Skip to content

Commit

Permalink
Create graphql data source (#28)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jarrod-lowe
jarrod-lowe authored Aug 15, 2024
1 parent f74e4db commit 59591ad
Show file tree
Hide file tree
Showing 5 changed files with 75 additions and 5 deletions.
2 changes: 1 addition & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,4 @@ override.tf.json
terraform.rc
.validate
.apply
.plan
plan.tfplan
13 changes: 9 additions & 4 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,17 +35,22 @@ terraform/environment/aws-dev/.apply: terraform/environment/aws-dev/*.tf terrafo
./terraform/environment/aws-dev/deploy.sh $(ACCOUNT_ID) dev
touch $@

terraform/environment/wildsea-dev/.plan: terraform/environment/wildsea-dev/*.tf terraform/module/wildsea/*.tf terraform/environment/wildsea-dev/.terraform
terraform/environment/wildsea-dev/plan.tfplan: terraform/environment/wildsea-dev/*.tf terraform/module/wildsea/*.tf terraform/environment/wildsea-dev/.terraform
cd terraform/environment/wildsea-dev ; ../../../scripts/run-as.sh $(RO_ROLE) \
terraform plan -out=./plan
terraform plan -out=./plan.tfplan

terraform/environment/wildsea-dev/.apply: terraform/environment/wildsea-dev/.plan
terraform/environment/wildsea-dev/.apply: terraform/environment/wildsea-dev/plan.tfplan
cd terraform/environment/wildsea-dev ; ../../../scripts/run-as.sh $(RW_ROLE) \
terraform apply ./plan
terraform apply ./plan.tfplan
touch $@

terraform/environment/wildsea-dev/.terraform: terraform/environment/wildsea-dev/*.tf terraform/module/wildsea/*.tf
cd terraform/environment/wildsea-dev ; terraform init \
-backend-config=bucket=terraform-state-$(ACCOUNT_ID) \
-backend-config=key=dev/terraform.tfstate \
-backend-config=region=$(AWS_REGION)

.PHONY: clean
clean:
rm -f terraform/environment/*/.validate
rm -f terraform/environment/*/plan.tfplan
Binary file modified terraform/environment/wildsea-dev/plan
View file
Binary file not shown.
6 changes: 6 additions & 0 deletions terraform/module/iac-roles/policy.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ data "aws_iam_policy_document" "ro" {
statement {
actions = [
"appsync:GetSchemaCreationStatus",
"appsync:GetDataSource",
]
resources = [
"arn:${data.aws_partition.current.id}:appsync:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:*"
Expand Down Expand Up @@ -233,6 +234,8 @@ data "aws_iam_policy_document" "rw" {
statement {
actions = [
"appsync:StartSchemaCreation",
"appsync:CreateDataSource",
"appsync:DeleteDataSource",
]
resources = [
"arn:${data.aws_partition.current.id}:appsync:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:*"
Expand Down Expand Up @@ -457,6 +460,9 @@ data "aws_iam_policy_document" "rw_boundary" {
actions = [
"appsync:StartSchemaCreation",
"appsync:GetSchemaCreationStatus",
"appsync:CreateDataSource",
"appsync:DeleteDataSource",
"appsync:GetDataSource",
]
resources = [
"arn:${data.aws_partition.current.id}:appsync:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:*"
Expand Down
59 changes: 59 additions & 0 deletions terraform/module/wildsea/graphql.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,3 +167,62 @@ resource "aws_wafv2_web_acl" "graphql" {
Name = var.prefix
}
}

resource "aws_appsync_datasource" "graphql" {
api_id = aws_appsync_graphql_api.graphql.id
name = replace(var.prefix, "-", "_")
type = "AMAZON_DYNAMODB"
service_role_arn = aws_iam_role.graphql_datasource.arn
description = "DynamoDB Resolver"

dynamodb_config {
table_name = aws_dynamodb_table.table.name
region = data.aws_region.current.name
}
}

resource "aws_iam_role" "graphql_datasource" {
name = "${var.prefix}-graphql-datasource"
assume_role_policy = data.aws_iam_policy_document.graphql_datasource_assume.json

tags = {
Name = var.prefix
}
}

data "aws_iam_policy_document" "graphql_datasource_assume" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["appsync.${data.aws_partition.current.dns_suffix}"]
}
}
}

resource "aws_iam_policy" "graphql_datasource" {
name = "${var.prefix}-graphql-datasource"
policy = data.aws_iam_policy_document.graphql_datasource.json

tags = {
Name = var.prefix
}
}

data "aws_iam_policy_document" "graphql_datasource" {
statement {
actions = [
"dynamodb:BatchGetItem",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:UpdateutItem",
"dynamodb:Query",
]
resources = [aws_dynamodb_table.table.arn]
}
}

resource "aws_iam_role_policy_attachment" "graphql_datasource" {
role = aws_iam_role.graphql_datasource.name
policy_arn = aws_iam_policy.graphql_datasource.arn
}

0 comments on commit 59591ad

Please sign in to comment.