jdb/personal-measure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

operations: WIP continuing definition for ECS-based API deployment.

Browse Source
This commit is contained in:
Jonathan Bernard 2021-07-03 03:36:41 -05:00
parent c2c4c8473d
commit 87ce9cc4d4
6 changed files with 32 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
operations/terraform/deployed_env/cloudfront.tf
View File

@ -6,18 +6,18 @@ data "aws_iam_policy_document" "bucket_access_policy" {
principals { principals {
type = "AWS" type = "AWS"
identifiers = [ "${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}" ] identifiers = [ aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn ]
} }
} }
statement { statement {
actions = [ "s3:ListBucket" ] actions = [ "s3:ListBucket" ]
effect = "Allow" effect = "Allow"
resources = [ "${var.artifact_bucket.arn}" ] resources = [ var.artifact_bucket.arn ]
principals { principals {
type = "AWS" type = "AWS"
identifiers = [ "${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}" ] identifiers = [ aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn ]
} }
} }
} }
@ -32,12 +32,12 @@ resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
resource "aws_cloudfront_distribution" "s3_distribution" { resource "aws_cloudfront_distribution" "s3_distribution" {
origin { origin {
domain_name = "${var.artifact_bucket.bucket_regional_domain_name}" domain_name = var.artifact_bucket.bucket_regional_domain_name
origin_id = "S3-PersonalMeasure-${var.environment}" origin_id = "S3-PersonalMeasure-${var.environment}"
origin_path = "/${var.environment}/webroot" origin_path = "/${var.environment}/webroot"
s3_origin_config { s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}" origin_access_identity = aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path
} }
} }
@ -48,11 +48,11 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
logging_config { logging_config {
include_cookies = false include_cookies = false
bucket = "${var.artifact_bucket.bucket_domain_name}" bucket = var.artifact_bucket.bucket_domain_name
prefix = "${var.environment}/logs/cloudfront" prefix = "${var.environment}/logs/cloudfront"
} }
aliases = ["${local.app_domain_name}"] aliases = [local.app_domain_name]
default_cache_behavior { default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"] allowed_methods = ["GET", "HEAD", "OPTIONS"]
@ -88,11 +88,11 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
} }
} }
tags = { tags = {
Environment = "${var.environment}" Environment = var.environment
} }
viewer_certificate { viewer_certificate {
acm_certificate_arn = "${var.domain_cert_arn}" acm_certificate_arn = var.domain_cert.arn
ssl_support_method = "sni-only" ssl_support_method = "sni-only"
} }
} }

18
operations/terraform/deployed_env/domain.tf
View File

@ -48,18 +48,18 @@ resource "aws_route53_record" "app_domain" {
type = "A" type = "A"
alias { alias {
name = aws_cloudfront_distribution.s3_distribution.name name = aws_cloudfront_distribution.s3_distribution.domain_name
zone_id = aws_cloudfront_distribution.s3_distribution.hosted_zone_id zone_id = aws_cloudfront_distribution.s3_distribution.hosted_zone_id
evaluate_target_health = false evaluate_target_health = false
} }
depends_on = [aws_cloudfront_distribution.cdn ] depends_on = [aws_cloudfront_distribution.s3_distribution ]
} }
resource "aws_route53_record" "api_domain" { # resource "aws_route53_record" "api_domain" {
zone_id = var.route53_zone.zone_id # zone_id = var.route53_zone.zone_id
name = local.api_domain_name # name = local.api_domain_name
type = "A" # type = "A"
#
# TODO: alias configuration # # TODO: alias configuration
} # }

5
operations/terraform/deployed_env/ecs.tf
View File

@ -1,2 +1,3 @@
resource "aws_ecs_task_definition" "pmapi" { # resource "aws_ecs_task_definition" "pmapi" {
} # family = "pmapi-dev" # TODO: parameterize based on env
# }

4
operations/terraform/deployed_env/variables.tf
View File

@ -8,8 +8,8 @@ variable "artifact_bucket" {
description = "The aws_s3_bucket object representing the artifact bucket where deployed artifacts, logs, etc. live." description = "The aws_s3_bucket object representing the artifact bucket where deployed artifacts, logs, etc. live."
} }
variable "domain_cert_arn" { variable "domain_cert" {
description = "ARN for the SSL certificate to use for this environment's configuration." description = "ACM SSL certificate to use for this environment's configuration."
} }
variable "route53_zone" { variable "route53_zone" {

14
operations/terraform/main.tf
View File

@ -3,7 +3,7 @@ provider "aws" {
} }
resource "aws_s3_bucket" "personal_measure" { resource "aws_s3_bucket" "personal_measure" {
bucket = "${var.app_root_url}" bucket = var.app_root_url
acl = "log-delivery-write" acl = "log-delivery-write"
} }
@ -22,8 +22,8 @@ module "dev_env" {
environment = "dev" environment = "dev"
artifact_bucket = aws_s3_bucket.personal_measure artifact_bucket = aws_s3_bucket.personal_measure
route53_zone = data.terraform_remote_state.jdbsoft.route53_zone_jdbsoft route53_zone = data.terraform_remote_state.jdbsoft.outputs.aws_route53_zone_jdbsoft
domain_cert_arn = data.terraform_remote_state.jdbsoft.aws_acm_certificate_jdbsoft domain_cert = data.terraform_remote_state.jdbsoft.outputs.aws_acm_certificate_jdbsoft_us_east_1
} }
module "prod_env" { module "prod_env" {
@ -31,8 +31,8 @@ module "prod_env" {
environment = "prod" environment = "prod"
artifact_bucket = aws_s3_bucket.personal_measure artifact_bucket = aws_s3_bucket.personal_measure
route53_zone = data.terraform_remote_state.jdbsoft.route53_zone_jdbsoft route53_zone = data.terraform_remote_state.jdbsoft.outputs.aws_route53_zone_jdbsoft
domain_cert_arn = data.terraform_remote_state.jdbsoft.aws_acm_certificate_jdbsoft domain_cert = data.terraform_remote_state.jdbsoft.outputs.aws_acm_certificate_jdbsoft_us_east_1
} }
data "aws_iam_policy_document" "cloudfront_access_policy" { data "aws_iam_policy_document" "cloudfront_access_policy" {
@ -41,6 +41,6 @@ data "aws_iam_policy_document" "cloudfront_access_policy" {
} }
resource "aws_s3_bucket_policy" "personal_measure" { resource "aws_s3_bucket_policy" "personal_measure" {
bucket = "${aws_s3_bucket.personal_measure.id}" bucket = aws_s3_bucket.personal_measure.id
policy = "${data.aws_iam_policy_document.cloudfront_access_policy.json}" policy = data.aws_iam_policy_document.cloudfront_access_policy.json
} }

4
operations/terraform/terraform.tf
View File

@ -1,6 +1,6 @@
terraform { terraform {
backend "s3" { backend "s3" {
bucket = "pm.jdb-labs.com" bucket = "pm.jdb-software.com"
region = "us-west-2" region = "us-west-2"
key = "terraform.tfstate" key = "terraform.tfstate"
dynamodb_table = "terraform-state-lock.jdb-software.com" dynamodb_table = "terraform-state-lock.jdb-software.com"
@ -12,7 +12,7 @@ data "terraform_remote_state" "jdbsoft" {
config = { config = {
bucket = "operations.jdb-software.com" bucket = "operations.jdb-software.com"
region = "us-east-2" region = "us-west-2"
key = "terraform/operations.tfstate" key = "terraform/operations.tfstate"
dynamodb_table = "terraform-state-lock.jdb-software.com" dynamodb_table = "terraform-state-lock.jdb-software.com"
} }