Trigger CodeBuild via Lambda instead of CodePipeline. Update packages. Update readmes. Add test event.

Author: jch254

README.md

@@ -8,19 +8,19 @@ It's easy to scope a song - just send a message starting with 'scope' followed b
 
 Hit up Scope at [https://m.me/scopebot](https://m.me/scopebot) or [https://facebook.com/scopebot](https://facebook.com/scopebot)
 
-## Technologies Used
+### Technologies Used
 
 - Node.js
 - TypeScript
 - Terraform
 - Lex
 - Lambda
-- CodeBuild/CodePipeline
+- CodeBuild
 - Facebook Messenger Platform
 - Spotify API
 - Genius API
 
-## What's next for Scope?
+### What's next for Scope?
 
 - Add/improve sharing functionality
 - Add suggestions
@@ -29,6 +29,22 @@ Hit up Scope at [https://m.me/scopebot](https://m.me/scopebot) or [https://faceb
 
 > _Do you fools listen to music or do you just skim through it? - JAY-Z_
 
-## Deployment/Infrastructure
+---
+
+### Environment variables
+
+- SPOTIFY_CLIENT_ID
+- SPOTIFY_CLIENT_SECRET
+- GENIUS_ACCESS_TOKEN
+- PAGE_ACCESS_TOKEN
+
+### Running locally (with hot reloading)
+
+1. Set environment variables listed above
+1. Configure event in [/src/test.ts](./src/test.ts) (see [/src/LexEvent.ts](./src/LexEvent.ts) for event structure)
+1. `yarn run test`
+
+
+### Deployment/Infrastructure
 
 Refer to the [/infrastructure](./infrastructure) directory.

buildspec.yml

@@ -1,21 +1,27 @@
+# All commands below are run from root directory of repository by CodeBuild
 version: 0.2
 
 env:
   variables:
-    TF_VAR_remote_state_bucket: "603-terraform-remote-state"
-    TF_VAR_remote_state_region: "ap-southeast-2"
     TF_VAR_region: "us-east-1"
     TF_VAR_name: "scope-lex-handler"
+    TF_VAR_kms_key_arns: '["arn:aws:kms:us-east-1:982898479788:key/3dc41364-c3e6-4544-8e39-c5f4780d19cd","arn:aws:kms:us-east-1:982898479788:key/e83f1d78-5dc5-4aca-a00b-2fc2ac7bebe4"]'
+    TF_VAR_ssm_parameter_arns: '["arn:aws:ssm:us-east-1:982898479788:parameter/scope-lex-handler/*","arn:aws:ssm:us-east-1:982898479788:parameter/shared/*"]'
     TF_VAR_build_docker_image: "jch254/docker-node-terraform-aws"
     TF_VAR_build_docker_tag: "6.10.0"
-    TF_VAR_github_repository_owner: "jch254"
-    TF_VAR_github_repository_name: "scope-lex-handler"
-    TF_VAR_github_branch_name: "master"
-    TF_VAR_artifacts_dir: "../dist" # executed from /infrastruture directory
+    TF_VAR_buildspec: "buildspec.yml"
+    TF_VAR_source_location: "https://github.com/jch254/scope-lex-handler.git"
+    TF_VAR_artifacts_dir: "../dist"
     TF_VAR_runtime: "nodejs6.10"
     TF_VAR_handler: "index.handler"
-    TF_VAR_kms_key_arns: '["arn:aws:kms:us-east-1:982898479788:key/3dc41364-c3e6-4544-8e39-c5f4780d19cd","arn:aws:kms:us-east-1:982898479788:key/e83f1d78-5dc5-4aca-a00b-2fc2ac7bebe4"]'
-    TF_VAR_ssm_parameter_arns: '["arn:aws:ssm:us-east-1:982898479788:parameter/scope-lex-handler/*","arn:aws:ssm:us-east-1:982898479788:parameter/shared/*"]'
+    REMOTE_STATE_BUCKET: "603-terraform-remote-state"
+    REMOTE_STATE_REGION: "ap-southeast-2"
+  parameter-store:
+    SPOTIFY_CLIENT_ID: "/scope-lex-handler/spotify-client-id"
+    SPOTIFY_CLIENT_SECRET: "/scope-lex-handler/spotify-client-secret"
+    GENIUS_ACCESS_TOKEN: "/scope-lex-handler/genius-access-token"
+    PAGE_ACCESS_TOKEN: "/scope-lex-handler/page-access-token"
+    TF_VAR_github_oauth_token: "/shared/github-token"
 
 phases:
   install:
@@ -32,14 +38,8 @@ phases:
       - export AWS_SECRET_ACCESS_KEY=`curl --silent http://169.254.170.2:80$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI | jq -r '.SecretAccessKey'`
       - export AWS_SESSION_TOKEN=`curl --silent http://169.254.170.2:80$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI | jq -r '.Token'`
 
