From 2d95d0bd96ab9020dd8a7808b24a11385b36176c Mon Sep 17 00:00:00 2001 From: briancaffey Date: Sun, 1 Jan 2023 22:06:36 -0500 Subject: [PATCH] feat(refactor): major refactor of ad hoc environment modules --- Makefile | 71 ++++++++------- examples/ad-hoc/{ => app}/.gitignore | 0 examples/ad-hoc/app/main.tf | 41 +++++++++ examples/ad-hoc/app/outputs.tf | 3 + examples/ad-hoc/app/variables.tf | 14 +++ examples/ad-hoc/base/.gitignore | 6 ++ examples/ad-hoc/base/main.tf | 22 +++++ examples/ad-hoc/base/outputs.tf | 46 ++++++++++ examples/ad-hoc/base/variables.tf | 13 +++ examples/ad-hoc/main.tf | 57 ------------ examples/ad-hoc/variables.tf | 48 ----------- examples/prod/app/main.tf | 3 +- examples/prod/base/outputs.tf | 10 +-- examples/prod/base/variables.tf | 4 - modules/ad-hoc/app/main.tf | 86 ++++++++----------- modules/ad-hoc/app/variables.tf | 77 +++-------------- modules/ad-hoc/base/main.tf | 24 +++--- modules/ad-hoc/base/outputs.tf | 48 +++-------- modules/ad-hoc/base/variables.tf | 17 +++- modules/internal/app/prod/celery_beat/main.tf | 4 +- .../app/prod/celery_beat/variables.tf | 4 +- .../internal/app/prod/celery_worker/main.tf | 4 +- .../app/prod/celery_worker/variables.tf | 4 +- .../app/prod/management_command/outputs.tf | 2 +- .../app/prod/management_command/variables.tf | 14 +-- modules/internal/app/prod/web/main.tf | 4 +- modules/internal/app/prod/web/variables.tf | 9 +- modules/internal/bastion/main.tf | 4 +- modules/internal/bastion/outputs.tf | 3 - modules/internal/bastion/variables.tf | 4 +- modules/internal/celery_beat/main.tf | 12 +-- modules/internal/celery_beat/variables.tf | 14 +-- modules/internal/celery_worker/main.tf | 12 +-- modules/internal/celery_worker/variables.tf | 14 +-- modules/internal/elasticache/main.tf | 4 +- modules/internal/elasticache/variables.tf | 4 +- modules/internal/lb/outputs.tf | 4 - modules/internal/management_command/main.tf | 8 +- .../internal/management_command/outputs.tf | 4 +- .../internal/management_command/variables.tf | 14 +-- modules/internal/rds/main.tf | 4 +- modules/internal/rds/variables.tf | 4 +- modules/internal/redis/main.tf | 12 +-- modules/internal/redis/variables.tf | 20 ++--- modules/internal/sg/main.tf | 4 +- modules/internal/sg/outputs.tf | 4 +- modules/internal/web/main.tf | 12 +-- modules/internal/web/variables.tf | 19 +--- modules/prod/app/main.tf | 22 +++-- modules/prod/app/variables.tf | 11 +-- modules/prod/base/main.tf | 8 +- modules/prod/base/outputs.tf | 25 +----- modules/prod/base/variables.tf | 2 +- 53 files changed, 373 insertions(+), 510 deletions(-) rename examples/ad-hoc/{ => app}/.gitignore (100%) create mode 100644 examples/ad-hoc/app/main.tf create mode 100644 examples/ad-hoc/app/outputs.tf create mode 100644 examples/ad-hoc/app/variables.tf create mode 100644 examples/ad-hoc/base/.gitignore create mode 100644 examples/ad-hoc/base/main.tf create mode 100644 examples/ad-hoc/base/outputs.tf create mode 100644 examples/ad-hoc/base/variables.tf delete mode 100644 examples/ad-hoc/main.tf delete mode 100644 examples/ad-hoc/variables.tf delete mode 100644 modules/internal/bastion/outputs.tf diff --git a/Makefile b/Makefile index f454d49..e9100c1 100644 --- a/Makefile +++ b/Makefile @@ -1,56 +1,65 @@ -examples-simple-init: - terraform -chdir=examples/simple init +# commands used for local development -examples-simple-plan: - terraform -chdir=examples/simple plan +tf-fmt: + terraform fmt -recursive + +tf-validate: + terraform validate + +# ad hoc environment stacks + +# ad hoc base +ad-hoc-base-init: + terraform -chdir=examples/ad-hoc/base init + +ad-hoc-base-plan: + terraform -chdir=examples/ad-hoc/base plan -examples-simple-apply: - terraform -chdir=examples/simple apply +ad-hoc-base-apply: + terraform -chdir=examples/ad-hoc/base apply -examples-simple: examples-simple-init examples-simple-plan examples-simple-apply +ad-hoc-base-destroy: + terraform -chdir=examples/ad-hoc/base destroy -examples-simple-destroy: - terraform -chdir=examples/simple destroy +# ad hoc app +ad-hoc-app-init: + terraform -chdir=examples/ad-hoc/app init -examples-ad-hoc-init: - terraform -chdir=examples/ad-hoc init -backend-config=backend.config +ad-hoc-app-plan: + terraform -chdir=examples/ad-hoc/app plan -examples-ad-hoc-plan: - terraform -chdir=examples/ad-hoc plan +ad-hoc-app-apply: + terraform -chdir=examples/ad-hoc/app apply -examples-ad-hoc-apply: - terraform -chdir=examples/ad-hoc apply +ad-hoc-app-destroy: + terraform -chdir=examples/ad-hoc/app destroy -# PROD base +# prod environment stacks -examples-prod-base-init: +# prod base + +prod-base-init: terraform -chdir=examples/prod/base init -examples-prod-base-plan: +prod-base-plan: terraform -chdir=examples/prod/base plan -examples-prod-base-apply: +prod-base-apply: terraform -chdir=examples/prod/base apply -examples-prod-base-destroy: +prod-base-destroy: terraform -chdir=examples/prod/base destroy -# PROD app +# prod app -examples-prod-app-init: +prod-app-init: TF_LOG=ERROR terraform -chdir=examples/prod/app init 2> logs.txt -examples-prod-app-plan: +prod-app-plan: terraform -chdir=examples/prod/app plan -examples-prod-app-apply: +prod-app-apply: terraform -chdir=examples/prod/app apply -examples-prod-app-destroy: +prod-app-destroy: terraform -chdir=examples/prod/app destroy - -tf-fmt: - terraform fmt -recursive - -tf-validate: - terraform validate \ No newline at end of file diff --git a/examples/ad-hoc/.gitignore b/examples/ad-hoc/app/.gitignore similarity index 100% rename from examples/ad-hoc/.gitignore rename to examples/ad-hoc/app/.gitignore diff --git a/examples/ad-hoc/app/main.tf b/examples/ad-hoc/app/main.tf new file mode 100644 index 0000000..d602840 --- /dev/null +++ b/examples/ad-hoc/app/main.tf @@ -0,0 +1,41 @@ +terraform { + required_version = ">=1.3.6" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "4.48.0" + } + } + + backend "local" {} +} + +provider "aws" { + region = var.region +} + +data "terraform_remote_state" "this" { + backend = "local" + + config = { + path = "../base/terraform.tfstate" + } +} + +module "main" { + source = "../../../modules/ad-hoc/app" + + vpc_id = data.terraform_remote_state.this.outputs.vpc_id + assets_bucket_name = data.terraform_remote_state.this.outputs.assets_bucket_name + private_subnet_ids = data.terraform_remote_state.this.outputs.private_subnet_ids + app_sg_id = data.terraform_remote_state.this.outputs.app_sg_id + alb_sg_id = data.terraform_remote_state.this.outputs.alb_sg_id + listener_arn = data.terraform_remote_state.this.outputs.listener_arn + alb_dns_name = data.terraform_remote_state.this.outputs.alb_dns_name + service_discovery_namespace_id = data.terraform_remote_state.this.outputs.service_discovery_namespace_id + rds_address = data.terraform_remote_state.this.outputs.rds_address + domain_name = data.terraform_remote_state.this.outputs.domain_name + base_stack_name = data.terraform_remote_state.this.outputs.base_stack_name + region = var.region +} \ No newline at end of file diff --git a/examples/ad-hoc/app/outputs.tf b/examples/ad-hoc/app/outputs.tf new file mode 100644 index 0000000..07ed007 --- /dev/null +++ b/examples/ad-hoc/app/outputs.tf @@ -0,0 +1,3 @@ +output "backend_update_script" { + value = module.main.backend_update_command +} \ No newline at end of file diff --git a/examples/ad-hoc/app/variables.tf b/examples/ad-hoc/app/variables.tf new file mode 100644 index 0000000..401ae28 --- /dev/null +++ b/examples/ad-hoc/app/variables.tf @@ -0,0 +1,14 @@ +variable "region" { + default = "us-east-1" +} + + +############################################################################## +# Frontend +############################################################################## + +variable "extra_env_vars" { + description = "User-defined environment variables to pass to the backend service and task containers (api, worker, migrate, etc.)" + type = list(object({ name = string, value = string })) + default = [] +} \ No newline at end of file diff --git a/examples/ad-hoc/base/.gitignore b/examples/ad-hoc/base/.gitignore new file mode 100644 index 0000000..5d581fa --- /dev/null +++ b/examples/ad-hoc/base/.gitignore @@ -0,0 +1,6 @@ +terraform.state +terraform.tfstate +terraform.tfvars +.terraform +terraform.tfstate.backup +backend.config \ No newline at end of file diff --git a/examples/ad-hoc/base/main.tf b/examples/ad-hoc/base/main.tf new file mode 100644 index 0000000..830d394 --- /dev/null +++ b/examples/ad-hoc/base/main.tf @@ -0,0 +1,22 @@ +terraform { + required_version = ">=1.3.6" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "4.48.0" + } + } + + backend "local" {} +} + +provider "aws" { + region = var.region +} + +module "main" { + source = "../../../modules/ad-hoc/base" + certificate_arn = var.certificate_arn + domain_name = var.domain_name +} \ No newline at end of file diff --git a/examples/ad-hoc/base/outputs.tf b/examples/ad-hoc/base/outputs.tf new file mode 100644 index 0000000..25727a7 --- /dev/null +++ b/examples/ad-hoc/base/outputs.tf @@ -0,0 +1,46 @@ +output "vpc_id" { + value = module.main.vpc_id +} + +output "assets_bucket_name" { + value = module.main.assets_bucket_name + description = "Bucket name used for S3 assets" +} + +output "private_subnet_ids" { + value = module.main.private_subnet_ids +} + +output "app_sg_id" { + value = module.main.app_sg_id +} + +output "alb_sg_id" { + value = module.main.alb_sg_id +} + +output "listener_arn" { + value = module.main.listener_arn +} + +output "alb_dns_name" { + value = module.main.alb_dns_name +} + +output "service_discovery_namespace_id" { + value = module.main.service_discovery_namespace_id + description = "service discovery namespace id" +} + +output "rds_address" { + value = module.main.rds_address + description = "address of the RDS instance" +} + +output "domain_name" { + value = module.main.domain_name +} + +output "base_stack_name" { + value = module.main.base_stack_name +} diff --git a/examples/ad-hoc/base/variables.tf b/examples/ad-hoc/base/variables.tf new file mode 100644 index 0000000..0e49799 --- /dev/null +++ b/examples/ad-hoc/base/variables.tf @@ -0,0 +1,13 @@ +variable "region" { + type = string + default = "us-east-1" +} + +variable "certificate_arn" { + type = string +} + +variable "domain_name" { + description = "Route53 domain name (e.g. example.com)" + type = string +} diff --git a/examples/ad-hoc/main.tf b/examples/ad-hoc/main.tf deleted file mode 100644 index 195d36b..0000000 --- a/examples/ad-hoc/main.tf +++ /dev/null @@ -1,57 +0,0 @@ -# terraform_remote_state - -terraform { - required_version = ">=1.1.7" - - required_providers { - aws = { - source = "hashicorp/aws" - version = "4.4.0" - } - } - - backend "s3" {} -} - -provider "aws" { - region = var.region -} - -# shared resources -# see https://github.com/briancaffey/terraform-aws-ad-hoc-environments - -data "terraform_remote_state" "shared" { - backend = "s3" - config = { - bucket = var.s3_bucket - key = var.key - region = var.region - } -} - -# main - -module "main" { - source = "../../modules/ad-hoc" - - # shared resources -- taken from terraform_remote_state data source above - - vpc_id = data.terraform_remote_state.shared.outputs.vpc_id - private_subnets = data.terraform_remote_state.shared.outputs.private_subnets - public_subnets = data.terraform_remote_state.shared.outputs.public_subnets - listener_arn = data.terraform_remote_state.shared.outputs.listener_arn - alb_dns_name = data.terraform_remote_state.shared.outputs.alb_dns_name - service_discovery_namespace_id = data.terraform_remote_state.shared.outputs.service_discovery_namespace_id - task_role_arn = data.terraform_remote_state.shared.outputs.task_role_arn - execution_role_arn = data.terraform_remote_state.shared.outputs.execution_role_arn - rds_address = data.terraform_remote_state.shared.outputs.rds_address - alb_default_tg_arn = data.terraform_remote_state.shared.outputs.alb_default_tg_arn - ecs_sg_id = data.terraform_remote_state.shared.outputs.ecs_sg_id - - # per environment settings -- taken from .tfvars files - - ecr_be_repo_url = var.ecr_be_repo_url - ecr_fe_repo_url = var.ecr_fe_repo_url - region = var.region - domain_name = var.domain_name -} \ No newline at end of file diff --git a/examples/ad-hoc/variables.tf b/examples/ad-hoc/variables.tf deleted file mode 100644 index b90156e..0000000 --- a/examples/ad-hoc/variables.tf +++ /dev/null @@ -1,48 +0,0 @@ -variable "region" { - default = "us-east-1" -} - -variable "s3_bucket" { - type = string -} - -variable "key" { - type = string -} - -############################################################################## -# Route 53 -############################################################################## - -variable "domain_name" { - description = "Domain name (e.g. example.com)" - type = string -} - -variable "ecr_be_repo_url" { - description = "URL of the ECR repository that contains the backend image. Take from output value of bootstrap" -} - -variable "be_image_tag" { - description = "Image tag to use in backend container definitions" - default = "latest" -} - -variable "ecr_fe_repo_url" { - description = "URL of the ECR repository that contains the frontend image. Take from output value of bootstrap" -} - -variable "fe_image_tag" { - description = "Image tag to use in frontend container definitions" - default = "latest" -} - -############################################################################## -# Frontend -############################################################################## - -variable "extra_env_vars" { - description = "User-defined environment variables to pass to the backend service and task containers (api, worker, migrate, etc.)" - type = list(object({ name = string, value = string })) - default = [] -} \ No newline at end of file diff --git a/examples/prod/app/main.tf b/examples/prod/app/main.tf index 4a9fe09..351c164 100644 --- a/examples/prod/app/main.tf +++ b/examples/prod/app/main.tf @@ -31,8 +31,7 @@ module "main" { execution_role_arn = data.terraform_remote_state.shared.outputs.execution_role_arn listener_arn = data.terraform_remote_state.shared.outputs.listener_arn alb_dns_name = data.terraform_remote_state.shared.outputs.alb_dns_name - ecs_sg_id = data.terraform_remote_state.shared.outputs.ecs_sg_id - alb_default_tg_arn = data.terraform_remote_state.shared.outputs.alb_default_tg_arn + app_sg_id = data.terraform_remote_state.shared.outputs.app_sg_id private_subnets = data.terraform_remote_state.shared.outputs.private_subnets public_subnets = data.terraform_remote_state.shared.outputs.public_subnets diff --git a/examples/prod/base/outputs.tf b/examples/prod/base/outputs.tf index d8c2065..3d21d12 100644 --- a/examples/prod/base/outputs.tf +++ b/examples/prod/base/outputs.tf @@ -26,15 +26,11 @@ output "alb_dns_name" { value = module.main.alb_dns_name } -output "ecs_sg_id" { - value = module.main.ecs_sg_id +output "app_sg_id" { + value = module.main.app_sg_id } -output "alb_default_tg_arn" { - value = module.main.alb_default_tg_arn -} - -output "private_subnets" { +output "private_subnet_ids" { value = module.main.private_subnets } diff --git a/examples/prod/base/variables.tf b/examples/prod/base/variables.tf index feeadd3..e8fa75a 100644 --- a/examples/prod/base/variables.tf +++ b/examples/prod/base/variables.tf @@ -6,7 +6,3 @@ variable "region" { type = string default = "us-east-1" } - -variable "key_name" { - type = string -} \ No newline at end of file diff --git a/modules/ad-hoc/app/main.tf b/modules/ad-hoc/app/main.tf index fe7652e..2fd8a5a 100644 --- a/modules/ad-hoc/app/main.tf +++ b/modules/ad-hoc/app/main.tf @@ -7,13 +7,11 @@ module "ecs" { } ############################################################################### -# S3 - TODO add S3 bucket resource for app assets +# IAM ############################################################################### -module "s3" { - source = "../../internal/s3" - bucket_name = "${replace(var.domain_name, ".", "-")}-${terraform.workspace}-bucket" - force_destroy = var.force_destroy +module "iam" { + source = "../../internal/iam" } ############################################################################### @@ -23,16 +21,14 @@ module "s3" { module "redis" { source = "../../internal/redis" name = "redis" + image = "redis:5.0.3-alpine" vpc_id = var.vpc_id - task_role_arn = var.task_role_arn - execution_role_arn = var.execution_role_arn - private_subnets = var.private_subnets + task_role_arn = module.iam.task_role_arn + execution_role_arn = module.iam.execution_role_arn + private_subnet_ids = var.private_subnet_ids ecs_cluster_id = module.ecs.cluster_id - ecs_sg_id = var.ecs_sg_id + app_sg_id = var.app_sg_id service_discovery_namespace_id = var.service_discovery_namespace_id - log_group_name = "/ecs/${terraform.workspace}/redis" - log_stream_prefix = "redis" - image = "redis:5.0.3-alpine" region = var.region } @@ -50,11 +46,13 @@ module "route53" { # Common variables for ECS Services and Tasks ############################################################################### +data "aws_caller_identity" "current" {} + locals { env_vars = [ { name = "REDIS_SERVICE_HOST" - value = "${terraform.workspace}-redis.${var.shared_resources_workspace}-sd-ns" + value = "${terraform.workspace}-redis.${var.base_stack_name}-sd-ns" }, { name = "POSTGRES_SERVICE_HOST" @@ -70,7 +68,7 @@ locals { }, { name = "S3_BUCKET_NAME" - value = module.s3.bucket_name + value = var.assets_bucket_name }, { name = "FRONTEND_URL" @@ -81,8 +79,8 @@ locals { value = var.domain_name } ] - be_image = "${var.ecr_be_repo_url}:${var.be_image_tag}" - fe_image = "${var.ecr_fe_repo_url}:${var.fe_image_tag}" + be_image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.us-east-1.amazonaws.com/backend:latest" + fe_image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.us-east-1.amazonaws.com/frontend:latest" host_name = "${terraform.workspace}.${var.domain_name}" } @@ -94,16 +92,12 @@ module "api" { source = "../../internal/web" name = "gunicorn" ecs_cluster_id = module.ecs.cluster_id - task_role_arn = var.task_role_arn - execution_role_arn = var.execution_role_arn - ecs_sg_id = var.ecs_sg_id + task_role_arn = module.iam.task_role_arn + execution_role_arn = module.iam.execution_role_arn + app_sg_id = var.app_sg_id command = var.api_command env_vars = concat(local.env_vars, var.extra_env_vars) image = local.be_image - alb_default_tg_arn = var.alb_default_tg_arn - log_group_name = "/ecs/${terraform.workspace}/api" - log_stream_prefix = "api" - region = var.region cpu = var.api_cpu memory = var.api_memory port = 8000 @@ -111,8 +105,9 @@ module "api" { health_check_path = "/api/health-check/" listener_arn = var.listener_arn vpc_id = var.vpc_id - private_subnets = var.private_subnets + private_subnet_ids = var.private_subnet_ids host_name = local.host_name + region = var.region } ############################################################################### @@ -123,15 +118,12 @@ module "web-ui" { source = "../../internal/web" name = "web-ui" ecs_cluster_id = module.ecs.cluster_id - ecs_sg_id = var.ecs_sg_id - task_role_arn = var.task_role_arn - execution_role_arn = var.execution_role_arn + app_sg_id = var.app_sg_id + task_role_arn = module.iam.task_role_arn + execution_role_arn = module.iam.execution_role_arn command = var.frontend_command env_vars = [] image = local.fe_image - alb_default_tg_arn = var.alb_default_tg_arn - log_group_name = "/ecs/${terraform.workspace}/web-ui" - log_stream_prefix = "web-ui" region = var.region cpu = var.api_cpu memory = var.api_memory @@ -140,7 +132,7 @@ module "web-ui" { health_check_path = "/" listener_arn = var.listener_arn vpc_id = var.vpc_id - private_subnets = var.private_subnets + private_subnet_ids = var.private_subnet_ids host_name = local.host_name # this is needed in order to for the listener rule priorities to work correctly @@ -155,19 +147,17 @@ module "web-ui" { module "default_celery_worker" { source = "../../internal/celery_worker" name = "default" - ecs_sg_id = var.ecs_sg_id + app_sg_id = var.app_sg_id ecs_cluster_id = module.ecs.cluster_id - task_role_arn = var.task_role_arn - execution_role_arn = var.execution_role_arn + task_role_arn = module.iam.task_role_arn + execution_role_arn = module.iam.execution_role_arn command = var.default_celery_worker_command env_vars = concat(local.env_vars, var.extra_env_vars) image = local.be_image - log_group_name = "/ecs/${terraform.workspace}/celery-default-worker" - log_stream_prefix = "celery-default-worker" region = var.region cpu = var.default_celery_worker_cpu