From e2f97382e97b9998ef753d6fafecf3be95849a4e Mon Sep 17 00:00:00 2001 From: Steve Bagwell Date: Thu, 27 Jul 2023 10:33:47 -0400 Subject: [PATCH 01/11] Stop using ECR image replication (expect Codeship do it) --- main.tf | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/main.tf b/main.tf index 8f83172..4418ed0 100644 --- a/main.tf +++ b/main.tf @@ -132,23 +132,6 @@ module "ecr" { image_retention_tags = ["latest", "develop"] } -resource "aws_ecr_replication_configuration" "this" { - count = local.is_primary ? 1 : 0 - depends_on = [module.ecr] - - replication_configuration { - rule { - destination { - region = var.aws_region_secondary - registry_id = data.aws_caller_identity.this.account_id - } - repository_filter { - filter = local.ecr_repo_name - filter_type = "PREFIX_MATCH" - } - } - } -} data "aws_caller_identity" "this" {} From e5c200d1dbc4b5a798be5ecbdc68b745c35989e6 Mon Sep 17 00:00:00 2001 From: Steve Bagwell Date: Thu, 27 Jul 2023 10:46:48 -0400 Subject: [PATCH 02/11] Remove unneeded data source --- main.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/main.tf b/main.tf index 4418ed0..f2c21cb 100644 --- a/main.tf +++ b/main.tf @@ -133,8 +133,6 @@ module "ecr" { } -data "aws_caller_identity" "this" {} - /* * DynamoDB table for user login activity logging */ From c837c820624dc54105a048624d0a416548eda9b7 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Fri, 28 Jul 2023 13:24:45 -0600 Subject: [PATCH 03/11] output ALB DNS name --- outputs.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/outputs.tf b/outputs.tf index ba61000..1cbc93c 100644 --- a/outputs.tf +++ b/outputs.tf @@ -29,3 +29,7 @@ output "cd_user_arn" { output "user_log_table" { value = aws_dynamodb_table.logger.name } + +output "alb_dns_name" { + value = module.app.alb_dns_name +} From 870d18889813e44317d3eac6719b926ab5d466e7 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Fri, 28 Jul 2023 13:27:00 -0600 Subject: [PATCH 04/11] disable dns overwrite --- main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/main.tf b/main.tf index f2c21cb..94240fa 100644 --- a/main.tf +++ b/main.tf @@ -19,7 +19,6 @@ module "app" { domain_name = var.cloudflare_domain container_def_json = data.template_file.task_def_hub.rendered create_dns_record = var.create_dns_record - dns_allow_overwrite = local.is_multiregion create_cd_user = local.create_cd_user database_name = local.mysql_database database_user = local.mysql_user From 5a75dbcdfbbee142a02d498ece9665b446ebcecc Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Fri, 28 Jul 2023 13:50:17 -0600 Subject: [PATCH 05/11] create an intermediate DNS record to simplify failover --- main.tf | 51 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 11 deletions(-) diff --git a/main.tf b/main.tf index 94240fa..e8c1b55 100644 --- a/main.tf +++ b/main.tf @@ -1,14 +1,14 @@ locals { - app_name_and_env = "${var.app_name}-${local.app_env}" - app_env = var.app_env - app_environment = var.app_environment - ecr_repo_name = local.app_name_and_env - is_multiregion = var.aws_region_secondary != "" - is_primary = local.is_multiregion && var.aws_region != var.aws_region_secondary - create_cd_user = !local.is_multiregion || local.is_primary - mysql_database = "session" - mysql_user = "root" - name_tag_suffix = "${var.app_name}-${var.customer}-${local.app_environment}" + app_name_and_env = "${var.app_name}-${local.app_env}" + app_env = var.app_env + app_environment = var.app_environment + ecr_repo_name = local.app_name_and_env + is_multiregion = var.aws_region_secondary != "" + is_multiregion_primary = local.is_multiregion && var.aws_region != var.aws_region_secondary + create_cd_user = !local.is_multiregion || local.is_multiregion_primary + mysql_database = "session" + mysql_user = "root" + name_tag_suffix = "${var.app_name}-${var.customer}-${local.app_environment}" } module "app" { @@ -18,7 +18,7 @@ module "app" { app_name = var.app_name domain_name = var.cloudflare_domain container_def_json = data.template_file.task_def_hub.rendered - create_dns_record = var.create_dns_record + create_dns_record = false create_cd_user = local.create_cd_user database_name = local.mysql_database database_user = local.mysql_user @@ -37,6 +37,35 @@ module "app" { } +/* + * Create intermediate DNS record using Cloudflare (e.g. hub-us-east-2.example.com) + */ +resource "cloudflare_record" "intermediate" { + zone_id = data.cloudflare_zone.this.id + name = "${var.subdomain}-${var.aws_region}" + value = module.app.alb_dns_name + type = "CNAME" + proxied = true +} + +/* + * Create public DNS record using Cloudflare (e.g. hub.example.com) + */ +resource "cloudflare_record" "public" { + count = local.is_multiregion_primary || !local.is_multiregion ? 