From df16a71a2c2030bbfea5b38bd4b697c25219e084 Mon Sep 17 00:00:00 2001
From: tariqksoliman <tariqksoliman@gmail.com>
Date: Wed, 24 Jul 2024 10:04:22 -0700
Subject: [PATCH] Update sds tf

---
 .gitignore                                    |   2 +
 sds/unity/terraform/bk.tf                     |  58 ---------
 sds/unity/terraform/main.tf                   |  99 ----------------
 .../{ => modules/ec2-docker}/add-mmgis.sh     |   0
 sds/unity/terraform/modules/ec2-docker/bk.tf  |  44 +++++++
 .../terraform/{ => modules/ec2-docker}/lb.tf  |   0
 .../terraform/modules/ec2-docker/main.tf      |  18 +++
 .../{ => modules/ec2-docker}/output.tf        |  30 ++---
 .../terraform/modules/ec2-docker/variables.tf | 108 +++++++++++++++++
 sds/unity/terraform/terraform.tf              |  66 +++++++++--
 sds/unity/terraform/terraform.tfvars          |   6 +
 sds/unity/terraform/variables.tf              | 112 +++++-------------
 12 files changed, 278 insertions(+), 265 deletions(-)
 delete mode 100644 sds/unity/terraform/bk.tf
 delete mode 100644 sds/unity/terraform/main.tf
 rename sds/unity/terraform/{ => modules/ec2-docker}/add-mmgis.sh (100%)
 create mode 100644 sds/unity/terraform/modules/ec2-docker/bk.tf
 rename sds/unity/terraform/{ => modules/ec2-docker}/lb.tf (100%)
 create mode 100644 sds/unity/terraform/modules/ec2-docker/main.tf
 rename sds/unity/terraform/{ => modules/ec2-docker}/output.tf (71%)
 create mode 100644 sds/unity/terraform/modules/ec2-docker/variables.tf
 create mode 100644 sds/unity/terraform/terraform.tfvars

diff --git a/.gitignore b/.gitignore
index 01f05385..5d45fed4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,5 +27,7 @@
 *__pycache__
 
