tech-creative-club · mh35 · Jan 2, 2024 · Jan 2, 2024 · Jan 2, 2024 · Jan 2, 2024
diff --git a/infra/aws/.vscode/settings.json b/infra/aws/.vscode/settings.json
@@ -0,0 +1,26 @@
+{
+    "yaml.customTags": [
+        "!Base64 scalar",
+        "!Cidr scalar",
+        "!And sequence",
+        "!Equals sequence",
+        "!If sequence",
+        "!Not sequence",
+        "!Or sequence",
+        "!Condition scalar",
+        "!FindInMap sequence",
+        "!GetAtt scalar",
+        "!GetAtt sequence",
+        "!GetAZs scalar",
+        "!ImportValue scalar",
+        "!Join sequence",
+        "!Select sequence",
+        "!Split sequence",
+        "!Sub scalar",
+        "!Transform mapping",
+        "!Ref scalar",
+    ],
+    "yaml.schemas": {
+        "https://raw.githubusercontent.com/awslabs/goformation/master/schema/cloudformation.schema.json": "formation.yml"
+    }
+}
diff --git a/infra/aws/README.md b/infra/aws/README.md
@@ -0,0 +1,6 @@
+# このディレクトリについて
+
+このディレクトリのテンプレート全般には`ApplicationTag`と`ApplicationId`の2つのパラメータが定義されている。これらはmyApplicationsの紐づけのためのものである。
+
+* ApplicationId - Service CatalogのアプリケーションARNを指定
+* ApplicationTag - myApplicationsの指定すべきタグ
diff --git a/infra/aws/ecr/formation.yml b/infra/aws/ecr/formation.yml
@@ -0,0 +1,29 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: Disaster posts container registry
+Parameters:
+  ApplicationTag:
+    Type: String
+    Description: Application tag
+  ApplicationId:
+    Type: String
+    Description: Application ARN
+Resources:
+  # Application relationship definition
+  AppAssoc:
+    Type: AWS::ServiceCatalogAppRegistry::ResourceAssociation
+    Properties:
+      Application: !Ref ApplicationId
+      Resource: !Ref AWS::StackId
+      ResourceType: CFN_STACK
+  Repository:
+    Type: AWS::ECR::Repository
+    Properties:
+      EmptyOnDelete: true
+      ImageTagMutability: IMMUTABLE
+      Tags:
+        - Key: Name
+          Value: !Sub "${AWS::StackName}-Repository"
+        - Key: AppManagerCFNStackKey
+          Value: !Ref AWS::StackName
+        - Key: awsApplication
+          Value: !Ref ApplicationTag
diff --git a/infra/aws/ses/formation.yml b/infra/aws/ses/formation.yml
@@ -0,0 +1,109 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: Disaster posts SES
+Parameters:
+  ApplicationTag:
+    Type: String
+    Description: Application tag
+  ApplicationId:
+    Type: String
+    Description: Application ARN
+  DomainName:
+    Type: String
+    Description: Send domain name
+  ZoneId:
+    Type: AWS::Route53::HostedZone::Id
+    Description: Route 53 zone ID
+Resources:
+  # Application relationship definition
+  AppAssoc:
+    Type: AWS::ServiceCatalogAppRegistry::ResourceAssociation
+    Properties:
+      Application: !Ref ApplicationId
+      Resource: !Ref AWS::StackId
+      ResourceType: CFN_STACK
+  # Bounce and complaint handling mechanism definition
+  Topic:
+    Type: AWS::SNS::Topic
+    Properties:
+      DisplayName: !Sub "${AWS::StackName}-Topic"
+      Tags:
+        - Key: Name
+          Value: !Sub "${AWS::StackName}-Topic"
+        - Key: AppManagerCFNStackKey
+          Value: !Ref AWS::StackName
+        - Key: awsApplication
+          Value: !Ref ApplicationTag
+  ConfigSet:
+    Type: AWS::SES::ConfigurationSet
+    Properties:
+      ReputationOptions:
+        ReputationMetricsEnabled: true
+      SendingOptions:
+        SendingEnabled: true
+  ConfigSetEventDestination:
+    Type: AWS::SES::ConfigurationSetEventDestination
+    Properties:
+      ConfigurationSetName: !Ref ConfigSet
+      EventDestination:
+        Enabled: true
+        MatchingEventTypes:
+          - bounce
+          - complaint
+        SnsDestination:
+          TopicARN: !Ref Topic
+  # SES identity definition
+  Identity:
+    Type: AWS::SES::EmailIdentity
