jdb/personal-measure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

operations: WIP moving API to run as an ECS task.

Browse Source
This commit is contained in:
Jonathan Bernard 2021-07-03 01:30:51 -05:00
parent 20e0a0b09e
commit bb89f519e0
7 changed files with 106 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
operations/terraform/common.tf
View File

@ -7,5 +7,5 @@ variable "aws_region" {
variable "app_root_url" { variable "app_root_url" {
description = "Name of the S3 bucket to store deployed artifacts, logs, etc." description = "Name of the S3 bucket to store deployed artifacts, logs, etc."
default = "pm.jdb-labs.com" default = "pm.jdb-software.com"
} }

8
operations/terraform/deployed_env/main.tf → operations/terraform/deployed_env/cloudfront.tf
View File

@ -26,10 +26,6 @@ output "oai_access_policy" {
value = data.aws_iam_policy_document.bucket_access_policy value = data.aws_iam_policy_document.bucket_access_policy
} }
locals {
env_domain_name = "pm${var.environment == "prod" ? "" : "-${var.environment}"}.jdb-labs.com"
}
resource "aws_cloudfront_origin_access_identity" "origin_access_identity" { resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
comment = "OAI for Personal Measure {$var.environment} environment." comment = "OAI for Personal Measure {$var.environment} environment."
} }
@ -56,7 +52,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
prefix = "${var.environment}/logs/cloudfront" prefix = "${var.environment}/logs/cloudfront"
} }
aliases = ["${local.env_domain_name}"] aliases = ["${local.app_domain_name}"]
default_cache_behavior { default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"] allowed_methods = ["GET", "HEAD", "OPTIONS"]
@ -96,7 +92,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
} }
viewer_certificate { viewer_certificate {
acm_certificate_arn = "${var.cloudfront_ssl_certificate_arn}" acm_certificate_arn = "${var.domain_cert_arn}"
ssl_support_method = "sni-only" ssl_support_method = "sni-only"
} }
} }

65
operations/terraform/deployed_env/domain.tf Normal file
View File

@ -0,0 +1,65 @@
# provider "aws" {
# alias = "cert"
# region = "us-east-1"
# }
#
# resource "aws_acm_certificate" "cert" {
# provider = aws.cert
# domain_name = local.app_domain_name
# validation_method = "DNS"
#
# subject_alternative_names = [local.api_domain_name]
#
# tags = {
# Environment = var.environment
# }
#
# lifecycle {
# create_before_destroy = true
# }
# }
#
# resource "aws_route53_record" "cert_validation" {
# for_each {
# for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
# name = dvo.resource_record_name
# type = dvo.resource_record_type
# record = dvo.resource_record_value
# }
# }
#
# allow_overwrite = true
# name = each.value.name
# records = [ each.value.record ]
# ttl = 60
# type = each.value.type
# zone_id = var.route53_zone.zone_id
# }
#
# resource "aws_acm_certificate_validation" "cert" {
# provider = aws.cert
# certificate_arn = aws_acm_certificate.cert.arn
# validation_record_fqdns = [ for record in aws_route53_record.cert_validation : record.fqdn ]
# }
resource "aws_route53_record" "app_domain" {
zone_id = var.route53_zone.zone_id
name = local.app_domain_name
type = "A"
alias {
name = aws_cloudfront_distribution.s3_distribution.name
zone_id = aws_cloudfront_distribution.s3_distribution.hosted_zone_id
evaluate_target_health = false
}
depends_on = [aws_cloudfront_distribution.cdn ]
}
resource "aws_route53_record" "api_domain" {
zone_id = var.route53_zone.zone_id
name = local.api_domain_name
type = "A"
# TODO: alias configuration
}

2
operations/terraform/deployed_env/ecs.tf Normal file
View File

@ -0,0 +1,2 @@
resource "aws_ecs_task_definition" "pmapi" {
}

13
operations/terraform/deployed_env/variables.tf
View File

@ -8,6 +8,15 @@ variable "artifact_bucket" {
description = "The aws_s3_bucket object representing the artifact bucket where deployed artifacts, logs, etc. live." description = "The aws_s3_bucket object representing the artifact bucket where deployed artifacts, logs, etc. live."
} }
variable "cloudfront_ssl_certificate_arn" { variable "domain_cert_arn" {
description = "ARN of the managed SSL certificate to use for this environment." description = "ARN for the SSL certificate to use for this environment's configuration."
}
variable "route53_zone" {
description = "Route53 hosted zone for the deployed environments."
}
locals {
app_domain_name = "pm${var.environment == "prod" ? "" : "-${var.environment}"}.jdb-software.com"
api_domain_name = "api.pm${var.environment == "prod" ? "" : "-${var.environment}"}.jdb-software.com"
} }

30
operations/terraform/main.tf
View File

@ -7,36 +7,32 @@ resource "aws_s3_bucket" "personal_measure" {
acl = "log-delivery-write" acl = "log-delivery-write"
} }
resource "aws_dynamodb_table" "dynamodb_terraform-state-lock" {
name = "terraform-state-lock.${var.app_root_url}"
hash_key = "LockID"
read_capacity = 20
write_capacity = 20
attribute { resource "aws_ecr_repository" "personal_measure_api" {
name = "LockID" name = "personal_measure_api"
type = "S" image_tag_mutability = "IMMUTABLE"
}
tags = { image_scanning_configuration {
Name = "Terraform DynamoDB State Lock Table" scan_on_push = true
} }
} }
module "dev_env" { module "dev_env" {
source = "./deployed_env" source = "./deployed_env"
environment = "dev" environment = "dev"
artifact_bucket = aws_s3_bucket.personal_measure artifact_bucket = aws_s3_bucket.personal_measure
cloudfront_ssl_certificate_arn = "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c" route53_zone = data.terraform_remote_state.jdbsoft.route53_zone_jdbsoft
domain_cert_arn = data.terraform_remote_state.jdbsoft.aws_acm_certificate_jdbsoft
} }
module "prod_env" { module "prod_env" {
source = "./deployed_env" source = "./deployed_env"
environment = "prod" environment = "prod"
artifact_bucket = aws_s3_bucket.personal_measure artifact_bucket = aws_s3_bucket.personal_measure
cloudfront_ssl_certificate_arn = "arn:aws:acm:us-east-1:063932952339:certificate/48fe3ce0-4700-4eaa-b433-bb634f47934c" route53_zone = data.terraform_remote_state.jdbsoft.route53_zone_jdbsoft
domain_cert_arn = data.terraform_remote_state.jdbsoft.aws_acm_certificate_jdbsoft
} }
data "aws_iam_policy_document" "cloudfront_access_policy" { data "aws_iam_policy_document" "cloudfront_access_policy" {

13
operations/terraform/terraform.tf
View File

@ -3,6 +3,17 @@ terraform {
bucket = "pm.jdb-labs.com" bucket = "pm.jdb-labs.com"
region = "us-west-2" region = "us-west-2"
key = "terraform.tfstate" key = "terraform.tfstate"
dynamodb_table = "terraform-state-lock.pm.jdb-labs.com" dynamodb_table = "terraform-state-lock.jdb-software.com"
}
}
data "terraform_remote_state" "jdbsoft" {
backend = "s3"
config = {
bucket = "operations.jdb-software.com"
region = "us-east-2"
key = "terraform/operations.tfstate"
dynamodb_table = "terraform-state-lock.jdb-software.com"
} }
} }