Update requirements for LZ

backend/package.json

@@ -25,6 +25,7 @@
     "handlebars": "^4.7.8",
     "helmet": "^4.1.1",
     "http-proxy-middleware": "^2.0.6",
+    "https-proxy-agent": "^7.0.4",
     "ip-address": "^9.0.5",
     "jsdom": "^22.1",
     "jsonwebtoken": "^9.0.2",
@@ -47,6 +48,8 @@
     "typeorm": "^0.2.45",
     "utf-8-validate": "^6.0.3",
     "uuid": "^9.0.1",
+    "winston": "^3.11.0",
+    "winston-cloudwatch": "^6.2.0",
     "ws": "^8.18.0"
   },
   "description": "",

backend/serverless.yml

@@ -48,10 +48,7 @@ provider:
         Principal: '*'
         Action: execute-api:Invoke
         Resource: execute-api:/${self:provider.stage}/*/*
-        Condition:
-          IpAddress:
-            aws:SourceIp:
-              - ${file(env.yml):${self:provider.stage}.DMZ_CIDR, ''}
+
   logs:
     restApi: true
   deploymentBucket:

frontend/src/components/Footer/Footer.tsx

@@ -24,7 +24,7 @@ export const CrossfeedFooter: React.FC = (props) => {
               </Link>
             </Grid>
           )}
-          <Grid className={footerClasses.footerNavItem} item xs={12} sm={2}>
+          {/* <Grid className={footerClasses.footerNavItem} item xs={12} sm={2}>
             <p>
               <Link
                 className={footerClasses.footerNavLink}
@@ -34,7 +34,7 @@ export const CrossfeedFooter: React.FC = (props) => {
                 Documentation
               </Link>
             </p>
-          </Grid>
+          </Grid> */}
           <Grid className={footerClasses.footerNavItem} item xs={12} sm={2}>
             <p>
               <Link

frontend/src/components/Layout.tsx

@@ -14,32 +14,8 @@ interface LayoutProps {
   children: React.ReactNode;
 }
 
-const parseTextToJSX = (text: String) => {
-  const lines = text.split('\n');
-  return lines.map((line, index) => {
-    const parts = line.split(/(\[.*?\]\(.*?\))/g).map((part, i) => {
-      const match = part.match(/\[(.*?)\]\((.*?)\)/);
-      if (match) {
-        return (
-          <a
-            key={i}
-            href={match[2]}
-            target="_blank"
-            rel="noopener noreferrer"
-            aria-label={match[2]}
-          >
-            {match[1]}
-          </a>
-        );
-      }
-      return part;
-    });
-    return <div key={index}>{parts}</div>;
-  });
-};
-
 export const Layout: React.FC<LayoutProps> = ({ children }) => {
-  const { apiGet, logout, user } = useAuthContext();
+  const { logout, user } = useAuthContext();
   const [loggedIn, setLoggedIn] = useState<boolean>(
     user !== null && user !== undefined ? true : false
   );
@@ -65,20 +41,6 @@ export const Layout: React.FC<LayoutProps> = ({ children }) => {
     else setLoggedIn(false);
   }, [user]);
 
-  const fetchWarningBannerText = useCallback(async () => {
-    try {
-      const text = await apiGet('/notifications/508-banner/');
-      const parsedText = parseTextToJSX(text);
-      setWarningBannerText(parsedText);
-    } catch (e) {
-      console.log(e);
-    }
-  }, [apiGet, setWarningBannerText]);
-
-  useEffect(() => {
-    fetchWarningBannerText();
-  }, [fetchWarningBannerText]);
-
   return (
     <StyledScopedCssBaseline classes={{ root: classes.overrides }}>
       <div className={classes.root}>
@@ -87,9 +49,6 @@ export const Layout: React.FC<LayoutProps> = ({ children }) => {
           onCountdownEnd={handleCountdownEnd}
           countdown={60} // 60 second timer for user inactivity timeout
         />
-        <Alert severity="warning" aria-label="warning label">
-          <div>{warningBannerText}</div>
-        </Alert>
         <div style={{ display: 'flex' }}>
           <GovBanner />
           <SkipToMainContent />

infrastructure/database.tf

@@ -35,7 +35,7 @@ resource "aws_db_instance" "db" {
   engine_version                      = "15.5"
   allow_major_version_upgrade         = true
   skip_final_snapshot                 = true
-  availability_zone                   = data.aws_availability_zones.available.names[0]
+  availability_zone                   = data.aws_availability_zones.available.names[1]
   multi_az                            = true
   backup_retention_period             = 35
   storage_encrypted                   = true

infrastructure/elasticache.tf

@@ -1,25 +1,28 @@
 resource "aws_security_group" "elasticache_security_group" {
+  count       = var.is_dmz ? 1 : 0
   name_prefix = "elasticache-"
   description = "ElastiCache security group"
-  vpc_id      = aws_vpc.crossfeed_vpc.id
+  vpc_id      = aws_vpc.crossfeed_vpc[0].id
   ingress {
     from_port   = 6379
     to_port     = 6379
     protocol    = "tcp"
-    cidr_blocks = [aws_vpc.crossfeed_vpc.cidr_block] // Dynamically restrict to a specific CIDR block, ideally your VPC's CIDR
+    cidr_blocks = [aws_vpc.crossfeed_vpc[0].cidr_block] // Dynamically restrict to a specific CIDR block, ideally your VPC's CIDR
   }
 }
 
 resource "aws_elasticache_subnet_group" "crossfeed_vpc" {
+  count      = var.is_dmz ? 1 : 0
   name       = "crossfeed-vpc-subnet-group"
-  subnet_ids = [aws_subnet.backend.id]
+  subnet_ids = [aws_subnet.backend[0].id]
 
   tags = {
     Name = "crossfeed_vpc"
   }
 }
 
 resource "aws_elasticache_parameter_group" "xfd_redis_group" {
+  count  = var.is_dmz ? 1 : 0
   name   = "my-redis7-1"
   family = "redis7"
 
