From 13415c568245f5e424c349e5097d8763d9ec62fe Mon Sep 17 00:00:00 2001
From: smohiuddin3 <smohiuddin3@gatech.edu>
Date: Wed, 24 May 2023 09:13:00 -0600
Subject: [PATCH 1/8] tf changes

---
 terraform/features-api/.gitignore             |   3 +
 terraform/features-api/.terraform.lock.hcl    |  80 +++++++++
 terraform/features-api/dns.tf                 |  34 ++++
 terraform/features-api/ecr.tf                 |  10 ++
 terraform/features-api/ecs_api.tf             | 121 +++++++++++++
 .../lambda_function.py                        |  57 ++++++
 .../requirements.txt                          |   1 +
 terraform/features-api/github_deploy_user.tf  |  32 ++++
 terraform/features-api/init.tf                |  24 +++
 .../features-api/load_balancer_west_2.tf      | 127 +++++++++++++
 terraform/features-api/outputs.tf             |  23 +++
 terraform/features-api/rds.tf                 |  65 +++++++
 .../features-api/s3_event_bridge_lambda.tf    | 167 ++++++++++++++++++
 terraform/features-api/secret_manager.tf      |  34 ++++
 terraform/features-api/variables.tf           |  50 ++++++
 terraform/features-api/vars/dev.tf            |  14 ++
 terraform/features-api/vars/staging.tf        |  13 ++
 terraform/features-api/vpc.tf                 |  41 +++++
 18 files changed, 896 insertions(+)
 create mode 100644 terraform/features-api/.gitignore
 create mode 100644 terraform/features-api/.terraform.lock.hcl
 create mode 100644 terraform/features-api/dns.tf
 create mode 100644 terraform/features-api/ecr.tf
 create mode 100644 terraform/features-api/ecs_api.tf
 create mode 100644 terraform/features-api/functions/s3_event_bridge_to_sfn_execute/lambda_function.py
 create mode 100644 terraform/features-api/functions/s3_event_bridge_to_sfn_execute/requirements.txt
 create mode 100644 terraform/features-api/github_deploy_user.tf
 create mode 100644 terraform/features-api/init.tf
 create mode 100644 terraform/features-api/load_balancer_west_2.tf
 create mode 100644 terraform/features-api/outputs.tf
 create mode 100644 terraform/features-api/rds.tf
 create mode 100644 terraform/features-api/s3_event_bridge_lambda.tf
 create mode 100644 terraform/features-api/secret_manager.tf
 create mode 100755 terraform/features-api/variables.tf
 create mode 100644 terraform/features-api/vars/dev.tf
 create mode 100644 terraform/features-api/vars/staging.tf
 create mode 100644 terraform/features-api/vpc.tf

