From 87ce9cc4d4f3b1590f28eca9fe246441a7f18236 Mon Sep 17 00:00:00 2001
From: Jonathan Bernard <jonathan@jdbernard.com>
Date: Sat, 3 Jul 2021 03:36:41 -0500
Subject: [PATCH] operations: WIP continuing definition for ECS-based API
deployment.
---
.../terraform/deployed_env/cloudfront.tf | 18 +++++++++---------
operations/terraform/deployed_env/domain.tf | 18 +++++++++---------
operations/terraform/deployed_env/ecs.tf | 5 +++--
operations/terraform/deployed_env/variables.tf | 4 ++--
operations/terraform/main.tf | 14 +++++++-------
operations/terraform/terraform.tf | 4 ++--
6 files changed, 32 insertions(+), 31 deletions(-)
diff --git a/operations/terraform/deployed_env/cloudfront.tf b/operations/terraform/deployed_env/cloudfront.tf
index 773e4a5..835ce16 100644
--- a/operations/terraform/deployed_env/cloudfront.tf
+++ b/operations/terraform/deployed_env/cloudfront.tf
@@ -6,18 +6,18 @@ data "aws_iam_policy_document" "bucket_access_policy" {
principals {
type = "AWS"
- identifiers = [ "${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}" ]
+ identifiers = [ aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn ]
}
}
statement {
actions = [ "s3:ListBucket" ]
effect = "Allow"
- resources = [ "${var.artifact_bucket.arn}" ]
+ resources = [ var.artifact_bucket.arn ]
principals {
type = "AWS"
- identifiers = [ "${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}" ]
+ identifiers = [ aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn ]
}
}
}
@@ -32,12 +32,12 @@ resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
resource "aws_cloudfront_distribution" "s3_distribution" {
origin {
- domain_name = "${var.artifact_bucket.bucket_regional_domain_name}"
+ domain_name = var.artifact_bucket.bucket_regional_domain_name
origin_id = "S3-PersonalMeasure-${var.environment}"
origin_path = "/${var.environment}/webroot"
s3_origin_config {
- origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
+ origin_access_identity = aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path
}
}
@@ -48,11 +48,11 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
logging_config {
include_cookies = false
- bucket = "${var.artifact_bucket.bucket_domain_name}"
+ bucket = var.artifact_bucket.bucket_domain_name
prefix = "${var.environment}/logs/cloudfront"
}
- aliases = ["${local.app_domain_name}"]
+ aliases = [local.app_domain_name]
default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"]
@@ -88,11 +88,11 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
}
}
tags = {
- Environment = "${var.environment}"
+ Environment = var.environment
}
viewer_certificate {
- acm_certificate_arn = "${var.domain_cert_arn}"
+ acm_certificate_arn = var.domain_cert.arn
ssl_support_method = "sni-only"
}
}
diff --git a/operations/terraform/deployed_env/domain.tf b/operations/terraform/deployed_env/domain.tf
index 76ec478..bb45fb2 100644
--- a/operations/terraform/deployed_env/domain.tf
+++ b/operations/terraform/deployed_env/domain.tf
@@ -48,18 +48,18 @@ resource "aws_route53_record" "app_domain" {
type = "A"
alias {
- name = aws_cloudfront_distribution.s3_distribution.name
+ name = aws_cloudfront_distribution.s3_distribution.domain_name
zone_id = aws_cloudfront_distribution.s3_distribution.hosted_zone_id
evaluate_target_health = false
}
- depends_on = [aws_cloudfront_distribution.cdn ]
+ depends_on = [aws_cloudfront_distribution.s3_distribution ]
}
-resource "aws_route53_record" "api_domain" {
- zone_id = var.route53_zone.zone_id
- name = local.api_domain_name
- type = "A"
-
- # TODO: alias configuration
-}
+# resource "aws_route53_record" "api_domain" {
+# zone_id = var.route53_zone.zone_id
+# name = local.api_domain_name
+# type = "A"
+#
+# # TODO: alias configuration
+# }
diff --git a/operations/terraform/deployed_env/ecs.tf b/operations/terraform/deployed_env/ecs.tf
index fb5896c..e489e70 100644
--- a/operations/terraform/deployed_env/ecs.tf
+++ b/operations/terraform/deployed_env/ecs.tf
@@ -1,2 +1,3 @@
-resource "aws_ecs_task_definition" "pmapi" {
-}
+# resource "aws_ecs_task_definition" "pmapi" {
+# family = "pmapi-dev" # TODO: parameterize based on env
+# }
diff --git a/operations/terraform/deployed_env/variables.tf b/operations/terraform/deployed_env/variables.tf
index ebbf73a..db36941 100644
--- a/operations/terraform/deployed_env/variables.tf
+++ b/operations/terraform/deployed_env/variables.tf
@@ -8,8 +8,8 @@ variable "artifact_bucket" {
description = "The aws_s3_bucket object representing the artifact bucket where deployed artifacts, logs, etc. live."