-      - SPOTIFY_CLIENT_ID=$(aws ssm get-parameters --region $TF_VAR_region --name "/scope-lex-handler/spotify-client-id" --with-decryption --query Parameters[0].Value)
-      - SPOTIFY_CLIENT_SECRET=$(aws ssm get-parameters --region $TF_VAR_region --name "/scope-lex-handler/spotify-client-secret" --with-decryption --query Parameters[0].Value)
-      - GENIUS_ACCESS_TOKEN=$(aws ssm get-parameters --region $TF_VAR_region --name "/scope-lex-handler/genius-access-token" --with-decryption --query Parameters[0].Value)
-      - PAGE_ACCESS_TOKEN=$(aws ssm get-parameters --region $TF_VAR_region --name "/scope-lex-handler/page-access-token" --with-decryption --query Parameters[0].Value)
       - export TF_VAR_environment_variables="{ SPOTIFY_CLIENT_ID = $SPOTIFY_CLIENT_ID, SPOTIFY_CLIENT_SECRET = $SPOTIFY_CLIENT_SECRET, GENIUS_ACCESS_TOKEN = $GENIUS_ACCESS_TOKEN, PAGE_ACCESS_TOKEN = $PAGE_ACCESS_TOKEN }"
 
-      - export TF_VAR_github_oauth_token=$(aws ssm get-parameters --region $TF_VAR_region --name "/shared/github-token" --with-decryption --query Parameters[0].Value --output text)
-
   build:
     commands:
       - ./infrastructure/build-artifacts.bash

infrastructure/README.md

@@ -1,10 +1,12 @@
 # Deployment/Infrastructure
 
-Scope-lex-handler is a Lambda function built, tested and deployed to AWS by CodePipeline and CodeBuild.
+Scope-lex-handler is a Lambda function built, tested and deployed to AWS by [codebuild-github-webhook](https://github.com/jch254/codebuild-github-webhook) and CodeBuild.
 
 ---
 
-**All commands below must be run in each /infrastructure subdirectory (e.g. /infrastructure/admin-api) then in the /infrastructure directory**
+### Deployment Prerequisites
+
+**All commands below must be run in the /infrastructure directory.**
 
 To deploy to AWS, you must:
 
@@ -13,46 +15,49 @@ To deploy to AWS, you must:
    1. Set your credentials as the environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
    1. Run `aws configure` and fill in the details it asks for.
    1. Run on an EC2 instance with an IAM Role.
-   1. Run via CodeBuild or ECS Task with an IAM Role (see [buildspec.yml](../buildspec.yml) for workaround)
+   1. Run via CodeBuild or ECS Task with an IAM Role (see [buildspec-test.yml](../buildspec-test.yml) for workaround)
 
-### Deploying infrastructure
+#### Deploying infrastructure
 
-1. Export all environment variables beginning with TF_VAR_ as per [buildspec.yml](../buildspec.yml)
+1. Update and export all environment variables specified in the appropriate buildspec declaration (check all phases) and bash scripts
 1. Initialise Terraform:
 ```
 terraform init \
   -backend-config 'bucket=YOUR_S3_BUCKET' \
   -backend-config 'key=YOUR_S3_KEY' \
-  -backend-config 'region=YOUR_REGION'
+  -backend-config 'region=YOUR_REGION' \
+  -get=true \
+  -upgrade=true
 ```
-1. `terraform get --update`
-1. `terraform plan`
-1. `terraform apply`
+1. `terraform plan -out main.tfplan`
+1. `terraform apply main.tfplan`
 
