Cleanout WIP cruft, and add some comments

infra/mdf/container_integrations.tf

@@ -4,32 +4,16 @@ resource "aws_apigatewayv2_integration" "auth" {
   api_id             = aws_apigatewayv2_api.http_api[each.key].id
   integration_type   = "AWS_PROXY"
   integration_uri    = "arn:aws:lambda:${local.region}:${local.account_id}:function:${local.namespace}-auth-${each.key}"
-  #integration_uri    = "arn:aws:lambda:${local.region}:${local.account_id}:function:$${stageVariables.auth_function}"
-  #integration_uri    = aws_lambda_function.mdf-connect-containerized-auth[each.key].invoke_arn
-  #integration_uri    = "aws_lambda_function.$local.namespace-auth-$each.key".invoke_arn
   integration_method = "POST"
-  #integration_payload_format_version = "2.0"
-  #integration_timeout_ms = 5000
-  #route_key          = "POST /auth"
 }
 
 
 resource "aws_apigatewayv2_integration" "submit_dataset" {
   for_each = local.environments
   api_id             = aws_apigatewayv2_api.http_api[each.key].id
   integration_type   = "AWS_PROXY"
-  #integration_uri    = "arn:aws:lambda:${local.region}:${local.account_id}:function:${local.namespace}-submit-$${stageVariables.name}"
   integration_uri    = "arn:aws:lambda:${local.region}:${local.account_id}:function:${local.namespace}-submit-${each.key}"
-  #integration_uri    = "aws_lambda_function.${local.namespace}-submit-${each.key}".arn
-  #integration_uri    = "arn:aws:lambda:us-east-1:557062710055:function:MDF-Connect-submit-prod"
-  #integration_uri    = "arn:aws:apigateway:${local.region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${local.region}:${local.account_id}:function:$${stageVariables.submit_function}/invocations"
-  #integration_uri    = "arn:aws:lambda:${local.region}:${local.account_id}:function:$${stageVariables.submit_function}"
-  #integration_uri    = aws_lambda_function.mdf-connect-containerized-submit[each.key].invoke_arn
-  #integration_uri    = "aws_lambda_function.${local.namespace}-submit-${each.key}".invoke_arn
   integration_method = "POST"
-  #integration_payload_format_version = "2.0"
-  #integration_timeout_ms = 5000
-  #route_key          = "POST /submit-dataset"
 }
 
 resource "aws_apigatewayv2_integration" "submission_status" {
@@ -38,11 +22,5 @@ resource "aws_apigatewayv2_integration" "submission_status" {
   #api_id             = aws_apigatewayv2_api.http_api.id
   integration_type   = "AWS_PROXY"
   integration_uri    = "arn:aws:lambda:${local.region}:${local.account_id}:function:${local.namespace}-status-${each.key}"
-  #integration_uri    = "arn:aws:lambda:${local.region}:${local.account_id}:function:$${stageVariables.status_function}"
-  #integration_uri    = aws_lambda_function.mdf-connect-containerized-status[each.key].invoke_arn
-  #integration_uri    = "aws_lambda_function.${local.namespace}-status-${each.key}".invoke_arn
   integration_method = "GET"
-  #integration_payload_format_version = "2.0"
-  #integration_timeout_ms = 5000
-  #route_key          = "POST /submission-status"
 }