diff --git a/terraform/features-api/.gitignore b/terraform/features-api/.gitignore
new file mode 100644
index 0000000..4056b35
--- /dev/null
+++ b/terraform/features-api/.gitignore
@@ -0,0 +1,3 @@
+*.tfstate
+.terraform
+*.zip
diff --git a/terraform/features-api/.terraform.lock.hcl b/terraform/features-api/.terraform.lock.hcl
new file mode 100644
index 0000000..a758db9
--- /dev/null
+++ b/terraform/features-api/.terraform.lock.hcl
@@ -0,0 +1,80 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/archive" {
+  version = "2.3.0"
+  hashes = [
+    "h1:pTPG9Kf1Qg2aPsZLXDa6OvLqsEXaMrKnp0Z4Q/TIBPA=",
+    "zh:0869128d13abe12b297b0cd13b8767f10d6bf047f5afc4215615aabc39c2eb4f",
+    "zh:481ed837d63ba3aa45dd8736da83e911e3509dee0e7961bf5c00ed2644f807b3",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:9f08fe2977e2166849be24fb9f394e4d2697414d463f7996fd0d7beb4e19a29c",
+    "zh:9fe566deeafd460d27999ca0bbfd85426a5fcfcb40007b23884deb76da127b6f",
+    "zh:a1bd9a60925d9769e0da322e4523330ee86af9dc2e770cba1d0247a999ef29cb",
+    "zh:bb4094c8149f74308b22a87e1ac19bcccca76e8ef021b571074d9bccf1c0c6f0",
+    "zh:c8984c9def239041ce41ec8e19bbd76a49e74ed2024ff736dad60429dee89bcc",
+    "zh:ea4bb5ae73db1de3a586e62f39106f5e56770804a55aa5e6b4f642df973e0e75",
+    "zh:f44a9d596ecc3a8c5653f56ba0cd202ad93b49f76767f4608daf7260b813289e",
+    "zh:f5c5e6cc9f7f070020ab7d95fcc9ed8e20d5cf219978295a71236e22cbb6d508",
+    "zh:fd2273f51dcc8f43403bf1e425ba9db08a57c3ddcba5ad7a51742ccde21ca611",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "4.58.0"
+  constraints = "~> 4.0"
+  hashes = [
+    "h1:znLROwEAINbYzAG5X7Ep04whM7KxkQGrvhFdhSvNKEk=",
+    "zh:14b2b2dfbc7ee705c412d762b1485ee08958c816a64ac74f5769e946e4a1d265",
+    "zh:17a37e6825e2023b18987d31c0cbb9336654ea146b68e6c90710ea4636af71ae",
+    "zh:273127c69fb244577e5c136c46164d34f77b0c956c18d27f63d1072dd558f924",
+    "zh:4b2b6416d34fb3e1051c99d2a84045b136976140e34381d5fbf90e32db15272e",
+    "zh:7e6a8571ff15d51f892776265642ee01004b8553fd4f6f2014b6f3f2834670c7",
+    "zh:847c76ab2381b66666d0f79cf1ac697b5bfd0d9c3009fd11bc6ad6545d1eb427",
+    "zh:9a52cae08ba8d27d0639a8d2b8c61591027883058bf0cc5a639cffe1e299f019",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:9df647e8322d6f94f1843366ba39d21c4b36c8e7dcdc03711d52e27f73b0e974",
+    "zh:9e52037e68409802ff913b166c30e3f2035af03865cbef0c1b03762bce853941",
+    "zh:a30288e7c3c904d6998d1709835d7c5800a739f8608f0837f960286a2b8b6e59",
+    "zh:a7f24e3bda3be566468e4ad62cef1016f68c6f5a94d2e3e979485bc05626281b",
+    "zh:ba326ba80f5e39829b67a6d1ce54ba52b171e5e13a0a91ef5f9170a9b0cc9ce4",
+    "zh:c4e3fe9f2be6e244a3dfce599f4b0be9e8fffaece64cbc65f3195f825f65489b",
+    "zh:f20a251af37039bb2c7612dbd2c5df3a25886b4cc78f902385a2850ea6e30d08",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/random" {
+  version = "3.4.3"
+  hashes = [
+    "h1:tL3katm68lX+4lAncjQA9AXL4GR/VM+RPwqYf4D2X8Q=",
+    "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
+    "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
+    "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
+    "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
+    "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
+    "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
+    "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
+    "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
+    "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
+    "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/template" {
+  version = "2.2.0"
+  hashes = [
+    "h1:0wlehNaxBX7GJQnPfQwTNvvAf38Jm0Nv7ssKGMaG6Og=",
+    "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
+    "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
+    "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
+    "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
+    "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
+    "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
+    "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
+    "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
+    "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
+    "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
+  ]
+}
diff --git a/terraform/features-api/dns.tf b/terraform/features-api/dns.tf
new file mode 100644
index 0000000..9ad8883
--- /dev/null
+++ b/terraform/features-api/dns.tf
@@ -0,0 +1,34 @@
+data "aws_route53_zone" "zone" {
+  provider = aws.west2
+  name     = var.dns_zone_name
+}
+
+resource "aws_acm_certificate" "cert" {
+  provider = aws.west2
+  domain_name               = "*.${data.aws_route53_zone.zone.name}"
+  validation_method         = "DNS"
+  tags                      = var.tags
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_route53_record" "subdomain_record" {
+  provider = aws.west2
+  name     = "${var.dns_subdomain}.${data.aws_route53_zone.zone.name}"
+  zone_id  = data.aws_route53_zone.zone.id
+  type     = "A"
+
+  alias {
+    name                   = aws_alb.alb_ecs.dns_name
+    zone_id                = aws_alb.alb_ecs.zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_lb_listener_certificate" "cert" {
+  provider = aws.west2
+  listener_arn    = aws_alb_listener.alb_listener_ecs.arn
+  certificate_arn = aws_acm_certificate.cert.arn
+}
\ No newline at end of file
diff --git a/terraform/features-api/ecr.tf b/terraform/features-api/ecr.tf
new file mode 100644
index 0000000..5d8d7ab
--- /dev/null
+++ b/terraform/features-api/ecr.tf
@@ -0,0 +1,10 @@
+module "ecr_registry" {
+  source = "github.com/developmentseed/tf-seed/modules/aws_ecr"
+  environment              = var.env
+  registry_name            = var.registry_name
+  enable_registry_scanning = true
+  mutable_image_tags       = true
+  enable_deploy_user       = true
+  iam_deploy_username      = aws_iam_user.deploy_user.name
+  tags = var.tags
+}
\ No newline at end of file
diff --git a/terraform/features-api/ecs_api.tf b/terraform/features-api/ecs_api.tf
new file mode 100644
index 0000000..a791f6e
--- /dev/null
+++ b/terraform/features-api/ecs_api.tf
@@ -0,0 +1,121 @@
+module "ecs_cluster" {
+  source = "../modules/aws_ecs_service"
+  environment = var.env
+  region      = var.region
+  vpc_id      = module.networking.vpc_id
+  subnet_ids  = module.networking.private_subnets_id
+
+  service_name       = "${var.project_name}-service"
+  service_port       = var.service_port
+  service_protocol   = "tcp"
+  cpu                = 2048
+  memory             = 4096
+  instance_count     = 1
+  log_retention_days = 60
+
+  container_command           = ["/bin/bash", "startup.sh"]
+  container_working_directory = "/tmp/"
+
+  container_secrets = [
+    {
+      name = "AWS_CONFIG"
+      valueFrom = aws_secretsmanager_secret.config.arn
+    },
+    {
+      name = "DB_CONFIG"
+      valueFrom = aws_secretsmanager_secret.db_config.arn
+    },
+  ]
+
+  container_environment = [
+    {
+      name  = "ENVIRONMENT"
+      value = var.env
+    },
+    {
+      name  = "IS_ECS"
+      value = "True"
+    },
+    {
+      name = "OTEL_PROPAGATORS"
+      value = "xray"
+    },
+    {
+      name = "OTEL_PYTHON_ID_GENERATOR"
+      value = "xray"
+    },
+    {
+      name = "OTEL_RESOURCE_ATTRIBUTES"
+      value = "service.name=veda-wfs3-${var.env}"
+    },
+    {
+      name = "OTEL_RESOURCE_ATTRIBUTES"
+      value = "service.name=veda-wfs3-${var.env}"
+    },
+    {
+      name = "OTEL_TRACES_SAMPLER"
+      value = "traceidratio"
+    },
+    {
+      name = "OTEL_TRACES_SAMPLER_ARG"
+      value = "0.5"
+    },
+    {
+      name = "FORWARDED_ALLOW_IPS"
+      value = "*"
+    },
+    {
+      // stupid hack b/c of FastAPI and Starlette bug
+      name = "FAST_API_SCHEME"
+      value = var.env == "west2-staging" ? "https" : "http"
+    }
+  ]
+
+  container_ingress_cidrs = ["0.0.0.0/0"]
+  container_ingress_sg_ids = []
+
+  use_adot_as_sidecar = true
+  use_ecr = true
+  ecr_repository_name = module.ecr_registry.registry_name
+  image = "${module.ecr_registry.repository_url}:latest"
+
+  load_balancer = true
+  lb_type = "application"
+  lb_target_group_arn = aws_alb_target_group.alb_target_group.arn
+  lb_security_group_id = aws_security_group.web_inbound_sg.id
+  lb_container_port = var.service_port
+
+  tags = var.tags
+}
+
+##############################################################
+# The ECS task execution role represented by the output
+# `module.ecs_cluster.ecs_execution_role_id`
+# requires additional policies depending on what it needs
+# to access in AWS. Hence the attachments below
+##############################################################
+
+##############################################################
+# give acess to AWS secret manager to access
+# `container_secrets` pumped into the task above
+#
+data "aws_iam_policy_document" "api_ecs_execution_attachment" {
+  statement {
+    actions = [
+      "secretsmanager:DescribeSecret",
+      "secretsmanager:GetSecretValue",
+      "kms:Decrypt",
+    ]
+
+    resources = [
+      aws_secretsmanager_secret.config.arn,
+      aws_secretsmanager_secret.db_config.arn
+    ]
+  }
+}
+
+resource "aws_iam_role_policy" "api_ecs_execution_role_policy" {
+  name   = "${var.project_name}-api-access-secret-manager"
+  role   = module.ecs_cluster.ecs_execution_role_id
+  policy = data.aws_iam_policy_document.api_ecs_execution_attachment.json
+}
diff --git a/terraform/features-api/functions/s3_event_bridge_to_sfn_execute/lambda_function.py b/terraform/features-api/functions/s3_event_bridge_to_sfn_execute/lambda_function.py
new file mode 100644
index 0000000..d524d83
--- /dev/null
+++ b/terraform/features-api/functions/s3_event_bridge_to_sfn_execute/lambda_function.py
@@ -0,0 +1,57 @@
+import boto3
+import http.client
+import os
+import base64
+import ast
+import json
+mwaa_env_name = 'veda-pipeline-staging-mwaa'
+dag_name = 'veda_discover'
+mwaa_cli_command = 'dags trigger'
+client = boto3.client('mwaa')
+
+
+def lambda_handler(event, context):
+    for record in event['Records']:
+        print(f"[ RECORD ]: {record}")
+        s3_event_key = record['s3']['object']['key']
+        print(f"[ S3 EVENT KEY ]: {s3_event_key}")
+        s3_filename_target = os.path.split(s3_event_key)[-1]
+        print(f"[ S3 FILENAME TARGET ]: {s3_filename_target}")
+        s3_filename_no_ext = os.path.splitext(s3_filename_target)[0]
+        print(f"[ S3 FILENAME NO EXT ]: {s3_filename_no_ext}")
+
+        bucket_key_prefix = "EIS/FEDSoutput/Snapshot/"
+        if s3_filename_no_ext.startswith("lf_"):
+            bucket_key_prefix = "EIS/FEDSoutput/LFArchive/"
+
+        # get web token
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        print(f"[ CLI TOKEN ]: {mwaa_cli_token}")
+        serialized_args = json.dumps({
+                    "discovery": "s3",
+                    "collection": s3_filename_no_ext,
+                    "prefix": bucket_key_prefix,
+                    "bucket": "veda-data-store-staging",
+                    "filename_regex": f"^(.*){s3_filename_target}$",
+                    "vector": True
+        })
+        conn = http.client.HTTPSConnection(mwaa_cli_token['WebServerHostname'])
+        payload = f"{mwaa_cli_command} {dag_name} --conf '{serialized_args}'"
+        print(f"[ CLI PAYLOAD ]: {payload}")
+        headers = {
+          'Authorization': 'Bearer ' + mwaa_cli_token['CliToken'],
+          'Content-Type': 'text/plain'
+        }
+        conn.request("POST", "/aws_mwaa/cli", payload, headers)
+        res = conn.getresponse()
+        data = res.read()
+        dict_str = data.decode("UTF-8")
+        mydata = ast.literal_eval(dict_str)
+        print(f"[ DATA ]: {mydata}")
+        print(f"[ STDOUT ]: {base64.b64decode(mydata['stdout'])}")
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }
\ No newline at end of file
diff --git a/terraform/features-api/functions/s3_event_bridge_to_sfn_execute/requirements.txt b/terraform/features-api/functions/s3_event_bridge_to_sfn_execute/requirements.txt
new file mode 100644
index 0000000..1db657b
--- /dev/null
+++ b/terraform/features-api/functions/s3_event_bridge_to_sfn_execute/requirements.txt
@@ -0,0 +1 @@
+boto3
\ No newline at end of file
diff --git a/terraform/features-api/github_deploy_user.tf b/terraform/features-api/github_deploy_user.tf
new file mode 100644
index 0000000..ad737c6
--- /dev/null
+++ b/terraform/features-api/github_deploy_user.tf
@@ -0,0 +1,32 @@
+resource "aws_iam_user" "deploy_user" {
+  name = "veda-wfs3-${var.env}-deploy-user"
+  path = "/"
+  tags = var.tags
+}
+
+// NOTE: we need to have extra policies added to our
+// deploy user for Github AWS Actions to work
+resource "aws_iam_user_policy" "deploy" {
+  name   = "${var.registry_name}_deploy_extended"
+  user   = aws_iam_user.deploy_user.name
+  policy = data.aws_iam_policy_document.extended_deploy.json
+}
+
+data "aws_iam_policy_document" "extended_deploy" {
+  statement {
+    actions = [
+      "iam:PassRole",
+      "ecr:InitiateLayerUpload",
+      "ecs:RegisterTaskDefinition",
+      "ecs:DescribeServices",
+      "ecs:UpdateService",
+    ]
+
+    resources = [
+      module.ecr_registry.registry_arn,
+      module.ecs_cluster.service_cluster_arn,
+      module.ecs_cluster.service_arn,
+      module.ecs_cluster.ecs_execution_role_arn,
+    ]
+  }
+}
\ No newline at end of file
diff --git a/terraform/features-api/init.tf b/terraform/features-api/init.tf
new file mode 100644
index 0000000..ef5e99c
--- /dev/null
+++ b/terraform/features-api/init.tf
@@ -0,0 +1,24 @@
+provider "aws" {
+  alias  = "west1"
+  region = "us-west-1"
+}
+
+provider "aws" {
+  alias  = "west2"
+  region = "us-west-2"
+}
+
+terraform {
+  required_version = "1.3.9"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.0"
+    }
+  }
+  backend "s3" {
+    bucket         = "veda-wfs3-tf-state-bucket"
+    key            = "root"
+    region         = "us-west-1"
+  }
+}
diff --git a/terraform/features-api/load_balancer_west_2.tf b/terraform/features-api/load_balancer_west_2.tf
new file mode 100644
index 0000000..b9ca611
--- /dev/null
+++ b/terraform/features-api/load_balancer_west_2.tf
@@ -0,0 +1,127 @@
+
+/* security group for ALB */
+resource "aws_security_group" "web_inbound_sg" {
+  name        = "tf-${var.project_name}-${var.env}-web-inbound-sg"
+  description = "Allow HTTP from Anywhere into ALB"
+  vpc_id      = module.networking.vpc_id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 8
+    to_port     = 0
+    protocol    = "icmp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "tf-${var.project_name}-${var.env}-web-inbound-sg"
+  }
+}
+
+resource "aws_security_group" "https_web_inbound_sg" {
+  name        = "tf-${var.project_name}-${var.env}-https-web-inbound-sg"
+  description = "Allow HTTPS from Anywhere into ALB"
+  vpc_id      = module.networking.vpc_id
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 8
+    to_port     = 8
+    protocol    = "icmp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "tf-${var.project_name}-${var.env}-https-web-inbound-sg"
+  }
+}
+
+resource "aws_alb" "alb_ecs" {
+  name            = "tf-${var.project_name}-${var.env}-alb"
+  subnets         = module.networking.public_subnets_id
+  security_groups = concat(module.networking.security_groups_ids, [aws_security_group.https_web_inbound_sg.id])
+
+  tags = merge({
+    Name        = "tf-${var.project_name}-alb"
+  }, var.tags)
+}
+
+resource "aws_alb_target_group" "alb_target_group" {
+  name                 = "tf-${var.project_name}-${var.env}-tgp"
+  port                 = var.service_port
+  protocol             = "HTTP"
+  vpc_id               = module.networking.vpc_id
+  target_type          = "ip"
+  deregistration_delay = 60
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
+  health_check {
+    interval            = 60
+    path                = "/healthz"
+    port                = var.service_port
+    protocol            = "HTTP"
+    matcher             = "200"
+    timeout             = 5
+    healthy_threshold   = 2
+    unhealthy_threshold = 4
+  }
+
+  depends_on = [
+    aws_alb.alb_ecs
+  ]
+}
+
+#resource "aws_alb_listener" "alb_listener_ecs" {
+#  load_balancer_arn = aws_alb.alb_ecs.arn
+#  port              = 80
+#  protocol          = var.alb_protocol
+#  depends_on        = [aws_alb_target_group.alb_target_group]
+#
+#  default_action {
+#    target_group_arn = aws_alb_target_group.alb_target_group.arn
+#    type             = "forward"
+#  }
+#}
+
+resource "aws_alb_listener" "alb_listener_ecs" {
+  load_balancer_arn = aws_alb.alb_ecs.arn
+  port              = 443
+  protocol          = var.alb_protocol
+  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  certificate_arn   = aws_acm_certificate.cert.arn
+  depends_on        = [aws_alb_target_group.alb_target_group]
+
+  default_action {
+    target_group_arn = aws_alb_target_group.alb_target_group.arn
+    type             = "forward"
+  }
+}
\ No newline at end of file
diff --git a/terraform/features-api/outputs.tf b/terraform/features-api/outputs.tf
new file mode 100644
index 0000000..b76568d
--- /dev/null
+++ b/terraform/features-api/outputs.tf
@@ -0,0 +1,23 @@
+output "rds_hostname" {
+  description = "RDS instance hostname"
+  value       = aws_db_instance.db.address
+}
+
+output "rds_port" {
+  description = "RDS instance port"
+  value       = aws_db_instance.db.port
+}
+
+output "rds_username" {
+  description = "RDS instance root username"
+  value       = aws_db_instance.db.username
+}
+
+output "protocol_on_aws_alb_listener" {
+  description = "HTTP/HTTPS protocol on the ALB Listener"
+  value       = aws_alb_listener.alb_listener_ecs.protocol
+}
+
+output "s3_event_bridge_lambda_arn" {
+  value = "${aws_lambda_function.lambda.arn}:${aws_lambda_function.lambda.version}"
+}
diff --git a/terraform/features-api/rds.tf b/terraform/features-api/rds.tf
new file mode 100644
index 0000000..e75f047
--- /dev/null
+++ b/terraform/features-api/rds.tf
@@ -0,0 +1,65 @@
+resource "aws_db_subnet_group" "db" {
+  name       = "tf-${var.project_name}-${var.env}-subnet-group"
+  subnet_ids = module.networking.private_subnets_id
+  tags = {
+    Name = "tf-${var.project_name}-subnet-group"
+  }
+}
+
+resource "aws_db_parameter_group" "default" {
+  name   = "tf-${var.project_name}-${var.env}-postgres14-param-group"
+  family = "postgres14"
+
+  parameter {
+    name  = "work_mem"
+    # NOTE: I had `work_mem` set to ~100MB and `max_connections` around 75 and TileJSON completely failed
+    # 16MB
+    value = var.env == "staging" ? "16384" : "8192"
+  }
+
+  parameter {
+    name  = "max_connections"
+    value = "475"
+    apply_method = "pending-reboot"
+  }
+
+#  NOTE: here to show what shared_buffers are but doesn't really make sense why it won't provision with these
+#  parameter {
+#    name  = "shared_buffers"
+#    value = var.env == "staging" ? "8064856" : "4032428"
+#    apply_method = "pending-reboot"
+#  }
+
+  parameter {
+    name  = "seq_page_cost"
+    value = "1"
+  }
+
+  parameter {
+    name  = "random_page_cost"
+    value = "1.2"
+  }
+}
+
+resource "aws_db_instance" "db" {
+  db_name                  = "veda"
+  identifier               = "${var.project_name}-${var.env}"
+  engine                   = "postgres"
+  engine_version           = "14.3"
+  // https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html
+  allocated_storage        = 100
+  max_allocated_storage    = 500
+  storage_type             = "gp2"
+  instance_class           = var.env == "staging" ? "db.r5.xlarge" : "db.r5.large"
+  db_subnet_group_name     = aws_db_subnet_group.db.name
+  vpc_security_group_ids   = module.networking.security_groups_ids
+  skip_final_snapshot      = true
+  apply_immediately        = true
+  backup_retention_period  = 7
+  username                 = "postgres"
+  password                 = var.db_password
+  allow_major_version_upgrade = true
+  parameter_group_name     = aws_db_parameter_group.default.name
+}
+
+
diff --git a/terraform/features-api/s3_event_bridge_lambda.tf b/terraform/features-api/s3_event_bridge_lambda.tf
new file mode 100644
index 0000000..77ae894
--- /dev/null
+++ b/terraform/features-api/s3_event_bridge_lambda.tf
@@ -0,0 +1,167 @@
+#####################################################
+# Execution Role
+#####################################################
+resource "aws_iam_role" "lambda_exec_role" {
+  provider = aws.west2
+  name = "lambda-exec-role-s3-event-bridge-${var.project_name}-${var.env}"
+  tags = var.tags
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+###############################
+# Logging
+###############################
+resource "aws_iam_policy" "lambda_logging" {
+  provider = aws.west2
+  name        = "lambda-logging-${var.project_name}-${var.env}"
+  path        = "/"
+  description = "IAM policy for logging from a lambda"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "logs:CreateLogGroup",
+        "logs:CreateLogStream",
+        "logs:PutLogEvents"
+      ],
+      "Resource": "${aws_cloudwatch_log_group.group.arn}",
+      "Effect": "Allow"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_logs" {
+  provider = aws.west2
+  role       = aws_iam_role.lambda_exec_role.name
+  policy_arn = aws_iam_policy.lambda_logging.arn
+}
+
+###############################
+# SFN StartExecution Policy
+###############################
+resource "aws_iam_policy" "lambda_sfn_start_exec" {
+  provider = aws.west2
+  name        = "lambda-startexec-on-sfn-${var.project_name}-${var.env}"
+  path        = "/"
+  description = "IAM policy for allowing lambda to start execution on SFN"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "states:StartExecution"
+      ],
+      "Resource": "arn:aws:states:us-west-1:853558080719:stateMachine:veda-data-pipelines-dev-vector-stepfunction-discover",
+      "Effect": "Allow"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_sfn_start_exec" {
+  provider = aws.west2
+  role       = aws_iam_role.lambda_exec_role.name
+  policy_arn = aws_iam_policy.lambda_sfn_start_exec.arn
+}
+
+###############################
+# MWAA Trigger Permissions
+###############################
+resource "aws_iam_policy" "lambda_trigger_mwaa_job" {
+  provider = aws.west2
+  name        = "lambda-trigger-mwaa-${var.project_name}-${var.env}"
+  path        = "/"
+  description = "IAM policy for allowing lambda to trigger MWAA"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+      {
+          "Effect": "Allow",
+          "Action": "airflow:ListEnvironments",
+          "Resource": "*"
+      },
+      {
+          "Effect": "Allow",
+          "Action": "airflow:*",
+          "Resource": [
+              "arn:aws:airflow:us-west-2:853558080719:environment/veda-pipeline-staging-mwaa",
+              "arn:aws:airflow:us-west-2:853558080719:environment/veda-pipeline-dev-mwaa",
+              "arn:aws:airflow:us-west-2:853558080719:environment/veda-pipeline-sit-mwaa"
+          ]
+      }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_trigger_mwaa_job" {
+  provider = aws.west2
+  role       = aws_iam_role.lambda_exec_role.name
+  policy_arn = aws_iam_policy.lambda_trigger_mwaa_job.arn
+}
+
+#####################################################
+# Lambda
+#####################################################
+data "archive_file" "archive" {
+  type        = "zip"
+  source_dir  = "functions/s3_event_bridge_to_sfn_execute"
+  output_path = "s3_event_bridge_to_sfn_execute.zip"
+}
+
+resource "aws_lambda_function" "lambda" {
+  provider = aws.west2
+  filename         = "s3_event_bridge_to_sfn_execute.zip"
+  function_name    = "s3-event-bridge-to-sfn-execute-${var.project_name}-${var.env}"
+  role             = aws_iam_role.lambda_exec_role.arn
+  handler          = "lambda_function.lambda_handler"
+  source_code_hash = data.archive_file.archive.output_base64sha256
+  runtime          = "python3.7"
+  publish          = true
+  tags             = var.tags
+}
+
+resource "aws_cloudwatch_log_group" "group" {
+  provider = aws.west2
+  name              = "/aws/lambda/${aws_lambda_function.lambda.function_name}"
+  retention_in_days = 5
+  tags              = var.tags
+}
+
+#####################################################
+# RESOURCE POLICY for EVENT INVOCATION
+#####################################################
+resource "aws_lambda_permission" "s3_invoke" {
+  provider = aws.west2
+  action           = "lambda:InvokeFunction"
+  function_name    = aws_lambda_function.lambda.function_name
+  principal        = "s3.amazonaws.com"
+  statement_id     = "AllowInvocationFromS3Bucket-${var.project_name}-${var.env}"
+  source_account   = "114506680961"
+  source_arn       = "arn:aws:s3:::veda-data-store-staging"
+}
diff --git a/terraform/features-api/secret_manager.tf b/terraform/features-api/secret_manager.tf
new file mode 100644
index 0000000..49ef400
--- /dev/null
+++ b/terraform/features-api/secret_manager.tf
@@ -0,0 +1,34 @@
+########################################################################
+# Key for secrets
+########################################################################
+data "aws_kms_key" "secretsmanager" {
+  key_id = "alias/aws/secretsmanager"
+}
+
+
+########################################################################
+# Secrets
+########################################################################
+resource "random_id" "sm_suffix" {
+  byte_length = 2
+}
+
+resource "aws_secretsmanager_secret" "config" {
+  name                    = "aws-config-${random_id.sm_suffix.hex}"
+  kms_key_id              = data.aws_kms_key.secretsmanager.id
+  tags                    = var.tags
+}
+
+resource "aws_secretsmanager_secret" "db_config" {
+  name                    = "veda-wfs3-${var.env}-db-config-v3"
+  kms_key_id              = data.aws_kms_key.secretsmanager.id
+  tags                    = var.tags
+}
+
+########################################################################
+# Key/Value default to prevent task definitions from stopping at runtime
+########################################################################
+resource "aws_secretsmanager_secret_version" "default" {
+  secret_id     = aws_secretsmanager_secret.config.id
+  secret_string = jsonencode(var.default_secret)
+}
diff --git a/terraform/features-api/variables.tf b/terraform/features-api/variables.tf
new file mode 100755
index 0000000..881e5b4
--- /dev/null
+++ b/terraform/features-api/variables.tf
@@ -0,0 +1,50 @@
+variable "region" {
+}
+
+variable "registry_name" {
+}
+
+variable "env" {
+}
+
+variable "project_name" {
+}
+
+variable "tags" {
+  type        = map
+  default     = {}
+  description = "Optional tags to add to resources"
+}
+
+variable "availability_zones" {
+  type        = list
+  description = "The az that the resources will be launched"
+}
+
+variable service_port {}
+
+# Key/Value default to prevent task definitions from stopping at runtime
+variable default_secret {
+  default = {
+    noop: "noop"
+  }
+  type = map
+}
+
+variable "db_password" {
+  description = "RDS root user password"
+  type        = string
+  sensitive   = true
+}
+
+variable "dns_zone_name" {
+}
+
+variable "dns_subdomain" {
+
+}
+
+variable "alb_protocol" {}
+
+variable "vpc_id" {}
+
diff --git a/terraform/features-api/vars/dev.tf b/terraform/features-api/vars/dev.tf
new file mode 100644
index 0000000..8865d4c
--- /dev/null
+++ b/terraform/features-api/vars/dev.tf
@@ -0,0 +1,14 @@
+region             = "us-west-2"
+registry_name      = "veda-wfs3-registry"
+env                = "west2-staging"
+project_name       = "veda-wfs3"
+availability_zones = ["us-west-2a", "us-west-2b"]
+service_port       = 8080
+dns_zone_name      = "delta-backend.com"
+dns_subdomain      = "firenrt"
+alb_protocol       = "HTTPS"
+tags               = {"project": "veda", "service": "wfs3"}
+default_secret     = {
+    "noop": "boop",
+}
+vpc_id = "none"
diff --git a/terraform/features-api/vars/staging.tf b/terraform/features-api/vars/staging.tf
new file mode 100644
index 0000000..8b6ab5c
--- /dev/null
+++ b/terraform/features-api/vars/staging.tf
@@ -0,0 +1,13 @@
+region             = "us-west-2"
+registry_name      = "veda-wfs3-registry"
+env                = "west2-staging"
+project_name       = "veda-wfs3"
+availability_zones = ["us-west-2a", "us-west-2b"]
+service_port       = 8080
+dns_zone_name      = "delta-backend.com"
+dns_subdomain      = "firenrt"
+alb_protocol       = "HTTPS"
+tags               = {"project": "veda", "service": "wfs3"}
+default_secret     = {
+    "noop": "boop",
+}
diff --git a/terraform/features-api/vpc.tf b/terraform/features-api/vpc.tf
new file mode 100644
index 0000000..053d865
--- /dev/null
+++ b/terraform/features-api/vpc.tf
@@ -0,0 +1,41 @@
+module "networking" {
+  source               = "github.com/developmentseed/tf-seed/modules/networking"
+  project_name         = var.project_name
+  env                  = "${var.env}"
+  vpc_cidr             = "10.0.0.0/16"
+  public_subnets_cidr  = ["10.0.1.0/24", "10.0.2.0/24"]
+  private_subnets_cidr = ["10.0.10.0/24", "10.0.20.0/24"]
+  region               = "${var.region}"
+  availability_zones   = "${var.availability_zones}"
+  tags                 = "${var.tags}"
+}
+
+resource "aws_security_group_rule" "ecs_service_port_addon" {
+  description = "opened for ECS service port"
+  type        = "ingress"
+  from_port   = var.service_port
+  to_port     = var.service_port
+  protocol    = "tcp"
+  security_group_id        = module.networking.default_sg_id
+  source_security_group_id = module.networking.default_sg_id
+
+  lifecycle {
+    # Necessary if changing 'name' or 'name_prefix' properties.
+    create_before_destroy = true
+  }
+}
+
+resource "aws_security_group_rule" "rds_ingress_addon" {
+  description = "Allow ESC to talk to RDS"
+  type        = "ingress"
+  from_port   = 5432
+  to_port     = 5432
+  protocol    = "tcp"
+  security_group_id        = module.networking.default_sg_id
+  source_security_group_id = module.ecs_cluster.service_security_group_id
+
+  lifecycle {
+    # Necessary if changing 'name' or 'name_prefix' properties.
+    create_before_destroy = true
+  }
+}