 sessions
+.terraform/
+.terraform.lock.hcl
 
 #tools
diff --git a/sds/unity/terraform/bk.tf b/sds/unity/terraform/bk.tf
deleted file mode 100644
index 130558e4..00000000
--- a/sds/unity/terraform/bk.tf
+++ /dev/null
@@ -1,58 +0,0 @@
-resource "aws_iam_instance_profile" "unity_mmgis_instance_profile" {
-  name = "unity-mmgis-instance-profile-tf"
-
-  role = var.role
-
-  tags = {
-    Name = "unity_mmgis_instance_profile"
-  }
-}
-
-resource "aws_instance" "unity_mmgis_instance" {
-  ami           = var.ami
-  instance_type = "t3.large"
-
-  tags = {
-    Name = "unity-mmgis-instance-tf"
-  }
-
-  #key_name = var.key_name
-
-  vpc_security_group_ids = [var.sg_id]
-
-  subnet_id = var.subnet_id
-
-  iam_instance_profile = aws_iam_instance_profile.unity_mmgis_instance_profile.name
-
-  block_device_path = "/dev/sdh"
-  user_data = file("./add-mmgis.sh")
-}
-
-resource "aws_ebs_volume" "persistent" {
-    availability_zone = aws_instance.this.availability_zone
-    size = var.persistent_volume_size_gb
-}
-
-resource "aws_volume_attachment" "persistent" {
-    device_name = local.block_device_path
-    volume_id = aws_ebs_volume.persistent.id
-    instance_id = aws_instance.this.id
-}
-
-resource "aws_instance" "this" {
-    ami = data.aws_ami.latest_amazon_linux.id
-    availability_zone = var.availability_zone
-    instance_type = var.instance_type
-    key_name = var.key_name
-    associate_public_ip_address = var.associate_public_ip_address
-    vpc_security_group_ids = var.vpc_security_group_ids
-    subnet_id = var.subnet_id
-    iam_instance_profile = var.iam_instance_profile
-    user_data = local.user_data
-    tags = merge (
-        {
-            Name = var.name
-        },
-        var.tags
-    )
-}
\ No newline at end of file
diff --git a/sds/unity/terraform/main.tf b/sds/unity/terraform/main.tf
deleted file mode 100644
index c757fda4..00000000
--- a/sds/unity/terraform/main.tf
+++ /dev/null
@@ -1,99 +0,0 @@
-data "aws_ssm_parameter" "vpc_id" {
-  name = "/unity/account/network/vpc_id"
-}
-
-data "aws_ssm_parameter" "subnet_list" {
-  name = "/unity/account/network/subnet_list"
-}
-
-#data "aws_ssm_parameter" "u-cs-ecs" {
-#  name = "/unity/account/ecs/execution_role_arn"
-#}
-
-module "base" {
-  source                   = ""
-  project                  = var.project
-  venue                    = var.venue
-  subsystem                = var.subsystem
-  capability               = var.capability
-  custom_url               = var.custom_url
-  groups                   = var.groups
-  api                      = var.api
-  component                = var.component
-  desired_count            = var.desired_count
-  app_protocol             = var.app_protocol
-  app_listening_port       = var.app_listening_port
-  environment              = local.environment_vars
-  ecr_uri                  = var.ecr_uri
-  docker_image_name        = var.docker_image_name
-  docker_image_tag         = var.docker_image_tag
-  max_capacity             = var.max_capacity
-  app_one_ecs              = var.app_one_ecs
-  instance_type            = var.instance_type
-  ebs_block_device_size    = var.ebs_block_device_size
-  root_block_device_size   = var.root_block_device_size
-  ebs_mount_directory      = var.ebs_mount_directory
-  application_endpoint_url = var.application_endpoint_url
-  terraform_app_commit     = var.terraform_app_commit
-  deployment_method        = var.deployment_method
-  secrets                  = local.secrets
-  docker_volume_path       = var.docker_volume_path
-  efs_config = {
-    efs_id             = var.efs_id
-    efs_root_directory = var.efs_root_directory
-  }
-}
-
-locals {
-  subnet_map = jsondecode(data.aws_ssm_parameter.subnet_list.value)
-  subnet_ids = nonsensitive(local.subnet_map["private"])
-  public_subnet_ids = nonsensitive(local.subnet_map["public"])
-}
-
-
-# Application environment variables
-locals {
-  environment_vars = {
-    AWS_DEFAULT_REGION      = module.base.aws_region
-    DOMAIN                  = module.base.cname
-    SERVER                  = var.server
-    AUTH                    = var.auth
-    NODE_ENV                = var.node_env
-    DB_HOST                 = var.db_host
-    DB_PORT                 = var.db_port
-    DB_NAME                 = var.db_name
-    DB_USER                 = var.db_user
-    PORT                    = var.app_listening_port
-    DB_POOL_MAX             = var.db_pool_max
-    DB_POOL_TIMEOUT         = var.db_pool_timeout