1 : 0 + + zone_id = data.cloudflare_zone.this.id + name = var.subdomain + value = cloudflare_record.intermediate.hostname + type = "CNAME" + proxied = true +} + +data "cloudflare_zone" "this" { + name = var.cloudflare_domain +} + + /* * Create passwords required for SimpleSAMLphp */ From 3dc53f741aaab9b12a6dfc8e43ed7dbf5c3383f9 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Fri, 28 Jul 2023 14:10:13 -0600 Subject: [PATCH 06/11] remove create_dns_record variable --- vars.tf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/vars.tf b/vars.tf index 4dcab6a..b04bb1d 100644 --- a/vars.tf +++ b/vars.tf @@ -140,12 +140,6 @@ variable "cloudflare_token" { default = null } -variable "create_dns_record" { - description = "Set to false to skip creation of a Cloudflare DNS record" - type = string - default = true -} - variable "subdomain" { description = "The subdomain on which to host the app. Combined with \"cloudflare_domain\" to create an ALB listener rule. Also used for the optional DNS record." type = string From e8809697b391891a333ccfb92d57fca0c4d24736 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Fri, 28 Jul 2023 14:23:51 -0600 Subject: [PATCH 07/11] add comments on DNS records --- main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/main.tf b/main.tf index e8c1b55..de254eb 100644 --- a/main.tf +++ b/main.tf @@ -45,6 +45,7 @@ resource "cloudflare_record" "intermediate" { name = "${var.subdomain}-${var.aws_region}" value = module.app.alb_dns_name type = "CNAME" + comment = "intermediate record" proxied = true } @@ -58,6 +59,7 @@ resource "cloudflare_record" "public" { name = var.subdomain value = cloudflare_record.intermediate.hostname type = "CNAME" + comment = "public record" proxied = true } From edc003f00d3aa0c4e1f6e052cc5f38a69e0b05e8 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Fri, 28 Jul 2023 14:25:49 -0600 Subject: [PATCH 08/11] expand on DNS record comments --- main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index de254eb..d5207a1 100644 --- a/main.tf +++ b/main.tf @@ -45,7 +45,7 @@ resource "cloudflare_record" "intermediate" { name = "${var.subdomain}-${var.aws_region}" value = module.app.alb_dns_name type = "CNAME" - comment = "intermediate record" + comment = "intermediate record - DO NOT change this" proxied = true } @@ -59,7 +59,7 @@ resource "cloudflare_record" "public" { name = var.subdomain value = cloudflare_record.intermediate.hostname type = "CNAME" - comment = "public record" + comment = "public record - this can be changed for failover" proxied = true } From f3abfc7fdd3ee6a6ce4cdd429c1dbce45e1e136e Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Wed, 9 Aug 2023 12:00:44 -0600 Subject: [PATCH 09/11] remove deprecated hashicorp/template --- .terraform.lock.hcl | 8 -------- main.tf | 8 +++----- versions.tf | 4 ---- 3 files changed, 3 insertions(+), 17 deletions(-) diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index f2a6126..aacbc8d 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -86,11 +86,3 @@ provider "registry.terraform.io/hashicorp/random" { "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014", ] } - -provider "registry.terraform.io/hashicorp/template" { - version = "2.2.0" - constraints = "~> 2.2" - hashes = [ - "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=", - ] -} diff --git a/main.tf b/main.tf index d5207a1..b044991 100644 --- a/main.tf +++ b/main.tf @@ -83,10 +83,8 @@ resource "random_id" "ssp_secret_salt" { /* * Create task definition template */ -data "template_file" "task_def_hub" { - template = file("${path.module}/task-def-hub.json") - - vars = { +locals { + task_def_hub = templatefile("${path.module}/task-def-hub.json", { admin_email = var.admin_email admin_name = var.admin_name admin_pass = random_id.ssp_admin_pass.hex @@ -113,7 +111,7 @@ data "template_file" "task_def_hub" { session_store_type = "sql" show_saml_errors = var.show_saml_errors subdomain = var.subdomain - } + }) } /* diff --git a/versions.tf b/versions.tf index e5efb98..57e4d79 100644 --- a/versions.tf +++ b/versions.tf @@ -14,9 +14,5 @@ terraform { version = "~> 3.1" source = "hashicorp/random" } - template = { - version = "~> 2.2" - source = "hashicorp/template" - } } } From 9f15827986bc4c78d4624bdc73d8fc610855ee67 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Wed, 9 Aug 2023 12:02:17 -0600 Subject: [PATCH 10/11] change reference to the template --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index b044991..1487c86 100644 --- a/main.tf +++ b/main.tf @@ -17,7 +17,7 @@ module "app" { app_env = local.app_env app_name = var.app_name domain_name = var.cloudflare_domain - container_def_json = data.template_file.task_def_hub.rendered + container_def_json = local.task_def_hub create_dns_record = false create_cd_user = local.create_cd_user database_name = local.mysql_database From 4bf596ddcb73d145439ae6f83e300f88c5c9002d Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Wed, 9 Aug 2023 13:22:34 -0600 Subject: [PATCH 11/11] use release version of silinternational/ecs-app/aws --- main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 1487c86..3745f5a 100644 --- a/main.tf +++ b/main.tf @@ -12,7 +12,8 @@ locals { } module "app" { - source = "github.com/silinternational/terraform-aws-ecs-app?ref=develop" + source = "silinternational/ecs-app/aws" + version = "0.4.0" app_env = local.app_env app_name = var.app_name