Skip to content

Latest commit

 

History

History

infra

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
modules
modules
 
 
README.md
README.md
 
 
athena_iam.tf
athena_iam.tf
 
 
backend.tf
backend.tf
 
 
logging.tf
logging.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
providers.tf
providers.tf
 
 
variables.tf
variables.tf
 
 

README.md

Symptomradar (Oiretutka) infrastructure

Getting started

Follow these instructions to set up your environment so that you can contribute to the development of the project.

  1. Install Terraform. On macOS, the simplest way is probably brew install terraform.
  2. Obtain secrets for your .envrc file (ask around in the team).
  3. Move to the infra/ dir and run terraform init to set up Terraform.
  4. You're done!
  5. To check, you can run terraform plan. It should refresh a bunch of resources, and eventually tell you that "No changes. Infrastructure is up-to-date." If you DO see proposed changes at this point, someone might be working on the infra right now. Ask around in your team!

Initial setup

IMPORTANT: These are probably not the instructions you're looking for.

To get started working on our infrastructure, follow the above instructions.

These instructions, by contrast, are for the initial setup of Symptomradar when no infrastructure previously exists.

  1. Comment out backend "s3"
  2. terraform init
  3. terraform apply -target aws_s3_bucket.terraform_state -target aws_dynamodb_table.terraform_state_lock
  4. Uncomment backend "s3"
  5. terraform init
  6. terraform apply -target module.env_dev.aws_s3_bucket.backend_code -target aws_route53_zone.oiretutka_fi
  7. ./scripts/deploy-backend dev-tmp (fails with an error about function missing; this is fine for now)
  8. terraform apply
  9. ./scripts/deploy-frontend dev-tmp

Manual steps required:

  1. For reasons unknown, the Athena result bucket needs to be set manually, even if it's defined in the Terraform config. For the dev env for instance, it'd be s3://symptomradar-dev-storage-results/.
  2. The setup also has CloudFront additional metrics enabled. Currently, this cannot be done through CLI or Terraform.
  3. It also creates an IAM user for deploying Lambdas and uploading to S3. However, access keys needs to be created using AWS Console.
  4. Some secrets are managed outside of Terraform, so they don't end up as plain-text in the state file. Set up the global secret pepper used for hashing participant_id before persistence:
    1. read SECRET && aws ssm put-parameter --type "SecureString" --name "/symptomradar/dev/secret-pepper" --value "$SECRET"
    2. read SECRET && aws ssm put-parameter --type "SecureString" --name "/symptomradar/prod/secret-pepper" --value "$SECRET"