feat: Added terraform scripts to create API Gateway and Cognito user …

…pool with App clients

Refer to task unity-sds/unity-cs#124

terraform-api-gateway-cognito/README.md

@@ -0,0 +1,104 @@
+# Terraform to Deploy Unity API Gateway
+
+This Document is a Work in Progress
+
+## Prerequisites
+- Terraform
+- AWS CLI
+
+## Steps to Deploy the API Gateway
+
+1. Open a terminal and set the following environment variables with correct values associated with your AWS account.
+
+```shell
+export AWS_ACCESS_KEY_ID=
+export AWS_SECRET_ACCESS_KEY=
+export AWS_SESSION_TOKEN=
+export AWS_DEFAULT_REGION=us-west-2
+```
+
+2. The following parameters should be available in the AWS System Manager (SSM) Parameter Store before deploying the API Gateway. These values can be set
+as a result of a previous deployment (E.g.: A lambda function deployment) or can be set using AWS Console or AWS CLI.
+
+```shell
+/unity/dev/unity-sps-1/api-gateway/functions/cs-lambda-authorizer-uri
+/unity/dev/unity-sps-1/api-gateway/integrations/uads-dockstore-nlb-uri
+/unity/dev/unity-sps-1/api-gateway/integrations/uads-dev-dockstore-link-2-vpc-link-id
+/unity/dev/unity-sps-1/api-gateway/integrations/uds-dev-cumulus-cumulus_granules_dapa-function-uri
+/unity/dev/unity-sps-1/api-gateway/integrations/uds-dev-cumulus-cumulus_collections_dapa-function-uri
+```
+
+If these parameters are not available, it is possible to set these parameters using the AWS CLI as follows.
+
+Tips:
+
+#### A function URI for a lambda function can be derived as follows.
+
+Example:
+    The `arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:1234567890:function:cs-lambda-authorizer/invocations`
+
+Can be derived with:
+
+     "arn:aws:apigateway:" + <AWS_REGION_OF_FUNCTION> + ":lambda:path/2015-03-31/functions/" + <ARN_OF_THE_FUNCTION> + "/invocations"
+
+
+#### Example 
+
+In this example, the account number is purposefully set to 1234567890 and also added fake values. Please replace these values with correct values): 
+```shell
+
+aws ssm put-parameter --name "/unity/dev/unity-sps-1/api-gateway/functions/cs-lambda-authorizer-uri" \
+    --value "arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:1234567890:function:cs-lambda-authorizer/invocations" \
+    --type String
+
+aws ssm put-parameter --name "/unity/dev/unity-sps-1/api-gateway/integrations/uads-dockstore-nlb-uri" \
+    --value "http://uads-dockstore-nlb.elb.us-west-2.amazonaws.com:9999/{proxy}" \
+    --type String
+
+aws ssm put-parameter --name "/unity/dev/unity-sps-1/api-gateway/integrations/uads-dev-dockstore-link-2-vpc-link-id" \
+    --value "abcde" \
+    --type String
+
+aws ssm put-parameter --name "/unity/dev/unity-sps-1/api-gateway/integrations/uds-dev-cumulus-cumulus_granules_dapa-function-uri" \
+    --value "arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:1234567890:function:uds-dev-cumulus-cumulus_granules_dapa/invocations" \
+    --type String
+
+aws ssm put-parameter --name "/unity/dev/unity-sps-1/api-gateway/integrations/uds-dev-cumulus-cumulus_collections_dapa-function-uri" \
+    --value "arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:1234567890:function:uds-dev-cumulus-cumulus_collections_dapa/invocations" \
+    --type String
+
+```
+
+3. Clone unity-cs repository (api-gateway-terraform branch)
+```shell
+git clone https://github.com/unity-sds/unity-cs.git -b api-gateway-terraform
+```
+
+4. Change current working directory to `terraform/terraform-api-gateway`
+
+```shell
+cd unity-cs/terraform/terraform-api-gateway/
+```
+
+5. Check the YAML file at `unity-cs/terraform/terraform-api-gateway/terraform-modules/unity-rest-api-gateway-oas30.yaml`,
+which contains the Open API Specification 3.0 definition of Unity API Gateway and make necessary updates (only if required). You can use 
+this file to define a complete API Gateway by adding, updating, deleting API resources and methods, configuring authorizers and
+setting-up integration points.
+
+7. Execute following commands to deploy the API Gateway.
+
+```shell
+terraform init
+```
+
+```shell
+terraform apply
+```
+
+7. Visit the API Gateway service and observe the newly deployed API Gateway (in this example, it takes the name "Unity CS Experimental REST API Gateway").
+
+8. To delete the API Gateway, you may use the following command.
+
+```shell
+terraform destroy
+```

