Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added initial structure for deploying sign and verify service #19

Merged
merged 6 commits into from
Oct 22, 2020
Merged

Added initial structure for deploying sign and verify service #19

merged 6 commits into from
Oct 22, 2020

Conversation

blarghmatey
Copy link
Member

@blarghmatey blarghmatey commented Oct 19, 2020
edited

The sign and verify service will be deployed on AWS Fargate along with a proxy that will validate an HMAC signature for
POST requests. This adds the resources for:

  • defining a secrets manager secret containing the unlocked DID document
  • creating a Fargate cluster
  • defining the task for the fargate cluster
  • defining a service using the fargate task
  • generating the role policy to allow access to the secrets manager secret
  • creates and configures a load balancer and ACM certificate
  • registers the service with DNS

@blarghmatey
Added initial structure for deploying sign and verify service
e0c2e7c 
The sign and verify service will be deployed on AWS Fargate along with a proxy that will validate an HMAC signature for
POST requests. This adds the resources for:
- defining a secrets manager secret containing the unlocked DID document
- creating a Fargate cluster
- defining the task for the fargate cluster
- defining a service using the fargate task
- generating the role policy to allow access to the secrets manager secret

Still to do:
- finish the container definitions for the task definition
- register the service with DNS
- (optional) create and configure a load balancer and ACM certificate
@blarghmatey blarghmatey marked this pull request as draft October 19, 2020 21:23
@blarghmatey blarghmatey self-assigned this Oct 19, 2020
@blarghmatey blarghmatey marked this pull request as ready for review October 21, 2020 20:02
rhysyngsun
rhysyngsun reviewed Oct 22, 2020
View reviewed changes
Copy link
Contributor

@rhysyngsun rhysyngsun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally looks good

src/ol_infrastructure/applications/sign_and_verify/__main__.py Outdated Show resolved Hide resolved
@rhysyngsun rhysyngsun mentioned this pull request Oct 22, 2020
Closed
6 tasks
shaidar
shaidar reviewed Oct 22, 2020
View reviewed changes
src/ol_infrastructure/applications/sign_and_verify/__main__.py
unlocked_did_secret_value = secretsmanager.SecretVersion(
f'sign-and-verify-unlocked-did-value-{env_suffix}',
secret_id=unlocked_did_secret.id,
secret_string=sign_and_verify_config.require_secret('unlocked_did'), # Base64 encoded JSON object of unlocked DID
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be unlocked_did_secret?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, this is referring to the config entry defined here https://github.com/mitodl/ol-infrastructure/pull/19/files#diff-e32743a26673c7e2751688227fe2791404d7dad3865c754decb76be296c97af5R9

@shaidar
Copy link
Contributor

shaidar commented Oct 22, 2020

👍

@blarghmatey blarghmatey merged commit b6bc1b3 into main Oct 22, 2020
@blarghmatey blarghmatey deleted the digitalcreds branch October 22, 2020 19:21
blarghmatey added a commit that referenced this pull request Apr 26, 2021
@blarghmatey
Merge pull request #19 from mitodl/concourse_deploy
870360b 
Adding concrete deployment for Concourse servers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rhysyngsun rhysyngsun rhysyngsun left review comments

@shaidar shaidar shaidar left review comments

Assignees

@blarghmatey blarghmatey

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@blarghmatey @shaidar @rhysyngsun