Merge pull request #106 from silinternational/develop

Release 2.3.9 Add tags to serverless-managed resources

serverless.yml

@@ -35,6 +35,8 @@ custom:
   apiKeyTable: ${self:custom.namespace}_api-key
   totpTable: ${self:custom.namespace}_totp
   u2fTable: ${self:custom.namespace}_u2f
+  dev_env: staging
+  prod_env: production
 
 functions:
   apiKeyActivate:
@@ -47,6 +49,11 @@ functions:
           path: api-key/activate
           method: post
           private: true
+    tags:
+      itse_app_name: ${self:service}
+      itse_app_env: ${self:custom.${sls:stage}_env}
+      itse_app_customer: "shared"
+      managed_by: "serverless"
   apiKeyCreate:
     handler: handlers/api-key.create
     name: ${self:custom.namespace}_apiKeyCreate
@@ -57,6 +64,11 @@ functions:
           path: api-key
           method: post
           private: true
+    tags:
+      itse_app_name: ${self:service}
+      itse_app_env: ${self:custom.${sls:stage}_env}
+      itse_app_customer: "shared"
+      managed_by: "serverless"
   totpCreate:
     handler: handlers/totp.create
     name: ${self:custom.namespace}_totpCreate
@@ -67,6 +79,11 @@ functions:
       - http:
           path: totp
           method: post
+    tags:
+      itse_app_name: ${self:service}
+      itse_app_env: ${self:custom.${sls:stage}_env}
+      itse_app_customer: "shared"
+      managed_by: "serverless"
   totpDelete:
     handler: handlers/totp.delete
     name: ${self:custom.namespace}_totpDelete
@@ -77,6 +94,11 @@ functions:
       - http:
           path: totp/{uuid}
           method: delete
+    tags:
+      itse_app_name: ${self:service}
+      itse_app_env: ${self:custom.${sls:stage}_env}
+      itse_app_customer: "shared"
+      managed_by: "serverless"
   totpValidate:
     handler: handlers/totp.validate
     name: ${self:custom.namespace}_totpValidate
@@ -87,6 +109,11 @@ functions:
       - http:
           path: totp/{uuid}/validate
           method: post
+    tags:
+      itse_app_name: ${self:service}
+      itse_app_env: ${self:custom.${sls:stage}_env}
+      itse_app_customer: "shared"
+      managed_by: "serverless"
   u2fCreateAuthentication:
     handler: handlers/u2f.createAuthentication
     name: ${self:custom.namespace}_u2fCreateAuthentication
@@ -97,6 +124,11 @@ functions:
       - http:
           path: u2f/{uuid}/auth
           method: post
+    tags:
+      itse_app_name: ${self:service}
+      itse_app_env: ${self:custom.${sls:stage}_env}
+      itse_app_customer: "shared"
+      managed_by: "serverless"
   u2fCreateRegistration:
     handler: handlers/u2f.createRegistration
     name: ${self:custom.namespace}_u2fCreateRegistration
@@ -107,6 +139,11 @@ functions:
       - http:
           path: u2f
           method: post
+    tags:
+      itse_app_name: ${self:service}
+      itse_app_env: ${self:custom.${sls:stage}_env}
+      itse_app_customer: "shared"
+      managed_by: "serverless"
   u2fDelete:
     handler: handlers/u2f.delete
     name: ${self:custom.namespace}_u2fDelete
@@ -117,6 +154,11 @@ functions:
       - http:
           path: u2f/{uuid}
           method: delete
+    tags:
+      itse_app_name: ${self:service}
+      itse_app_env: ${self:custom.${sls:stage}_env}
+      itse_app_customer: "shared"
+      managed_by: "serverless"
   u2fValidateAuthentication:
     handler: handlers/u2f.validateAuthentication
     name: ${self:custom.namespace}_u2fValidateAuthentication
@@ -127,6 +169,11 @@ functions:
       - http:
           path: u2f/{uuid}/auth
           method: put
+    tags:
+      itse_app_name: ${self:service}
+      itse_app_env: ${self:custom.${sls:stage}_env}
+      itse_app_customer: "shared"
+      managed_by: "serverless"
   u2fValidateRegistration:
     handler: handlers/u2f.validateRegistration
     name: ${self:custom.namespace}_u2fValidateRegistration
@@ -137,6 +184,11 @@ functions:
       - http:
           path: u2f/{uuid}
           method: put
+    tags:
+      itse_app_name: ${self:service}
+      itse_app_env: ${self:custom.${sls:stage}_env}
+      itse_app_customer: "shared"
+      managed_by: "serverless"
 