From 1ae6e6d382e0ccf5782628c232263cf2342a9f86 Mon Sep 17 00:00:00 2001
From: smohiuddin3 <smohiuddin3@gatech.edu>
Date: Wed, 24 May 2023 09:52:23 -0600
Subject: [PATCH 2/8] tf changes

---
 terraform/features-api/.terraform.lock.hcl    |   4 +
 terraform/features-api/ecs_api.tf             |  16 +-
 .../lambda_function.py                        |  57 ------
 .../requirements.txt                          |   1 -
 terraform/features-api/init.tf                |   2 +-
 .../features-api/load_balancer_west_2.tf      |  27 ++-
 terraform/features-api/outputs.tf             |   4 -
 terraform/features-api/rds.tf                 |   4 +-
 .../features-api/s3_event_bridge_lambda.tf    | 167 ------------------
 .../{vpc.tf => security_group.tf}             |  26 +--
 terraform/features-api/vars/dev.tf            |   8 +-
 terraform/features-api/vars/staging.tf        |  26 +--
 terraform/modules/aws_ecs_service/main.tf     |  10 +-
 .../modules/aws_ecs_service/variables.tf      |   2 +
 14 files changed, 80 insertions(+), 274 deletions(-)
 delete mode 100644 terraform/features-api/functions/s3_event_bridge_to_sfn_execute/lambda_function.py
 delete mode 100644 terraform/features-api/functions/s3_event_bridge_to_sfn_execute/requirements.txt
 delete mode 100644 terraform/features-api/s3_event_bridge_lambda.tf
 rename terraform/features-api/{vpc.tf => security_group.tf} (52%)

diff --git a/terraform/features-api/.terraform.lock.hcl b/terraform/features-api/.terraform.lock.hcl
index a758db9..d2a1b1f 100644
--- a/terraform/features-api/.terraform.lock.hcl
+++ b/terraform/features-api/.terraform.lock.hcl
@@ -4,6 +4,7 @@
 provider "registry.terraform.io/hashicorp/archive" {
   version = "2.3.0"
   hashes = [
+    "h1:OmE1tPjiST8iQp6fC0N3Xzur+q2RvgvD7Lz0TpKSRBw=",
     "h1:pTPG9Kf1Qg2aPsZLXDa6OvLqsEXaMrKnp0Z4Q/TIBPA=",
     "zh:0869128d13abe12b297b0cd13b8767f10d6bf047f5afc4215615aabc39c2eb4f",
     "zh:481ed837d63ba3aa45dd8736da83e911e3509dee0e7961bf5c00ed2644f807b3",
@@ -24,6 +25,7 @@ provider "registry.terraform.io/hashicorp/aws" {
   version     = "4.58.0"
   constraints = "~> 4.0"
   hashes = [
+    "h1:xXjZy36R+YOFyLjuF+rgi0NDLwnkFwrJ2t9NfsjRM/E=",
     "h1:znLROwEAINbYzAG5X7Ep04whM7KxkQGrvhFdhSvNKEk=",
     "zh:14b2b2dfbc7ee705c412d762b1485ee08958c816a64ac74f5769e946e4a1d265",
     "zh:17a37e6825e2023b18987d31c0cbb9336654ea146b68e6c90710ea4636af71ae",
@@ -47,6 +49,7 @@ provider "registry.terraform.io/hashicorp/random" {
   version = "3.4.3"
   hashes = [
     "h1:tL3katm68lX+4lAncjQA9AXL4GR/VM+RPwqYf4D2X8Q=",
+    "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
     "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
     "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
     "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
@@ -66,6 +69,7 @@ provider "registry.terraform.io/hashicorp/template" {
   version = "2.2.0"
   hashes = [
     "h1:0wlehNaxBX7GJQnPfQwTNvvAf38Jm0Nv7ssKGMaG6Og=",
+    "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
     "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
     "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
     "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
diff --git a/terraform/features-api/ecs_api.tf b/terraform/features-api/ecs_api.tf
index a791f6e..9ca92fa 100644
--- a/terraform/features-api/ecs_api.tf
+++ b/terraform/features-api/ecs_api.tf
@@ -1,9 +1,20 @@
+data "aws_subnets" "private" {
+  filter {
+    name   = "vpc-id"
+    values = [var.vpc_id]
+  }
+
+  tags = {
+    "aws-cdk:subnet-name" = "private"
+  }
+}
+
 module "ecs_cluster" {
   source = "../modules/aws_ecs_service"
   environment = var.env
   region      = var.region
-  vpc_id      = module.networking.vpc_id
-  subnet_ids  = module.networking.private_subnets_id
+  vpc_id      = var.vpc_id
+  subnet_ids  = data.aws_subnets.private.ids
 