-    DB_POOL_IDLE            = var.db_pool_idle
-    CSSO_GROUPS             = var.csso_groups
-    VERBOSE_LOGGING         = var.verbose_logging
-    FRAME_ANCESTORS         = var.frame_ancestors
-    FRAME_SRC               = var.frame_src
-    THIRD_PARTY_COOKIES     = var.third_party_cookies
-    ROOT_PATH               = var.root_path
-    WEBSOCKET_ROOT_PATH     = var.websocket_root_path
-    CLEARANCE_NUMBER        = var.clearance_number
-    DISABLE_LINK_SHORTENER  = var.disable_link_shortener
-    HIDE_CONFIG             = var.hide_config
-    FORCE_CONFIG_PATH       = var.force_config_path
-    LEADS                   = "[${join(", ", formatlist("\"%s\"", var.leads))}]"
-    ENABLE_MMGIS_WEBSOCKETS = var.enable_mmgis_websockets
-    ENABLE_CONFIG_WEBSOCKETS = var.enable_config_websockets
-    ENABLE_CONFIG_OVERRIDE  = var.enable_config_override
-    MAIN_MISSION            = var.main_mission
-    SKIP_CLIENT_INITIAL_LOGIN = var.skip_client_initial_login
-    GENERATE_SOURCEMAP      = var.generate_sourcemap
-    SPICE_SCHEDULED_KERNEL_DOWNLOAD = var.spice_scheduled_kernel_download
-    SPICE_SCHEDULED_KERNEL_DOWNLOAD_ON_START = var.spice_scheduled_kernel_download_on_start
-    SPICE_SCHEDULED_KERNEL_cron_expr = var.spice_scheduled_kernel_cron_expr
-  }
-}
-
-locals {
-  secrets = {
-    SECRET       = var.secret
-    DB_PASS      = var.db_pass
-  }
-}
\ No newline at end of file
diff --git a/sds/unity/terraform/add-mmgis.sh b/sds/unity/terraform/modules/ec2-docker/add-mmgis.sh
similarity index 100%
rename from sds/unity/terraform/add-mmgis.sh
rename to sds/unity/terraform/modules/ec2-docker/add-mmgis.sh
diff --git a/sds/unity/terraform/modules/ec2-docker/bk.tf b/sds/unity/terraform/modules/ec2-docker/bk.tf
new file mode 100644
index 00000000..d464a42b
--- /dev/null
+++ b/sds/unity/terraform/modules/ec2-docker/bk.tf
@@ -0,0 +1,44 @@
+locals {
+    block_device_path = "/dev/sdh"
+}
+
+resource "aws_iam_instance_profile" "unity_mmgis_instance_profile" {
+  name = "unity-mmgis-instance-profile-tf"
+
+  role = var.role
+
+  tags = {
+    Name = "unity_mmgis_instance_profile"
+  }
+}
+
+resource "aws_ebs_volume" "persistent" {
+    availability_zone = aws_instance.unity_mmgis_instance.availability_zone
+    size = var.persistent_volume_size_gb
+}
+
+resource "aws_volume_attachment" "persistent" {
+    device_name = local.block_device_path
+    volume_id = aws_ebs_volume.persistent.id
+    instance_id = aws_instance.unity_mmgis_instance.id
+}
+
+
+resource "aws_instance" "unity_mmgis_instance" {
+  ami           = var.ami
+  instance_type = var.instance_type
+
+  tags = {
+    Name = "unity-mmgis-instance-tf"
+  }
+
+  key_name = var.key_name
+
+  vpc_security_group_ids = [var.sg_id]
+
+  subnet_id = var.subnet_id
+
+  iam_instance_profile = aws_iam_instance_profile.unity_mmgis_instance_profile.name
+
+  user_data = file("./modules/ec2-docker/add-mmgis.sh")
+}
\ No newline at end of file
diff --git a/sds/unity/terraform/lb.tf b/sds/unity/terraform/modules/ec2-docker/lb.tf
similarity index 100%
rename from sds/unity/terraform/lb.tf
rename to sds/unity/terraform/modules/ec2-docker/lb.tf
diff --git a/sds/unity/terraform/modules/ec2-docker/main.tf b/sds/unity/terraform/modules/ec2-docker/main.tf
new file mode 100644
index 00000000..d727f240
--- /dev/null
+++ b/sds/unity/terraform/modules/ec2-docker/main.tf
@@ -0,0 +1,18 @@
+data "aws_ssm_parameter" "vpc_id" {
+  name = "/unity/account/network/vpc_id"
+}
+
+data "aws_ssm_parameter" "subnet_list" {
+  name = "/unity/account/network/subnet_list"
+}
+
+#data "aws_ssm_parameter" "u-cs-ecs" {
+#  name = "/unity/account/ecs/execution_role_arn"
+#}
+
+
+locals {
+  subnet_map = jsondecode(data.aws_ssm_parameter.subnet_list.value)
+  subnet_ids = nonsensitive(local.subnet_map["private"])
+  public_subnet_ids = nonsensitive(local.subnet_map["public"])
+}
\ No newline at end of file
diff --git a/sds/unity/terraform/output.tf b/sds/unity/terraform/modules/ec2-docker/output.tf
similarity index 71%
rename from sds/unity/terraform/output.tf
rename to sds/unity/terraform/modules/ec2-docker/output.tf
index 29a42d63..7136f944 100644
--- a/sds/unity/terraform/output.tf
+++ b/sds/unity/terraform/modules/ec2-docker/output.tf
@@ -3,77 +3,77 @@
 # https://www.terraform.io/docs/providers/aws/r/instance.html
 output "id" {
     description = "The instance ID"
-    value = aws_instance.this.id
+    value = aws_instance.unity_mmgis_instance.id
 }
 