infra/mdf/container_lambdas.tf

@@ -12,7 +12,6 @@ resource "aws_ecr_repository" "mdf-connect-lambda-repo" {
 resource "aws_lambda_function" "mdf-connect-containerized-status" {
   for_each = local.environments
   function_name = "${local.namespace}-status-${each.key}"
-  #handler = "lambda_function.lambda_handler"
   description   = "lambda function from terraform"
   image_uri     = "${aws_ecr_repository.mdf-connect-lambda-repo["status"].repository_url}:${each.key}"
   package_type  = "Image"
@@ -27,10 +26,7 @@ resource "aws_lambda_function" "mdf-connect-containerized-status" {
 resource "aws_lambda_function" "mdf-connect-containerized-auth" {
   for_each = local.environments
   function_name = "${local.namespace}-auth-${each.key}"
-  #handler = "lambda_function.lambda_handler"
   description   = "lambda function from terraform"
-  #image_uri     = "${aws_ecr_repository.mdf-connect-lambda-repo.repository_url}/auth:latest"
-  #image_uri     = "${aws_ecr_repository.mdf-connect-lambda-repo.repository_url}/auth-${local.namespace}:latest"
   image_uri     = "${aws_ecr_repository.mdf-connect-lambda-repo["auth"].repository_url}:${each.key}"
   package_type  = "Image"
   architectures = ["x86_64"]
@@ -41,9 +37,7 @@ resource "aws_lambda_function" "mdf-connect-containerized-auth" {
 resource "aws_lambda_function" "mdf-connect-containerized-submit" {
   for_each = local.environments
   function_name = "${local.namespace}-submit-${each.key}"
-  #handler = "lambda_function.lambda_handler"
   description   = "lambda function from terraform"
-  #image_uri     = "${aws_ecr_repository.mdf-connect-lambda-repo.repository_url}/submit:latest"
   image_uri     = "${aws_ecr_repository.mdf-connect-lambda-repo["submit"].repository_url}:${each.key}"
   package_type  = "Image"
   architectures = ["x86_64"]

infra/mdf/credentials.tf

@@ -1,7 +1,4 @@
 provider "aws" {
-#  shared_config_files      = ["/Users/blau/.aws/config"]
-#  shared_credentials_files = ["/Users/blau/.aws/credentials"]
-#  profile                  = "Accelerate"
    assume_role {
       role_arn = "arn:aws:iam::557062710055:role/MDFConnectAdminRole"
    }

infra/mdf/githuboidc.tf

@@ -15,7 +15,9 @@ data "aws_iam_policy_document" "github_allow" {
    actions = ["sts:AssumeRoleWithWebIdentity"]
    principals {
      type        = "Federated"
+     #If you uncommented the MDFgithub resource above, you'll need this identifier:
      #identifiers = [aws_iam_openid_connect_provider.MDFgithub.arn]
+     #This identifier is hardcoded to preexisting one in the Accelerate account:
      identifiers = ["arn:aws:iam::557062710055:oidc-provider/token.actions.githubusercontent.com"]
    }
    condition {

infra/mdf/http_api_resources.tf

@@ -2,9 +2,7 @@ resource "aws_apigatewayv2_authorizer" "globus-auth" {
   for_each = local.environments
   api_id                            = aws_apigatewayv2_api.http_api[each.key].id
   authorizer_type                   = "REQUEST"
-  #authorizer_uri = "arn:aws:lambda:${local.region}:${local.account_id}:function:MDF-Connect-auth-prod/invocations"
   authorizer_uri                    = aws_lambda_function.mdf-connect-containerized-auth[each.key].invoke_arn
-  #authorizer_uri                    = aws_lambda_function..invoke_arn
   identity_sources                  = ["$request.header.Authorization"]
   name                              = "globus-auth-authorizer-${each.key}"
   authorizer_payload_format_version = "2.0"
@@ -15,11 +13,8 @@ resource "aws_apigatewayv2_route" "submit" {
   api_id    = aws_apigatewayv2_api.http_api[each.key].id
   route_key = "POST /submit"
   authorizer_id = aws_apigatewayv2_authorizer.globus-auth[each.key].id
-  #authorizer_id = aws_apigatewayv2_authorizer.globus-auth[${stageVariables.name}].id
   authorization_type = "CUSTOM"
-  #target = "integrations/${aws_apigatewayv2_integration.submit_dataset[each.key].id}"
   target = "integrations/${aws_apigatewayv2_integration.submit_dataset[each.key].id}"
-#aws_lambda_function.mdf-connect-containerized-auth["${each.key}"].function_name
 }
 
 resource "aws_apigatewayv2_route" "submission_status" {
@@ -32,10 +27,3 @@ resource "aws_apigatewayv2_route" "submission_status" {
   target = "integrations/${aws_apigatewayv2_integration.submission_status[each.key].id}"
 }
 
