This repository has been archived by the owner on Apr 26, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add email_alert_notifications project
This project sets up an S3 bucket and a lambda function that parses files and renames them with a prefix (currently only `travel-advice-alerts`) and the `govuk_request_id` parsed from the email body. This allows us to more reliably verify that email alerts have been sent when a travel advice update has been published. An SES domain and RuleSet and an S3 event source are also required but can't currently be configured via Terraform.
- Loading branch information
Showing
9 changed files
with
172 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
|
44 changes: 44 additions & 0 deletions
44
projects/email_alert_notifications/files/rename_email_files_with_request_id.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
import boto3 | ||
import urllib | ||
import re | ||
import uuid | ||
from botocore.exceptions import ClientError | ||
|
||
S3 = boto3.client('s3') | ||
|
||
REQUEST_ID_REGEX = re.compile(r'data-govuk-request-id=(?:3D){,1}"([0-9\-\.]+)"') | ||
|
||
def lambda_handler(event, context): | ||
bucket_name = source_bucket_name(event) | ||
key = source_key(event) | ||
request_id = parse_request_id(bucket_name, key) | ||
prefix = file_prefix(event, request_id) | ||
move_file(bucket_name, key, request_id, prefix) | ||
|
||
def source_bucket_name(event): | ||
return event['Records'][0]['s3']['bucket']['name'] | ||
|
||
def source_key(event): | ||
return urllib.unquote_plus(event['Records'][0]['s3']['object']['key']).decode('utf8') | ||
|
||
def parse_request_id(bucket_name, key): | ||
m = REQUEST_ID_REGEX.search(email_body(bucket_name, key)) | ||
if m: | ||
return m.group(1) | ||
|
||
def email_body(bucket_name, key): | ||
response = S3.get_object(Bucket=bucket_name, Key=key) | ||
return response["Body"].read() | ||
|
||
def move_file(bucket_name, key, request_id, prefix): | ||
S3.copy_object( | ||
Bucket=bucket_name, | ||
CopySource='%s/%s' % (bucket_name, key), | ||
Key='%s/%s.msg' % (prefix, request_id or uuid.uuid4())) | ||
S3.delete_object(Bucket=bucket_name, Key=key) | ||
|
||
def file_prefix(event, request_id): | ||
if request_id: | ||
return "travel-advice-alerts" | ||
else: | ||
return "no-request-id" |
Binary file added
BIN
+773 Bytes
projects/email_alert_notifications/files/rename_email_files_with_request_id.zip
Binary file not shown.
53 changes: 53 additions & 0 deletions
53
projects/email_alert_notifications/resources/email_alert_notifications.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
variable "s3_bucket_name" { | ||
default = "govuk-email-alert-notifications" | ||
} | ||
|
||
resource "template_file" "s3_bucket_policy" { | ||
template = "${file("templates/email_alert_s3_bucket_policy.json")}" | ||
vars { | ||
account_id = "${element(split(":", aws_iam_role.lambda_execute_and_write_to_email_alert_bucket.arn), 4)}" | ||
bucket_name = "${var.s3_bucket_name}" | ||
lambda_role = "${aws_iam_role.lambda_execute_and_write_to_email_alert_bucket.arn}" | ||
} | ||
} | ||
|
||
resource "template_file" "put_and_delete_to_email_alert_bucket_policy" { | ||
template = "${file("templates/put_and_delete_to_s3_policy.json")}" | ||
vars { | ||
resource_arn = "${aws_s3_bucket.email_alert_inbox_bucket.arn}" | ||
} | ||
} | ||
|
||
resource "aws_s3_bucket" "email_alert_inbox_bucket" { | ||