   service_name       = "${var.project_name}-service"
   service_port       = var.service_port
@@ -77,6 +88,7 @@ module "ecs_cluster" {
   use_adot_as_sidecar = true
   use_ecr = true
   ecr_repository_name = module.ecr_registry.registry_name
+  ecr_repository_arn = module.ecr_registry.registry_arn
   image = "${module.ecr_registry.repository_url}:latest"
 
   load_balancer = true
diff --git a/terraform/features-api/functions/s3_event_bridge_to_sfn_execute/lambda_function.py b/terraform/features-api/functions/s3_event_bridge_to_sfn_execute/lambda_function.py
deleted file mode 100644
index d524d83..0000000
--- a/terraform/features-api/functions/s3_event_bridge_to_sfn_execute/lambda_function.py
+++ /dev/null
@@ -1,57 +0,0 @@
-import boto3
-import http.client
-import os
-import base64
-import ast
-import json
-mwaa_env_name = 'veda-pipeline-staging-mwaa'
-dag_name = 'veda_discover'
-mwaa_cli_command = 'dags trigger'
-client = boto3.client('mwaa')
-
-
-def lambda_handler(event, context):
-    for record in event['Records']:
-        print(f"[ RECORD ]: {record}")
-        s3_event_key = record['s3']['object']['key']
-        print(f"[ S3 EVENT KEY ]: {s3_event_key}")
-        s3_filename_target = os.path.split(s3_event_key)[-1]
-        print(f"[ S3 FILENAME TARGET ]: {s3_filename_target}")
-        s3_filename_no_ext = os.path.splitext(s3_filename_target)[0]
-        print(f"[ S3 FILENAME NO EXT ]: {s3_filename_no_ext}")
-
-        bucket_key_prefix = "EIS/FEDSoutput/Snapshot/"
-        if s3_filename_no_ext.startswith("lf_"):
-            bucket_key_prefix = "EIS/FEDSoutput/LFArchive/"
-
-        # get web token
-        mwaa_cli_token = client.create_cli_token(
-            Name=mwaa_env_name
-        )
-        print(f"[ CLI TOKEN ]: {mwaa_cli_token}")
-        serialized_args = json.dumps({
-                    "discovery": "s3",
-                    "collection": s3_filename_no_ext,
-                    "prefix": bucket_key_prefix,
-                    "bucket": "veda-data-store-staging",
-                    "filename_regex": f"^(.*){s3_filename_target}$",
-                    "vector": True
-        })
-        conn = http.client.HTTPSConnection(mwaa_cli_token['WebServerHostname'])
-        payload = f"{mwaa_cli_command} {dag_name} --conf '{serialized_args}'"
-        print(f"[ CLI PAYLOAD ]: {payload}")
-        headers = {
-          'Authorization': 'Bearer ' + mwaa_cli_token['CliToken'],
-          'Content-Type': 'text/plain'
-        }
-        conn.request("POST", "/aws_mwaa/cli", payload, headers)
-        res = conn.getresponse()
-        data = res.read()
-        dict_str = data.decode("UTF-8")
-        mydata = ast.literal_eval(dict_str)
-        print(f"[ DATA ]: {mydata}")
-        print(f"[ STDOUT ]: {base64.b64decode(mydata['stdout'])}")
-    return {
-        'statusCode': 200,
-        'body': json.dumps('Hello from Lambda!')
-    }
\ No newline at end of file
diff --git a/terraform/features-api/functions/s3_event_bridge_to_sfn_execute/requirements.txt b/terraform/features-api/functions/s3_event_bridge_to_sfn_execute/requirements.txt
deleted file mode 100644
index 1db657b..0000000
--- a/terraform/features-api/functions/s3_event_bridge_to_sfn_execute/requirements.txt
+++ /dev/null
@@ -1 +0,0 @@
-boto3
\ No newline at end of file
diff --git a/terraform/features-api/init.tf b/terraform/features-api/init.tf
index ef5e99c..134601c 100644
--- a/terraform/features-api/init.tf
+++ b/terraform/features-api/init.tf
@@ -9,7 +9,7 @@ provider "aws" {
 }
 
 terraform {
-  required_version = "1.3.9"
+  required_version = "1.4.6"
   required_providers {
     aws = {
       source  = "hashicorp/aws"
diff --git a/terraform/features-api/load_balancer_west_2.tf b/terraform/features-api/load_balancer_west_2.tf
index b9ca611..f750602 100644
--- a/terraform/features-api/load_balancer_west_2.tf
+++ b/terraform/features-api/load_balancer_west_2.tf
@@ -1,9 +1,26 @@
+data "aws_subnets" "public" {
+  filter {
+    name   = "vpc-id"
+    values = [var.vpc_id]
+  }
+
+  tags = {
+    "aws-cdk:subnet-name" = "public"
+  }
+}
+
+data "aws_security_groups" "security_groups" {
+  filter {
+    name   = "vpc-id"
+    values = [var.vpc_id]
+  }
+}
 
 /* security group for ALB */
 resource "aws_security_group" "web_inbound_sg" {
   name        = "tf-${var.project_name}-${var.env}-web-inbound-sg"
   description = "Allow HTTP from Anywhere into ALB"
-  vpc_id      = module.networking.vpc_id
+  vpc_id      = var.vpc_id
 
   ingress {
     from_port   = 80
@@ -34,7 +51,7 @@ resource "aws_security_group" "web_inbound_sg" {
 resource "aws_security_group" "https_web_inbound_sg" {
   name        = "tf-${var.project_name}-${var.env}-https-web-inbound-sg"
   description = "Allow HTTPS from Anywhere into ALB"
-  vpc_id      = module.networking.vpc_id
+  vpc_id      = var.vpc_id
 
   ingress {
     from_port   = 443
@@ -64,8 +81,8 @@ resource "aws_security_group" "https_web_inbound_sg" {
 
 resource "aws_alb" "alb_ecs" {
   name            = "tf-${var.project_name}-${var.env}-alb"
-  subnets         = module.networking.public_subnets_id
-  security_groups = concat(module.networking.security_groups_ids, [aws_security_group.https_web_inbound_sg.id])
+  subnets         = data.aws_subnets.public.ids
+  security_groups = concat(data.aws_security_groups.security_groups.ids, [aws_security_group.https_web_inbound_sg.id])
 
   tags = merge({
     Name        = "tf-${var.project_name}-alb"
@@ -76,7 +93,7 @@ resource "aws_alb_target_group" "alb_target_group" {
   name                 = "tf-${var.project_name}-${var.env}-tgp"
   port                 = var.service_port
   protocol             = "HTTP"
-  vpc_id               = module.networking.vpc_id
+  vpc_id               = var.vpc_id
   target_type          = "ip"
   deregistration_delay = 60
 
diff --git a/terraform/features-api/outputs.tf b/terraform/features-api/outputs.tf
index b76568d..24013cc 100644
--- a/terraform/features-api/outputs.tf
+++ b/terraform/features-api/outputs.tf
@@ -17,7 +17,3 @@ output "protocol_on_aws_alb_listener" {
   description = "HTTP/HTTPS protocol on the ALB Listener"
   value       = aws_alb_listener.alb_listener_ecs.protocol
 }
-
-output "s3_event_bridge_lambda_arn" {
-  value = "${aws_lambda_function.lambda.arn}:${aws_lambda_function.lambda.version}"
-}
diff --git a/terraform/features-api/rds.tf b/terraform/features-api/rds.tf
index e75f047..7130e58 100644
--- a/terraform/features-api/rds.tf
+++ b/terraform/features-api/rds.tf
@@ -1,6 +1,6 @@
 resource "aws_db_subnet_group" "db" {
   name       = "tf-${var.project_name}-${var.env}-subnet-group"
-  subnet_ids = module.networking.private_subnets_id
+  subnet_ids = data.aws_subnets.private.ids
   tags = {
     Name = "tf-${var.project_name}-subnet-group"
   }
@@ -52,7 +52,7 @@ resource "aws_db_instance" "db" {
   storage_type             = "gp2"
   instance_class           = var.env == "staging" ? "db.r5.xlarge" : "db.r5.large"
   db_subnet_group_name     = aws_db_subnet_group.db.name
-  vpc_security_group_ids   = module.networking.security_groups_ids
+  vpc_security_group_ids   = data.aws_security_groups.security_groups.ids
   skip_final_snapshot      = true
   apply_immediately        = true
   backup_retention_period  = 7
diff --git a/terraform/features-api/s3_event_bridge_lambda.tf b/terraform/features-api/s3_event_bridge_lambda.tf
deleted file mode 100644
index 77ae894..0000000
--- a/terraform/features-api/s3_event_bridge_lambda.tf
+++ /dev/null
@@ -1,167 +0,0 @@
-#####################################################
-# Execution Role
-#####################################################
-resource "aws_iam_role" "lambda_exec_role" {
-  provider = aws.west2
-  name = "lambda-exec-role-s3-event-bridge-${var.project_name}-${var.env}"
-  tags = var.tags
-
-  assume_role_policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": "sts:AssumeRole",
-      "Principal": {
-        "Service": "lambda.amazonaws.com"
-      },
-      "Effect": "Allow",
-      "Sid": ""
-    }
-  ]
-}
-EOF
-}
-
-###############################
-# Logging
-###############################
-resource "aws_iam_policy" "lambda_logging" {
-  provider = aws.west2
-  name        = "lambda-logging-${var.project_name}-${var.env}"
-  path        = "/"
-  description = "IAM policy for logging from a lambda"
-
-  policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": [
-        "logs:CreateLogGroup",
-        "logs:CreateLogStream",
-        "logs:PutLogEvents"
-      ],
-      "Resource": "${aws_cloudwatch_log_group.group.arn}",
-      "Effect": "Allow"
-    }
-  ]
-}
-EOF
-}
-
-resource "aws_iam_role_policy_attachment" "lambda_logs" {
-  provider = aws.west2
-  role       = aws_iam_role.lambda_exec_role.name
-  policy_arn = aws_iam_policy.lambda_logging.arn
-}
-
-###############################
-# SFN StartExecution Policy
-###############################
-resource "aws_iam_policy" "lambda_sfn_start_exec" {
-  provider = aws.west2
-  name        = "lambda-startexec-on-sfn-${var.project_name}-${var.env}"
-  path        = "/"
-  description = "IAM policy for allowing lambda to start execution on SFN"
-
-  policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": [
-        "states:StartExecution"
-      ],
-      "Resource": "arn:aws:states:us-west-1:853558080719:stateMachine:veda-data-pipelines-dev-vector-stepfunction-discover",
-      "Effect": "Allow"
-    }
-  ]
-}
-EOF
-}
-
-resource "aws_iam_role_policy_attachment" "lambda_sfn_start_exec" {
-  provider = aws.west2
-  role       = aws_iam_role.lambda_exec_role.name
-  policy_arn = aws_iam_policy.lambda_sfn_start_exec.arn
-}
-
-###############################
-# MWAA Trigger Permissions
-###############################
-resource "aws_iam_policy" "lambda_trigger_mwaa_job" {
-  provider = aws.west2
-  name        = "lambda-trigger-mwaa-${var.project_name}-${var.env}"
-  path        = "/"
-  description = "IAM policy for allowing lambda to trigger MWAA"
-
-  policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-      {
-          "Effect": "Allow",
-          "Action": "airflow:ListEnvironments",
-          "Resource": "*"
-      },
-      {
-          "Effect": "Allow",
-          "Action": "airflow:*",
-          "Resource": [
-              "arn:aws:airflow:us-west-2:853558080719:environment/veda-pipeline-staging-mwaa",
-              "arn:aws:airflow:us-west-2:853558080719:environment/veda-pipeline-dev-mwaa",
-              "arn:aws:airflow:us-west-2:853558080719:environment/veda-pipeline-sit-mwaa"
-          ]
-      }
-  ]
-}
-EOF
-}
-
-resource "aws_iam_role_policy_attachment" "lambda_trigger_mwaa_job" {
-  provider = aws.west2
-  role       = aws_iam_role.lambda_exec_role.name
-  policy_arn = aws_iam_policy.lambda_trigger_mwaa_job.arn
-}
-
-#####################################################
-# Lambda
-#####################################################
-data "archive_file" "archive" {
-  type        = "zip"
-  source_dir  = "functions/s3_event_bridge_to_sfn_execute"
-  output_path = "s3_event_bridge_to_sfn_execute.zip"
-}
-
-resource "aws_lambda_function" "lambda" {
-  provider = aws.west2
-  filename         = "s3_event_bridge_to_sfn_execute.zip"
-  function_name    = "s3-event-bridge-to-sfn-execute-${var.project_name}-${var.env}"
-  role             = aws_iam_role.lambda_exec_role.arn
-  handler          = "lambda_function.lambda_handler"
-  source_code_hash = data.archive_file.archive.output_base64sha256
-  runtime          = "python3.7"
-  publish          = true
-  tags             = var.tags
-}
-
-resource "aws_cloudwatch_log_group" "group" {
-  provider = aws.west2
-  name              = "/aws/lambda/${aws_lambda_function.lambda.function_name}"
-  retention_in_days = 5
-  tags              = var.tags
-}
-
-#####################################################
-# RESOURCE POLICY for EVENT INVOCATION
-#####################################################
-resource "aws_lambda_permission" "s3_invoke" {
-  provider = aws.west2
-  action           = "lambda:InvokeFunction"
-  function_name    = aws_lambda_function.lambda.function_name
-  principal        = "s3.amazonaws.com"
-  statement_id     = "AllowInvocationFromS3Bucket-${var.project_name}-${var.env}"
-  source_account   = "114506680961"
-  source_arn       = "arn:aws:s3:::veda-data-store-staging"
-}
diff --git a/terraform/features-api/vpc.tf b/terraform/features-api/security_group.tf
similarity index 52%
rename from terraform/features-api/vpc.tf
rename to terraform/features-api/security_group.tf
index 053d865..d59bb17 100644
--- a/terraform/features-api/vpc.tf
+++ b/terraform/features-api/security_group.tf
@@ -1,13 +1,13 @@
-module "networking" {
-  source               = "github.com/developmentseed/tf-seed/modules/networking"
-  project_name         = var.project_name
-  env                  = "${var.env}"
-  vpc_cidr             = "10.0.0.0/16"
-  public_subnets_cidr  = ["10.0.1.0/24", "10.0.2.0/24"]
-  private_subnets_cidr = ["10.0.10.0/24", "10.0.20.0/24"]
-  region               = "${var.region}"
-  availability_zones   = "${var.availability_zones}"
-  tags                 = "${var.tags}"
+resource "aws_security_group" "default_sg" {
+  name   = "$${var.project_name}-${var.env}-default-sg"
+  vpc_id = var.vpc_id
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
 }
 
