-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
156 lines (127 loc) · 3.88 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.55"
}
random = {
source = "hashicorp/random"
version = "~> 3.4.3"
}
}
}
provider "aws" {
region = var.region
}
data "aws_region" "current" {}
resource "random_id" "env_id" {
byte_length = 4
}
##################
# Logging bucket #
##################
resource "aws_s3_bucket" "logs" {
bucket = "${lower(var.project_name)}-logs-${random_id.env_id.hex}"
tags = {
Project = var.project_name
}
}
# Create IoT service role with a policy allowing to write to the bucket.
resource "aws_iam_policy" "allow_write_logs" {
name = "${var.project_name}-AllowWriteLogs-${random_id.env_id.hex}"
description = "Allow write access to the logs S3 bucket."
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"s3:PutObject",
]
Effect = "Allow"
Resource = "${aws_s3_bucket.logs.arn}/*"
},
]
})
tags = {
Project = var.project_name
}
}
resource "aws_iam_role" "iot_sensors_logger" {
name = "${var.project_name}-Logger-${random_id.env_id.hex}"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "iot.amazonaws.com"
}
},
]
})
tags = {
Project = var.project_name
}
}
resource "aws_iam_role_policy_attachment" "attach_allow_write_logs_policy_to_iot_sensors_logger" {
role = aws_iam_role.iot_sensors_logger.name
policy_arn = aws_iam_policy.allow_write_logs.arn
}
###############################################################
# Resources to record motion sensors data to a DynamoDB table #
###############################################################
module "motion_table_recording" {
source = "./modules/table-recording"
project_name = var.project_name
region = var.region
random_suffix = random_id.env_id.hex
table_basename = "Motion"
topic_rule_sql_query = <<EOF
SELECT
topic(1) as device_id,
timestamp() as timestamp,
acceleration_mG.x as payload.acceleration_mG_x,
acceleration_mG.y as payload.acceleration_mG_y,
acceleration_mG.z as payload.acceleration_mG_z,
gyro_mDPS.x as payload.gyro_mDPS_x,
gyro_mDPS.y as payload.gyro_mDPS_y,
gyro_mDPS.z as payload.gyro_mDPS_z,
magnetometer_mGauss.x as payload.magnetometer_mGauss_x,
magnetometer_mGauss.y as payload.magnetometer_mGauss_y,
magnetometer_mGauss.z as payload.magnetometer_mGauss_z
FROM '+/motion_sensor_data'
EOF
topic_rule_device_value = "$${topic(1)}"
dynamodb_item_ttl = var.dynamodb_item_ttl
logs_bucket_name = aws_s3_bucket.logs.id
iot_sensors_logger_role_arn = aws_iam_role.iot_sensors_logger.arn
dynamodb_stream_processing_lambda_batch_size = var.dynamodb_stream_processing_lambda_batch_size
firehose_buffer_size = var.firehose_buffer_size
firehose_buffer_interval = var.firehose_buffer_interval
}
###############
# API Gateway #
###############
module "api_gateway" {
source = "./modules/api-gateway"
project_name = var.project_name
region = var.region
random_suffix = random_id.env_id.hex
measurements_groups = {
motion = {
table_name = module.motion_table_recording.sensors_table_name
table_basename = "Motion"
table_arn = module.motion_table_recording.sensors_table_arn
}
}
}
#########################
# Static website bucket #
#########################
module "static_web" {
source = "./modules/static-web"
project_name = var.project_name
region = var.region
random_suffix = random_id.env_id.hex
}