Skip to content

Commit

Permalink
ci(engine): Add missing shared secrets to task containers and setup l…
Browse files Browse the repository at this point in the history
…og group
  • Loading branch information
topher-lo committed Mar 19, 2024
1 parent e0f1cc3 commit 1f8e770
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 4 deletions.
31 changes: 28 additions & 3 deletions aws/stack.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,12 @@

import os

from aws_cdk import Duration, Stack
from aws_cdk import Duration, RemovalPolicy, Stack
from aws_cdk import aws_ec2 as ec2
from aws_cdk import aws_ecs as ecs
from aws_cdk import aws_elasticloadbalancingv2 as elbv2
from aws_cdk import aws_iam as iam
from aws_cdk import aws_logs as logs
from aws_cdk import aws_route53 as route53
from aws_cdk import aws_secretsmanager as secretsmanager
from aws_cdk.aws_certificatemanager import Certificate
Expand Down Expand Up @@ -110,10 +111,19 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None:
tracecat_secret = secretsmanager.Secret.from_secret_complete_arn(
self, "Secret", secret_complete_arn=AWS_SECRET__ARN
)
api_secrets = {
shared_secrets = {
"TRACECAT__SIGNING_SECRET": ecs.Secret.from_secrets_manager(
tracecat_secret, field="signing-secret"
),
"TRACECAT__SERVICE_KEY": ecs.Secret.from_secrets_manager(
tracecat_secret, field="service-key"
),
"TRACECAT__DB_ENCRYPTION_KEY": ecs.Secret.from_secrets_manager(
tracecat_secret, field="db-encryption-key"
),
}
api_secrets = {
**shared_secrets,
"SUPABASE_JWT_SECRET": ecs.Secret.from_secrets_manager(
tracecat_secret, field="supabase-jwt-secret"
),
Expand All @@ -125,9 +135,10 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None:
),
}
runner_secrets = {
**shared_secrets,
"OPENAI_API_KEY": ecs.Secret.from_secrets_manager(
tracecat_secret, field="openai-api-key"
)
),
}

# # Define EFS
Expand Down Expand Up @@ -155,6 +166,14 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None:
# ],
)

# Set up a log group
log_group = logs.LogGroup(
self,
"TracecatLogGroup",
log_group_name="/ecs/tracecat",
removal_policy=RemovalPolicy.RETAIN, # Retain the log group when the stack is deleted
)

# Tracecat API
task_definition.add_container(
"ApiContainer",
Expand All @@ -177,6 +196,9 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None:
},
secrets=api_secrets,
port_mappings=[ecs.PortMapping(container_port=8000)],
logging=ecs.LogDrivers.aws_logs(
stream_prefix="tracecat-api", log_group=log_group
),
)
# api_container.add_mount_points(
# ecs.MountPoint(
Expand Down Expand Up @@ -205,6 +227,9 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None:
environment={"API_MODULE": "tracecat.runner.app:app", "PORT": "8001"},
secrets=runner_secrets,
port_mappings=[ecs.PortMapping(container_port=8001)],
logging=ecs.LogDrivers.aws_logs(
stream_prefix="tracecat-runner", log_group=log_group
),
)
# runner_container.add_mount_points(
# ecs.MountPoint(
Expand Down
2 changes: 1 addition & 1 deletion docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ services:
environment:
API_MODULE: "tracecat.api.app:app"
TRACECAT__SIGNING_SECRET: ${TRACECAT__SIGNING_SECRET}
TRACECAT__DB_ENCRYPTION_KEY: ${TRACECAT__DB_ENCRYPTION_KEY}
TRACECAT__SERVICE_KEY: ${TRACECAT__SERVICE_KEY}
TRACECAT__DB_ENCRYPTION_KEY: ${TRACECAT__DB_ENCRYPTION_KEY}
SUPABASE_JWT_SECRET: ${SUPABASE_JWT_SECRET}
SUPABASE_JWT_ALGORITHM: ${SUPABASE_JWT_ALGORITHM}
SUPABASE_PSQL_URL: ${SUPABASE_PSQL_URL}
Expand Down

0 comments on commit 1f8e770

Please sign in to comment.