memory = var.default_celery_worker_memory - private_subnets = var.private_subnets + private_subnet_ids = var.private_subnet_ids } ############################################################################### @@ -178,18 +168,16 @@ module "celery_beat" { source = "../../internal/celery_beat" name = "beat" ecs_cluster_id = module.ecs.cluster_id - ecs_sg_id = var.ecs_sg_id - task_role_arn = var.task_role_arn - execution_role_arn = var.execution_role_arn + app_sg_id = var.app_sg_id + task_role_arn = module.iam.task_role_arn + execution_role_arn = module.iam.execution_role_arn command = var.celery_beat_command env_vars = concat(local.env_vars, var.extra_env_vars) image = local.be_image - log_group_name = "/ecs/${terraform.workspace}/celery-beat" - log_stream_prefix = "celery-beat" region = var.region cpu = var.celery_beat_cpu memory = var.celery_beat_memory - private_subnets = var.private_subnets + private_subnet_ids = var.private_subnet_ids } ############################################################################### @@ -197,19 +185,17 @@ module "celery_beat" { ############################################################################### module "backend_update" { + source = "../../internal/management_command" name = "backend_update" - source = "../../internal/app/prod/management_command" ecs_cluster_id = module.ecs.cluster_id - ecs_sg_id = var.ecs_sg_id - task_role_arn = var.task_role_arn - execution_role_arn = var.execution_role_arn + app_sg_id = var.app_sg_id + task_role_arn = module.iam.task_role_arn + execution_role_arn = module.iam.execution_role_arn command = var.backend_update_command env_vars = concat(local.env_vars, var.extra_env_vars) image = local.be_image - log_group_name = "/ecs/${terraform.workspace}/backend_update" - log_stream_prefix = "backend_update" region = var.region cpu = var.backend_update_cpu memory = var.backend_update_memory - private_subnets = var.private_subnets + private_subnet_ids = var.private_subnet_ids } diff --git a/modules/ad-hoc/app/variables.tf b/modules/ad-hoc/app/variables.tf index b74922e..cd2d5a7 100644 --- a/modules/ad-hoc/app/variables.tf +++ b/modules/ad-hoc/app/variables.tf @@ -1,36 +1,19 @@ -################################################ -# Variables read from terraform_remote_state -# -# https://registry.terraform.io/modules/briancaffey/ad-hoc-environments/aws/latest -# -# https://github.com/briancaffey/terraform-aws-ad-hoc-environments -# -# Shared resources -################################################# - -variable "shared_resources_workspace" { - type = string -} - -# VPC - variable "vpc_id" { type = string } -variable "private_subnets" { +variable "private_subnet_ids" { type = list(string) } -variable "public_subnets" { - type = list(string) +variable "app_sg_id" { + type = string + description = "App Security Group ID" } -# Security Groups - -variable "ecs_sg_id" { +variable "alb_sg_id" { type = string - description = "ECS Security Group ID" + description = "ALB Security Group ID" } # Load balancer @@ -50,28 +33,12 @@ variable "service_discovery_namespace_id" { type = string } -# IAM - -variable "task_role_arn" { - type = string -} - -variable "execution_role_arn" { - type = string -} - # RDS variable "rds_address" { type = string } -# alb_default_tg_arn -variable "alb_default_tg_arn" { - type = string - description = "default target group ARN" -} - ############################################################################## # AWS @@ -100,24 +67,6 @@ variable "domain_name" { type = string } -variable "ecr_be_repo_url" { - description = "URL of the ECR repository that contains the backend image. Take from output value of bootstrap" -} - -variable "be_image_tag" { - description = "Image tag to use in backend container definitions" - default = "latest" -} - -variable "ecr_fe_repo_url" { - description = "URL of the ECR repository that contains the frontend image. Take from output value of bootstrap" -} - -variable "fe_image_tag" { - description = "Image tag to use in frontend container definitions" - default = "latest" -} - ############################################################################## # Application Services - Gunicorn, Celery, Beat, frontend SPA, etc. ############################################################################## @@ -240,12 +189,12 @@ variable "backend_update_memory" { type = number } -############################################################################## -# S3 -############################################################################## +variable "assets_bucket_name" { + description = "S3 bucket name for assets" + type = string +} -variable "force_destroy" { - description = "Force destroy of S3 bucket" - default = true - type = bool +variable "base_stack_name" { + description = "Name of the base stack that the ad hoc env is created in." + type = string } diff --git a/modules/ad-hoc/base/main.tf b/modules/ad-hoc/base/main.tf index 02d1b66..a4498e0 100644 --- a/modules/ad-hoc/base/main.tf +++ b/modules/ad-hoc/base/main.tf @@ -9,7 +9,7 @@ module "vpc" { cidr = var.cidr azs = var.azs - private_subnets = var.private_subnets + private_subnets = var.private_subnet_ids public_subnets = var.public_subnets enable_nat_gateway = true @@ -21,6 +21,16 @@ module "vpc" { enable_dns_support = true } +############################################################################### +# S3 - TODO add S3 bucket resource for app assets +############################################################################### + +module "s3" { + source = "../../internal/s3" + bucket_name = "${replace(var.domain_name, ".", "-")}-${terraform.workspace}-assets-bucket" + force_destroy = var.force_destroy +} + ############################################################################### # Security groups ############################################################################### @@ -51,21 +61,13 @@ module "sd" { vpc_id = module.vpc.vpc_id } -############################################################################### -# IAM -############################################################################### - -module "iam" { - source = "../../internal/iam" -} - ############################################################################### # RDS ############################################################################### module "rds" { source = "../../internal/rds" - ecs_sg_id = module.sg.ecs_sg_id + app_sg_id = module.sg.app_sg_id vpc_id = module.vpc.vpc_id private_subnets = module.vpc.private_subnets port = var.port @@ -84,7 +86,7 @@ module "bastion" { source = "../../internal/bastion" vpc_id = module.vpc.vpc_id alb_sg_id = module.sg.alb_sg_id - ecs_sg_id = module.sg.ecs_sg_id + app_sg_id = module.sg.app_sg_id private_subnets = module.vpc.private_subnets rds_address = module.rds.address } diff --git a/modules/ad-hoc/base/outputs.tf b/modules/ad-hoc/base/outputs.tf index f8fb31e..6b64a83 100644 --- a/modules/ad-hoc/base/outputs.tf +++ b/modules/ad-hoc/base/outputs.tf @@ -1,70 +1,46 @@ -# VPC - output "vpc_id" { value = module.vpc.vpc_id } -output "private_subnets" { - value = module.vpc.private_subnets +output "assets_bucket_name" { + value = module.s3.bucket_name + description = "Bucket name used for S3 assets" } -output "public_subnets" { - value = module.vpc.public_subnets +output "private_subnet_ids" { + value = module.vpc.private_subnets } -# security groups - -output "ecs_sg_id" { - value = module.sg.ecs_sg_id +output "app_sg_id" { + value = module.sg.app_sg_id } output "alb_sg_id" { value = module.sg.alb_sg_id } -# Load balancer - output "listener_arn" { value = module.lb.listener_arn } -output "alb_default_tg_arn" { - value = module.lb.alb_default_tg_arn -} - output "alb_dns_name" { value = module.lb.alb_dns_name } -# Service Discovery - output "service_discovery_namespace_id" { value = module.sd.service_discovery_namespace_id description = "service discovery namespace id" } -# IAM - -output "task_role_arn" { - value = module.iam.task_role_arn - description = "arn of the role that is used by the application code to access AWS resources" -} - -output "execution_role_arn" { - value = module.iam.execution_role_arn - description = "arn of the role that is used by the ECS agent to access AWS resources" -} - -# RDS - output "rds_address" { value = module.rds.address description = "address of the RDS instance" } -# Bastion +output "domain_name" { + value = var.domain_name +} -output "bastion_public_ip" { - value = module.bastion.public_ip - description = "bastion host public ip" +output "base_stack_name" { + value = terraform.workspace } diff --git a/modules/ad-hoc/base/variables.tf b/modules/ad-hoc/base/variables.tf index 62b1cc1..f327652 100644 --- a/modules/ad-hoc/base/variables.tf +++ b/modules/ad-hoc/base/variables.tf @@ -14,7 +14,7 @@ variable "azs" { type = list(string) } -variable "private_subnets" { +variable "private_subnet_ids" { default = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] description = "Private subnets to use for VPC" type = list(string) @@ -31,6 +31,11 @@ variable "certificate_arn" { type = string } +variable "domain_name" { + description = "Route53 domain domain name used" + type = string +} + ############################################################################## # RDS (Optional Variables for RDS configuration - defaults to Postgres 13.4) ############################################################################## @@ -64,3 +69,13 @@ variable "rds_password" { type = string default = "postgres" } + +############################################################################## +# S3 +############################################################################## + +variable "force_destroy" { + description = "Force destroy of S3 bucket" + default = true + type = bool +} diff --git a/modules/internal/app/prod/celery_beat/main.tf b/modules/internal/app/prod/celery_beat/main.tf index 07eb80b..ea0a692 100644 --- a/modules/internal/app/prod/celery_beat/main.tf +++ b/modules/internal/app/prod/celery_beat/main.tf @@ -55,8 +55,8 @@ resource "aws_ecs_service" "this" { network_configuration { assign_public_ip = true - security_groups = [var.ecs_sg_id] - subnets = var.private_subnets + security_groups = [var.app_sg_id] + subnets = var.private_subnet_ids } lifecycle { diff --git a/modules/internal/app/prod/celery_beat/variables.tf b/modules/internal/app/prod/celery_beat/variables.tf index 99aaeb6..f15c051 100644 --- a/modules/internal/app/prod/celery_beat/variables.tf +++ b/modules/internal/app/prod/celery_beat/variables.tf @@ -67,7 +67,7 @@ variable "memory" { } -variable "ecs_sg_id" { +variable "app_sg_id" { description = "ECS Security Group ID" type = string } @@ -76,6 +76,6 @@ variable "execution_role_arn" { type = string } -variable "private_subnets" { +variable "private_subnet_ids" { type = list(string) } \ No newline at end of file diff --git a/modules/internal/app/prod/celery_worker/main.tf b/modules/internal/app/prod/celery_worker/main.tf index ad3547b..1556b42 100644 --- a/modules/internal/app/prod/celery_worker/main.tf +++ b/modules/internal/app/prod/celery_worker/main.tf @@ -54,8 +54,8 @@ resource "aws_ecs_service" "this" { network_configuration { assign_public_ip = true - security_groups = [var.ecs_sg_id] - subnets = var.private_subnets + security_groups = [var.app_sg_id] + subnets = var.private_subnet_ids } lifecycle { diff --git a/modules/internal/app/prod/celery_worker/variables.tf b/modules/internal/app/prod/celery_worker/variables.tf index 7051b71..21de5a5 100644 --- a/modules/internal/app/prod/celery_worker/variables.tf +++ b/modules/internal/app/prod/celery_worker/variables.tf @@ -66,7 +66,7 @@ variable "memory" { type = number } -variable "ecs_sg_id" { +variable "app_sg_id" { description = "ECS Security Group ID" type = string } @@ -76,6 +76,6 @@ variable "execution_role_arn" { type = string } -variable "private_subnets" { +variable "private_subnet_ids" { type = list(string) } \ No newline at end of file diff --git a/modules/internal/app/prod/management_command/outputs.tf b/modules/internal/app/prod/management_command/outputs.tf index 81a812a..b1426c2 100644 --- a/modules/internal/app/prod/management_command/outputs.tf +++ b/modules/internal/app/prod/management_command/outputs.tf @@ -7,7 +7,7 @@ output "task_execution_command" { value = <