+    Properties:
+      EmailIdentity: !Ref DomainName
+      ConfigurationSetAttributes:
+        ConfigurationSetName: !Ref ConfigSet
+      DkimAttributes:
+        SigningEnabled: true
+      DkimSigningAttributes:
+        NextSigningKeyLength: RSA_2048_BIT
+      MailFromAttributes:
+        MailFromDomain: !Sub "ses-${AWS::Region}.${DomainName}"
+  # SES DKIM and verification records
+  DkimRecords:
+    Type: AWS::Route53::RecordSetGroup
+    Properties:
+      Comment: !Sub "${AWS::StackName} DKIM records"
+      HostedZoneId: !Ref ZoneId
+      RecordSets:
+        - Name: !GetAtt Identity.DkimDNSTokenName1
+          Type: CNAME
+          TTL: "900"
+          ResourceRecords:
+            - !GetAtt Identity.DkimDNSTokenValue1
+        - Name: !GetAtt Identity.DkimDNSTokenName2
+          Type: CNAME
+          TTL: "900"
+          ResourceRecords:
+            - !GetAtt Identity.DkimDNSTokenValue2
+        - Name: !GetAtt Identity.DkimDNSTokenName3
+          Type: CNAME
+          TTL: "900"
+          ResourceRecords:
+            - !GetAtt Identity.DkimDNSTokenValue3
+  # SES SPF and MX records
+  SpfRecord:
+    Type: AWS::Route53::RecordSet
+    Properties:
+      Comment: SPF record
+      HostedZoneId: !Ref ZoneId
+      Name: !Sub "ses-${AWS::Region}.${DomainName}"
+      Type: TXT
+      TTL: "900"
+      ResourceRecords:
+        - '"v=spf1 include:amazonses.com ~all"'
+  MxRecord:
+    Type: AWS::Route53::RecordSet
+    Properties:
+      Comment: MX record
+      HostedZoneId: !Ref ZoneId
+      Name: !Sub "ses-${AWS::Region}.${DomainName}"
+      Type: MX
+      TTL: "900"
+      ResourceRecords:
+        - !Sub "10 feedback-smtp.${AWS::Region}.amazonses.com"
diff --git a/infra/aws/table/formation.yml b/infra/aws/table/formation.yml
@@ -0,0 +1,63 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: Disaster posts DynamoDB global table
+Parameters:
+  ApplicationTag:
+    Type: String
+    Description: Application tag
+  ApplicationId:
+    Type: String
+    Description: Application ARN
+  SubRegion:
+    Type: String
+    Description: Sub region
+    Default: ap-northeast-3
+  SubRegionApplicationTag:
+    Type: String
+    Description: Sub region Application tag
+Resources:
+  # Application relationship definition
+  AppAssoc:
+    Type: AWS::ServiceCatalogAppRegistry::ResourceAssociation
+    Properties:
+      Application: !Ref ApplicationId
+      Resource: !Ref AWS::StackId
+      ResourceType: CFN_STACK
+  # DynamoDB table definition
+  # TODO: テーブルスキーマの決定
+  Table:
+    Type: AWS::DynamoDB::GlobalTable
+    Properties:
+      AttributeDefinitions:
+        - AttributeName: id
+          AttributeType: S
+        - AttributeName: timestamp
+          AttributeType: 'N'
+      BillingMode: PAY_PER_REQUEST
+      KeySchema:
+        - AttributeName: id
+          KeyType: HASH
+        - AttributeName: timestamp
+          KeyType: RANGE
+      Replicas:
+        - Region: !Ref AWS::Region
+          PointInTimeRecoverySpecification:
+            PointInTimeRecoveryEnabled: true
+          Tags:
+            - Key: Name
+              Value: !Sub "${AWS::StackName}-Table-Replica-${AWS::Region}"
+            - Key: AppManagerCFNStackKey
+              Value: !Ref AWS::StackName
+            - Key: awsApplication
+              Value: !Ref ApplicationTag
+        - Region: !Ref SubRegion
+          PointInTimeRecoverySpecification:
+            PointInTimeRecoveryEnabled: true
+          Tags:
+            - Key: Name
+              Value: !Sub "${AWS::StackName}-Table-Replica-${SubRegion}"
+            - Key: AppManagerCFNStackKey
+              Value: !Ref AWS::StackName
+            - Key: awsApplication
+              Value: !Ref ApplicationTag
+      StreamSpecification:
+        StreamViewType: NEW_AND_OLD_IMAGES