Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use AWS ECS service per VPC for DB service #47842

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

use AWS ECS service per VPC for DB service #47842

wants to merge 1 commit into from
+16 −22

Conversation

GavinFrazar
Copy link
Contributor

The Problem

Without this change, you are only able to have the db agent deployed in one VPC at a time, because the ECS service can only be in one VPC at a time and our deployment will always update the existing ECS service if it exists.

Background

Originally, single db enrollment deployed a DB service for an entire AWS region. This behavior was recently changed to deploy the DB service for a specific VPC in a region.
So now the AWS ECS service must be named after the VPC it is deployed to for single db enrollment.

We already have an endpoint that deploys database service by VPC - it was used for discovery service because we used to deploy a db service for each VPC when doing the auto-discovery enrollment flow.

All this PR does is align the single db enrollment flow and auto-discovery flow to deploy the DB service in the same way - ECS service named after the VPC.

This screenshot might help to illustrate the effect of this change:
image

old deployments:

  • gavin-leaf_cloud_gravitational_io-teleport-database-service
    (can only be in one VPC at a time)

new deployments:

  • database-service-vpc-082b35328b1fd4a56
  • database-service-vpc-0e2541caa0a269def
    (can deploy to multiple VPCs)

@GavinFrazar GavinFrazar added aws Used for AWS Related Issues. database-access Database access related issues and PRs discover Issues related to Teleport Discover labels Oct 23, 2024
@GavinFrazar GavinFrazar added backport/branch/v16 no-changelog Indicates that a PR does not require a changelog entry labels Oct 23, 2024
@aws-amplify-us-west-2 AWS Amplify (us-west-2)
Copy link

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-47842.d3pp5qlev8mo18.amplifyapp.com

@GavinFrazar
use AWS ECS service per VPC for DB service
368c2c8 
Originally, single db enrollment deployed a DB service for an entire AWS region.
This behavior was recently changed to deploy the DB service for a
specific VPC in a region.
So now the AWS ECS service must be named after the VPC it is deployed to for
single db enrollment.
@GavinFrazar GavinFrazar force-pushed the gavinfrazar/update-db-ecs-deployment branch from f1f3f16 to 368c2c8 Compare October 23, 2024 02:44
kimlisa
kimlisa approved these changes Oct 23, 2024
View reviewed changes
Copy link
Contributor

@kimlisa kimlisa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TYSM for the fix!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kimlisa kimlisa kimlisa approved these changes

@kiosion kiosion Awaiting requested review from kiosion

@ryanclark ryanclark Awaiting requested review from ryanclark

@marcoandredinis marcoandredinis Awaiting requested review from marcoandredinis

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
aws Used for AWS Related Issues. backport/branch/v16 database-access Database access related issues and PRs discover Issues related to Teleport Discover no-changelog Indicates that a PR does not require a changelog entry size/sm ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@GavinFrazar @kimlisa