terraform-api-gateway-cognito/main.tf

@@ -0,0 +1,7 @@
+module "api_gateway" {
+  source = "./terraform-modules/api-gateway"
+}
+
+module "cognito_user_pool" {
+  source = "./terraform-modules/cognito-user-pool"
+}

terraform-api-gateway-cognito/post-deployment/update-api-gateway-urls.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+AWS_DEFAULT_REGION='us-west-2'
+NAMESPACE='unity-sps'
+COUNTER=3
+STAGE='dev'
+REST_API_ID='<ADD REST API ID>'
+
+ADES_WPST_URL=$(aws ssm get-parameter --name "/unity/dev/${NAMESPACE}-${COUNTER}/api-gateway/stage-variables/ades-wpst-url" --query Parameter.Value --region "${AWS_DEFAULT_REGION}")
+GRQ_ES_URL=$(aws ssm get-parameter --name "/unity/dev/${NAMESPACE}-${COUNTER}/api-gateway/stage-variables/grq-es-url" --query Parameter.Value --region "${AWS_DEFAULT_REGION}")
+GRQ_REST_API_URL=$(aws ssm get-parameter --name "/unity/dev/${NAMESPACE}-${COUNTER}/api-gateway/stage-variables/grq-rest-api-url" --query Parameter.Value --region "${AWS_DEFAULT_REGION}")
+HYSDS_UI_URL=$(aws ssm get-parameter --name "/unity/dev/${NAMESPACE}-${COUNTER}/api-gateway/stage-variables/hysds-ui-url" --query Parameter.Value --region "${AWS_DEFAULT_REGION}")
+MOZART_ES_URL=$(aws ssm get-parameter --name "/unity/dev/${NAMESPACE}-${COUNTER}/api-gateway/stage-variables/mozart-es-url" --query Parameter.Value --region "${AWS_DEFAULT_REGION}")
+MOZART_REST_API_URL=$(aws ssm get-parameter --name "/unity/dev/${NAMESPACE}-${COUNTER}/api-gateway/stage-variables/mozart-rest-api-url" --query Parameter.Value --region "${AWS_DEFAULT_REGION}")
+
+aws apigateway update-stage --rest-api-id "${REST_API_ID}" --stage-name "${STAGE}" --region ${AWS_DEFAULT_REGION} --patch-operations op=replace,path=/variables/adesWpstUrl,value="${ADES_WPST_URL}"
+aws apigateway update-stage --rest-api-id "${REST_API_ID}" --stage-name "${STAGE}" --region ${AWS_DEFAULT_REGION} --patch-operations op=replace,path=/variables/grqEsUrl,value="${GRQ_ES_URL}"
+aws apigateway update-stage --rest-api-id "${REST_API_ID}" --stage-name "${STAGE}" --region ${AWS_DEFAULT_REGION} --patch-operations op=replace,path=/variables/grqRestApiUrl,value="${GRQ_REST_API_URL}"
+aws apigateway update-stage --rest-api-id "${REST_API_ID}" --stage-name "${STAGE}" --region ${AWS_DEFAULT_REGION} --patch-operations op=replace,path=/variables/hysdsUiUrl,value="${HYSDS_UI_URL}"
+aws apigateway update-stage --rest-api-id "${REST_API_ID}" --stage-name "${STAGE}" --region ${AWS_DEFAULT_REGION} --patch-operations op=replace,path=/variables/mozartEsUrl,value="${MOZART_ES_URL}"
+aws apigateway update-stage --rest-api-id "${REST_API_ID}" --stage-name "${STAGE}" --region ${AWS_DEFAULT_REGION} --patch-operations op=replace,path=/variables/mozartRestApiUrl,value="${MOZART_REST_API_URL}"

