jdb/personal-measure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

operations: WIP continuing definition for ECS-based API deployment.

Browse Source
This commit is contained in:
Jonathan Bernard 2021-07-03 03:36:41 -05:00
parent c2c4c8473d
commit 87ce9cc4d4
6 changed files with 32 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
operations/terraform/deployed_env/cloudfront.tf
View File

@ -6,18 +6,18 @@ data "aws_iam_policy_document" "bucket_access_policy" {
principals {
type = "AWS"
identifiers = [ "${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}" ]
identifiers = [ aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn ]
}
}
statement {
actions = [ "s3:ListBucket" ]
effect = "Allow"
resources = [ "${var.artifact_bucket.arn}" ]
resources = [ var.artifact_bucket.arn ]
principals {
type = "AWS"
identifiers = [ "${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}" ]
identifiers = [ aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn ]
}
}
}
@ -32,12 +32,12 @@ resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
resource "aws_cloudfront_distribution" "s3_distribution" {
origin {
domain_name = "${var.artifact_bucket.bucket_regional_domain_name}"
domain_name = var.artifact_bucket.bucket_regional_domain_name
origin_id = "S3-PersonalMeasure-${var.environment}"
origin_path = "/${var.environment}/webroot"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
origin_access_identity = aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path
}
}
@ -48,11 +48,11 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
logging_config {
include_cookies = false
bucket = "${var.artifact_bucket.bucket_domain_name}"
bucket = var.artifact_bucket.bucket_domain_name
prefix = "${var.environment}/logs/cloudfront"
}
aliases = ["${local.app_domain_name}"]
aliases = [local.app_domain_name]
default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"]
@ -88,11 +88,11 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
}
}
tags = {
Environment = "${var.environment}"
Environment = var.environment
}
viewer_certificate {
acm_certificate_arn = "${var.domain_cert_arn}"
acm_certificate_arn = var.domain_cert.arn
ssl_support_method = "sni-only"
}
}

18
operations/terraform/deployed_env/domain.tf
View File

@ -48,18 +48,18 @@ resource "aws_route53_record" "app_domain" {
type = "A"
alias {
name = aws_cloudfront_distribution.s3_distribution.name
name = aws_cloudfront_distribution.s3_distribution.domain_name
zone_id = aws_cloudfront_distribution.s3_distribution.hosted_zone_id
evaluate_target_health = false
}
depends_on = [aws_cloudfront_distribution.cdn ]
depends_on = [aws_cloudfront_distribution.s3_distribution ]
}
resource "aws_route53_record" "api_domain" {
zone_id = var.route53_zone.zone_id
name = local.api_domain_name
type = "A"
# TODO: alias configuration
}
# resource "aws_route53_record" "api_domain" {
# zone_id = var.route53_zone.zone_id
# name = local.api_domain_name
# type = "A"
#
# # TODO: alias configuration
# }

5
operations/terraform/deployed_env/ecs.tf
View File

@ -1,2 +1,3 @@
resource "aws_ecs_task_definition" "pmapi" {
}
# resource "aws_ecs_task_definition" "pmapi" {
# family = "pmapi-dev" # TODO: parameterize based on env
# }

4
operations/terraform/deployed_env/variables.tf
View File

@ -8,8 +8,8 @@ variable "artifact_bucket" {
description = "The aws_s3_bucket object representing the artifact bucket where deployed artifacts, logs, etc. live."
}
variable "domain_cert_arn" {
description = "ARN for the SSL certificate to use for this environment's configuration."
variable "domain_cert" {
description = "ACM SSL certificate to use for this environment's configuration."
}
variable "route53_zone" {

14
operations/terraform/main.tf
View File

@ -3,7 +3,7 @@ provider "aws" {
}
resource "aws_s3_bucket" "personal_measure" {
bucket = "${var.app_root_url}"
bucket = var.app_root_url
acl = "log-delivery-write"
}
@ -22,8 +22,8 @@ module "dev_env" {
environment = "dev"
artifact_bucket = aws_s3_bucket.personal_measure
route53_zone = data.terraform_remote_state.jdbsoft.route53_zone_jdbsoft
domain_cert_arn = data.terraform_remote_state.jdbsoft.aws_acm_certificate_jdbsoft
route53_zone = data.terraform_remote_state.jdbsoft.outputs.aws_route53_zone_jdbsoft
domain_cert = data.terraform_remote_state.jdbsoft.outputs.aws_acm_certificate_jdbsoft_us_east_1
}
module "prod_env" {
@ -31,8 +31,8 @@ module "prod_env" {
environment = "prod"
artifact_bucket = aws_s3_bucket.personal_measure
route53_zone = data.terraform_remote_state.jdbsoft.route53_zone_jdbsoft
domain_cert_arn = data.terraform_remote_state.jdbsoft.aws_acm_certificate_jdbsoft
route53_zone = data.terraform_remote_state.jdbsoft.outputs.aws_route53_zone_jdbsoft
domain_cert = data.terraform_remote_state.jdbsoft.outputs.aws_acm_certificate_jdbsoft_us_east_1
}
data "aws_iam_policy_document" "cloudfront_access_policy" {
@ -41,6 +41,6 @@ data "aws_iam_policy_document" "cloudfront_access_policy" {
}
resource "aws_s3_bucket_policy" "personal_measure" {
bucket = "${aws_s3_bucket.personal_measure.id}"
policy = "${data.aws_iam_policy_document.cloudfront_access_policy.json}"
bucket = aws_s3_bucket.personal_measure.id
policy = data.aws_iam_policy_document.cloudfront_access_policy.json
}

4
operations/terraform/terraform.tf
View File

@ -1,6 +1,6 @@
terraform {
backend "s3" {
bucket = "pm.jdb-labs.com"
bucket = "pm.jdb-software.com"
region = "us-west-2"
key = "terraform.tfstate"
dynamodb_table = "terraform-state-lock.jdb-software.com"
@ -12,7 +12,7 @@ data "terraform_remote_state" "jdbsoft" {
config = {
bucket = "operations.jdb-software.com"
region = "us-east-2"
region = "us-west-2"
key = "terraform/operations.tfstate"
dynamodb_table = "terraform-state-lock.jdb-software.com"
}