Skip to content

iamgp21/capstone-serverless

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
.github/workflows
.github/workflows
 
 
drawio
drawio
 
 
img
img
 
 
infra
infra
 
 
script
script
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Capstone-Serverless

This repo demonstrates deploying Event Driven Cloud Function using Terraform & Github Actions on Google Cloud Platform.

It also has integration related to Static Code Scanning of Terraform Code using KICS tool and Cloud Function logs being visualized on Grafana Loki Platform.

Pre-Requisites:

  • Below GCP API's Enabled:

    • Cloud Scheduler API
    • Cloud Pub/Sub API
    • Serverless VPC Access API
    • Cloud Functions API
    • Cloud Build API
    • Cloud Logging API
    • Secret Manager API
    • Security Token Service API

  • Service Account for Deploying Infra.

GCP INFRA SERVICE ACCOUNT

  • Cloud Function Runtime Service Account needed to communicate with GCP Resources.

Cloud Function Runtime Service Account

Security Best Practice:

  • Static Code Scanning of Terraform Code using KICS tool.

  • Workload Indentity Federation is used for GCP Authentication with Github Actions.

  • Google Secret Manager Service used to store any secrets/passwords used by Cloud Function.

Static Code Scanning Results:

SARIF results uploaded to Github Static Code Scan Results

Serverless Flow:

GCP Serverless Flow

Serverless Validation:

  • Cloud Scheduler Job Run:

Cloud Scheduler Job

  • Cloud Function:

Cloud Function

  • Cloud Function Logs to Grafana Loki:

Grafana Loki

About

POC for Implementing Event based Cloud Function on GCP

Topics

serverless terraform gcp loki github-actions kics static-code-scan

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages