-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added initial structure for deploying sign and verify service #19
Conversation
The sign and verify service will be deployed on AWS Fargate along with a proxy that will validate an HMAC signature for POST requests. This adds the resources for: - defining a secrets manager secret containing the unlocked DID document - creating a Fargate cluster - defining the task for the fargate cluster - defining a service using the fargate task - generating the role policy to allow access to the secrets manager secret Still to do: - finish the container definitions for the task definition - register the service with DNS - (optional) create and configure a load balancer and ACM certificate
d91ce5f
to
8753203
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally looks good
366af5a
to
931103e
Compare
unlocked_did_secret_value = secretsmanager.SecretVersion( | ||
f'sign-and-verify-unlocked-did-value-{env_suffix}', | ||
secret_id=unlocked_did_secret.id, | ||
secret_string=sign_and_verify_config.require_secret('unlocked_did'), # Base64 encoded JSON object of unlocked DID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be unlocked_did_secret
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, this is referring to the config entry defined here https://github.com/mitodl/ol-infrastructure/pull/19/files#diff-e32743a26673c7e2751688227fe2791404d7dad3865c754decb76be296c97af5R9
791015e
to
0934b11
Compare
👍 |
Adding concrete deployment for Concourse servers
The sign and verify service will be deployed on AWS Fargate along with a proxy that will validate an HMAC signature for
POST requests. This adds the resources for: