From 2a340547b51ac2b93275cd78e2606a0abc307a02 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Tue, 27 Aug 2024 18:39:28 +0800 Subject: [PATCH 1/4] add AWS Backup --- .github/CODEOWNERS | 1 + .github/pull_request_template.md | 21 +++++++++++ .terraform.lock.hcl | 62 ++++++++++++++++---------------- main.tf | 22 ++++++++++++ vars.tf | 23 ++++++++++++ 5 files changed, 98 insertions(+), 31 deletions(-) create mode 100644 .github/CODEOWNERS create mode 100644 .github/pull_request_template.md diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..58ab73c --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @silinternational/tf-devs diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..12de581 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,21 @@ +paste_backlog_issue_link_here + +--- + +### Added +- + +### Changed +- + +### Deprecated +- + +### Removed +- + +### Fixed +- + +### Security +- diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index aacbc8d..10fe6ae 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -25,25 +25,25 @@ provider "registry.terraform.io/cloudflare/cloudflare" { } provider "registry.terraform.io/hashicorp/aws" { - version = "4.65.0" - constraints = ">= 2.0.0, >= 4.0.0, ~> 4.0, < 5.0.0" + version = "4.67.0" + constraints = ">= 2.0.0, >= 3.0.0, >= 4.0.0, ~> 4.0, < 5.0.0" hashes = [ - "h1:fbSgoS5GLuwKAZlovFvGoYl4B0Bi5T7+MmFiVZL0uOo=", - "zh:0461b8dfc14e94971bfd12783cbd5a5574b9fcfc3694b6afaa8836f90b61c1f9", - "zh:24a27e7b1f6eb33e9da6f2ffaaa6bc48e933a24224c6572d6e588994e5c7130b", - "zh:2ca189d04573414bef4876c17ccb2b76f6e721e0450f6ab3700d94d7c04bec64", - "zh:3fb0654a527677231dab2140e9a55df3b90dba478b3db50001e21a045437a47a", - "zh:4918173d9c7d2735908622c17efd01746a046f0a571690afa7dd0866f22045f7", - "zh:491d259b15166f751076d2bdc443928ca63f6c0a83b02ea75fff8b4224662207", - "zh:4ff8e178f0656f04f88558c295a1d246b1bdcf5ad81d8b3b9ccceaeca2eb7fa8", - "zh:5e4eaf2855a740124f4bbe34ac4bd22c7f320aa3e91d9cef64396ad0a1571544", - "zh:65762c60c4bac2e0d55ed8c2877e455e84465cb12f0c885363a1b561cd4f5f07", - "zh:7c5e4f85eb5f70e6da2d64701dd5551f2bc334dbb9add76bfc6a2bea6acf4483", - "zh:90d32b238113528319d7a5fade97bd8ac9a8b654482fc9056478a43d2e297886", + "h1:dCRc4GqsyfqHEMjgtlM1EympBcgTmcTkWaJmtd91+KA=", + "zh:0843017ecc24385f2b45f2c5fce79dc25b258e50d516877b3affee3bef34f060", + "zh:19876066cfa60de91834ec569a6448dab8c2518b8a71b5ca870b2444febddac6", + "zh:24995686b2ad88c1ffaa242e36eee791fc6070e6144f418048c4ce24d0ba5183", + "zh:4a002990b9f4d6d225d82cb2fb8805789ffef791999ee5d9cb1fef579aeff8f1", + "zh:559a2b5ace06b878c6de3ecf19b94fbae3512562f7a51e930674b16c2f606e29", + "zh:6a07da13b86b9753b95d4d8218f6dae874cf34699bca1470d6effbb4dee7f4b7", + "zh:768b3bfd126c3b77dc975c7c0e5db3207e4f9997cf41aa3385c63206242ba043", + "zh:7be5177e698d4b547083cc738b977742d70ed68487ce6f49ecd0c94dbf9d1362", + "zh:8b562a818915fb0d85959257095251a05c76f3467caa3ba95c583ba5fe043f9b", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:e6ed3299516a8fb2292af7e7e123d09817dfd8e039aaf35ad5a276f739668e88", - "zh:eb84fa96c63d836b3b4689835cb7c4487808dfd1ba7ddacf4d8c4c6ff65cdbef", - "zh:ff97d1498193c99c9c35afd9bfcdce011abf460ec041721727d6e542f7a3bedd", + "zh:9c385d03a958b54e2afd5279cd8c7cbdd2d6ca5c7d6a333e61092331f38af7cf", + "zh:b3ca45f2821a89af417787df8289cb4314b273d29555ad3b2a5ab98bb4816b3b", + "zh:da3c317f1db2469615ab40aa6baba63b5643bae7110ff855277a1fb9d8eb4f2c", + "zh:dc6430622a8dc5cdab359a8704aec81d3825ea1d305bbb3bbd032b1c6adfae0c", + "zh:fac0d2ddeadf9ec53da87922f666e1e73a603a611c57bcbc4b86ac2821619b1d", ] } @@ -68,21 +68,21 @@ provider "registry.terraform.io/hashicorp/http" { } provider "registry.terraform.io/hashicorp/random" { - version = "3.5.1" - constraints = "~> 3.1" + version = "3.6.2" + constraints = "~> 3.0, ~> 3.1" hashes = [ - "h1:VSnd9ZIPyfKHOObuQCaKfnjIHRtR7qTw19Rz8tJxm+k=", - "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64", - "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d", - "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831", - "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3", - "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f", + "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b", - "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2", - "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865", - "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03", - "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602", - "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", ] } diff --git a/main.tf b/main.tf index ccd0315..859e766 100644 --- a/main.tf +++ b/main.tf @@ -186,3 +186,25 @@ resource "aws_dynamodb_table" "logger" { attribute_name = "ExpiresAt" } } + + +/* + * AWS backup + */ +module "aws_backup" { + count = var.enable_aws_backup ? 