darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-24 01:11:38 -05:00
Code Issues Packages Projects Releases Wiki Activity

Only give broadcasts worker IAM creds for CBC proxy

Browse Source 
There is no need to give it to any of the other workers and so the fewer
instances that have these creds the better.

You can verify this works by running
```
CF_APP=notify-api CF_SPACE=preview make generate-manifest
```

vs

```
CF_APP=notify-delivery-worker-broadcasts CF_SPACE=preview make generate-manifest
```
This commit is contained in:
David McDonald
2021-04-12 15:27:47 +01:00
parent 295162c81d
commit 4437d60dd7
1 changed files with 2 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
manifest.yml.j2
View File

@@ -67,6 +67,8 @@
'notify-delivery-worker-broadcasts': {
'additional_env_vars': {
'CELERYD_PREFETCH_MULTIPLIER': 1,
'CBC_PROXY_AWS_ACCESS_KEY_ID': CBC_PROXY_AWS_ACCESS_KEY_ID,
'CBC_PROXY_AWS_SECRET_ACCESS_KEY': CBC_PROXY_AWS_SECRET_ACCESS_KEY,
}
},
'notify-delivery-worker-receipts': {},
@@ -127,11 +129,6 @@ applications:
AWS_ACCESS_KEY_ID: '{{ AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '{{ AWS_SECRET_ACCESS_KEY }}'
{% if CBC_PROXY_AWS_ACCESS_KEY_ID is defined %}
CBC_PROXY_AWS_ACCESS_KEY_ID: '{{ CBC_PROXY_AWS_ACCESS_KEY_ID }}'
CBC_PROXY_AWS_SECRET_ACCESS_KEY: '{{ CBC_PROXY_AWS_SECRET_ACCESS_KEY }}'
{% endif %}
STATSD_HOST: "notify-statsd-exporter-{{ environment }}.apps.internal"
ZENDESK_API_KEY: '{{ ZENDESK_API_KEY }}'