 output "arn" {
     description = "The ARN of the instance"
-    value = aws_instance.this.arn
+    value = aws_instance.unity_mmgis_instance.arn
 }
 
 output "availability_zone" {
     description = "The availability zone of the instance"
-    value = aws_instance.this.availability_zone
+    value = aws_instance.unity_mmgis_instance.availability_zone
 }
 
 output "placement_group" {
     description = "The placement group of the instance"
-    value = aws_instance.this.placement_group
+    value = aws_instance.unity_mmgis_instance.placement_group
 }
 
 output "public_dns" {
     description = "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC"
-    value = aws_instance.this.public_dns
+    value = aws_instance.unity_mmgis_instance.public_dns
 }
 
 output "public_ip" {
     description  = "The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use public_ip, as this field will change after the EIP is attached."
-    value = aws_instance.this.public_ip
+    value = aws_instance.unity_mmgis_instance.public_ip
 }
 
 output "ipv6_addresses" {
     description = "A list of assigned IPv6 addresses, if any"
-    value = aws_instance.this.ipv6_addresses
+    value = aws_instance.unity_mmgis_instance.ipv6_addresses
 }
 
 output "primary_network_interface_id" {
     description = "The ID of the instance's primary network interface"
-    value = aws_instance.this.primary_network_interface_id
+    value = aws_instance.unity_mmgis_instance.primary_network_interface_id
 }
 
 output "private_dns" {
     description = " The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC"
-    value = aws_instance.this.private_dns
+    value = aws_instance.unity_mmgis_instance.private_dns
 }
 
 output "private_ip" {
     description = "The private IP address assigned to the instance"
-    value = aws_instance.this.private_ip
+    value = aws_instance.unity_mmgis_instance.private_ip
 }
 
 output "security_groups" {
     description = " The associated security groups."
-    value = aws_instance.this.security_groups
+    value = aws_instance.unity_mmgis_instance.security_groups
 }
 
 output "vpc_security_group_ids" {
     description = "The associated security groups in non-default VPC."
-    value = aws_instance.this.vpc_security_group_ids
+    value = aws_instance.unity_mmgis_instance.vpc_security_group_ids
 }
 
 output "subnet_id" {
     description = "The VPC subnet ID."
-    value = aws_instance.this.subnet_id
+    value = aws_instance.unity_mmgis_instance.subnet_id
 }
 
 output "credit_specification" {
     description = " Credit specification of instance."
-    value = aws_instance.this.credit_specification
+    value = aws_instance.unity_mmgis_instance.credit_specification
 }
 
 output "instance_state" {
     description = "The state of the instance. One of: pending, running, shutting-down, terminated, stopping, stopped. See Instance Lifecycle for more information."
-    value = aws_instance.this.instance_state
+    value = aws_instance.unity_mmgis_instance.instance_state
 }
 
 # TODO: This is a list with the `aws_instance` resource and we are just
diff --git a/sds/unity/terraform/modules/ec2-docker/variables.tf b/sds/unity/terraform/modules/ec2-docker/variables.tf
new file mode 100644
index 00000000..84cbbccb
--- /dev/null
+++ b/sds/unity/terraform/modules/ec2-docker/variables.tf
@@ -0,0 +1,108 @@
+variable role {
+    type = string
+    default = "unset"
+}
+
+variable vpc_id {
+    type = string
+    default = "unset"
+}
+
+variable subnet_ids {
+    type = list
+    default = ["unset"]
+}
+
+variable ami {
+    type = string
+    default = "unset"
+}
+
+variable sg_id {
+    type = string
+    default = "unset"
+}
+
+### 
+
+variable "name" {
+    description = "Name to be used on all resources"
+    type = string
+    default = "mmgis"
+}
+
+variable "description" {
+    description = "Description of the service for systemd"
+    type = string
+    default = ""
+}
+
+variable "availability_zone" {
+    description = "The availability zone for both the AWS instance and the EBS volume."
+    type = string
+    default = "us-gov-west-1"
+}
+
+variable "systemd_after_stage" {
+    description = "When to run our container. This usually does not need to change."
+    type = string
+    default = "network.target"
+}
+
+variable "user" {
+    description = "What user to run as. You will need to run as root to use one of the lower ports."
+    type = string
+    default = "root"
+}
+
+variable "key_name" {
+    description = "Name of the SSH key to log in with"
+    type = string
+    default = "mmgis-sds.ssh"
+}
+
+variable "instance_type" {
+    description = "The default AWS instance size to run these containers on"
+    type = string
+    default = "t3.medium"
+}
+
+variable "docker_compose_str" {
+    description = "The entire docker compose file to write."
+    type = string
+}
+
+variable "subnet_id" {
+    description = "The VPC subnet to launch the instance in"
+    type = string
+}
+
+variable "vpc_security_group_ids" {
+    description = "The security groups that the instance should have"
+    type = list(string)
+    default = []
+}
+
+variable "iam_instance_profile" {
+    description = "The name of the IAM instance profile to give to the EC2 instance"
+    type = string
+    default = ""
+}
+
+variable "associate_public_ip_address" {
+    description = "Whether to associate a public IP address in the VPC"
+    type = bool
+    default = false
+}
+
+variable "persistent_volume_size_gb" {
+    description = "The size of the volume mounted"
+    type = number
+    default = 20
+}
+
+variable "persistent_volume_mount_path" {
+    description = "Where on the filesystem to mount our persistent volume"
+    type = string
+    default = "/persistent"
+}
\ No newline at end of file
diff --git a/sds/unity/terraform/terraform.tf b/sds/unity/terraform/terraform.tf
index e8dd1a6e..16de1b9b 100644
--- a/sds/unity/terraform/terraform.tf
+++ b/sds/unity/terraform/terraform.tf
@@ -1,8 +1,17 @@
+provider "aws" {
+  region = var.region
+  profile = var.profile
+
+  default_tags {
+    tags = var.common_tags
+  }
+}
+
 # ===== OUR MAGIC DOCKER-COMPOSE.YML FILE HERE =====
 # It is also possible to get Terraform to read an external `docker-compose.yml`
 # file and load it into this variable.
 # We'll be showing off a demo nginx page.
-variable "example_docker_compose" {
+variable "docker-compose" {
     type = string
     default =  <<EOF
 version: "3"
@@ -16,7 +25,42 @@ services:
       - /var/www/html/Missions/:/usr/src/app/Missions
   mmgis.db:
     image: postgis/postgis:10-2.5-alpine
-    env_file: .env
+    environment:
+      - POSTGRES_PASSWORD         = var.db_pass
+      - SERVER                    = var.server
+      - AUTH                      = var.auth
+      - NODE_ENV                  = var.node_env
+      - DB_HOST                   = var.db_host
+      - DB_PORT                   = var.db_port
+      - DB_NAME                   = var.db_name
+      - DB_USER                   = var.db_user
+      - PORT                      = var.app_listening_port
+      - DB_POOL_MAX               = var.db_pool_max
+      - DB_POOL_TIMEOUT           = var.db_pool_timeout
+      - DB_POOL_IDLE              = var.db_pool_idle
+      - CSSO_GROUPS               = var.csso_groups
+      - VERBOSE_LOGGING           = var.verbose_logging
+      - FRAME_ANCESTORS           = var.frame_ancestors
+      - FRAME_SRC                 = var.frame_src
+      - THIRD_PARTY_COOKIES       = var.third_party_cookies
+      - ROOT_PATH                 = var.root_path
+      - WEBSOCKET_ROOT_PATH       = var.websocket_root_path
+      - CLEARANCE_NUMBER          = var.clearance_number
+      - DISABLE_LINK_SHORTENER    = var.disable_link_shortener
+      - HIDE_CONFIG               = var.hide_config
+      - FORCE_CONFIG_PATH         = var.force_config_path
+      - LEADS                     = var.leads
+      - ENABLE_MMGIS_WEBSOCKETS   = var.enable_mmgis_websockets
+      - ENABLE_CONFIG_WEBSOCKETS  = var.enable_config_websockets
+      - ENABLE_CONFIG_OVERRIDE    = var.enable_config_override
+      - MAIN_MISSION              = var.main_mission
+      - SKIP_CLIENT_INITIAL_LOGIN = var.skip_client_initial_login
+      - GENERATE_SOURCEMAP        = var.generate_sourcemap
+      - SPICE_SCHEDULED_KERNEL_DOWNLOAD = var.spice_scheduled_kernel_download
+      - SPICE_SCHEDULED_KERNEL_DOWNLOAD_ON_START = var.spice_scheduled_kernel_download_on_start
+      - SPICE_SCHEDULED_KERNEL_cron_expr = var.spice_scheduled_kernel_cron_expr
+      - SECRET                    = var.secret
+      - DB_PASS                   = var.db_pass
     ports:
       - 5432:5432
     restart: on-failure
@@ -43,7 +87,7 @@ resource "aws_route" "prod__to_internet" {
 
