diff --git a/aws-aurora-postgres/README.md b/aws-aurora-postgres/README.md index cb497f44..bf25743c 100644 --- a/aws-aurora-postgres/README.md +++ b/aws-aurora-postgres/README.md @@ -41,7 +41,7 @@ module "db" { | database\_subnet\_group | The name of an existing database subnet group to use. | string | n/a | yes | | database\_username | Default user to be created. | string | n/a | yes | | db\_parameters | Instance params you can set. [Doc](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Reference.html#AuroraPostgreSQL.Reference.Parameters.Instance) | list | `` | no | -| engine\_version | The version of Postgres to use. | string | `"9.6"` | no | +| engine\_version | The version of Postgres to use. | string | `"10"` | no | | env | Env for tagging and naming. See [doc](../README.md#consistent-tagging). | string | n/a | yes | | iam\_database\_authentication\_enabled | | string | `"false"` | no | | ingress\_cidr\_blocks | A list of CIDR blocks that should be allowed to communicate with this Aurora cluster. | list | n/a | yes | diff --git a/github-webhooks-to-s3/README.md b/github-webhooks-to-s3/README.md index 685aeadf..3639f2e1 100644 --- a/github-webhooks-to-s3/README.md +++ b/github-webhooks-to-s3/README.md @@ -1,6 +1,30 @@ - -Accept GitHub webhooks to S3. Keeps track of events such as pushing code to a repository. +# GitHub Webhooks to S3 + +This module will configure an aggregator for GitHub webhooks. It sets up an API Gateway with a Lambda that will authenticate incomming webhooks from GitHub and then use Firehose to store these events into S3. This module will configure the necessary IAM Roles, S3 bucket, API Gateway, and Firehose resources. + +## Usage +- Create a Webhook you would like to capture in GitHub and point it at your `var.fqdn`. +- API Gateway relies on ACM Certificates in us-east-1 +- This module reads secrets from the AWS ParamStore using [chamber](https://github.com/segmentio/chamber).You can write the GitHub validation secret `AWS_PROFILE= chamber write -- github_secret ` + +```hcl +module "archiver" { + // Replace with latest cztack stable release https://github.com/chanzuckerberg/cztack/releases + source = "github.com/chanzuckerberg/cztack//github-webhooks-to-s3?ref=master" + + env = "${var.env}" + project = "${var.project}" + owner = "${var.owner}" + service = "${var.component}" + fqdn = "github.foo.bar.com" + certificate_arn = "..." // This MUST be in us-east-1 region + route53_zone_id = "..." // Route53 zone to write records to +} + +``` + + ## Inputs | Name | Description | Type | Default | Required | @@ -14,11 +38,7 @@ Accept GitHub webhooks to S3. Keeps track of events such as pushing code to a re | owner | Owner for tagging and naming. | string | n/a | yes | | project | Project for tagging and naming. | string | n/a | yes | | route53\_zone\_id | The route53 zone id for fqdn's domain | string | n/a | yes | +| s3\_prefix | Firehose will add this prefix to files it writes to the s3 bucket | string | `""` | no | | service | Service for tagging and naming. | string | n/a | yes | -## Outputs - -| Name | Description | -|------|-------------| - diff --git a/github-webhooks-to-s3/firehose.tf b/github-webhooks-to-s3/firehose.tf index bd471541..16d5a75f 100644 --- a/github-webhooks-to-s3/firehose.tf +++ b/github-webhooks-to-s3/firehose.tf @@ -78,7 +78,7 @@ resource "aws_kinesis_firehose_delivery_stream" "firehose" { s3_configuration { role_arn = "${aws_iam_role.firehose.arn}" bucket_arn = "${module.bucket.arn}" - prefix = "" + prefix = "${var.s3_prefix}" compression_format = "GZIP" cloudwatch_logging_options { diff --git a/github-webhooks-to-s3/variables.tf b/github-webhooks-to-s3/variables.tf index 806b98a4..96219daf 100644 --- a/github-webhooks-to-s3/variables.tf +++ b/github-webhooks-to-s3/variables.tf @@ -49,3 +49,9 @@ variable "iam_path" { type = "string" default = "/" } + +variable "s3_prefix" { + type = "string" + default = "" + description = "Firehose will add this prefix to files it writes to the s3 bucket" +}