}
-variable "domain_cert_arn" {
- description = "ARN for the SSL certificate to use for this environment's configuration."
+variable "domain_cert" {
+ description = "ACM SSL certificate to use for this environment's configuration."
}
variable "route53_zone" {
diff --git a/operations/terraform/main.tf b/operations/terraform/main.tf
index e2c42f4..918ca0c 100644
--- a/operations/terraform/main.tf
+++ b/operations/terraform/main.tf
@@ -3,7 +3,7 @@ provider "aws" {
}
resource "aws_s3_bucket" "personal_measure" {
- bucket = "${var.app_root_url}"
+ bucket = var.app_root_url
acl = "log-delivery-write"
}
@@ -22,8 +22,8 @@ module "dev_env" {
environment = "dev"
artifact_bucket = aws_s3_bucket.personal_measure
- route53_zone = data.terraform_remote_state.jdbsoft.route53_zone_jdbsoft
- domain_cert_arn = data.terraform_remote_state.jdbsoft.aws_acm_certificate_jdbsoft
+ route53_zone = data.terraform_remote_state.jdbsoft.outputs.aws_route53_zone_jdbsoft
+ domain_cert = data.terraform_remote_state.jdbsoft.outputs.aws_acm_certificate_jdbsoft_us_east_1
}
module "prod_env" {
@@ -31,8 +31,8 @@ module "prod_env" {
environment = "prod"
artifact_bucket = aws_s3_bucket.personal_measure
- route53_zone = data.terraform_remote_state.jdbsoft.route53_zone_jdbsoft
- domain_cert_arn = data.terraform_remote_state.jdbsoft.aws_acm_certificate_jdbsoft
+ route53_zone = data.terraform_remote_state.jdbsoft.outputs.aws_route53_zone_jdbsoft
+ domain_cert = data.terraform_remote_state.jdbsoft.outputs.aws_acm_certificate_jdbsoft_us_east_1
}
data "aws_iam_policy_document" "cloudfront_access_policy" {
@@ -41,6 +41,6 @@ data "aws_iam_policy_document" "cloudfront_access_policy" {
}
resource "aws_s3_bucket_policy" "personal_measure" {
- bucket = "${aws_s3_bucket.personal_measure.id}"
- policy = "${data.aws_iam_policy_document.cloudfront_access_policy.json}"
+ bucket = aws_s3_bucket.personal_measure.id
+ policy = data.aws_iam_policy_document.cloudfront_access_policy.json
}
diff --git a/operations/terraform/terraform.tf b/operations/terraform/terraform.tf
index 510c717..8ef8975 100644
--- a/operations/terraform/terraform.tf
+++ b/operations/terraform/terraform.tf
@@ -1,6 +1,6 @@
terraform {
backend "s3" {
- bucket = "pm.jdb-labs.com"
+ bucket = "pm.jdb-software.com"
region = "us-west-2"
key = "terraform.tfstate"
dynamodb_table = "terraform-state-lock.jdb-software.com"
@@ -12,7 +12,7 @@ data "terraform_remote_state" "jdbsoft" {
config = {
bucket = "operations.jdb-software.com"
- region = "us-east-2"
+ region = "us-west-2"
key = "terraform/operations.tfstate"
dynamodb_table = "terraform-state-lock.jdb-software.com"
}