@@ -35,11 +38,11 @@ resource "aws_elasticache_cluster" "crossfeed_vpc_elasticache_cluster" {
   engine               = "redis"
   node_type            = "cache.r7g.xlarge"
   num_cache_nodes      = 1
-  parameter_group_name = aws_elasticache_parameter_group.xfd_redis_group.name
+  parameter_group_name = aws_elasticache_parameter_group.xfd_redis_group[0].name
   engine_version       = "7.1"
   port                 = 6379
-  subnet_group_name    = aws_elasticache_subnet_group.crossfeed_vpc.name
-  security_group_ids   = [aws_security_group.elasticache_security_group.id]
+  subnet_group_name    = aws_elasticache_subnet_group.crossfeed_vpc[0].name
+  security_group_ids   = [aws_security_group.elasticache_security_group[0].id]
 
   tags = {
     Name    = "crossfeed_vpc_elasticache-cluster"
@@ -49,6 +52,7 @@ resource "aws_elasticache_cluster" "crossfeed_vpc_elasticache_cluster" {
 }
 
 resource "aws_iam_policy" "elasticache_policy" {
+  count       = var.is_dmz ? 1 : 0
   name        = "elasticache_policy"
   description = "Policy to allow ElastiCache operations"
   policy = jsonencode({
@@ -89,6 +93,7 @@ resource "aws_iam_policy" "elasticache_policy" {
 }
 
 resource "aws_iam_user_policy_attachment" "elasticache_user_policy_attachment" {
+  count      = var.is_dmz ? 1 : 0
   user       = "crossfeed-deploy-staging"
-  policy_arn = aws_iam_policy.elasticache_policy.arn
+  policy_arn = aws_iam_policy.elasticache_policy[0].arn
 }

infrastructure/prod-lz.tfvars

@@ -11,7 +11,7 @@ api_domain                        = "api.crossfeed.cyber.dhs.gov"
 db_name                           = "crossfeed-prod-db"
 db_port                           = 5432
 db_table_name                     = "cfproddb"
-db_instance_class                 = "db.m5.xlarge"
+db_instance_class                 = "db.m5.4xlarge"
 ssm_crossfeed_vpc_name            = "/crossfeed/prod/VPC_NAME"
 log_metric_namespace              = "LogMetrics"
 log_metric_api_error_rate         = "crossfeed-prod-APIErrorRate"
@@ -119,4 +119,6 @@ ssm_redshift_user                 = "/crossfeed/prod/REDSHIFT_USER"
 ssm_redshift_password             = "/crossfeed/prod/REDSHIFT_PASSWORD"
 ssm_pe_api_key                    = "/crossfeed/prod/PE_API_KEY"
 ssm_cf_api_key                    = "/crossfeed/prod/CF_API_KEY"
-ssm_intelx_api_key                = "/crossfeed/prod/INTELX_API_KEY"
+ssm_intelx_api_key                = "/crossfeed/prod/INTELX_API_KEY"
+ssm_xpanse_api_key                = "/crossfeed/prod/XPANSE_API_KEY"
+ssm_xpanse_auth_id                = "/crossfeed/prod/XPANSE_AUTH_ID"

infrastructure/stage-lz.tfvars

@@ -119,3 +119,4 @@ ssm_redshift_user                 = "/crossfeed/staging/REDSHIFT_USER"
 ssm_redshift_password             = "/crossfeed/staging/REDSHIFT_PASSWORD"
 ssm_pe_api_key                    = "/crossfeed/staging/PE_API_KEY"
 ssm_cf_api_key                    = "/crossfeed/staging/CF_API_KEY"
+create_elasticache_cluster        = false

infrastructure/vars.tf

@@ -693,12 +693,6 @@ variable "ssm_worker_kms_keys" {
   default     = "/crossfeed/staging/WORKER_KMS_KEYS"
 }
 
-variable "ssm_intelx_api_key" {
-  description = "ssm_intelx_api_key"
-  type        = string
-  default     = "/crossfeed/staging/INTELX_API_KEY"
-}
-
 variable "ssm_pe_api_key" {
   description = "ssm_pe_api_key"
   type        = string

infrastructure/worker.tf

@@ -431,8 +431,6 @@ data "aws_ssm_parameter" "worker_signature_private_key" { name = var.ssm_worker_
 
 data "aws_ssm_parameter" "https_proxy" { name = var.ssm_https_proxy }
 
-data "aws_ssm_parameter" "intelx_api_key" { name = var.ssm_intelx_api_key }
-
 data "aws_ssm_parameter" "pe_api_key" { name = var.ssm_pe_api_key }
 
 data "aws_ssm_parameter" "cf_api_key" { name = var.ssm_cf_api_key }