 resource "aws_security_group_rule" "ecs_service_port_addon" {
@@ -16,8 +16,8 @@ resource "aws_security_group_rule" "ecs_service_port_addon" {
   from_port   = var.service_port
   to_port     = var.service_port
   protocol    = "tcp"
-  security_group_id        = module.networking.default_sg_id
-  source_security_group_id = module.networking.default_sg_id
+  security_group_id        = aws_security_group.default_sg.id
+  source_security_group_id = aws_security_group.default_sg.id
 
   lifecycle {
     # Necessary if changing 'name' or 'name_prefix' properties.
@@ -31,7 +31,7 @@ resource "aws_security_group_rule" "rds_ingress_addon" {
   from_port   = 5432
   to_port     = 5432
   protocol    = "tcp"
-  security_group_id        = module.networking.default_sg_id
+  security_group_id        = aws_security_group.default_sg.id
   source_security_group_id = module.ecs_cluster.service_security_group_id
 
   lifecycle {
diff --git a/terraform/features-api/vars/dev.tf b/terraform/features-api/vars/dev.tf
index 8865d4c..ecbab92 100644
--- a/terraform/features-api/vars/dev.tf
+++ b/terraform/features-api/vars/dev.tf
@@ -1,14 +1,14 @@
 region             = "us-west-2"
 registry_name      = "veda-wfs3-registry"
-env                = "west2-staging"
-project_name       = "veda-wfs3"
+env                = "dev"
+project_name       = "veda-features-api"
 availability_zones = ["us-west-2a", "us-west-2b"]
 service_port       = 8080
 dns_zone_name      = "delta-backend.com"
 dns_subdomain      = "firenrt"
 alb_protocol       = "HTTPS"
-tags               = {"project": "veda", "service": "wfs3"}
+tags               = {"project": "veda", "service": "veda-features-api-dev"}
 default_secret     = {
     "noop": "boop",
 }
-vpc_id = "none"
+vpc_id = "vpc-0512162c42da5e645"
diff --git a/terraform/features-api/vars/staging.tf b/terraform/features-api/vars/staging.tf
index 8b6ab5c..0d947da 100644
--- a/terraform/features-api/vars/staging.tf
+++ b/terraform/features-api/vars/staging.tf
@@ -1,13 +1,13 @@
-region             = "us-west-2"
-registry_name      = "veda-wfs3-registry"
-env                = "west2-staging"
-project_name       = "veda-wfs3"
-availability_zones = ["us-west-2a", "us-west-2b"]
-service_port       = 8080
-dns_zone_name      = "delta-backend.com"
-dns_subdomain      = "firenrt"
-alb_protocol       = "HTTPS"
-tags               = {"project": "veda", "service": "wfs3"}
-default_secret     = {
-    "noop": "boop",
-}
+# region             = "us-west-2"
+# registry_name      = "veda-wfs3-registry"
+# env                = "west2-staging"
+# project_name       = "veda-wfs3"
+# availability_zones = ["us-west-2a", "us-west-2b"]
+# service_port       = 8080
+# dns_zone_name      = "delta-backend.com"
+# dns_subdomain      = "firenrt"
+# alb_protocol       = "HTTPS"
+# tags               = {"project": "veda", "service": "wfs3"}
+# default_secret     = {
+#     "noop": "boop",
+# }
diff --git a/terraform/modules/aws_ecs_service/main.tf b/terraform/modules/aws_ecs_service/main.tf
index 1a2666c..922d53e 100755
--- a/terraform/modules/aws_ecs_service/main.tf
+++ b/terraform/modules/aws_ecs_service/main.tf
@@ -1,10 +1,10 @@
 ########################################################################
 # Data Bits
 ########################################################################
-data "aws_ecr_repository" "service" {
-  count = var.use_ecr ? 1 : 0
-  name  = var.ecr_repository_name
-}
+# data "aws_ecr_repository" "service" {
+#   count = var.use_ecr ? 1 : 0
+#   name  = var.ecr_repository_name
+# }
 
 
 ########################################################################
@@ -64,7 +64,7 @@ data "aws_iam_policy_document" "ecs_ecr_access_attachment" {
     ]
 
     resources = [
-      data.aws_ecr_repository.service[0].arn,
+      var.ecr_repository_arn,
     ]
   }
 
diff --git a/terraform/modules/aws_ecs_service/variables.tf b/terraform/modules/aws_ecs_service/variables.tf
index bba749f..3a8a510 100755
--- a/terraform/modules/aws_ecs_service/variables.tf
+++ b/terraform/modules/aws_ecs_service/variables.tf
@@ -114,6 +114,8 @@ variable "use_adot_as_sidecar" {
 }
 
 variable "ecr_repository_name" {}
+variable "ecr_repository_arn" {}
+
 variable "image" {}
 
 variable "load_balancer" {

From 82c7fb860156498f0c7cfdd4a0e64ad529003389 Mon Sep 17 00:00:00 2001
From: smohiuddin3 <smohiuddin3@gatech.edu>
Date: Wed, 24 May 2023 09:57:15 -0600
Subject: [PATCH 3/8] format

---
 terraform/features-api/dns.tf                 | 10 ++--
 terraform/features-api/ecr.tf                 |  4 +-
 terraform/features-api/ecs_api.tf             | 38 +++++++-------
 terraform/features-api/init.tf                |  6 +--
 .../features-api/load_balancer_west_2.tf      |  2 +-
 terraform/features-api/rds.tf                 | 50 +++++++++----------
 terraform/features-api/secret_manager.tf      | 12 ++---
 terraform/features-api/security_group.tf      | 20 ++++----
 terraform/features-api/variables.tf           | 12 ++---
 9 files changed, 77 insertions(+), 77 deletions(-)

diff --git a/terraform/features-api/dns.tf b/terraform/features-api/dns.tf
index 9ad8883..65ab077 100644
--- a/terraform/features-api/dns.tf
+++ b/terraform/features-api/dns.tf
@@ -4,10 +4,10 @@ data "aws_route53_zone" "zone" {
 }
 
 resource "aws_acm_certificate" "cert" {
-  provider = aws.west2
-  domain_name               = "*.${data.aws_route53_zone.zone.name}"
-  validation_method         = "DNS"
-  tags                      = var.tags
+  provider          = aws.west2
+  domain_name       = "*.${data.aws_route53_zone.zone.name}"
+  validation_method = "DNS"
+  tags              = var.tags
 
   lifecycle {
     create_before_destroy = true
@@ -28,7 +28,7 @@ resource "aws_route53_record" "subdomain_record" {
 }
 
 resource "aws_lb_listener_certificate" "cert" {
-  provider = aws.west2
+  provider        = aws.west2
   listener_arn    = aws_alb_listener.alb_listener_ecs.arn
   certificate_arn = aws_acm_certificate.cert.arn
 }
\ No newline at end of file
diff --git a/terraform/features-api/ecr.tf b/terraform/features-api/ecr.tf
index 5d8d7ab..31ddd29 100644
--- a/terraform/features-api/ecr.tf
+++ b/terraform/features-api/ecr.tf
@@ -1,10 +1,10 @@
 module "ecr_registry" {
-  source = "github.com/developmentseed/tf-seed/modules/aws_ecr"
+  source                   = "github.com/developmentseed/tf-seed/modules/aws_ecr"
   environment              = var.env
   registry_name            = var.registry_name
   enable_registry_scanning = true
   mutable_image_tags       = true
   enable_deploy_user       = true
   iam_deploy_username      = aws_iam_user.deploy_user.name
-  tags = var.tags
+  tags                     = var.tags
 }
\ No newline at end of file
diff --git a/terraform/features-api/ecs_api.tf b/terraform/features-api/ecs_api.tf
index 9ca92fa..e0ced1e 100644
--- a/terraform/features-api/ecs_api.tf
+++ b/terraform/features-api/ecs_api.tf
@@ -10,7 +10,7 @@ data "aws_subnets" "private" {
 }
 
 module "ecs_cluster" {
-  source = "../modules/aws_ecs_service"
+  source      = "../modules/aws_ecs_service"
   environment = var.env
   region      = var.region
   vpc_id      = var.vpc_id
@@ -29,11 +29,11 @@ module "ecs_cluster" {
 
   container_secrets = [
     {
-      name = "AWS_CONFIG"
+      name      = "AWS_CONFIG"
       valueFrom = aws_secretsmanager_secret.config.arn
     },
     {
-      name = "DB_CONFIG"
+      name      = "DB_CONFIG"
       valueFrom = aws_secretsmanager_secret.db_config.arn
     },
   ]
@@ -48,54 +48,54 @@ module "ecs_cluster" {
       value = "True"
     },
     {
-      name = "OTEL_PROPAGATORS"
+      name  = "OTEL_PROPAGATORS"
       value = "xray"
     },
     {
-      name = "OTEL_PYTHON_ID_GENERATOR"
+      name  = "OTEL_PYTHON_ID_GENERATOR"
       value = "xray"
     },
     {
-      name = "OTEL_RESOURCE_ATTRIBUTES"
+      name  = "OTEL_RESOURCE_ATTRIBUTES"
       value = "service.name=veda-wfs3-${var.env}"
     },
     {
-      name = "OTEL_RESOURCE_ATTRIBUTES"
+      name  = "OTEL_RESOURCE_ATTRIBUTES"
       value = "service.name=veda-wfs3-${var.env}"
     },
     {
-      name = "OTEL_TRACES_SAMPLER"
+      name  = "OTEL_TRACES_SAMPLER"
       value = "traceidratio"
     },
     {
-      name = "OTEL_TRACES_SAMPLER_ARG"
+      name  = "OTEL_TRACES_SAMPLER_ARG"
       value = "0.5"
     },
     {
-      name = "FORWARDED_ALLOW_IPS"
+      name  = "FORWARDED_ALLOW_IPS"
       value = "*"
     },
     {
       // stupid hack b/c of FastAPI and Starlette bug
-      name = "FAST_API_SCHEME"
+      name  = "FAST_API_SCHEME"
       value = var.env == "west2-staging" ? "https" : "http"
     }
   ]
 
-  container_ingress_cidrs = ["0.0.0.0/0"]
+  container_ingress_cidrs  = ["0.0.0.0/0"]
   container_ingress_sg_ids = []
 
   use_adot_as_sidecar = true
-  use_ecr = true
+  use_ecr             = true
   ecr_repository_name = module.ecr_registry.registry_name
-  ecr_repository_arn = module.ecr_registry.registry_arn
-  image = "${module.ecr_registry.repository_url}:latest"
+  ecr_repository_arn  = module.ecr_registry.registry_arn
+  image               = "${module.ecr_registry.repository_url}:latest"
 