terraform-api-gateway-cognito/providers.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.0.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = var.region
+}

terraform-api-gateway-cognito/terraform-modules/api-gateway/rest_api.tf

@@ -0,0 +1,57 @@
+resource "aws_api_gateway_rest_api" "rest_api" {
+  name = var.rest_api_name
+  endpoint_configuration {
+    types = ["REGIONAL"]
+  }
+  body = data.template_file.api_template.rendered
+}
+
+data "aws_ssm_parameter" "api_gateway_cs_lambda_authorizer_uri" {
+  name = var.ssm_param_api_gateway_function_cs_lambda_authorizer_uri
+}
+
+data "aws_ssm_parameter" "api_gateway_integration_uads_dockstore_nlb_uri" {
+  name = var.ssm_param_api_gateway_integration_uads_dockstore_nlb_uri
+}
+
+data "aws_ssm_parameter" "api_gateway_integration_uads_dockstore_link_2_vpc_link_id" {
+  name = var.ssm_param_api_gateway_integration_uads_dockstore_link_2_vpc_link_id
+}
+
+data "aws_ssm_parameter" "api_gateway_integration_uds_dev_cumulus_cumulus_granules_dapa_function_uri" {
+  name = var.ssm_param_api_gateway_integration_uds_dev_cumulus_cumulus_granules_dapa_function_uri
+}
+
+data "aws_ssm_parameter" "api_gateway_integration_uds_dev_cumulus_cumulus_collections_dapa_function_uri" {
+  name = var.ssm_param_api_gateway_integration_uds_dev_cumulus_cumulus_collections_dapa_function_uri
+}
+
+data "template_file" "api_template" {
+  template = file("./terraform-modules/api-gateway/unity-rest-api-gateway-oas30.yaml")
+
+  vars = {
+    csLambdaAuthorizerUri = data.aws_ssm_parameter.api_gateway_cs_lambda_authorizer_uri.value
+    uadsDockstoreNlbUri = data.aws_ssm_parameter.api_gateway_integration_uads_dockstore_nlb_uri.value
+    uadsDockstoreLink2VpcLinkId = data.aws_ssm_parameter.api_gateway_integration_uads_dockstore_link_2_vpc_link_id.value
+    udsDevCumulusCumulusGranulesDapaFunctionUri = data.aws_ssm_parameter.api_gateway_integration_uds_dev_cumulus_cumulus_granules_dapa_function_uri.value
+    udsDevCumulusCumulusCumulusCollectionsDapaFunctionUri = data.aws_ssm_parameter.api_gateway_integration_uds_dev_cumulus_cumulus_collections_dapa_function_uri.value
+  }
+}
+
+resource "aws_api_gateway_deployment" "api-gateway-deployment" {
+  rest_api_id = aws_api_gateway_rest_api.rest_api.id
+  stage_name  = "dev"
+
+  variables = {
+    adesWpstUrl      = "-",
+    grqEsUrl         = "-",
+    grqRestApiUrl    = "-",
+    hysdsUiUrl       = "-",
+    mozartEsUrl      = "-",
+    mozartRestApiUrl = "-"
+  }
+}
+
+output "url" {
+  value = "${aws_api_gateway_deployment.api-gateway-deployment.invoke_url}/api"
+}