bucket = "${var.s3_bucket_name}" | ||
acl = "public-read" | ||
policy = "${template_file.s3_bucket_policy.rendered}" | ||
} | ||
|
||
resource "aws_iam_role" "lambda_execute_and_write_to_email_alert_bucket" { | ||
name = "lambda_execute_and_write_to_email_alert_bucket" | ||
assume_role_policy = "${file("templates/lambda_assume_role_policy.json")}" | ||
} | ||
|
||
resource "aws_iam_role_policy" "put_and_delete_to_email_alert_bucket" { | ||
name = "put_and_delete_to_email_alert_bucket" | ||
role = "${aws_iam_role.lambda_execute_and_write_to_email_alert_bucket.id}" | ||
policy = "${template_file.put_and_delete_to_email_alert_bucket_policy.rendered}" | ||
} | ||
|
||
resource "aws_iam_role_policy" "write_to_logs" { | ||
name = "write_to_logs" | ||
role = "${aws_iam_role.lambda_execute_and_write_to_email_alert_bucket.id}" | ||
policy = "${file("templates/write_to_logs_policy.json")}" | ||
} | ||
|
||
resource "aws_lambda_function" "rename_email_files_with_request_id"{ | ||
filename = "rename_email_files_with_request_id.zip" | ||
function_name = "rename_email_files_with_request_id" | ||
role = "${aws_iam_role.lambda_execute_and_write_to_email_alert_bucket.arn}" | ||
handler = "rename_email_files_with_request_id.lambda_handler" | ||
runtime = "python2.7" | ||
source_code_hash = "${base64sha256(file("rename_email_files_with_request_id.zip"))}" | ||
} | ||
|
||
|
Binary file added
BIN
+773 Bytes
projects/email_alert_notifications/resources/rename_email_files_with_request_id.zip
Binary file not shown.
32 changes: 32 additions & 0 deletions
32
projects/email_alert_notifications/templates/email_alert_s3_bucket_policy.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
{ | ||
"Version": "2012-10-17", | ||
"Id": "${uuid()}", | ||
"Statement": [ | ||
{ | ||
"Effect": "Allow", | ||
"Principal": { | ||
"AWS": "${lambda_role}" | ||
}, | ||
"Action": [ | ||
"s3:PutObject", | ||
"s3:DeleteObject", | ||
"s3:GetObject" | ||
], | ||
"Resource": "arn:aws:s3:::${bucket_name}/*" | ||
}, | ||
{ | ||
"Sid": "GiveSESPermissionToWriteEmail", | ||
"Effect": "Allow", | ||
"Principal": { | ||
"Service": "ses.amazonaws.com" | ||
}, | ||
"Action": "s3:PutObject", | ||
"Resource": "arn:aws:s3:::${bucket_name}/*", | ||
"Condition": { | ||
"StringEquals": { | ||
"aws:Referer": "${account_id}" | ||
} | ||
} | ||
} | ||
] | ||
} |
13 changes: 13 additions & 0 deletions
13
projects/email_alert_notifications/templates/lambda_assume_role_policy.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Action": "sts:AssumeRole", | ||
"Principal": { | ||
"Service": "lambda.amazonaws.com" | ||
}, | ||
"Effect": "Allow", | ||
"Sid": "" | ||
} | ||
] | ||
} |
15 changes: 15 additions & 0 deletions
15
projects/email_alert_notifications/templates/put_and_delete_to_s3_policy.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Action": [ | ||
"s3:getObject", | ||
"s3:putObject", | ||
"s3:deleteObject", | ||
"s3:putObjectAcl" | ||
], | ||
"Effect": "Allow", | ||
"Resource": "${resource_arn}" | ||
} | ||
] | ||
} |
14 changes: 14 additions & 0 deletions
14
projects/email_alert_notifications/templates/write_to_logs_policy.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Effect": "Allow", | ||
"Action": [ | ||
"logs:CreateLogGroup", | ||
"logs:CreateLogStream", | ||
"logs:PutLogEvents" | ||
], | ||
"Resource": "arn:aws:logs:*:*:*" | ||
} | ||
] | ||
} |