 resources:
   Resources:
@@ -152,6 +204,15 @@ resources:
             KeyType: HASH
         BillingMode: PAY_PER_REQUEST
         TableName: ${self:custom.apiKeyTable}
+        Tags:
+          - Key: "itse_app_name"
+            Value: ${self:service}
+          - Key: "itse_app_env"
+            Value: ${self:custom.${sls:stage}_env}
+          - Key: "itse_app_customer"
+            Value: "shared"
+          - Key: "managed_by"
+            Value: "serverless"
     TotpDynamoDbTable:
       Type: AWS::DynamoDB::Table
       DeletionPolicy: Retain
@@ -164,6 +225,15 @@ resources:
             KeyType: HASH
         BillingMode: PAY_PER_REQUEST
         TableName: ${self:custom.totpTable}
+        Tags:
+          - Key: "itse_app_name"
+            Value: ${self:service}
+          - Key: "itse_app_env"
+            Value: ${self:custom.${sls:stage}_env}
+          - Key: "itse_app_customer"
+            Value: "shared"
+          - Key: "managed_by"
+            Value: "serverless"
     U2fDynamoDbTable:
       Type: AWS::DynamoDB::Table
       DeletionPolicy: Retain
@@ -176,43 +246,142 @@ resources:
             KeyType: HASH
         BillingMode: PAY_PER_REQUEST
         TableName: ${self:custom.u2fTable}
+        Tags:
+          - Key: "itse_app_name"
+            Value: ${self:service}
+          - Key: "itse_app_env"
+            Value: ${self:custom.${sls:stage}_env}
+          - Key: "itse_app_customer"
+            Value: "shared"
+          - Key: "managed_by"
+            Value: "serverless"
     ApiKeyActivateLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
         RetentionInDays: "30"
+        Tags:
+          - Key: "itse_app_name"
+            Value: ${self:service}
+          - Key: "itse_app_env"
+            Value: ${self:custom.${sls:stage}_env}
+          - Key: "itse_app_customer"
+            Value: "shared"
+          - Key: "managed_by"
+            Value: "serverless"
     ApiKeyCreateLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
         RetentionInDays: "30"
+        Tags:
+          - Key: "itse_app_name"
+            Value: ${self:service}
+          - Key: "itse_app_env"
+            Value: ${self:custom.${sls:stage}_env}
+          - Key: "itse_app_customer"
+            Value: "shared"
+          - Key: "managed_by"
+            Value: "serverless"
     TotpCreateLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
         RetentionInDays: "30"
+        Tags:
+          - Key: "itse_app_name"
+            Value: ${self:service}
+          - Key: "itse_app_env"
+            Value: ${self:custom.${sls:stage}_env}
+          - Key: "itse_app_customer"
+            Value: "shared"
+          - Key: "managed_by"
+            Value: "serverless"
     TotpDeleteLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
         RetentionInDays: "30"
+        Tags:
+          - Key: "itse_app_name"
+            Value: ${self:service}
+          - Key: "itse_app_env"
+            Value: ${self:custom.${sls:stage}_env}
+          - Key: "itse_app_customer"
+            Value: "shared"
+          - Key: "managed_by"
+            Value: "serverless"
     TotpValidateLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
         RetentionInDays: "30"
+        Tags:
+          - Key: "itse_app_name"
+            Value: ${self:service}
+          - Key: "itse_app_env"
+            Value: ${self:custom.${sls:stage}_env}
+          - Key: "itse_app_customer"
+            Value: "shared"
+          - Key: "managed_by"
+            Value: "serverless"
     U2fCreateAuthenticationLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
         RetentionInDays: "30"
+        Tags:
+          - Key: "itse_app_name"
+            Value: ${self:service}
+          - Key: "itse_app_env"
+            Value: ${self:custom.${sls:stage}_env}
+          - Key: "itse_app_customer"
+            Value: "shared"
+          - Key: "managed_by"
+            Value: "serverless"
     U2fCreateRegistrationLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
         RetentionInDays: "30"
+        Tags:
+          - Key: "itse_app_name"
+            Value: ${self:service}
+          - Key: "itse_app_env"
+            Value: ${self:custom.${sls:stage}_env}
+          - Key: "itse_app_customer"
+            Value: "shared"
+          - Key: "managed_by"
+            Value: "serverless"
     U2fDeleteLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
         RetentionInDays: "30"
+        Tags:
+          - Key: "itse_app_name"
+            Value: ${self:service}
+          - Key: "itse_app_env"
+            Value: ${self:custom.${sls:stage}_env}
+          - Key: "itse_app_customer"
+            Value: "shared"
+          - Key: "managed_by"
+            Value: "serverless"
     U2fValidateAuthenticationLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
         RetentionInDays: "30"
+        Tags:
+          - Key: "itse_app_name"
+            Value: ${self:service}
+          - Key: "itse_app_env"
+            Value: ${self:custom.${sls:stage}_env}
+          - Key: "itse_app_customer"
+            Value: "shared"
+          - Key: "managed_by"
+            Value: "serverless"
     U2fValidateRegistrationLogGroup:
       Type: AWS::Logs::LogGroup
       Properties:
         RetentionInDays: "30"
+        Tags:
+          - Key: "itse_app_name"
+            Value: ${self:service}
+          - Key: "itse_app_env"
+            Value: ${self:custom.${sls:stage}_env}
+          - Key: "itse_app_customer"
+            Value: "shared"
+          - Key: "managed_by"
+            Value: "serverless"

terraform/main.tf

@@ -9,4 +9,20 @@ module "serverless-user" {
   app_name           = "mfa-api"
   aws_region         = var.aws_region
   enable_api_gateway = true
+  extra_policies = [
+    {
+      "Version" : "2012-10-17",
+      "Statement" : [
+        {
+          "Effect" : "Allow",
+          "Action" : [
+            "dynamodb:DescribeTable"
+          ],
+          "Resource" : [
+            "arn:aws:dynamodb:*:*:table/mfa-api_*"
+          ]
+        }
+      ]
+    }
+  ]
 }