sync(integration): aws-lambda-aws-iam (#1)

FolderOrigin-RevId: /home/runner/work/integrations/integrations/.

Author: indent-bot

.github/workflows/deploy.yaml

@@ -0,0 +1,81 @@
+name: deploy.webhook
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+env:
+  AWS_REGION: us-west-2
+jobs:
+  terraform:
+    name: Terraform
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
+          aws-region: ${{ env.AWS_REGION }}
+      - name: Add profile credentials to ~/.aws/credentials
+        run: |
+          aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} --profile default
+          aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} --profile default
+          aws configure set aws_region ${{ env.AWS_REGION }} --profile default
+      - name: Terraform Format
+        id: fmt
+        run: terraform fmt -check -diff
+      - name: Terraform Init
+        id: init
+        run: terraform init
+      - name: Terraform Plan
+        id: plan
+        if: github.event_name == 'pull_request'
+        run: terraform plan -input=false -no-color
+        continue-on-error: true
+        env:
+          TF_VAR_indent_webhook_secret: ${{ secrets.INDENT_WEBHOOK_SECRET }}
+          TF_VAR_default_user_pw: ${{ secrets.DEFAULT_USER_PW }}
+      - uses: actions/github-script@0.9.0
+        if: github.event_name == 'pull_request'
+        env:
+          PLAN: |-
+            terraform
+            ${{ steps.plan.outputs.stdout }}
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+            #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+            <details><summary>Show Plan</summary>
+            \`\`\`${process.env.PLAN}\`\`\`
+            </details>
+            *Actor: @${{ github.actor }}, Event: \`${{ github.event_name }}\`*`;
+            github.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+      - name: Terraform Apply
+        if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
+        run: terraform apply -input=false -auto-approve
+        env:
+          TF_VAR_indent_webhook_secret: ${{ secrets.INDENT_WEBHOOK_SECRET }}
+          TF_VAR_default_user_pw: ${{ secrets.DEFAULT_USER_PW }}
+      - name: Terraform Output
+        if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch')
+        run: terraform output
+        env:
+          TF_VAR_indent_webhook_secret: ${{ secrets.INDENT_WEBHOOK_SECRET }}
+          TF_VAR_example_api_key: ${{ secrets.EXAMPLE_API_KEY}}

.gitignore

@@ -0,0 +1,12 @@
+data
+dist
+lib
+.env
+node_modules
+*.tfstate
+.terraform*
+*.tfstate.*
+terraform/config/*.tfvars
+!terraform/config/example.tfvars
+yarn.lock
+package-lock.json

LICENSE

@@ -0,0 +1,72 @@
+# Indent + AWS Lambda and AWS IAM
+
+This repository contains an integration between AWS IAM and [Indent](https://indent.com). Once deployed, you will be able to use this integration with Indent to:
+
+- PullUpdate
+- ApplyPullUpdate
+
+## Quicklinks
+
+- [Indent Documentation](https://indent.com/docs)
+- [Indent Support](https://support.indent.com)
+
+**In this repo**
+
+- [GitHub Secrets](./settings/secrets/actions)
+- [GitHub Actions](./actions/workflows/deploy.yaml)
+
+## Configuration
+
+Before you deploy these webhooks for the first time, [create an S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html) to store Terraform state, add your credentials as [GitHub Secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets), then update the bucket in `main.tf` once you're done.
+
+<details><summary><strong>1. Configuring the S3 bucket</strong></summary>
+<p>
+
+- [Go to AWS S3](https://s3.console.aws.amazon.com/s3/buckets) and select an existing bucket or create a new one.
+- Select the settings given your environment:
+  - Name — easily identifiable name for the bucket (example = indent-deploy-state-123)
+  - Region — where you plan to deploy the Lambda (default = us-west-2)
+  - Bucket versioning — if you want to have revisions of past deployments (default = disabled)
+  - Default encryption — server-side encryption for deployment files (default = Enable)
+
+</p>
+</details>
+
+<details><summary><strong>2. Configuring AWS credentials</strong></summary>
+<p>
+
+- [Go to AWS IAM → New User](https://console.aws.amazon.com/iam/home#/users$new?step=details) and create a new user for deploys, e.g. `indent-terraform-deployer`
+- Configure the service account access:
+  - Credential type — select **Access key - Programmatic access**
+  - Permissions — select **Attach existing policies directly** and select `AdministratorAccess`
+- Add the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` as GitHub Secrets to this repo
+
+</p>
+</details>
+
+<details><summary><strong>3. Connecting to AWS IAM</strong></summary>
+
+
+</details>
+
+<details><summary><strong>4. Connecting to Indent</strong></summary>
+
+- If you're setting up as part of a catalog flow, you should be presented a **Webhook Secret** or [go to your Indent space and create a webhook](https://indent.com/spaces?next=/manage/spaces/[space]/webhooks/new)
+- Add this as `INDENT_WEBHOOK_SECRET` as a GitHub Secret
+
+</details>
+
+<details><summary><strong>5. Deploy</strong></summary>
+
+- Enter the bucket you created in `main.tf` in the `backend` configuration
+- This will automatically kick off a deploy, or you can [manually trigger from GitHub Actions](./actions/workflows/terraform.yml)
+
+</details>
+
+### Actions secrets
+
+Visit <a href="https://indent.com/docs" target="_blank">this link</a> to our documentation for information on setting up GitHub Secrets in this repository.
+
+## Deployment
+
+This repository auto-deploys to AWS Lambda when you push or merge PRs to the `main` branch. You can manually redeploy the webhooks by re-running the [latest GitHub Action job](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs).