From 32ef08e797b5c7c101c4f697e87e6686c7ee7e9b Mon Sep 17 00:00:00 2001
From: Matt Farrokhzad <matt@treasure.lol>
Date: Mon, 20 May 2024 12:25:25 -0700
Subject: [PATCH] prod environment + optimization

---
 .../environments/development/account.hcl      |  1 +
 terraform/environments/production/account.hcl |  4 ++
 .../production/aurora/terragrunt.hcl          | 23 ++++++++
 terraform/environments/production/env.hcl     | 55 +++++++++++++++++++
 .../production/fargate/terragrunt.hcl         | 41 ++++++++++++++
 .../production/github-oidc/terragrunt.hcl     | 19 +++++++
 terraform/environments/terragrunt.hcl         |  2 +
 terraform/modules/ecs-fargate/dns.tf          |  4 +-
 terraform/modules/ecs-fargate/variables.tf    | 12 ++++
 9 files changed, 159 insertions(+), 2 deletions(-)
 create mode 100644 terraform/environments/production/account.hcl
 create mode 100644 terraform/environments/production/aurora/terragrunt.hcl
 create mode 100644 terraform/environments/production/env.hcl
 create mode 100644 terraform/environments/production/fargate/terragrunt.hcl
 create mode 100644 terraform/environments/production/github-oidc/terragrunt.hcl

diff --git a/terraform/environments/development/account.hcl b/terraform/environments/development/account.hcl
index d8657337..4ba89219 100644
--- a/terraform/environments/development/account.hcl
+++ b/terraform/environments/development/account.hcl
@@ -1,3 +1,4 @@
 locals {
   aws_profile_name = "dev"
+  aws_region       = "us-east-1"
 }
\ No newline at end of file
diff --git a/terraform/environments/production/account.hcl b/terraform/environments/production/account.hcl
new file mode 100644
index 00000000..0fb24e79
--- /dev/null
+++ b/terraform/environments/production/account.hcl
@@ -0,0 +1,4 @@
+locals {
+  aws_profile_name = "prod"
+  aws_region       = "us-east-1"
+}
\ No newline at end of file
diff --git a/terraform/environments/production/aurora/terragrunt.hcl b/terraform/environments/production/aurora/terragrunt.hcl
new file mode 100644
index 00000000..bb92cd13
--- /dev/null
+++ b/terraform/environments/production/aurora/terragrunt.hcl
@@ -0,0 +1,23 @@
+# Include the root `terragrunt.hcl` configuration. The root configuration contains settings that are common across all
+# components and environments, such as how to configure remote state.
+include "root" {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../modules/postgresql-aurora"
+}
+
+locals {
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+}
+
+inputs = {
+  identifier     = local.environment_vars.locals.identifier
+  engine_version = local.environment_vars.locals.engine_version
+  vpc_id         = local.environment_vars.locals.vpc_id
+  vpc_cidr       = local.environment_vars.locals.vpc_cidr
+  subnet_ids     = local.environment_vars.locals.private_subnet_ids
+  instances      = local.environment_vars.locals.instances
+  database_name  = local.environment_vars.locals.database_name
+}
\ No newline at end of file
diff --git a/terraform/environments/production/env.hcl b/terraform/environments/production/env.hcl
new file mode 100644
index 00000000..6e64057b
--- /dev/null
+++ b/terraform/environments/production/env.hcl
@@ -0,0 +1,55 @@
+# Set common variables for the environment. This is automatically pulled in in the root terragrunt.hcl configuration to
+# feed forward to the child modules.
+locals {
+
+  //////////////////
+  //// Shared
+  //////////////////
+
+  environment        = "production"
+  project_name       = "identity"
+  region             = "us-east-1"
+  vpc_id             = "vpc-0fc38067c89106d19"
+  vpc_cidr           = "10.1.0.0/16"
+  private_subnet_ids = ["subnet-0188da42ca87de29f", "subnet-0067bd76934a5a123", "subnet-085eaa7aa58476f7d", "subnet-0b9e4cad47b46a298"]
+  public_subnet_ids  = ["subnet-0e6b30abd06c12017", "subnet-0c98f159030773c7e", "subnet-0ac2b8a4a1d8b58b3", "subnet-0da03025f0d5221d5", ]
+
+  //////////////////
+  //// Aurora
+  //////////////////
+
+  identifier     = "${local.environment}-${local.project_name}"
+  engine_version = "16.2"
+  database_name  = "identitydb" //DatabaseName `identity` cannot be used.  It is a reserved word for this engine. 
+  instances = {
+    1 = {
+      instance_class          = "db.r7g.xlarge"
+      publicly_accessible     = false
+      db_parameter_group_name = "default.aurora-postgresql16"
+    }
+  }
+
+  //////////////////
+  //// ECS
+  //////////////////
+
+  ecs_prefix               = "${local.environment}-${local.project_name}"
+  ssl_certificate_arn      = "arn:aws:acm:us-east-1:884078395586:certificate/62f6f766-c92e-4792-a26c-2edfff49194e"
+  cloudflare_zone_id       = "43c53e4c8555e49c1a70efd4c949fb02" #treasure.lol
+  cloudflare_proxy_enabled = true
+  desired_count            = 3
+  autoscaling_min_capacity = 3
+  autoscaling_max_capacity = 9
+  fargate_cpu              = "2048"
+  fargate_memory           = "4096"
+  task_cpu                 = "2048"
+  task_memory              = "4096"
+  dns_name                 = "tdk-api1"
+
+  //////////////////
+  //// Github OIDC
+  //////////////////
+
+  iam_role_prefix = "${local.environment}-${local.project_name}"
+  github_project  = "TreasureProject/tdk-js" # gitHubOrg/gitHubRepo
+}
diff --git a/terraform/environments/production/fargate/terragrunt.hcl b/terraform/environments/production/fargate/terragrunt.hcl
new file mode 100644
index 00000000..df8338b9
--- /dev/null
+++ b/terraform/environments/production/fargate/terragrunt.hcl
@@ -0,0 +1,41 @@
+# Include the root `terragrunt.hcl` configuration. The root configuration contains settings that are common across all
+# components and environments, such as how to configure remote state.
+include "root" {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../modules/ecs-fargate"
+}
+
+locals {
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+}
+
+inputs = {
+  vpc_id                   = local.environment_vars.locals.vpc_id
+  public_subnets           = local.environment_vars.locals.public_subnet_ids
+  private_subnets          = local.environment_vars.locals.private_subnet_ids
+  ecs_prefix               = local.environment_vars.locals.ecs_prefix
+  region                   = local.environment_vars.locals.region
+  aurora_secret_name       = dependency.aurora.outputs.aurora_secret_name
+  ssl_certificate_arn      = local.environment_vars.locals.ssl_certificate_arn
+  cloudflare_zone_id       = local.environment_vars.locals.cloudflare_zone_id
+  desired_count            = local.environment_vars.locals.desired_count
+  autoscaling_min_capacity = local.environment_vars.locals.autoscaling_min_capacity
+  autoscaling_max_capacity = local.environment_vars.locals.autoscaling_max_capacity
+  dns_name                 = local.environment_vars.locals.dns_name
+  cloudflare_proxy_enabled = local.environment_vars.locals.cloudflare_proxy_enabled
+  fargate_cpu              = local.environment_vars.locals.fargate_cpu
+  fargate_memory           = local.environment_vars.locals.fargate_memory
+  task_cpu                 = local.environment_vars.locals.task_cpu
+  task_memory              = local.environment_vars.locals.task_memory
+
+}
+
+dependency "aurora" {
+  config_path = "../aurora"
+  mock_outputs = {
+    aurora_secret_name = "${local.environment_vars.locals.identifier}-db"
+  }
+}
\ No newline at end of file
diff --git a/terraform/environments/production/github-oidc/terragrunt.hcl b/terraform/environments/production/github-oidc/terragrunt.hcl
new file mode 100644
index 00000000..fb84a3e9
--- /dev/null
+++ b/terraform/environments/production/github-oidc/terragrunt.hcl
@@ -0,0 +1,19 @@
+# Include the root `terragrunt.hcl` configuration. The root configuration contains settings that are common across all
+# components and environments, such as how to configure remote state.
+include "root" {
+  path = find_in_parent_folders()
+}
+
+terraform {
+  source = "../../../modules/github-oidc"
+}
+
+locals {
+  environment_vars = read_terragrunt_config(find_in_parent_folders("env.hcl"))
+}
+
+inputs = {
+  prefix         = local.environment_vars.locals.iam_role_prefix
+  github_project = local.environment_vars.locals.github_project
+}
+
diff --git a/terraform/environments/terragrunt.hcl b/terraform/environments/terragrunt.hcl
index 49b911ea..c513b16b 100644
--- a/terraform/environments/terragrunt.hcl
+++ b/terraform/environments/terragrunt.hcl
@@ -3,6 +3,7 @@ locals {
   account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
 
