and host web applications, static websites, and single-page applications (SPAs) with ease. It provides a managed environment for building, deploying, and scaling your applications while offering features like continuous deployment, automatic SSL certificate management, and CDN (Content Delivery Network) integration for fast content delivery.</p> <p>These are some of the features I really like with Amplify</p> <ul> <li>**Build and Deploy Settings: **Within the Amplify console, I have defined the build and deployment settings for my web application. This includes specifying the build commands, environment variables, secrets, branch mappings, and other configuration options. Above all, this is logging that is next level for a SSR / ISR application specially as it is NextJs based app. Also, configurations are slightly different for nextjs and checkout <a href="https://github.com/SandeepKumarYaramchitti/cloudysky-web-app/blob/main/amplify.yml">Amplify.yml </a> for nextjs build configuration. </li> <li>**Pull Request Preview: **This is one of my all time favorite feature on Amplify and takes effect when a pull request is created in my web application github repo, Amplify automatically detects it and triggers a preview build. The preview build creates a temporary environment that reflects the changes made in the pull request along with a preview URL. </li> <li>**Route 53 domain URL: **Amplify works well with Route 53 URLs out of the box as I could do the DNS Configuration in Amplify console after domain registration, Amplify provides automatic provisioning and management of SSL/TLS certificates using AWS Certificate Manager (ACM). After that, Amplify will build my application and create a deployment bundle, which is then distributed and served by AWS infrastructure. In summary, Amplify leverages Route 53 for domain registration, DNS configuration, and routing of traffic to my web application - <a href="https://cloudysky.link/">https://cloudysky.link/.</a> It provides an integrated workflow, making it easier to manage custom domains and their associated DNS settings within the Amplify ecosystem</li> </ul> <h2> Sanity Webhook and AWS API Gateway Integration </h2> <p>Sanity provides a webhook functionality as part of its content management system. A webhook in Sanity is a mechanism that allows to receive real-time notifications or trigger actions in external systems when certain events occur within the CMS. These events can include content updates, deletions, creations, or other actions within the CMS. When the specified event occurs, Sanity will automatically send an HTTP request to the configured webhook URL, providing relevant data about the event. </p> <p>I have set up the API gateway in AWS using Cloudformation Iac that will receive the sanity webhook events on CMS content change and will forward that to a step function initiator lambda to kick of data processing.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code> SanityEventApiGateway: Type: AWS::Serverless::Api Properties: StageName: Prod GatewayResponses: DEFAULT_2XX: ResponseParameters: Headers: Access-Control-Allow-Origin: "'*'" StatusCode: 200 ResponseTemplates: application/json: '{ "message": "Sucessfully processed the event" }' </code></pre> </div> <p>Once the sanity webhook event is received, API gateway triggers a Lambda function to initiate the step function workflow.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code> StepFunctionInitiatorFunction: Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction Properties: CodeUri: stepfunction-initiator-lambda/ Handler: app.lambdaHandler Runtime: nodejs16.x Architectures: - x86_64 Policies: - SecretsManagerReadWrite - StepFunctionsExecutionPolicy: StateMachineName: !GetAtt StateMachine.Name Environment: Variables: StateMachineArn: !GetAtt StateMachine.Arn Events: HelloWorld: Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api Properties: RestApiId: !Ref "SanityEventApiGateway" Path: /webhook Method: post </code></pre> </div> <h2> AWS State machine to transform and publish blog posts </h2> <p>An AWS State Machine, also known as AWS Step Functions, is a serverless workflow service provided by Amazon Web Services (AWS). It enables to build and coordinate highly scalable and resilient applications by orchestrating multiple AWS services and integrating them with custom code or business logic. In this scenario, the step function orchestrated the lambda function executions in parallel to transform data required to publish to each of the blogging platforms such as Medium, DevTo, Hashnode and also, lambda to ingest data into opensearch for data logging. </p> <p>Watch out this space and my <a href="https://cloudysky.link/">Cloudsky portal</a> for more details on this. At somepoint, I will make the github source code public as well once I refactor and review for any security concerns etc. </p> <h2> Upstash for serverless database for caching </h2> <p>I have also used serverless data platform Upstash to caching data when data in ingested to AWS opensearch. This just helps to avoid repeated API calls to opensearch for data query. More to come in this and snippets on how this integration is done. </p> <p>I still have some work to do on my portal however I thought of sharing my experience on building the portal as a side project. Let me know if this helps to get an idea on how to design, build, deploy your own idea into production. </p> <p>Watch out for more updates in this....</p> architecture serverless aws