Skip to content

Commit

Permalink
Merge pull request #74 from supabase-community/upgrade-202311
Browse files Browse the repository at this point in the history
fix: Use stack to make WAF independent
  • Loading branch information
mats16 authored Nov 14, 2023
2 parents 9dba351 + 4589407 commit 30b1f2f
Show file tree
Hide file tree
Showing 10 changed files with 201 additions and 320 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/cfn-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
PATTERNS: |
src/**/*
.projenrc.js
.github/workflows/publish.yml
.github/workflows/cfn-publish.yml
- name: node.js setup
if: env.GIT_DIFF
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/ecr-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
with:
PATTERNS: |
containers/kong/**/*
.github/workflows/publish.yml
.github/workflows/ecr-publish.yml
- name: Set up QEMU
if: env.GIT_DIFF
Expand Down Expand Up @@ -73,7 +73,7 @@ jobs:
with:
PATTERNS: |
containers/postgraphile/**/*
.github/workflows/publish.yml
.github/workflows/ecr-publish.yml
- name: Set up QEMU
if: env.GIT_DIFF
Expand Down
49 changes: 49 additions & 0 deletions .github/workflows/waf-cfn-publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: waf-cfn-publish
on:
push:
branches:
- main
workflow_dispatch: {}

jobs:
latest:
name: Latest Cfn templates
runs-on: ubuntu-latest
permissions:
id-token: write # needed to interact with GitHub's OIDC Token endpoint.
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4

- uses: technote-space/get-diff-action@v6
with:
PATTERNS: |
src/supabase-waf-stack.ts
.projenrc.js
.github/workflows/waf-cfn-publish.yml
- name: node.js setup
if: env.GIT_DIFF
uses: actions/setup-node@v4
with:
node-version: '18'

- name: Install dependencies
if: env.GIT_DIFF
run: yarn install --check-files

- name: Configure AWS credentials
if: env.GIT_DIFF
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.CDK_PUBLISHING_ROLE }}
aws-region: us-west-2

- name: cdk synth
if: env.GIT_DIFF
run: npx projen synth --name SupabaseWaf --no-version-reporting

- name: Publish assets
if: env.GIT_DIFF
run: aws s3 cp cdk.out/SupabaseWaf.template.json s3://supabase-on-aws-us-east-1/latest/SupabaseWaf.template.json
11 changes: 9 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -52,13 +52,20 @@ This repo includes a template of starting Supabase stack on AWS via CloudFormati
[latest-ap-southeast-2]: https://ap-southeast-2.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-southeast-2.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=ap-southeast-2
[latest-ap-south-1]: https://ap-south-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-south-1.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=ap-south-1

### Optional templates

| Template | Link |
|:--|:--|
| AWS WAF (Web ACL) | [![launch][launch]][waf-latest] |

[waf-latest]: https://us-east-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=SupabaseWaf&templateURL=https://supabase-on-aws-us-east-1.s3.amazonaws.com/latest/SupabaseWaf.template.json

### Specification and Limitation

- APIs
- All containers run on ECS Fargate (Graviton2).
- Only Storage API works on x86_64 platforms.
- All components are configured with AutoScaling.
- GraphQL is supported using [PostGraphile](https://www.graphile.org/postgraphile/), because [pg_graphql](https://github.com/supabase/pg_graphql) is not supported with Amazon RDS/Aurora.
- GraphQL is not supported, because [pg_graphql](https://github.com/supabase/pg_graphql) is not supported with Amazon RDS/Aurora.
- Service Discovery
- Each component is discovered as `***.supabase.internal`.
- Database (PostgreSQL)
Expand Down
212 changes: 0 additions & 212 deletions src/aws-waf/cr-web-acl.ts

This file was deleted.

62 changes: 0 additions & 62 deletions src/aws-waf/index.ts

This file was deleted.

3 changes: 3 additions & 0 deletions src/main.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import { App } from 'aws-cdk-lib';
import { BootstraplessStackSynthesizer } from 'cdk-bootstrapless-synthesizer';
import { SupabaseStack } from './supabase-stack';
import { SupabaseWafStack } from './supabase-waf-stack';

const isCfnPublishing: boolean = typeof process.env.BSS_FILE_ASSET_BUCKET_NAME != 'undefined';

Expand All @@ -14,6 +15,8 @@ const synthesizer = (isCfnPublishing)

const app = new App();

new SupabaseWafStack(app, 'SupabaseWaf', { env: { region: 'us-east-1' } });

new SupabaseStack(app, 'Supabase', { env, synthesizer });

app.synth();
Loading

0 comments on commit 30b1f2f

Please sign in to comment.