Merge pull request #41 from i-dot-ai/add/ecs-terraform

Add/ecs terraform
i-dot-ai · Mar 25, 2024 · 666cc74 · 666cc74
2 parents 0160f38 + 4d15f7c
commit 666cc74
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 48 deletions.
diff --git a/infrastructure/cognito.tf b/infrastructure/cognito.tf
@@ -1,34 +1,34 @@
-# resource "aws_cognito_user" "this" {
-#   for_each     = toset(var.cognito_usernames)
-#   user_pool_id = module.cognito.user_pool_id
-#   username     = each.key
+resource "aws_cognito_user" "this" {
+  for_each     = toset(var.cognito_usernames)
+  user_pool_id = module.cognito.user_pool_id
+  username     = each.key
 
-#   desired_delivery_mediums = ["EMAIL"]
-#   temporary_password       = random_password.this[each.key].result
-#   attributes = {
-#     email          = each.key
-#     email_verified = true
-#   }
-# }
+  desired_delivery_mediums = ["EMAIL"]
+  temporary_password       = random_password.this[each.key].result
+  attributes = {
+    email          = each.key
+    email_verified = true
+  }
+}
 
-# resource "random_password" "this" {
-#   for_each    = toset(var.cognito_usernames)
-#   length      = 16
-#   min_numeric = 1
-#   min_special = 1
-#   min_upper   = 1
-#   min_lower   = 1
-#   special     = true
-# }
+resource "random_password" "this" {
+  for_each    = toset(var.cognito_usernames)
+  length      = 16
+  min_numeric = 1
+  min_special = 1
+  min_upper   = 1
+  min_lower   = 1
+  special     = true
+}
 
-# module "cognito" {
-#   # checkov:skip=CKV_SECRET_4:Skip secret check as these have to be used within the Github Action
-#   source                    = "../../i-ai-core-infrastructure//modules/cognito"
-#   name                      = var.project_name
-#   invite_email_addition     = "Access the application at https://${local.record_prefix}.${var.domain_name}"
-#   invite_subject            = "${local.record_prefix} temporary credentials"
-#   record_prefix             = local.record_prefix
-#   identity_provider_enabled = false
-#   case_sensitive_username   = false
-#   domain_name               = var.domain_name
-# }
+module "cognito" {
+  # checkov:skip=CKV_SECRET_4:Skip secret check as these have to be used within the Github Action
+  source                    = "../../i-ai-core-infrastructure//modules/cognito"
+  name                      = var.project_name
+  invite_email_addition     = "Access the application at https://${local.record_prefix}.${var.domain_name}"
+  invite_subject            = "${local.record_prefix} temporary credentials"
+  record_prefix             = local.record_prefix
+  identity_provider_enabled = false
+  case_sensitive_username   = false
+  domain_name               = var.domain_name
+}
diff --git a/infrastructure/ecs.tf b/infrastructure/ecs.tf
@@ -1,7 +1,7 @@
 module "ecs" {
   source             = "../../i-ai-core-infrastructure//modules/ecs"
   project_name       = var.project_name
-  image_tag          = "a07a0d03cfd1aeebf6baed86b7dccf4d79504405"
+  image_tag          = "dfcde6a235a58d4e708e53c9c2252477516c414b"
   prefix             = "i-dot-ai"
   ecr_repository_uri = module.ecr_front_end.repository_url
   cluster_name       = data.terraform_remote_state.platform.outputs.ecs_cluster_id
@@ -19,10 +19,20 @@ module "ecs" {
   container_port               = "80"
   load_balancer_security_group = data.terraform_remote_state.platform.outputs.load_balancer_security_group_id["default"]
   aws_lb_arn                   = data.terraform_remote_state.platform.outputs.load_balancer_arn["default"]
+  host                         = local.host
+  route53_record_name          = aws_route53_record.type_a_record.name
+
+  authenticate_cognito = {
+    enabled : true,
+    user_pool_arn : module.cognito.user_pool_arn,
+    user_pool_client_id : module.cognito.user_pool_client_id,
+    user_pool_domain : module.cognito.user_pool_domain
+  }
+
 }
 
 
-resource "aws_route53_record" "type-a-record" {
+resource "aws_route53_record" "type_a_record" {
   zone_id = var.hosted_zone_id
   name    = local.host
   type    = "A"

diff --git a/infrastructure/postgres.tf b/infrastructure/postgres.tf
@@ -1,15 +1,20 @@
-# module "postgres" {
-#   source                  = "../../i-ai-core-infrastructure//modules/postgres"
-#   vpc_id                  = data.terraform_remote_state.vpc.outputs.vpc_id
-#   public_subnet_ids_list  = data.terraform_remote_state.vpc.outputs.public_subnets
-#   private_subnet_ids_list = data.terraform_remote_state.vpc.outputs.private_subnets
-#   instance_type           = "db.t3.large"
-#   developer_ips           = var.developer_ips
-#   db_name                 = var.project_name
-#   kms_secrets_arn         = data.terraform_remote_state.universal.outputs.kms_secrets_arn
-#   project                 = "i-dot-ai"
-#   domain_name             = var.domain_name
-#   state_bucket            = var.state_bucket
-#   task_prefix             = var.project_name
-#   service_sg_ids          = [] #var.service_sg_id
-# }
+locals {
+  dev_flag = var.env != "prod" ? true : false
+}
+
+module "postgres" {
+  source                  = "../../i-ai-core-infrastructure//modules/postgres"
+  vpc_id                  = data.terraform_remote_state.vpc.outputs.vpc_id
+  public_subnet_ids_list  = data.terraform_remote_state.vpc.outputs.public_subnets
+  private_subnet_ids_list = data.terraform_remote_state.vpc.outputs.private_subnets
+  instance_type           = "db.t3.large"
+  developer_ips           = var.developer_ips
+  db_name                 = var.project_name
+  kms_secrets_arn         = data.terraform_remote_state.universal.outputs.kms_secrets_arn
+  project                 = "i-dot-ai"
+  domain_name             = var.domain_name
+  state_bucket            = var.state_bucket
+  task_prefix             = var.project_name
+  service_sg_ids          = [data.terraform_remote_state.platform.outputs.load_balancer_security_group_id["default"]]
+  dev_instance            = local.dev_flag
+}