mirror of
https://github.com/Hestia-Homes/Model.git
synced 2026-06-08 11:17:27 +00:00
153 lines
No EOL
5 KiB
HCL
153 lines
No EOL
5 KiB
HCL
############################################
|
|
# Load Terraform State
|
|
############################################
|
|
data "terraform_remote_state" "shared" {
|
|
backend = "s3"
|
|
config = {
|
|
bucket = "assessment-model-terraform-state"
|
|
key = "env:/${var.stage}/terraform.tfstate"
|
|
region = "eu-west-2"
|
|
}
|
|
}
|
|
|
|
data "terraform_remote_state" "engine" {
|
|
backend = "s3"
|
|
config = {
|
|
bucket = "ara-engine-terraform-state",
|
|
key = "env:/${var.stage}/terraform.tfstate"
|
|
region = "eu-west-2"
|
|
}
|
|
}
|
|
|
|
data "terraform_remote_state" "categorisation" {
|
|
backend = "s3"
|
|
config = {
|
|
bucket = "categorisation-terraform-state",
|
|
key = "env:/${var.stage}/terraform.tfstate"
|
|
region = "eu-west-2"
|
|
}
|
|
}
|
|
|
|
############################################
|
|
# Load Credentials
|
|
############################################
|
|
data "aws_secretsmanager_secret_version" "db_credentials" {
|
|
secret_id = "${var.stage}/assessment_model/db_credentials"
|
|
}
|
|
|
|
locals {
|
|
db_credentials = jsondecode(data.aws_secretsmanager_secret_version.db_credentials.secret_string)
|
|
}
|
|
|
|
# data "aws_ssm_parameter" "certificate_arn" {
|
|
# name = "/ssl_certificate_arn"
|
|
# }
|
|
|
|
# data "aws_route53_zone" "this" {
|
|
# name = var.domain_name
|
|
# }
|
|
|
|
############################################
|
|
# Install Python requirements
|
|
############################################
|
|
resource "null_resource" "pip_install" {
|
|
triggers = {
|
|
requirements_hash = filemd5("${path.root}/../../../../backend/app/requirements/requirements.txt")
|
|
}
|
|
|
|
provisioner "local-exec" {
|
|
command = <<EOT
|
|
pip install \
|
|
-r ${path.root}/../../../../backend/app/requirements/requirements.txt \
|
|
-t ${path.root}/../../../../backend/app/packages \
|
|
--platform manylinux2014_x86_64 \
|
|
--implementation cp \
|
|
--python-version 3.11 \
|
|
--only-binary=:all: \
|
|
EOT
|
|
}
|
|
}
|
|
|
|
############################################
|
|
# FastAPI Lambda + API Gateway
|
|
############################################
|
|
module "fastapi" {
|
|
depends_on = [null_resource.pip_install]
|
|
source = "../../modules/lambda_with_api_gateway"
|
|
|
|
name = "fastapi"
|
|
stage = var.stage
|
|
source_dir = "${path.root}/../../../../backend"
|
|
handler = "app.main.handler"
|
|
runtime = "python3.11"
|
|
timeout = 600
|
|
memory_size = 512
|
|
|
|
# domain_name = "api.${var.domain_name}"
|
|
# certificate_arn = data.aws_ssm_parameter.certificate_arn.value
|
|
# route53_zone_id = data.aws_route53_zone.this.zone_id
|
|
|
|
environment = {
|
|
ENVIRONMENT = var.stage
|
|
API_KEY = var.api_key
|
|
SECRET_KEY = var.secret_key
|
|
# DOMAIN_NAME = var.domain_name
|
|
EPC_AUTH_TOKEN = var.epc_auth_token
|
|
GOOGLE_SOLAR_API_KEY = var.google_solar_api_key
|
|
|
|
DB_HOST = var.db_host
|
|
DB_NAME = var.db_name
|
|
DB_PORT = var.db_port
|
|
DB_USERNAME = local.db_credentials.db_assessment_model_username
|
|
DB_PASSWORD = local.db_credentials.db_assessment_model_password
|
|
|
|
PLAN_TRIGGER_BUCKET = data.terraform_remote_state.shared.outputs.retrofit_plan_trigger_bucket_name
|
|
DATA_BUCKET = data.terraform_remote_state.shared.outputs.retrofit_sap_data_bucket_name
|
|
SAP_PREDICTIONS_BUCKET = data.terraform_remote_state.shared.outputs.retrofit_sap_predictions_bucket_name
|
|
CARBON_PREDICTIONS_BUCKET = data.terraform_remote_state.shared.outputs.retrofit_carbon_predictions_bucket_name
|
|
HEAT_PREDICTIONS_BUCKET = data.terraform_remote_state.shared.outputs.retrofit_heat_predictions_bucket_name
|
|
HEATING_KWH_PREDICTIONS_BUCKET = data.terraform_remote_state.shared.outputs.retrofit_heating_kwh_predictions_bucket_name
|
|
HOTWATER_KWH_PREDICTIONS_BUCKET = data.terraform_remote_state.shared.outputs.retrofit_hotwater_kwh_predictions_bucket_name
|
|
ENERGY_ASSESSMENTS_BUCKET = data.terraform_remote_state.shared.outputs.retrofit_energy_assessments_bucket_name
|
|
|
|
ENGINE_SQS_URL = data.terraform_remote_state.engine.outputs.ara_engine_queue_url
|
|
CATEGORISATION_SQS_URL = data.terraform_remote_state.categorisation.outputs.categorisation_queue_url
|
|
}
|
|
}
|
|
|
|
############################################
|
|
# IAM policy attachments
|
|
############################################
|
|
resource "aws_iam_role_policy_attachment" "fast_api_s3_read" {
|
|
role = module.fastapi.role_name
|
|
policy_arn = data.terraform_remote_state.shared.outputs.fast_api_s3_read_and_write_arn
|
|
}
|
|
|
|
module "fastapi_sqs_policy" {
|
|
source = "../../modules/general_iam_policy"
|
|
|
|
policy_name = "fastapi-sqs-send-${var.stage}"
|
|
policy_description = "Allow FastAPI to send messages to engine & categorisation queues"
|
|
|
|
actions = [
|
|
"sqs:SendMessage"
|
|
]
|
|
|
|
resources = [
|
|
data.terraform_remote_state.engine.outputs.ara_engine_queue_arn,
|
|
data.terraform_remote_state.categorisation.outputs.categorisation_queue_arn
|
|
]
|
|
|
|
conditions = null
|
|
|
|
tags = {
|
|
Service = "fastapi"
|
|
Stage = var.stage
|
|
}
|
|
}
|
|
|
|
|
|
resource "aws_iam_role_policy_attachment" "fastapi_sqs_read_and_write" {
|
|
role = module.fastapi.role_name
|
|
policy_arn = data.terraform_remote_state.shared.outputs.fast_api_s3_read_and_write_arn
|
|
} |