   aws_profile = local.account_vars.locals.aws_profile_name
+  region      = local.account_vars.locals.aws_region
 }
 
 terraform {
@@ -60,6 +61,7 @@ generate "provider" {
     }
     provider "aws" {
       profile = "${local.aws_profile}"
+      region = "${local.region}"
     }
     
 EOF
diff --git a/terraform/modules/ecs-fargate/dns.tf b/terraform/modules/ecs-fargate/dns.tf
index 5d6ca4b8..17db9733 100644
--- a/terraform/modules/ecs-fargate/dns.tf
+++ b/terraform/modules/ecs-fargate/dns.tf
@@ -14,6 +14,6 @@ resource "cloudflare_record" "identity" {
   name    = var.dns_name        #"dns_name.treasure.lol"
   value   = module.alb.dns_name # alb dns address
   type    = "CNAME"
-  ttl     = 300
-  proxied = false
+  ttl     = var.dns_ttl
+  proxied = var.cloudflare_proxy_enabled
 }
diff --git a/terraform/modules/ecs-fargate/variables.tf b/terraform/modules/ecs-fargate/variables.tf
index 00ff2ff7..3ded6fea 100644
--- a/terraform/modules/ecs-fargate/variables.tf
+++ b/terraform/modules/ecs-fargate/variables.tf
@@ -118,4 +118,16 @@ variable "autoscaling_max_capacity" {
   type        = number
   default     = 1
   description = "auto scaling max"
+}
+
+variable "cloudflare_proxy_enabled" {
+  type        = bool
+  default     = false
+  description = "enabled cloudflare proxy"
+}
+
+variable "dns_ttl" {
+  type        = number
+  default     = 1 # auto
+  description = "dns record ttl"
 }
\ No newline at end of file