diff --git a/docs/nix_services_setup.md b/docs/nix_services_setup.md --- a/docs/nix_services_setup.md +++ b/docs/nix_services_setup.md @@ -6,17 +6,11 @@ ## LocalStack -We use LocalStack to emulate AWS services, allowing us to develop and test our services locally. To start LocalStack, run: +We use LocalStack to emulate AWS services, allowing us to develop and test our services locally. To start LocalStack, run the following commands: ``` -comm-dev services start -``` - -Make sure your LocalStack resources are up to date: - -``` -cd services/terraform/dev -./run.sh +cd services +./docker_localstack_up.sh ``` ## Configuring the AWS CLI diff --git a/services/scripts/docker_localstack_up.sh b/services/scripts/docker_localstack_up.sh new file mode 100755 --- /dev/null +++ b/services/scripts/docker_localstack_up.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +set -e + +# Start services +comm-dev services start + +# Disable Nix-based localstack +bash ../scripts/localstack_down.sh + +# Start Docker Compose-based localstack +yarn init-local-cloud diff --git a/services/terraform/modules/shared/dynamodb.tf b/services/terraform/modules/shared/dynamodb.tf --- a/services/terraform/modules/shared/dynamodb.tf +++ b/services/terraform/modules/shared/dynamodb.tf @@ -243,9 +243,11 @@ } resource "aws_dynamodb_table" "identity-reserved-usernames" { - name = "identity-reserved-usernames" - hash_key = "username" - billing_mode = "PAY_PER_REQUEST" + name = "identity-reserved-usernames" + hash_key = "username" + billing_mode = "PAY_PER_REQUEST" + stream_enabled = true + stream_view_type = "NEW_AND_OLD_IMAGES" attribute { name = "username" diff --git a/services/terraform/modules/shared/outputs.tf b/services/terraform/modules/shared/outputs.tf --- a/services/terraform/modules/shared/outputs.tf +++ b/services/terraform/modules/shared/outputs.tf @@ -5,6 +5,7 @@ aws_dynamodb_table.reports-service-reports, aws_dynamodb_table.tunnelbroker-undelivered-messages, aws_dynamodb_table.identity-users, + aws_dynamodb_table.identity-reserved-usernames, ] } diff --git a/services/terraform/modules/shared/search_index_lambda.tf b/services/terraform/modules/shared/search_index_lambda.tf --- a/services/terraform/modules/shared/search_index_lambda.tf +++ b/services/terraform/modules/shared/search_index_lambda.tf @@ -41,6 +41,12 @@ starting_position = "LATEST" } +resource "aws_lambda_event_source_mapping" "identity_reserved_usernames_trigger" { + event_source_arn = aws_dynamodb_table.identity-reserved-usernames.stream_arn + function_name = aws_lambda_function.search_index_lambda.arn + starting_position = "LATEST" +} + resource "aws_security_group" "search_index_lambda" { name = "search_index_lambda_sg" vpc_id = var.vpc_id diff --git a/services/terraform/remote/aws_iam.tf b/services/terraform/remote/aws_iam.tf --- a/services/terraform/remote/aws_iam.tf +++ b/services/terraform/remote/aws_iam.tf @@ -217,6 +217,7 @@ aws_iam_policy.manage_cloudwatch_logs.arn, aws_iam_policy.manage_network_interface.arn, aws_iam_policy.read_identity_users_stream.arn, + aws_iam_policy.read_identity_reserved_usernames_stream.arn, ] } @@ -245,6 +246,30 @@ policy = data.aws_iam_policy_document.read_identity_users_stream.json } +data "aws_iam_policy_document" "read_identity_reserved_usernames_stream" { + statement { + effect = "Allow" + + actions = [ + "dynamodb:GetRecords", + "dynamodb:GetShardIterator", + "dynamodb:DescribeStream", + "dynamodb:ListStreams", + ] + resources = [ + module.shared.dynamodb_tables["identity-reserved-usernames"].stream_arn, + "${module.shared.dynamodb_tables["identity-reserved-usernames"].arn}/stream/*", + ] + } +} + +resource "aws_iam_policy" "read_identity_reserved_usernames_stream" { + name = "read-identity-reserved-usernames-stream" + path = "/" + description = "IAM policy for managing identity-reserved-usernames stream" + policy = data.aws_iam_policy_document.read_identity_reserved_usernames_stream.json +} + data "aws_iam_policy_document" "manage_cloudwatch_logs" { statement { effect = "Allow"