-  load_balancer = true
-  lb_type = "application"
-  lb_target_group_arn = aws_alb_target_group.alb_target_group.arn
+  load_balancer        = true
+  lb_type              = "application"
+  lb_target_group_arn  = aws_alb_target_group.alb_target_group.arn
   lb_security_group_id = aws_security_group.web_inbound_sg.id
-  lb_container_port = var.service_port
+  lb_container_port    = var.service_port
 
   tags = var.tags
 }
diff --git a/terraform/features-api/init.tf b/terraform/features-api/init.tf
index 134601c..9049dff 100644
--- a/terraform/features-api/init.tf
+++ b/terraform/features-api/init.tf
@@ -17,8 +17,8 @@ terraform {
     }
   }
   backend "s3" {
-    bucket         = "veda-wfs3-tf-state-bucket"
-    key            = "root"
-    region         = "us-west-1"
+    bucket = "veda-wfs3-tf-state-bucket"
+    key    = "root"
+    region = "us-west-1"
   }
 }
diff --git a/terraform/features-api/load_balancer_west_2.tf b/terraform/features-api/load_balancer_west_2.tf
index f750602..c53dcf7 100644
--- a/terraform/features-api/load_balancer_west_2.tf
+++ b/terraform/features-api/load_balancer_west_2.tf
@@ -85,7 +85,7 @@ resource "aws_alb" "alb_ecs" {
   security_groups = concat(data.aws_security_groups.security_groups.ids, [aws_security_group.https_web_inbound_sg.id])
 
   tags = merge({
-    Name        = "tf-${var.project_name}-alb"
+    Name = "tf-${var.project_name}-alb"
   }, var.tags)
 }
 
diff --git a/terraform/features-api/rds.tf b/terraform/features-api/rds.tf
index 7130e58..9602e6b 100644
--- a/terraform/features-api/rds.tf
+++ b/terraform/features-api/rds.tf
@@ -11,24 +11,24 @@ resource "aws_db_parameter_group" "default" {
   family = "postgres14"
 
   parameter {
-    name  = "work_mem"
+    name = "work_mem"
     # NOTE: I had `work_mem` set to ~100MB and `max_connections` around 75 and TileJSON completely failed
     # 16MB
     value = var.env == "staging" ? "16384" : "8192"
   }
 
   parameter {
-    name  = "max_connections"
-    value = "475"
+    name         = "max_connections"
+    value        = "475"
     apply_method = "pending-reboot"
   }
 
-#  NOTE: here to show what shared_buffers are but doesn't really make sense why it won't provision with these
-#  parameter {
-#    name  = "shared_buffers"
-#    value = var.env == "staging" ? "8064856" : "4032428"
-#    apply_method = "pending-reboot"
-#  }
+  #  NOTE: here to show what shared_buffers are but doesn't really make sense why it won't provision with these
+  #  parameter {
+  #    name  = "shared_buffers"
+  #    value = var.env == "staging" ? "8064856" : "4032428"
+  #    apply_method = "pending-reboot"
+  #  }
 
   parameter {
     name  = "seq_page_cost"
@@ -42,24 +42,24 @@ resource "aws_db_parameter_group" "default" {
 }
 
 resource "aws_db_instance" "db" {
-  db_name                  = "veda"
-  identifier               = "${var.project_name}-${var.env}"
-  engine                   = "postgres"
-  engine_version           = "14.3"
+  db_name        = "veda"
+  identifier     = "${var.project_name}-${var.env}"
+  engine         = "postgres"
+  engine_version = "14.3"
   // https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html
-  allocated_storage        = 100
-  max_allocated_storage    = 500
-  storage_type             = "gp2"
-  instance_class           = var.env == "staging" ? "db.r5.xlarge" : "db.r5.large"
-  db_subnet_group_name     = aws_db_subnet_group.db.name
-  vpc_security_group_ids   = data.aws_security_groups.security_groups.ids
-  skip_final_snapshot      = true
-  apply_immediately        = true
-  backup_retention_period  = 7
-  username                 = "postgres"
-  password                 = var.db_password
+  allocated_storage           = 100
+  max_allocated_storage       = 500
+  storage_type                = "gp2"
+  instance_class              = var.env == "staging" ? "db.r5.xlarge" : "db.r5.large"
+  db_subnet_group_name        = aws_db_subnet_group.db.name
+  vpc_security_group_ids      = data.aws_security_groups.security_groups.ids
+  skip_final_snapshot         = true
+  apply_immediately           = true
+  backup_retention_period     = 7
+  username                    = "postgres"
+  password                    = var.db_password
   allow_major_version_upgrade = true
-  parameter_group_name     = aws_db_parameter_group.default.name
+  parameter_group_name        = aws_db_parameter_group.default.name
 }
 
 
diff --git a/terraform/features-api/secret_manager.tf b/terraform/features-api/secret_manager.tf
index 49ef400..4331a36 100644
--- a/terraform/features-api/secret_manager.tf
+++ b/terraform/features-api/secret_manager.tf
@@ -14,15 +14,15 @@ resource "random_id" "sm_suffix" {
 }
 
 resource "aws_secretsmanager_secret" "config" {
-  name                    = "aws-config-${random_id.sm_suffix.hex}"
-  kms_key_id              = data.aws_kms_key.secretsmanager.id
-  tags                    = var.tags
+  name       = "aws-config-${random_id.sm_suffix.hex}"
+  kms_key_id = data.aws_kms_key.secretsmanager.id
+  tags       = var.tags
 }
 
 resource "aws_secretsmanager_secret" "db_config" {
-  name                    = "veda-wfs3-${var.env}-db-config-v3"
-  kms_key_id              = data.aws_kms_key.secretsmanager.id
-  tags                    = var.tags
+  name       = "veda-wfs3-${var.env}-db-config-v3"
+  kms_key_id = data.aws_kms_key.secretsmanager.id
+  tags       = var.tags
 }
 
 ########################################################################
diff --git a/terraform/features-api/security_group.tf b/terraform/features-api/security_group.tf
index d59bb17..ae552fa 100644
--- a/terraform/features-api/security_group.tf
+++ b/terraform/features-api/security_group.tf
@@ -11,11 +11,11 @@ resource "aws_security_group" "default_sg" {
 }
 
 resource "aws_security_group_rule" "ecs_service_port_addon" {
-  description = "opened for ECS service port"
-  type        = "ingress"
-  from_port   = var.service_port
-  to_port     = var.service_port
-  protocol    = "tcp"
+  description              = "opened for ECS service port"
+  type                     = "ingress"
+  from_port                = var.service_port
+  to_port                  = var.service_port
+  protocol                 = "tcp"
   security_group_id        = aws_security_group.default_sg.id
   source_security_group_id = aws_security_group.default_sg.id
 
@@ -26,11 +26,11 @@ resource "aws_security_group_rule" "ecs_service_port_addon" {
 }
 
 resource "aws_security_group_rule" "rds_ingress_addon" {
-  description = "Allow ESC to talk to RDS"
-  type        = "ingress"
-  from_port   = 5432
-  to_port     = 5432
-  protocol    = "tcp"
+  description              = "Allow ESC to talk to RDS"
+  type                     = "ingress"
+  from_port                = 5432
+  to_port                  = 5432
+  protocol                 = "tcp"
   security_group_id        = aws_security_group.default_sg.id
   source_security_group_id = module.ecs_cluster.service_security_group_id
 
diff --git a/terraform/features-api/variables.tf b/terraform/features-api/variables.tf
index 881e5b4..4f0c5be 100755
--- a/terraform/features-api/variables.tf
+++ b/terraform/features-api/variables.tf
@@ -11,24 +11,24 @@ variable "project_name" {
 }
 
 variable "tags" {
-  type        = map
+  type        = map(any)
   default     = {}
   description = "Optional tags to add to resources"
 }
 
 variable "availability_zones" {
-  type        = list
+  type        = list(any)
   description = "The az that the resources will be launched"
 }
 
-variable service_port {}
+variable "service_port" {}
 
 # Key/Value default to prevent task definitions from stopping at runtime
-variable default_secret {
+variable "default_secret" {
   default = {
-    noop: "noop"
+    noop : "noop"
   }
-  type = map
+  type = map(any)
 }
 
 variable "db_password" {

From 480979f5ae2a4d1ff6beaf9b41da54cbd4ddf02f Mon Sep 17 00:00:00 2001
From: smohiuddin3 <smohiuddin3@gatech.edu>
Date: Thu, 25 May 2023 08:02:40 -0600
Subject: [PATCH 4/8] rename tf directory

---
 terraform/features-api/vars/staging.tf        | 13 ------------
 .../.gitignore                                |  0
 .../.terraform.lock.hcl                       | 20 -------------------
 .../dns.tf                                    |  0
 .../ecr.tf                                    |  0
 .../ecs_api.tf                                |  0
 .../github_deploy_user.tf                     |  0
 .../init.tf                                   |  6 +++---
 .../load_balancer_west_2.tf                   |  2 +-
 .../outputs.tf                                |  0
 .../rds.tf                                    |  1 -
 .../secret_manager.tf                         |  0
 .../security_group.tf                         |  0
 .../variables.tf                              |  0
 .../vars/dev.tf                               |  4 ++--
 .../vars/staging.tf                           | 13 ++++++++++++
 16 files changed, 19 insertions(+), 40 deletions(-)
 delete mode 100644 terraform/features-api/vars/staging.tf
 rename terraform/{features-api => ghg-features-api-shared-vpc}/.gitignore (100%)
 rename terraform/{features-api => ghg-features-api-shared-vpc}/.terraform.lock.hcl (76%)
 rename terraform/{features-api => ghg-features-api-shared-vpc}/dns.tf (100%)
 rename terraform/{features-api => ghg-features-api-shared-vpc}/ecr.tf (100%)
 rename terraform/{features-api => ghg-features-api-shared-vpc}/ecs_api.tf (100%)
 rename terraform/{features-api => ghg-features-api-shared-vpc}/github_deploy_user.tf (100%)
 rename terraform/{features-api => ghg-features-api-shared-vpc}/init.tf (74%)
 rename terraform/{features-api => ghg-features-api-shared-vpc}/load_balancer_west_2.tf (96%)
 rename terraform/{features-api => ghg-features-api-shared-vpc}/outputs.tf (100%)
 rename terraform/{features-api => ghg-features-api-shared-vpc}/rds.tf (96%)
 rename terraform/{features-api => ghg-features-api-shared-vpc}/secret_manager.tf (100%)
 rename terraform/{features-api => ghg-features-api-shared-vpc}/security_group.tf (100%)
 rename terraform/{features-api => ghg-features-api-shared-vpc}/variables.tf (100%)
 rename terraform/{features-api => ghg-features-api-shared-vpc}/vars/dev.tf (84%)
 create mode 100644 terraform/ghg-features-api-shared-vpc/vars/staging.tf

diff --git a/terraform/features-api/vars/staging.tf b/terraform/features-api/vars/staging.tf
deleted file mode 100644
index 0d947da..0000000
--- a/terraform/features-api/vars/staging.tf
+++ /dev/null
@@ -1,13 +0,0 @@
-# region             = "us-west-2"
-# registry_name      = "veda-wfs3-registry"
-# env                = "west2-staging"
-# project_name       = "veda-wfs3"
-# availability_zones = ["us-west-2a", "us-west-2b"]
-# service_port       = 8080
-# dns_zone_name      = "delta-backend.com"
-# dns_subdomain      = "firenrt"
-# alb_protocol       = "HTTPS"
-# tags               = {"project": "veda", "service": "wfs3"}
-# default_secret     = {
-#     "noop": "boop",
-# }
diff --git a/terraform/features-api/.gitignore b/terraform/ghg-features-api-shared-vpc/.gitignore
similarity index 100%
rename from terraform/features-api/.gitignore
rename to terraform/ghg-features-api-shared-vpc/.gitignore
diff --git a/terraform/features-api/.terraform.lock.hcl b/terraform/ghg-features-api-shared-vpc/.terraform.lock.hcl
similarity index 76%
rename from terraform/features-api/.terraform.lock.hcl
rename to terraform/ghg-features-api-shared-vpc/.terraform.lock.hcl
index d2a1b1f..cb9ca9c 100644
--- a/terraform/features-api/.terraform.lock.hcl
+++ b/terraform/ghg-features-api-shared-vpc/.terraform.lock.hcl
@@ -1,26 +1,6 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 
-provider "registry.terraform.io/hashicorp/archive" {
-  version = "2.3.0"
-  hashes = [
-    "h1:OmE1tPjiST8iQp6fC0N3Xzur+q2RvgvD7Lz0TpKSRBw=",
-    "h1:pTPG9Kf1Qg2aPsZLXDa6OvLqsEXaMrKnp0Z4Q/TIBPA=",
-    "zh:0869128d13abe12b297b0cd13b8767f10d6bf047f5afc4215615aabc39c2eb4f",
-    "zh:481ed837d63ba3aa45dd8736da83e911e3509dee0e7961bf5c00ed2644f807b3",
-    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:9f08fe2977e2166849be24fb9f394e4d2697414d463f7996fd0d7beb4e19a29c",
-    "zh:9fe566deeafd460d27999ca0bbfd85426a5fcfcb40007b23884deb76da127b6f",
-    "zh:a1bd9a60925d9769e0da322e4523330ee86af9dc2e770cba1d0247a999ef29cb",
-    "zh:bb4094c8149f74308b22a87e1ac19bcccca76e8ef021b571074d9bccf1c0c6f0",
-    "zh:c8984c9def239041ce41ec8e19bbd76a49e74ed2024ff736dad60429dee89bcc",
-    "zh:ea4bb5ae73db1de3a586e62f39106f5e56770804a55aa5e6b4f642df973e0e75",
-    "zh:f44a9d596ecc3a8c5653f56ba0cd202ad93b49f76767f4608daf7260b813289e",
-    "zh:f5c5e6cc9f7f070020ab7d95fcc9ed8e20d5cf219978295a71236e22cbb6d508",
-    "zh:fd2273f51dcc8f43403bf1e425ba9db08a57c3ddcba5ad7a51742ccde21ca611",
-  ]
-}
-
 provider "registry.terraform.io/hashicorp/aws" {
   version     = "4.58.0"
   constraints = "~> 4.0"
diff --git a/terraform/features-api/dns.tf b/terraform/ghg-features-api-shared-vpc/dns.tf
similarity index 100%
rename from terraform/features-api/dns.tf
rename to terraform/ghg-features-api-shared-vpc/dns.tf
diff --git a/terraform/features-api/ecr.tf b/terraform/ghg-features-api-shared-vpc/ecr.tf
similarity index 100%
rename from terraform/features-api/ecr.tf
rename to terraform/ghg-features-api-shared-vpc/ecr.tf
diff --git a/terraform/features-api/ecs_api.tf b/terraform/ghg-features-api-shared-vpc/ecs_api.tf
similarity index 100%
rename from terraform/features-api/ecs_api.tf
rename to terraform/ghg-features-api-shared-vpc/ecs_api.tf
diff --git a/terraform/features-api/github_deploy_user.tf b/terraform/ghg-features-api-shared-vpc/github_deploy_user.tf
similarity index 100%
rename from terraform/features-api/github_deploy_user.tf
rename to terraform/ghg-features-api-shared-vpc/github_deploy_user.tf
diff --git a/terraform/features-api/init.tf b/terraform/ghg-features-api-shared-vpc/init.tf
similarity index 74%
rename from terraform/features-api/init.tf
rename to terraform/ghg-features-api-shared-vpc/init.tf
index 9049dff..276e1c3 100644
--- a/terraform/features-api/init.tf
+++ b/terraform/ghg-features-api-shared-vpc/init.tf
@@ -9,7 +9,7 @@ provider "aws" {
 }
 