-#resource "aws_apigatewayv2_route" "submit" {
-#  for_each = local.environments
-#  api_id    = aws_apigatewayv2_api.http_api[each.key].id
-#  route_key = "POST /submit"
-#
-#  target = "integrations/${aws_apigatewayv2_integration.submit_dataset[each.key].id}"
-#}

infra/mdf/http_gateway.tf

@@ -13,18 +13,3 @@ resource "aws_cloudwatch_log_group" "main_api_gw" {
 
   retention_in_days = 14
 }
-# Define routes for the API Gateway v2 HTTP API
-#resource "aws_apigatewayv2_route" "auth_lambda_route" {
-#  api_id    = aws_apigatewayv2_api.http_api.id
-#  route_key = "GET /auth"
-#  #target = "lambda:${aws_lambda_function.auth["test"].function_name}"
-#  target = "integrations/${aws_apigatewayv2_integration.auth_testing.id}"
-#}
-
-#resource "aws_apigatewayv2_route" "submit_dataset_lambda_route" {
-#  api_id    = aws_apigatewayv2_api.http_api.id
-#  route_key = "POST /submit-dataset"
-#
-#  #target = "lambda:${aws_lambda_function.submit_dataset["test"].function_name}"
-#  target = "integrations/${aws_apigatewayv2_integration.submit_dataset_testing.id}"
-#}

infra/mdf/lambda_environment_vars.tf

@@ -1,3 +1,5 @@
+#These are the env vars provided to the prod lambda functions
+#Edit them here for your deployment
 variable "prod_env_vars" {
   type = map
   default = {
@@ -15,6 +17,8 @@ variable "prod_env_vars" {
         FLOW_SCOPE= "https://auth.globus.org/scopes/0c7ee169-cefc-4a23-81e1-dc323307c863/flow_0c7ee169_cefc_4a23_81e1_dc323307c863_user"
         }
 }
+#These are the env vars provided to the testlambda functions
+#Edit them here for your deployment
 variable "test_env_vars" {
   type = map
   default = {

infra/mdf/lambda_permissions.tf

@@ -12,18 +12,8 @@ resource "aws_lambda_permission" "lambda_submit_permission" {
   statement_id  = "AllowAPIGatewayInvoke"
   action        = "lambda:InvokeFunction"
   function_name = aws_lambda_function.mdf-connect-containerized-submit["${each.key}"].function_name
-  #function_name = "${aws_lambda_alias.submit_alias["${each.key}"].function_name}"
   principal     = "apigateway.amazonaws.com"
-  #source_arn    = "${aws_apigatewayv2_api.http_api[each.key].execution_arn}/${each.key}/submit"
-   #This is the source_arn that the console suggests to add to the permission:
-  #source_arn    = "arn:aws:execute-api:us-east-1:557062710055:6oqmi1rtp2/*/*/submit"
-  #source_arn    = "${aws_apigatewayv2_api.http_api[each.key].execution_arn}/${each.key}/*/submit"
   source_arn    = "arn:aws:execute-api:us-east-1:557062710055:6oqmi1rtp2/*/*"
-  #source_arn    = "${aws_apigatewayv2_api.http_api[each.key].execution_arn}/*/submit"
-  #qualifier = "submit-alias-${each.key}"
-  #qualifier = "${aws_lambda_alias.submit_alias["${each.key}"].function_version}"
-
-  #qualifier     = aws_lambda_function.mdf-connect-containerized-submit["${each.key}"].function_name.lambda_function_version
 
 }