 resource "aws_subnet" "prod" {
   vpc_id = aws_vpc.prod.id
-  availability_zone = "us-east-1a"
+  availability_zone = var.region
   cidr_block = "10.0.0.0/18"
   map_public_ip_on_launch = true
   depends_on = [aws_internet_gateway.prod]
@@ -68,17 +112,17 @@ resource "aws_security_group" "allow_http" {
     }
 }
 
-# Make sure to download the other files into the `modules/one_docker_instance_on_ec2`
+# Make sure to download the other files into the `modules/ec2-docker`
 # directory
-module "run_docker_example" {
-    source =  "./modules/one_docker_instance_on_ec2"
-    name = "one_docker_instance_on_ec2_demo"
-    key_name = "name_of_your_ssh_key_here"
-    instance_type = "t3.nano"
-    docker_compose_str = var.example_docker_compose
+module "run-mmgis-ec2-docker" {
+    source =  "./modules/ec2-docker"
+    name = "mmgis-ec2-docker"
+    key_name = var.key_name
+    instance_type = "t3.medium"
+    docker_compose_str = var.docker-compose
     subnet_id = aws_subnet.prod.id
     availability_zone = aws_subnet.prod.availability_zone
     vpc_security_group_ids = [aws_security_group.allow_http.id]
     associate_public_ip_address = true
-    persistent_volume_size_gb = 1
+    persistent_volume_size_gb = 20 
 }
\ No newline at end of file
diff --git a/sds/unity/terraform/terraform.tfvars b/sds/unity/terraform/terraform.tfvars
new file mode 100644
index 00000000..0b95c95d
--- /dev/null
+++ b/sds/unity/terraform/terraform.tfvars
@@ -0,0 +1,6 @@
+deployment_name = "mmgis"
+mgmt_dns = ""
+tags = { name = "mmgis" }
+secret = "secret"
+db_user = "postgres"
+db_pass = "postgres"
\ No newline at end of file
diff --git a/sds/unity/terraform/variables.tf b/sds/unity/terraform/variables.tf
index fa0e001a..36586bc9 100644
--- a/sds/unity/terraform/variables.tf
+++ b/sds/unity/terraform/variables.tf
@@ -1,13 +1,32 @@
 # UNITY
+variable "region" {
+  description = "AWS region"
+  type = string
+  default = "us-gov-west-1"
+}
+
+variable "profile" {
+  description = "AWS profile"
+  type = string
+  default = "unset"
+}
+
+variable "common_tags" {
+  description = "Common AWS Tags"
+  type = map(string)
+  default = {}
+}
 
 variable "tags" {
   description = "AWS Tags"
   type = map(string)
+  default = {}
 }
 
 variable "deployment_name" {
   description = "The deployment name"
   type        = string
+  default = "mmgis"
 }
 