 terraform {
-  required_version = "1.4.6"
+  required_version = "1.3.9"
   required_providers {
     aws = {
       source  = "hashicorp/aws"
@@ -17,8 +17,8 @@ terraform {
     }
   }
   backend "s3" {
-    bucket = "veda-wfs3-tf-state-bucket"
+    bucket = "ghg-wfs3-tf-state-bucket"
     key    = "root"
-    region = "us-west-1"
+    region = "us-west-2"
   }
 }
diff --git a/terraform/features-api/load_balancer_west_2.tf b/terraform/ghg-features-api-shared-vpc/load_balancer_west_2.tf
similarity index 96%
rename from terraform/features-api/load_balancer_west_2.tf
rename to terraform/ghg-features-api-shared-vpc/load_balancer_west_2.tf
index c53dcf7..60b6033 100644
--- a/terraform/features-api/load_balancer_west_2.tf
+++ b/terraform/ghg-features-api-shared-vpc/load_balancer_west_2.tf
@@ -82,7 +82,7 @@ resource "aws_security_group" "https_web_inbound_sg" {
 resource "aws_alb" "alb_ecs" {
   name            = "tf-${var.project_name}-${var.env}-alb"
   subnets         = data.aws_subnets.public.ids
-  security_groups = concat(data.aws_security_groups.security_groups.ids, [aws_security_group.https_web_inbound_sg.id])
+  security_groups = [aws_security_group.https_web_inbound_sg.id]
 
   tags = merge({
     Name = "tf-${var.project_name}-alb"
diff --git a/terraform/features-api/outputs.tf b/terraform/ghg-features-api-shared-vpc/outputs.tf
similarity index 100%
rename from terraform/features-api/outputs.tf
rename to terraform/ghg-features-api-shared-vpc/outputs.tf
diff --git a/terraform/features-api/rds.tf b/terraform/ghg-features-api-shared-vpc/rds.tf
similarity index 96%
rename from terraform/features-api/rds.tf
rename to terraform/ghg-features-api-shared-vpc/rds.tf
index 9602e6b..f692f67 100644
--- a/terraform/features-api/rds.tf
+++ b/terraform/ghg-features-api-shared-vpc/rds.tf
@@ -52,7 +52,6 @@ resource "aws_db_instance" "db" {
   storage_type                = "gp2"
   instance_class              = var.env == "staging" ? "db.r5.xlarge" : "db.r5.large"
   db_subnet_group_name        = aws_db_subnet_group.db.name
-  vpc_security_group_ids      = data.aws_security_groups.security_groups.ids
   skip_final_snapshot         = true
   apply_immediately           = true
   backup_retention_period     = 7
diff --git a/terraform/features-api/secret_manager.tf b/terraform/ghg-features-api-shared-vpc/secret_manager.tf
similarity index 100%
rename from terraform/features-api/secret_manager.tf
rename to terraform/ghg-features-api-shared-vpc/secret_manager.tf
diff --git a/terraform/features-api/security_group.tf b/terraform/ghg-features-api-shared-vpc/security_group.tf
similarity index 100%
rename from terraform/features-api/security_group.tf
rename to terraform/ghg-features-api-shared-vpc/security_group.tf
diff --git a/terraform/features-api/variables.tf b/terraform/ghg-features-api-shared-vpc/variables.tf
similarity index 100%
rename from terraform/features-api/variables.tf
rename to terraform/ghg-features-api-shared-vpc/variables.tf
diff --git a/terraform/features-api/vars/dev.tf b/terraform/ghg-features-api-shared-vpc/vars/dev.tf
similarity index 84%
rename from terraform/features-api/vars/dev.tf
rename to terraform/ghg-features-api-shared-vpc/vars/dev.tf
index ecbab92..70dc63e 100644
--- a/terraform/features-api/vars/dev.tf
+++ b/terraform/ghg-features-api-shared-vpc/vars/dev.tf
@@ -1,11 +1,11 @@
 region             = "us-west-2"
-registry_name      = "veda-wfs3-registry"
+registry_name      = "features-api-registry"
 env                = "dev"
 project_name       = "veda-features-api"
 availability_zones = ["us-west-2a", "us-west-2b"]
 service_port       = 8080
 dns_zone_name      = "delta-backend.com"
-dns_subdomain      = "firenrt"
+dns_subdomain      = "ghg-dev"
 alb_protocol       = "HTTPS"
 tags               = {"project": "veda", "service": "veda-features-api-dev"}
 default_secret     = {
diff --git a/terraform/ghg-features-api-shared-vpc/vars/staging.tf b/terraform/ghg-features-api-shared-vpc/vars/staging.tf
new file mode 100644
index 0000000..9cf829f
--- /dev/null
+++ b/terraform/ghg-features-api-shared-vpc/vars/staging.tf
@@ -0,0 +1,13 @@
+region             = "us-west-2"
+registry_name      = "veda-wfs3-registry"
+env                = "west2-staging"
+project_name       = "veda-wfs3"
+availability_zones = ["us-west-2a", "us-west-2b"]
+service_port       = 8080
+dns_zone_name      = ""
+dns_subdomain      = ""
+alb_protocol       = "HTTPS"
+tags               = {}
+default_secret     = {
+    "noop": "boop",
+}

From 3b43ead3ee46af9044dbef3d17334d445596d204 Mon Sep 17 00:00:00 2001
From: smohiuddin3 <smohiuddin3@gatech.edu>
Date: Thu, 25 May 2023 12:45:20 -0600
Subject: [PATCH 5/8] rds secrets

---
 terraform/ghg-features-api-shared-vpc/rds.tf  |  2 +-
 .../secret_manager.tf                         | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/terraform/ghg-features-api-shared-vpc/rds.tf b/terraform/ghg-features-api-shared-vpc/rds.tf
index f692f67..0f1dc10 100644
--- a/terraform/ghg-features-api-shared-vpc/rds.tf
+++ b/terraform/ghg-features-api-shared-vpc/rds.tf
@@ -56,7 +56,7 @@ resource "aws_db_instance" "db" {
   apply_immediately           = true
   backup_retention_period     = 7
   username                    = "postgres"
-  password                    = var.db_password
+  password                    = random_password.master_password.result
   allow_major_version_upgrade = true
   parameter_group_name        = aws_db_parameter_group.default.name
 }
diff --git a/terraform/ghg-features-api-shared-vpc/secret_manager.tf b/terraform/ghg-features-api-shared-vpc/secret_manager.tf
index 4331a36..afa9283 100644
--- a/terraform/ghg-features-api-shared-vpc/secret_manager.tf
+++ b/terraform/ghg-features-api-shared-vpc/secret_manager.tf
@@ -13,6 +13,11 @@ resource "random_id" "sm_suffix" {
   byte_length = 2
 }
 
+resource "random_password" "master_password" {
+  length  = 16
+  special = false
+}
+
 resource "aws_secretsmanager_secret" "config" {
   name       = "aws-config-${random_id.sm_suffix.hex}"
   kms_key_id = data.aws_kms_key.secretsmanager.id
@@ -25,6 +30,20 @@ resource "aws_secretsmanager_secret" "db_config" {
   tags       = var.tags
 }
 
+resource "aws_secretsmanager_secret_version" "db_credentials" {
+  secret_id     = aws_secretsmanager_secret.db_config.id
+  secret_string = <<EOF
+{
+  "username": "${aws_db_instance.db.username}",
+  "password": "${random_password.master_password.result}",
+  "engine": "${aws_db_instance.db.engine}",
+  "host": "${aws_db_instance.db.address}",
+  "port": "${aws_db_instance.db.port}",
+  "database": "${aws_db_instance.db.db_name}"
+}
+EOF
+}
+
 ########################################################################
 # Key/Value default to prevent task definitions from stopping at runtime
 ########################################################################

From c0ad20c720d607a835bfa0c8520c8cf07b34ac00 Mon Sep 17 00:00:00 2001
From: smohiuddin3 <smohiuddin3@gatech.edu>
Date: Thu, 25 May 2023 12:54:04 -0600
Subject: [PATCH 6/8] fast api scheme

---
 terraform/ghg-features-api-shared-vpc/ecs_api.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/ghg-features-api-shared-vpc/ecs_api.tf b/terraform/ghg-features-api-shared-vpc/ecs_api.tf
index e0ced1e..5d8da7b 100644
--- a/terraform/ghg-features-api-shared-vpc/ecs_api.tf
+++ b/terraform/ghg-features-api-shared-vpc/ecs_api.tf
@@ -78,7 +78,7 @@ module "ecs_cluster" {
     {
       // stupid hack b/c of FastAPI and Starlette bug
       name  = "FAST_API_SCHEME"
-      value = var.env == "west2-staging" ? "https" : "http"
+      value = var.env == "dev" ? "https" : "http" //quick hack for now, TODO: include 'contains' function
     }
   ]
 

From 2747241f8ec0405d5cf61882cf7d4b942fcb8bbf Mon Sep 17 00:00:00 2001
From: smohiuddin3 <smohiuddin3@gatech.edu>
Date: Fri, 26 May 2023 08:38:48 -0600
Subject: [PATCH 7/8] tf changes

---
 terraform/ghg-features-api-shared-vpc/ecr.tf  |  2 +-
 .../ghg-features-api-shared-vpc/ecs_api.tf    |  2 +-
 terraform/ghg-features-api-shared-vpc/rds.tf  |  1 +
 .../secret_manager.tf                         |  2 +-
 .../ghg-features-api-shared-vpc/variables.tf  | 10 +++++-----
 veda-wfs3-app/cd.sh                           | 20 +++++++++----------
 6 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/terraform/ghg-features-api-shared-vpc/ecr.tf b/terraform/ghg-features-api-shared-vpc/ecr.tf
index 31ddd29..b09467a 100644
--- a/terraform/ghg-features-api-shared-vpc/ecr.tf
+++ b/terraform/ghg-features-api-shared-vpc/ecr.tf
@@ -1,7 +1,7 @@
 module "ecr_registry" {
   source                   = "github.com/developmentseed/tf-seed/modules/aws_ecr"
   environment              = var.env
-  registry_name            = var.registry_name
+  registry_name            = var.project_name
   enable_registry_scanning = true
   mutable_image_tags       = true
   enable_deploy_user       = true
diff --git a/terraform/ghg-features-api-shared-vpc/ecs_api.tf b/terraform/ghg-features-api-shared-vpc/ecs_api.tf
index 5d8da7b..644f944 100644
--- a/terraform/ghg-features-api-shared-vpc/ecs_api.tf
+++ b/terraform/ghg-features-api-shared-vpc/ecs_api.tf
@@ -85,7 +85,7 @@ module "ecs_cluster" {
   container_ingress_cidrs  = ["0.0.0.0/0"]
   container_ingress_sg_ids = []
 
-  use_adot_as_sidecar = true
+  use_adot_as_sidecar = false
   use_ecr             = true
   ecr_repository_name = module.ecr_registry.registry_name
   ecr_repository_arn  = module.ecr_registry.registry_arn
diff --git a/terraform/ghg-features-api-shared-vpc/rds.tf b/terraform/ghg-features-api-shared-vpc/rds.tf
index 0f1dc10..9727790 100644
--- a/terraform/ghg-features-api-shared-vpc/rds.tf
+++ b/terraform/ghg-features-api-shared-vpc/rds.tf
@@ -55,6 +55,7 @@ resource "aws_db_instance" "db" {
   skip_final_snapshot         = true
   apply_immediately           = true
   backup_retention_period     = 7
+  vpc_security_group_ids      = [aws_security_group.default_sg.id]
   username                    = "postgres"
   password                    = random_password.master_password.result
   allow_major_version_upgrade = true
diff --git a/terraform/ghg-features-api-shared-vpc/secret_manager.tf b/terraform/ghg-features-api-shared-vpc/secret_manager.tf
index afa9283..eee26e8 100644
--- a/terraform/ghg-features-api-shared-vpc/secret_manager.tf
+++ b/terraform/ghg-features-api-shared-vpc/secret_manager.tf
@@ -39,7 +39,7 @@ resource "aws_secretsmanager_secret_version" "db_credentials" {
   "engine": "${aws_db_instance.db.engine}",
   "host": "${aws_db_instance.db.address}",
   "port": "${aws_db_instance.db.port}",
-  "database": "${aws_db_instance.db.db_name}"
+  "dbname": "${aws_db_instance.db.db_name}"
 }
 EOF
 }
diff --git a/terraform/ghg-features-api-shared-vpc/variables.tf b/terraform/ghg-features-api-shared-vpc/variables.tf
index 4f0c5be..add1337 100755
--- a/terraform/ghg-features-api-shared-vpc/variables.tf
+++ b/terraform/ghg-features-api-shared-vpc/variables.tf
@@ -31,11 +31,11 @@ variable "default_secret" {
   type = map(any)
 }
 
-variable "db_password" {
-  description = "RDS root user password"
-  type        = string
-  sensitive   = true
-}
+# variable "db_password" {
+#   description = "RDS root user password"
+#   type        = string
+#   sensitive   = true
+# }
 
 variable "dns_zone_name" {
 }
diff --git a/veda-wfs3-app/cd.sh b/veda-wfs3-app/cd.sh
index 8c1c167..3d592c0 100755
--- a/veda-wfs3-app/cd.sh
+++ b/veda-wfs3-app/cd.sh
@@ -11,30 +11,30 @@ if [[ -z "$TARGET_PROJECT_NAME" ]]; then
 fi
 
 # build and tag local image
-docker build -t veda-wfs3-api:latest .
+docker build -t "$TARGET_PROJECT_NAME-$TARGET_ENVIRONMENT":latest .
 
