From e2f7a70f4a74ca744b1b0bb5baa32da9aa7eb288 Mon Sep 17 00:00:00 2001 From: Alis Akers Date: Tue, 18 Jun 2024 11:22:40 -0700 Subject: [PATCH] update our consumption of our service data object, remove some redundant variables --- terraform/implementation/ecs/_local.tf | 75 ++++++++++++++++++++--- terraform/implementation/ecs/_variable.tf | 7 +++ terraform/implementation/ecs/ecs.sh | 2 +- terraform/implementation/ecs/main.tf | 16 ++--- terraform/modules/ecr/_data.tf | 8 +-- terraform/modules/ecr/_local.tf | 3 - terraform/modules/ecr/_variable.tf | 16 ++--- terraform/modules/ecr/docker.tf | 10 +-- terraform/modules/ecr/ecr.tf | 2 +- terraform/modules/ecs/_local.tf | 65 -------------------- terraform/modules/ecs/_variable.tf | 20 ++---- terraform/modules/ecs/ecs.tf | 40 ++++++------ terraform/modules/ecs/mesh.tf | 4 +- terraform/modules/s3/_variable.tf | 2 +- 14 files changed, 127 insertions(+), 143 deletions(-) delete mode 100644 terraform/modules/ecs/_local.tf diff --git a/terraform/implementation/ecs/_local.tf b/terraform/implementation/ecs/_local.tf index 683a10f6..acbac105 100644 --- a/terraform/implementation/ecs/_local.tf +++ b/terraform/implementation/ecs/_local.tf @@ -1,12 +1,71 @@ locals { - ecs_container_port = 8080 - ecr_repo_names = [ - "ecr-viewer", - "fhir-converter", - "ingestion", - "orchestration", - "validation" - ] + service_data = { + ecr-viewer = { + fargate_cpu = 1024, + fargate_memory = 2048, + app_image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/ecr-viewer:${var.phdi_version}", + container_port = 8080, + host_port = 8080, + env_vars = [] + }, + fhir-converter = { + fargate_cpu = 1024, + fargate_memory = 2048, + app_image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/fhir-converter:${var.phdi_version}", + container_port = 8080, + host_port = 8080, + env_vars = [] + }, + ingestion = { + fargate_cpu = 1024, + fargate_memory = 2048, + app_image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/ingestion:${var.phdi_version}", + container_port = 8080, + host_port = 8080, + env_vars = [] + }, + validation = { + fargate_cpu = 1024, + fargate_memory = 2048, + app_image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/validation:${var.phdi_version}", + container_port = 8080, + host_port = 8080, + env_vars = [] + }, + orchestration = { + fargate_cpu = 1024, + fargate_memory = 2048, + app_image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/orchestration:${var.phdi_version}", + container_port = 8080, + host_port = 8080, + env_vars = [ + { + name = "APPMESH_VIRTUAL_NODE_NAME", + value = "orchestration" + }, + { + name = "INGESTION_URL", + value = "http://ingestion:8080" + }, + { + name = "VALIDATION_URL", + value = "http://validation:8080" + }, + { + name = "FHIR_CONVERTER_URL", + value = "http://fhir-converter:8080" + }, + { + name = "ECR_VIEWER_URL", + value = "http://ecr-viewer:3000" + }, + { + name = "MESSAGE_PARSER_URL", + value = "http://message-parser-not-implemented:8080" + } + ] + } + } ecs_alb_sg = "${var.ecs_alb_sg}-${var.owner}-${terraform.workspace}" ecs_alb_name = "${var.ecs_alb_name}-${var.owner}-${terraform.workspace}" diff --git a/terraform/implementation/ecs/_variable.tf b/terraform/implementation/ecs/_variable.tf index 20c214a9..581ed937 100644 --- a/terraform/implementation/ecs/_variable.tf +++ b/terraform/implementation/ecs/_variable.tf @@ -112,4 +112,11 @@ variable "tags" { description = "Tags to apply to resources" type = map(string) default = {} +} + +# Manually update to set the version you want to run +variable "phdi_version" { + type = string + description = "PHDI container image version" + default = "v1.4.4" } \ No newline at end of file diff --git a/terraform/implementation/ecs/ecs.sh b/terraform/implementation/ecs/ecs.sh index 54d13b70..9f567ebb 100755 --- a/terraform/implementation/ecs/ecs.sh +++ b/terraform/implementation/ecs/ecs.sh @@ -28,7 +28,7 @@ elif [ "$ENVIRONMENT" != "$PRODUCTION" ] && [ "$ENVIRONMENT" != "" ]; then # -target=module.vpc -target=module.iam -target=module.ecr -target=module.s3 -target=module.ecs terraform apply \ -var-file="$ENVIRONMENT.tfvars" \ - -target=module.vpc -target=module.iam -target=module.ecr -target=module.s3 -target=module.ecs -target=module.ecs + -target=module.vpc -target=module.iam -target=module.ecr -target=module.s3 -target=module.ecs else echo "Please provide a valid environment: $PRODUCTION or another string" exit 1 diff --git a/terraform/implementation/ecs/main.tf b/terraform/implementation/ecs/main.tf index 175e4e55..2d0d20b5 100644 --- a/terraform/implementation/ecs/main.tf +++ b/terraform/implementation/ecs/main.tf @@ -22,7 +22,8 @@ module "ecr" { source = "../../modules/ecr" aws_caller_identity = data.aws_caller_identity.current.account_id ecs_task_execution_role = module.iam.ecs_task_execution_role.arn - ecr_repo_names = local.ecr_repo_names + service_data = local.service_data + phdi_version = var.phdi_version ecs_cluster_name = local.ecs_cluster_name tags = {} lifecycle_policy = "" @@ -30,11 +31,11 @@ module "ecr" { } module "s3" { - source = "../../modules/s3" - ecs_assume_role_policy = module.iam.ecr_viewer_and_s3_assume_role_policy - region = var.region - s3_viewer_bucket_name = local.s3_viewer_bucket_name - s3_viewer_bucket_role_name = local.s3_viewer_bucket_role_name + source = "../../modules/s3" + ecs_assume_role_policy = module.iam.ecr_viewer_and_s3_assume_role_policy + region = var.region + s3_viewer_bucket_name = local.s3_viewer_bucket_name + s3_viewer_bucket_role_name = local.s3_viewer_bucket_role_name s3_viewer_bucket_policy_name = local.s3_viewer_bucket_policy_name } @@ -53,8 +54,7 @@ module "ecs" { app_task_name = local.ecs_app_task_name alb_name = local.ecs_alb_name ecs_cloudwatch_log_group = local.ecs_cloudwatch_log_group - container_port = local.ecs_container_port - ecr_repo_names = local.ecr_repo_names + service_data = local.service_data ecs_app_task_family = local.ecs_app_task_family target_group_name = local.ecs_target_group_name retention_in_days = var.cw_retention_in_days diff --git a/terraform/modules/ecr/_data.tf b/terraform/modules/ecr/_data.tf index 67092da1..d0d7307f 100644 --- a/terraform/modules/ecr/_data.tf +++ b/terraform/modules/ecr/_data.tf @@ -1,6 +1,6 @@ data "aws_iam_policy_document" "ecr_policy" { - for_each = var.ecr_repo_names + for_each = var.service_data statement { actions = [ "ecr:GetAuthorizationToken", @@ -9,13 +9,13 @@ data "aws_iam_policy_document" "ecr_policy" { "ecr:BatchGetImage", ] - resources = ["arn:aws:ecs:${var.region}:${var.aws_caller_identity}:cluster/${var.ecs_cluster_name}/${each.value}"] + resources = ["arn:aws:ecs:${var.region}:${var.aws_caller_identity}:cluster/${var.ecs_cluster_name}/${each.key}"] } } data "docker_registry_image" "ghcr_data" { - for_each = var.ecr_repo_names - name = "ghcr.io/cdcgov/phdi/${each.key}:${local.phdi_version}" + for_each = var.service_data + name = "ghcr.io/cdcgov/phdi/${each.key}:${var.phdi_version}" } data "aws_ecr_authorization_token" "container_registry_token" {} diff --git a/terraform/modules/ecr/_local.tf b/terraform/modules/ecr/_local.tf index fcfe7780..b9a68502 100644 --- a/terraform/modules/ecr/_local.tf +++ b/terraform/modules/ecr/_local.tf @@ -1,9 +1,6 @@ locals { policy = var.lifecycle_policy == "" ? file("${path.module}/ecr-lifecycle-policy.json") : var.lifecycle_policy - repo_name = var.ecr_repo_names tags = { Automation = "Terraform" } - # NOTE: The version may need to be changed with updates - phdi_version = "v1.4.4" } diff --git a/terraform/modules/ecr/_variable.tf b/terraform/modules/ecr/_variable.tf index 2c9fb3c4..8fd27811 100644 --- a/terraform/modules/ecr/_variable.tf +++ b/terraform/modules/ecr/_variable.tf @@ -1,13 +1,4 @@ -variable "ecr_repo_names" { - type = set(string) - # default = [ - # "fhir-converter", - # "ingestion", - # "ecr-viewer", - # "validation", - # "orchestration" - # ] -} +variable "service_data" {} variable "ecs_task_execution_role" { type = string @@ -39,4 +30,9 @@ variable "aws_caller_identity" { variable "region" { type = string description = "AWS region" +} + +variable "phdi_version" { + type = string + description = "PHDI container image version" } \ No newline at end of file diff --git a/terraform/modules/ecr/docker.tf b/terraform/modules/ecr/docker.tf index a03bee08..733cb96b 100644 --- a/terraform/modules/ecr/docker.tf +++ b/terraform/modules/ecr/docker.tf @@ -4,7 +4,7 @@ resource "time_static" "now" {} # NOTE: This pulls image down from the docker registry resource "docker_image" "ghcr_image" { - for_each = var.ecr_repo_names + for_each = var.service_data name = data.docker_registry_image.ghcr_data[each.key].name keep_locally = true pull_triggers = [data.docker_registry_image.ghcr_data[each.key].sha256_digest] @@ -12,14 +12,14 @@ resource "docker_image" "ghcr_image" { } resource "docker_tag" "tag_for_aws" { - for_each = var.ecr_repo_names + for_each = var.service_data source_image = docker_image.ghcr_image[each.key].name - target_image = "${aws_ecr_repository.repo[each.key].repository_url}:${local.phdi_version}" + target_image = "${aws_ecr_repository.repo[each.key].repository_url}:${var.phdi_version}" } resource "docker_registry_image" "my_docker_image" { - for_each = var.ecr_repo_names - name = "${aws_ecr_repository.repo[each.key].repository_url}:${local.phdi_version}" + for_each = var.service_data + name = "${aws_ecr_repository.repo[each.key].repository_url}:${var.phdi_version}" depends_on = [docker_tag.tag_for_aws, aws_ecr_repository.repo] keep_remotely = true diff --git a/terraform/modules/ecr/ecr.tf b/terraform/modules/ecr/ecr.tf index f04209ad..e537605f 100644 --- a/terraform/modules/ecr/ecr.tf +++ b/terraform/modules/ecr/ecr.tf @@ -1,4 +1,4 @@ resource "aws_ecr_repository" "repo" { - for_each = var.ecr_repo_names + for_each = var.service_data name = each.key } diff --git a/terraform/modules/ecs/_local.tf b/terraform/modules/ecs/_local.tf deleted file mode 100644 index 0d864b50..00000000 --- a/terraform/modules/ecs/_local.tf +++ /dev/null @@ -1,65 +0,0 @@ -locals { - services = { - ecr-viewer = { - fargate_cpu = var.fargate_cpu, - fargate_memory = var.fargate_memory, - app_image = var.app_image, - container_port = var.app_port, - host_port = var.app_port, - env_vars = [] - }, - fhir-converter = { - fargate_cpu = var.fargate_cpu, - fargate_memory = var.fargate_memory, - app_image = var.app_image, - container_port = var.app_port, - host_port = var.app_port, - env_vars = [] - }, - ingestion = { - fargate_cpu = var.fargate_cpu, - fargate_memory = var.fargate_memory, - app_image = var.app_image, - container_port = var.app_port, - host_port = var.app_port, - env_vars = [] - }, - validation = { - fargate_cpu = var.fargate_cpu, - fargate_memory = var.fargate_memory, - app_image = var.app_image, - container_port = var.app_port, - host_port = var.app_port, - env_vars = [] - }, - orchestration = { - fargate_cpu = var.fargate_cpu, - fargate_memory = var.fargate_memory, - app_image = var.app_image, - container_port = var.app_port, - host_port = var.app_port, - env_vars = [ - { - name = "APPMESH_VIRTUAL_NODE_NAME", - value = "orchestration" - }, - { - name = "INGESTION_URL", - value = "http://ingestion:8080" - }, - { - name = "VALIDATION_URL", - value = "http://validation:8080" - }, - { - name = "FHIR_CONVERTER_URL", - value = "http://fhir-converter:8080" - }, - { - name = "ECR_VIEWER_URL", - value = "http://ecr-viewer:3000" - } - ] - } - } -} diff --git a/terraform/modules/ecs/_variable.tf b/terraform/modules/ecs/_variable.tf index 6ca42457..0e61fa2b 100644 --- a/terraform/modules/ecs/_variable.tf +++ b/terraform/modules/ecs/_variable.tf @@ -6,7 +6,7 @@ variable "app_count" { variable "app_image" { description = "Docker image to run in the ECS cluster" - default = "bradfordhamilton/crystal_blockchain:latest" + default = "busybox:latest" } variable "app_port" { @@ -35,11 +35,6 @@ variable "availability_zones" { type = list(string) } -variable "container_port" { - description = "Container Port" - type = number -} - variable "ecs_task_execution_role_arn" { description = "ECS Task Execution Role ARN" type = string @@ -84,11 +79,6 @@ variable "ecr_repo_url" { description = "ECR repository urls" } -variable "ecr_repo_names" { - type = set(string) - description = "ECR repository name(s)" -} - variable "health_check_path" { default = "/fhir-converter" } @@ -141,7 +131,7 @@ variable "private_subnet_ids" { description = "List of private subnet IDs" } -# variable "env_vars" { -# type = map(string) -# description = "Environment variables to pass to the container" -# } +variable "service_data" { + type = map(any) + description = "Environment variables to pass to the container" +} diff --git a/terraform/modules/ecs/ecs.tf b/terraform/modules/ecs/ecs.tf index ab58e209..0da6ccd8 100644 --- a/terraform/modules/ecs/ecs.tf +++ b/terraform/modules/ecs/ecs.tf @@ -65,41 +65,41 @@ resource "aws_security_group" "service_security_group" { } resource "aws_ecs_task_definition" "this" { - for_each = local.services - family = "${each.key}" + for_each = var.service_data + family = each.key execution_role_arn = var.ecs_task_execution_role_arn network_mode = "awsvpc" requires_compatibilities = ["FARGATE"] cpu = each.value.fargate_cpu memory = each.value.fargate_memory - container_definitions = jsonencode([ + container_definitions = jsonencode([ { - name = "${each.key}-app", - image = "${each.value.app_image}", - networkMode = "awsvpc", - logConfiguration = { + name = "${each.key}-app", + image = "${each.value.app_image}", + networkMode = "awsvpc", + logConfiguration = { logDriver = "awslogs", options = { - awslogs-group = "${var.ecs_cloudwatch_log_group}", - awslogs-region = "${var.region}", + awslogs-group = "${var.ecs_cloudwatch_log_group}", + awslogs-region = "${var.region}", awslogs-stream-prefix = "ecs" } - }, - portMappings = [ - { - containerPort = each.value.container_port, - hostPort = each.value.host_port - } - ], - environment = each.value.env_vars + }, + portMappings = [ + { + containerPort = each.value.container_port, + hostPort = each.value.host_port + } + ], + environment = each.value.env_vars } ]) - task_role_arn = var.ecs_task_execution_role_arn + task_role_arn = var.ecs_task_execution_role_arn } resource "aws_ecs_service" "this" { - for_each = aws_ecs_task_definition.this - name = "${each.key}" + for_each = aws_ecs_task_definition.this + name = each.key cluster = aws_ecs_cluster.dibbs_app_cluster.id task_definition = each.value.arn desired_count = var.app_count diff --git a/terraform/modules/ecs/mesh.tf b/terraform/modules/ecs/mesh.tf index 88f10be7..2f3d9f57 100644 --- a/terraform/modules/ecs/mesh.tf +++ b/terraform/modules/ecs/mesh.tf @@ -24,7 +24,7 @@ resource "aws_appmesh_mesh" "dibbs_aws_ecs_mesh" { # Define the AWS App Mesh resources resource "aws_appmesh_virtual_node" "this" { - for_each = aws_ecs_service.this + for_each = aws_ecs_service.this name = each.key mesh_name = aws_appmesh_mesh.dibbs_aws_ecs_mesh.name @@ -48,7 +48,7 @@ resource "aws_appmesh_virtual_node" "this" { # Define the virtual service resource "aws_appmesh_virtual_service" "this" { - for_each = aws_appmesh_virtual_node.this + for_each = aws_appmesh_virtual_node.this name = each.key mesh_name = aws_appmesh_mesh.dibbs_aws_ecs_mesh.name diff --git a/terraform/modules/s3/_variable.tf b/terraform/modules/s3/_variable.tf index c44cf8d2..b723664d 100644 --- a/terraform/modules/s3/_variable.tf +++ b/terraform/modules/s3/_variable.tf @@ -3,7 +3,7 @@ variable "region" { } variable "s3_viewer_bucket_name" { - type = string + type = string } variable "s3_viewer_bucket_role_name" {