зеркало из https://github.com/mozilla/riskHeatMap.git
fa856754b9 | ||
---|---|---|
heatmap | ||
observatory | ||
templates | ||
.gitignore | ||
CONTRIBUTING.md | ||
MANIFEST.in | ||
Pipfile | ||
Pipfile.lock | ||
README.rst | ||
app.py | ||
attach_policy.json | ||
auth.py | ||
config.dev.yml | ||
config.prod.yml | ||
config.py | ||
env.example | ||
package.json | ||
serverless.yml |
README.rst
Overview ======== A dashboard site for the risk heatmap and the observatory dashboard. Hosted in AWS, lambda/serverless via the zappa framework. The risk heatmap and observatory dashboard are just plain html/js files. The AWS/Zappa bits are just for scaling and authentication. Environment ----------- The easiest way to mimic the AWS lambda environment is to use a docker container that matches the architecture. Especially helpful with crypto libraries used in OIDC authentication: Container: ========== Get one from: https://github.com/danielwhatmuff/zappa docker pull danielwhatmuff/zappa or git clone git@github.com:danielwhatmuff/zappa.git && cd zappa && docker build -t zappa . Enter the container in your working directory with a zappa shell: docker run -ti -v ~/.aws:/root/.aws -v /path/to/your/project/:/root/your/project zappa bash Python: ======= I like pipenv: pip install pipenv https://github.com/kennethreitz/pipenv Zappa: ====== The zappa_settings.yaml file contains the environment settings that will inform the zappa API gateway 'stage' environment. Of these the SERVER_NAME: fqdn.of.your.web.server.url is the most important. Flask will 404 anything sent to it via another URL (ip address, alias, etc) For OIDC this also needs to match the relying party (RP) FQDN. The profile_name should match one in your ~/.aws/config that has reasonable privileges to create the AWS items zappa relies on: API Gateway IAM Role s3 bucket lambda function Something like: [profile devadmin] role_arn = arn:aws:iam::<accountnumber>:role/<rolename> source_profile = default mfa_serial = arn:aws:iam::<accountnumber>:mfa/<mfatokenname> API Gateway: ============ The link between dns and lambda is provided by the API Gateway "Custom Domain" feature. Zappa will create this for you in the us-east-1 region. If not in that region, create a custom domain specifying: 1) The ACM Certificate for your domain 2) The base path mapping which mapps the url / to the API Gateway stage (likely api-gateway-name:dev) 3) The cloudfront distribution name (autogenerated by creating a custom domain) Login ----- This configuration of the riskheatmap uses auth0 OIDC. Contacts -------- Jeff Bryner <jbryner@mozilla.org> April King <april@mozilla.org>