Skip to content

Implementation for OpenNext deployment on AWS #578

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 77 commits into
base: main
Choose a base branch
from
Open

Implementation for OpenNext deployment on AWS #578

wants to merge 77 commits into from
+3,051 −0

Conversation

christian-calabrese
Copy link
Contributor

@christian-calabrese christian-calabrese commented May 22, 2025
edited
Loading

The infrastructure that is currently running the https://developer.pagopa.it website 🚀

Resolves CES-1018

@christian-calabrese christian-calabrese requested a review from a team as a code owner May 22, 2025 19:05
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented May 22, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 06a6ae9

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
aws_open_next Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@christian-calabrese christian-calabrese marked this pull request as draft May 22, 2025 19:05
@uolter uolter temporarily deployed to infra-dev-ci May 26, 2025 15:00 — with GitHub Actions Inactive
@uolter uolter temporarily deployed to infra-dev-ci May 27, 2025 07:02 — with GitHub Actions Inactive
mamu0
mamu0 reviewed May 28, 2025
View reviewed changes
@uolter uolter temporarily deployed to infra-dev-ci May 28, 2025 13:54 — with GitHub Actions Inactive
@uolter uolter temporarily deployed to infra-dev-ci May 29, 2025 07:40 — with GitHub Actions Inactive
@uolter uolter temporarily deployed to infra-dev-ci May 29, 2025 07:43 — with GitHub Actions Inactive
@uolter uolter temporarily deployed to infra-dev-ci May 29, 2025 07:51 — with GitHub Actions Inactive
@uolter uolter temporarily deployed to infra-dev-ci May 29, 2025 10:38 — with GitHub Actions Inactive
@uolter uolter temporarily deployed to infra-dev-ci May 29, 2025 10:47 — with GitHub Actions Inactive
@uolter uolter temporarily deployed to infra-dev-ci May 29, 2025 10:54 — with GitHub Actions Inactive
@uolter uolter temporarily deployed to infra-dev-ci May 29, 2025 16:42 — with GitHub Actions Inactive
@uolter uolter temporarily deployed to infra-dev-ci June 6, 2025 09:55 — with GitHub Actions Inactive
@uolter uolter temporarily deployed to infra-dev-ci June 9, 2025 08:59 — with GitHub Actions Inactive
lucacavallaro
lucacavallaro reviewed Oct 6, 2025
View reviewed changes
infra/modules/aws_open_next/variables.tf
Comment on lines 128 to 132
variable "enable_waf" {
type = bool
description = "Whether to enable WAF for enhanced protection."
default = false
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: can't the WAF be always enabled? what is our suggestion about the WAF?

Copy link
Contributor Author

@christian-calabrese christian-calabrese Oct 16, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not mandatory, I updated the variable description for more guidance. Mainly useful for sensitive production applications. Enabling WAF adds costs

infra/modules/aws_open_next/variables.tf
default = null
}

variable "node_major_version" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
variable "node_major_version" {
variable "node_version" {

infra/modules/aws_open_next/variables.tf Outdated
type = object({
timeout = optional(number, 30)
memory_size = optional(number, 1024)
handler = optional(string, "index.handler")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: what is the meaning of index.handler? is it a reference to a file named index.handler.js produced by next?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

index is the name of the main file where the handler function is implemented. The handler function is the entry point of the lambda and it is produced by opennext in this case.

gunzip
gunzip reviewed Oct 7, 2025
View reviewed changes
mamu0
mamu0 reviewed Oct 8, 2025
View reviewed changes
mamu0
mamu0 approved these changes Oct 8, 2025
View reviewed changes
Copy link
Contributor

@mamu0 mamu0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, great job! ✅

@github-actions GitHub Actions
Copy link
Contributor

📋 Pre-commit Output Log 
[INFO] Initializing environment for https://github.com/antonbabenko/pre-commit-terraform.
Lock Terraform Registry modules..................................(no files to check)Skipped
Terraform Providers Lock (on staged .terraform.lock.hcl files).......................Passed
- hook id: terraform_providers_lock_staged
- duration: 0.08s

No .terraform.lock.hcl files to process.

Terraform fmt........................................................................Passed
terraform_docs on modules............................................................Passed
terraform_docs on resources......................................(no files to check)Skipped
Terraform validate with tflint.......................................................Passed
Terraform validate...................................................................Passed
Terraform validate with trivy........................................................Passed

Generated on Thu Oct 16 17:30:34 UTC 2025
Run all checks on modified files

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gunzip gunzip gunzip left review comments

@lucacavallaro lucacavallaro lucacavallaro left review comments

Copilot code review Copilot Copilot left review comments

@mamu0 mamu0 mamu0 approved these changes

Assignees

No one assigned

Labels

priority

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@christian-calabrese @codecov-commenter @gunzip @lucacavallaro @mamu0 @uolter