 variable "mgmt_dns" {
@@ -35,87 +54,10 @@ variable "installprefix" {
 
 # INFRASTRUCTURE
 
-variable "name" {
-    description = "Name to be used on all resources"
-    type = string
-}
-
-variable "description" {
-    description = "Description of the service for systemd"
-    type = string
-    default = ""
-}
-
-variable "availability_zone" {
-    description = "The availability zone for both the AWS instance and the EBS volume."
-    type = string
-}
-
-variable "systemd_after_stage" {
-    description = "When to run our container. This usually does not need to change."
-    type = string
-    default = "network.target"
-}
-
-variable "user" {
-    description = "What user to run as. You will need to run as root to use one of the lower ports."
-    type = string
-    default = "root"
-}
-
-variable "tags" {
-    description = "Tags to put on the EC2 instance"
-    type = map(string)
-    default = {}
-}
-
 variable "key_name" {
     description = "Name of the SSH key to log in with"
     type = string
-}
-
-variable "instance_type" {
-    description = "The default AWS instance size to run these containers on"
-    type = string
-}
-
-variable "docker_compose_str" {
-    description = "The entire docker compose file to write."
-    type = string
-}
-
-variable "subnet_id" {
-    description = "The VPC subnet to launch the instance in"
-    type = string
-}
-
-variable "vpc_security_group_ids" {
-    description = "The security groups that the instance should have"
-    type = list(string)
-    default = []
-}
-
-variable "iam_instance_profile" {
-    description = "The name of the IAM instance profile to give to the EC2 instance"
-    type = string
-    default = ""
-}
-
-variable "associate_public_ip_address" {
-    description = "Whether to associate a public IP address in the VPC"
-    type = bool
-    default = false
-}
-
-variable "persistent_volume_size_gb" {
-    description = "The size of the volume mounted"
-    type = number
-}
-
-variable "persistent_volume_mount_path" {
-    description = "Where on the filesystem to mount our persistent volume"
-    type = string
-    default = "/persistent"
+    default = "mmgis-sds.ssh"
 }
 
 # MMGIS
@@ -131,29 +73,33 @@ variable "node_env" {
 }
 variable "secret" {
   description = "Some random string"
+  sensitive = true
 }
 variable "db_host" {
   description = "postgres db endpoint"
+  default = "db"
 }
 variable "db_port" {
-  description = "need more info"
+  description = "postgres db port"
   default     = 5432
 }
 variable "db_name" {
   description = "postgres db name"
+  default = "db"
 }
 variable "db_user" {
   description = "postgres db user"
 }
 variable "db_pass" {
   description = "postgres db password"
+  sensitive = true
 }
 variable "port" {
   description = "Port to run on"
   default = 3000
 }
 variable "db_pool_max" {
-  description = "Max number connections in the database’s pool. CPUs * 4 is a good number"
+  description = "Max number connections in the database's pool. CPUs * 4 is a good number"
   default = 10
 }
 variable "db_pool_timeout" {
@@ -175,20 +121,22 @@ variable "verbose_logging" {
 }
 variable "frame_ancestors" {
   description = "Sets the Content-Security-Policy: frame-ancestors header to allow the embedding of MMGIS in the specified external sites"
+  default = false
 }
 variable "frame_src" {
   description = "Sets the Content-Security-Policy: frame-src header to allow the embedding iframes from external origins into MMGIS"
+  default = false
 }
 variable "third_party_cookies" {
   description = "Sets 'SameSite=None; Secure' on the login cookie. Useful when using AUTH=local as an iframe within a cross-origin page."
   default     = false
 }
 variable "root_path" {
-  description = "Set MMGIS to be deployed under a subpath. For example if serving at the subpath ‘https://{domain}/path/where/I/serve/mmgis’ is desired, set ROOT_PATH=/path/where/I/serve/mmgis. If no subpath, leave blank."
+  description = "Set MMGIS to be deployed under a subpath. For example if serving at the subpath 'https://{domain}/path/where/I/serve/mmgis' is desired, set ROOT_PATH=/path/where/I/serve/mmgis. If no subpath, leave blank."
   default     = ""
 }
 variable "websocket_root_path" {
-  description = "Overrides ROOT_PATH's use when the client connects via websocket. Websocket url: ${ws_protocol}://${window.location.host}${WEBSOCKET_ROOT_PATH || ROOT_PATH || ''}/"
+  description = "Overrides ROOT_PATH's use when the client connects via websocket. Websocket url: {ws_protocol}://{window.location.host}{WEBSOCKET_ROOT_PATH || ROOT_PATH || ''}/"
   default     = ""
 }
 variable "clearance_number" {