1 : 0 + + source = "github.com/silinternational/terraform-modules//aws/backup/rds?ref=8.8.0" + app_name = var.app_name + app_env = var.app_env + source_arns = [ + data.aws_db_instance.this.db_instance_arn, + aws_dynamodb_table.logger.arn + ] + backup_cron_schedule = var.aws_backup_cron_schedule + notification_events = var.aws_backup_notification_events +} + +data "aws_db_instance" "this" { + db_instance_identifier = "idp-${var.idp_name}-${var.app_env}" +} diff --git a/vars.tf b/vars.tf index 2d88f66..275a46a 100644 --- a/vars.tf +++ b/vars.tf @@ -225,3 +225,26 @@ variable "enable_adminer" { type = bool default = false } + + +/* + * AWS Backup + */ + +variable "enable_aws_backup" { + description = "enable backup using AWS Backup service" + type = bool + default = true +} + +variable "aws_backup_cron_schedule" { + description = "cron-type schedule for AWS Backup" + type = string + default = "5 14 * * ? *" # Every day at 3:05 UTC +} + +variable "aws_backup_notification_events" { + description = "The names of the backup events that should trigger an email notification" + type = list(string) + default = ["BACKUP_JOB_FAILED"] +} From 8b600ad65c5b9d363076feb94569eca06c7a5764 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Tue, 27 Aug 2024 18:44:06 +0800 Subject: [PATCH 2/4] correct the database instance name --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 859e766..29520a5 100644 --- a/main.tf +++ b/main.tf @@ -206,5 +206,5 @@ module "aws_backup" { } data "aws_db_instance" "this" { - db_instance_identifier = "idp-${var.idp_name}-${var.app_env}" + db_instance_identifier = "${var.app_name}-${var.app_env}" } From 6d522536c62288e14e36705248d006d3dd8d4c61 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Tue, 27 Aug 2024 21:21:22 +0800 Subject: [PATCH 3/4] add EC2 tags and increase log retention to 60 days --- main.tf | 11 ++++++++++- providers.tf | 8 +------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/main.tf b/main.tf index 29520a5..88081db 100644 --- a/main.tf +++ b/main.tf @@ -9,11 +9,18 @@ locals { mysql_database = "session" mysql_user = "root" name_tag_suffix = "${var.app_name}-${var.customer}-${local.app_environment}" + tags = { + managed_by = "terraform" + workspace = terraform.workspace + itse_app_customer = var.customer + itse_app_env = local.app_environment + itse_app_name = "idp-hub" + } } module "app" { source = "silinternational/ecs-app/aws" - version = "0.6.0" + version = "0.8.0" app_env = local.app_env app_name = var.app_name @@ -36,6 +43,8 @@ module "app" { create_adminer = true enable_adminer = var.enable_adminer rds_ca_cert_identifier = "rds-ca-rsa2048-g1" + log_retention_in_days = 60 + asg_tags = local.tags health_check = { matcher = "302,303" path = "/" diff --git a/providers.tf b/providers.tf index 5e864cb..fef420e 100644 --- a/providers.tf +++ b/providers.tf @@ -4,13 +4,7 @@ provider "aws" { secret_key = var.aws_secret_access_key default_tags { - tags = { - managed_by = "terraform" - workspace = terraform.workspace - itse_app_customer = var.customer - itse_app_env = local.app_environment - itse_app_name = "idp-hub" - } + tags = local.tags } } From 21652478df14c49a7aff53510087d40af8deb873 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Wed, 28 Aug 2024 15:04:56 +0800 Subject: [PATCH 4/4] change the SNS topic name --- main.tf | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 88081db..c8effb4 100644 --- a/main.tf +++ b/main.tf @@ -203,15 +203,18 @@ resource "aws_dynamodb_table" "logger" { module "aws_backup" { count = var.enable_aws_backup ? 1 : 0 - source = "github.com/silinternational/terraform-modules//aws/backup/rds?ref=8.8.0" + source = "silinternational/backup/aws" + version = "0.1.0" + app_name = var.app_name app_env = var.app_env source_arns = [ data.aws_db_instance.this.db_instance_arn, aws_dynamodb_table.logger.arn ] - backup_cron_schedule = var.aws_backup_cron_schedule - notification_events = var.aws_backup_notification_events + backup_schedule = "cron(${var.aws_backup_cron_schedule})" + notification_events = var.aws_backup_notification_events + sns_topic_name = "${local.app_name_and_env}-backup-vault-events" } data "aws_db_instance" "this" {