 # login to ECR through docker
 echo "[ LOGIN ]:..."
-AWS_PROFILE=uah2 aws ecr describe-repositories \
+AWS_PROFILE=$AWS_PROFILE_NAME aws ecr describe-repositories \
   | jq '.repositories | map(.repositoryUri)' \
   | grep $TARGET_PROJECT_NAME | grep $TARGET_ENVIRONMENT \
   | sed -E 's/"|,//g' \
-  | xargs -I {} bash -c "AWS_PROFILE=uah2 aws ecr get-login-password | docker login --username AWS --password-stdin {}"
+  | xargs -I {} bash -c "AWS_PROFILE=$AWS_PROFILE_NAME aws ecr get-login-password | docker login --username AWS --password-stdin {}"
 
 # tag local image with remote ECR repository name:tag
 echo "[ TAGGING ]:..."
-AWS_PROFILE=uah2 aws ecr describe-repositories \
+AWS_PROFILE=$AWS_PROFILE_NAME aws ecr describe-repositories \
   | jq '.repositories | map(.repositoryUri)' \
   | grep $TARGET_PROJECT_NAME | grep $TARGET_ENVIRONMENT \
   | sed -E 's/"|,//g' \
   | xargs -I {} docker images --format "{{json . }}" {} \
   | grep '"Tag":"latest"' \
   | jq '"\(.Repository):\(.Tag)"' \
-  | xargs -I{} docker tag veda-wfs3-api:latest {}
+  | xargs -I{} docker tag "$TARGET_PROJECT_NAME-$TARGET_ENVIRONMENT":latest {}
 
-# push ECR tagged image to ECR
+# # push ECR tagged image to ECR
 echo "[ PUSH ]:..."
-AWS_PROFILE=uah2 aws ecr describe-repositories \
+AWS_PROFILE=$AWS_PROFILE_NAME aws ecr describe-repositories \
   | jq '.repositories | map(.repositoryUri)' \
   | grep $TARGET_PROJECT_NAME | grep $TARGET_ENVIRONMENT \
   | sed -E 's/"|,//g' \
@@ -45,11 +45,11 @@ AWS_PROFILE=uah2 aws ecr describe-repositories \
 
 # tell ECS to use new image (blue-green)
 echo "[ RELOAD ]:..."
-AWS_PROFILE=uah2 aws ecs list-clusters \
+AWS_PROFILE=$AWS_PROFILE aws ecs list-clusters \
   | jq '.clusterArns[0]' \
   | grep $TARGET_PROJECT_NAME | grep $TARGET_ENVIRONMENT \
   | sed -E 's/"|,//g' \
-  | AWS_PROFILE=uah2 xargs -I{}  aws ecs describe-clusters --cluster={} \
+  | AWS_PROFILE=$AWS_PROFILE xargs -I{}  aws ecs describe-clusters --cluster={} \
   | jq '.clusters[0].clusterName' \
-  | AWS_PROFILE=uah2 xargs -I{}  aws ecs update-service --cluster {} --service {} --task-definition {} --force-new-deployment > /dev/null
+  | AWS_PROFILE=$AWS_PROFILE xargs -I{}  aws ecs update-service --cluster {} --service {} --task-definition {} --force-new-deployment > /dev/null
 echo "[ SUCCESS ]:..."

From 2adec03eb40150521620483fd6d6978fa1cfd3c8 Mon Sep 17 00:00:00 2001
From: smohiuddin3 <smohiuddin3@gatech.edu>
Date: Thu, 1 Jun 2023 09:22:02 -0600
Subject: [PATCH 8/8] tf lock changes

---
 .../.terraform.lock.hcl                       | 123 +++++++++++++-----
 1 file changed, 91 insertions(+), 32 deletions(-)

diff --git a/terraform/ghg-features-api-shared-vpc/.terraform.lock.hcl b/terraform/ghg-features-api-shared-vpc/.terraform.lock.hcl
index cb9ca9c..82855e2 100644
--- a/terraform/ghg-features-api-shared-vpc/.terraform.lock.hcl
+++ b/terraform/ghg-features-api-shared-vpc/.terraform.lock.hcl
@@ -2,46 +2,104 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.terraform.io/hashicorp/aws" {
-  version     = "4.58.0"
-  constraints = "~> 4.0"
+  version     = "4.67.0"
+  constraints = "~> 4.0, >= 4.22.0, >= 4.63.0"
   hashes = [
-    "h1:xXjZy36R+YOFyLjuF+rgi0NDLwnkFwrJ2t9NfsjRM/E=",
-    "h1:znLROwEAINbYzAG5X7Ep04whM7KxkQGrvhFdhSvNKEk=",
-    "zh:14b2b2dfbc7ee705c412d762b1485ee08958c816a64ac74f5769e946e4a1d265",
-    "zh:17a37e6825e2023b18987d31c0cbb9336654ea146b68e6c90710ea4636af71ae",
-    "zh:273127c69fb244577e5c136c46164d34f77b0c956c18d27f63d1072dd558f924",
-    "zh:4b2b6416d34fb3e1051c99d2a84045b136976140e34381d5fbf90e32db15272e",
-    "zh:7e6a8571ff15d51f892776265642ee01004b8553fd4f6f2014b6f3f2834670c7",
-    "zh:847c76ab2381b66666d0f79cf1ac697b5bfd0d9c3009fd11bc6ad6545d1eb427",
-    "zh:9a52cae08ba8d27d0639a8d2b8c61591027883058bf0cc5a639cffe1e299f019",
+    "h1:dCRc4GqsyfqHEMjgtlM1EympBcgTmcTkWaJmtd91+KA=",
+    "zh:0843017ecc24385f2b45f2c5fce79dc25b258e50d516877b3affee3bef34f060",
+    "zh:19876066cfa60de91834ec569a6448dab8c2518b8a71b5ca870b2444febddac6",
+    "zh:24995686b2ad88c1ffaa242e36eee791fc6070e6144f418048c4ce24d0ba5183",
+    "zh:4a002990b9f4d6d225d82cb2fb8805789ffef791999ee5d9cb1fef579aeff8f1",
+    "zh:559a2b5ace06b878c6de3ecf19b94fbae3512562f7a51e930674b16c2f606e29",
+    "zh:6a07da13b86b9753b95d4d8218f6dae874cf34699bca1470d6effbb4dee7f4b7",
+    "zh:768b3bfd126c3b77dc975c7c0e5db3207e4f9997cf41aa3385c63206242ba043",
+    "zh:7be5177e698d4b547083cc738b977742d70ed68487ce6f49ecd0c94dbf9d1362",
+    "zh:8b562a818915fb0d85959257095251a05c76f3467caa3ba95c583ba5fe043f9b",
     "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:9df647e8322d6f94f1843366ba39d21c4b36c8e7dcdc03711d52e27f73b0e974",
-    "zh:9e52037e68409802ff913b166c30e3f2035af03865cbef0c1b03762bce853941",
-    "zh:a30288e7c3c904d6998d1709835d7c5800a739f8608f0837f960286a2b8b6e59",
-    "zh:a7f24e3bda3be566468e4ad62cef1016f68c6f5a94d2e3e979485bc05626281b",
-    "zh:ba326ba80f5e39829b67a6d1ce54ba52b171e5e13a0a91ef5f9170a9b0cc9ce4",
-    "zh:c4e3fe9f2be6e244a3dfce599f4b0be9e8fffaece64cbc65f3195f825f65489b",
-    "zh:f20a251af37039bb2c7612dbd2c5df3a25886b4cc78f902385a2850ea6e30d08",
+    "zh:9c385d03a958b54e2afd5279cd8c7cbdd2d6ca5c7d6a333e61092331f38af7cf",
+    "zh:b3ca45f2821a89af417787df8289cb4314b273d29555ad3b2a5ab98bb4816b3b",
+    "zh:da3c317f1db2469615ab40aa6baba63b5643bae7110ff855277a1fb9d8eb4f2c",
+    "zh:dc6430622a8dc5cdab359a8704aec81d3825ea1d305bbb3bbd032b1c6adfae0c",
+    "zh:fac0d2ddeadf9ec53da87922f666e1e73a603a611c57bcbc4b86ac2821619b1d",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/external" {
+  version     = "2.3.1"
+  constraints = ">= 1.0.0"
+  hashes = [
+    "h1:bROCw6g5D/3fFnWeJ01L4IrdnJl1ILU8DGDgXCtYzaY=",
+    "zh:001e2886dc81fc98cf17cf34c0d53cb2dae1e869464792576e11b0f34ee92f54",
+    "zh:2eeac58dd75b1abdf91945ac4284c9ccb2bfb17fa9bdb5f5d408148ff553b3ee",
+    "zh:2fc39079ba61411a737df2908942e6970cb67ed2f4fb19090cd44ce2082903dd",
+    "zh:472a71c624952cff7aa98a7b967f6c7bb53153dbd2b8f356ceb286e6743bb4e2",
+    "zh:4cff06d31272aac8bc35e9b7faec42cf4554cbcbae1092eaab6ab7f643c215d9",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:7ed16ccd2049fa089616b98c0bd57219f407958f318f3c697843e2397ddf70df",
+    "zh:842696362c92bf2645eb85c739410fd51376be6c488733efae44f4ce688da50e",
+    "zh:8985129f2eccfd7f1841ce06f3bf2bbede6352ec9e9f926fbaa6b1a05313b326",
+    "zh:a5f0602d8ec991a5411ef42f872aa90f6347e93886ce67905c53cfea37278e05",
+    "zh:bf4ab82cbe5256dcef16949973bf6aa1a98c2c73a98d6a44ee7bc40809d002b8",
+    "zh:e70770be62aa70198fa899526d671643ff99eecf265bf1a50e798fc3480bd417",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/local" {
+  version     = "2.4.0"
+  constraints = ">= 1.0.0"
+  hashes = [
+    "h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=",
+    "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9",
+    "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf",
+    "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35",
+    "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04",
+    "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406",
+    "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6",
+    "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7",
+    "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2",
+    "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc",
+    "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/null" {
+  version     = "3.2.1"
+  constraints = ">= 2.0.0"
+  hashes = [
+    "h1:FbGfc+muBsC17Ohy5g806iuI1hQc4SIexpYCrQHQd8w=",
+    "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840",
+    "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb",
+    "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5",
+    "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238",
+    "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc",
+    "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970",
+    "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2",
+    "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5",
+    "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f",
+    "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694",
   ]
 }
 
 provider "registry.terraform.io/hashicorp/random" {
-  version = "3.4.3"
+  version = "3.5.1"
   hashes = [
-    "h1:tL3katm68lX+4lAncjQA9AXL4GR/VM+RPwqYf4D2X8Q=",
-    "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
-    "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
-    "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
-    "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
+    "h1:VSnd9ZIPyfKHOObuQCaKfnjIHRtR7qTw19Rz8tJxm+k=",
+    "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64",
+    "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d",
+    "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831",
+    "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3",
+    "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f",
     "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
-    "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
-    "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
-    "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
-    "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
-    "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
-    "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
-    "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
+    "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b",
+    "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2",
+    "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865",
+    "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03",
+    "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602",
+    "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014",
   ]
 }
 
@@ -62,3 +120,4 @@ provider "registry.terraform.io/hashicorp/template" {
     "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
   ]
 }
+