-### Updating infrastructure
+#### Updating infrastructure
 
-1. Export all environment variables beginning with TF_VAR_ as per [buildspec.yml](../buildspec.yml)
+1. Update and export all environment variables specified in the appropriate buildspec declaration (check all phases) and bash scripts
 1. Make necessary infrastructure code changes.
 1. Initialise Terraform:
 ```
 terraform init \
   -backend-config 'bucket=YOUR_S3_BUCKET' \
   -backend-config 'key=YOUR_S3_KEY' \
-  -backend-config 'region=YOUR_REGION'
+  -backend-config 'region=YOUR_REGION' \
+  -get=true \
+  -upgrade=true
 ```
-1. `terraform get --update`
-1. `terraform plan`
-1. `terraform apply`
+1. `terraform plan -out main.tfplan`
+1. `terraform apply main.tfplan`
 
-### Destroying infrastructure (use with care)
+#### Destroying infrastructure (use with care)
 
-1. Export all environment variables beginning with TF_VAR_ as per [buildspec.yml](../buildspec.yml)
+1. Update and export all environment variables specified in the appropriate buildspec declaration (check all phases) and bash scripts
 1. Initialise Terraform:
 ```
 terraform init \
   -backend-config 'bucket=YOUR_S3_BUCKET' \
   -backend-config 'key=YOUR_S3_KEY' \
-  -backend-config 'region=YOUR_REGION'
+  -backend-config 'region=YOUR_REGION' \
+  -get=true \
+  -upgrade=true
 ```
-1. `terraform get --update`
-1. `terraform destroy`
+1. `terraform destroy`

infrastructure/build-artifacts.bash

@@ -2,7 +2,6 @@
 
 echo Building artifacts...
 
-export NODE_ENV=production
 yarn run build
 yarn install --production --modules-folder dist/node_modules
 

infrastructure/modules/build-pipeline/codebuild-role-policy.tpl renamed to infrastructure/codebuild-role-policy.tpl

@@ -4,12 +4,13 @@ echo Deploying infrastructure via Terraform...
 
 cd infrastructure
 terraform init \
-  -backend-config "bucket=${TF_VAR_remote_state_bucket}" \
+  -backend-config "bucket=${REMOTE_STATE_BUCKET}" \
   -backend-config "key=${TF_VAR_name}" \
-  -backend-config "region=${TF_VAR_remote_state_region}"
-terraform get --update
-terraform plan
-terraform apply
+  -backend-config "region=${REMOTE_STATE_REGION}" \
+  -get=true \
+  -upgrade=true
+terraform plan -out main.tfplan
+terraform apply main.tfplan
 cd ..
 
 echo Finished deploying infrastructure

infrastructure/deploy-infrastructure.bash

@@ -1,29 +1,62 @@
 terraform {
   backend "s3" {
-    encrypt = "true"
+    encrypt= "true"
   }
 }
 
 provider "aws" {
   region = "${var.region}"
+  version = "~> 0.1"
 }
 
-module "build_pipeline" {
-  source = "./modules/build-pipeline"
+resource "aws_iam_role" "codebuild_role" {
+  name = "${var.name}-codebuild"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+data "template_file" "codebuild_policy" {
+  template = "${file("./codebuild-role-policy.tpl")}"
+
+  vars {
+    kms_key_arns = "${var.kms_key_arns}"
+    ssm_parameter_arns = "${var.ssm_parameter_arns}"
+  }
+}
+
+resource "aws_iam_role_policy" "codebuild_policy" {
+  name = "${var.name}-codebuild-policy"
+  role = "${aws_iam_role.codebuild_role.id}"
+  policy = "${data.template_file.codebuild_policy.rendered}"
+}
+
+module "codebuild_project" {
+  source = "github.com/jch254/terraform-modules//codebuild-project?ref=1.0.1"
 
   name = "${var.name}"
-  kms_key_arns = "${var.kms_key_arns}"
-  ssm_parameter_arns = "${var.ssm_parameter_arns}"
+  codebuild_role_arn = "${aws_iam_role.codebuild_role.arn}"
   build_docker_image = "${var.build_docker_image}"
   build_docker_tag = "${var.build_docker_tag}"
-  github_oauth_token = "${var.github_oauth_token}"
-  github_repository_owner = "${var.github_repository_owner}"
-  github_repository_name = "${var.github_repository_name}"
-  github_branch_name = "${var.github_branch_name}"
+  source_type = "${var.source_type}"
+  buildspec = "${var.buildspec}"
+  source_location = "${var.source_location}"
 }
 
 module "lambda_function" {
-  source = "./modules/lambda-function"
+  source = "github.com/jch254/terraform-modules//lambda-function?ref=1.0.1"
 
   name = "${var.name}"
   artifacts_dir = "${var.artifacts_dir}"