From 7e262444218f8324869fa58a09dc32c1f3b5a1ac Mon Sep 17 00:00:00 2001
From: Sohit <sohit.gore@levo.ai>
Date: Thu, 19 Dec 2024 12:32:16 +0530
Subject: [PATCH] terraform script for pcap-sensor

---
 .../sensor-fargate.md                         |  20 ++-
 static/artifacts/pcap-sensor/main.tf          | 170 ++++++++++++++++++
 2 files changed, 189 insertions(+), 1 deletion(-)
 create mode 100644 static/artifacts/pcap-sensor/main.tf

diff --git a/docs/install-traffic-capture-sensors/sensor-fargate.md b/docs/install-traffic-capture-sensors/sensor-fargate.md
index 11411b432..2d9b90d7a 100644
--- a/docs/install-traffic-capture-sensors/sensor-fargate.md
+++ b/docs/install-traffic-capture-sensors/sensor-fargate.md
@@ -9,7 +9,25 @@ description: Install Levo.ai PCAP sensor on AWS Fargate. Follow our detailed gui
 - AWS profile access key and secret access key saved at path  ~/.aws/credentials file
 - The profile should have all the required permissions as listed [here](#aws-permissions)
 
-## Install Sensor on Fargate
+
+## Install using Terraform
+
+The pcap Sensor can be installed as a sidecar on an existing AWS task using a terraform script
+
+- Download the [Terraform script](../../static/artifacts/pcap-sensor/main.tf)
+- Run the following commands
+    - `terraform init`
+    - `terraform plan`
+    - `terraform apply`
+- Enter values for all the prompts, which include `aws-region`, `task-name`, `satellite-url`, `levo-env`, `org-id` etc.
+- Or edit the variables in the terraform script and add the required values as default.
+- The script will create a new revision of the task-definition with the pcap-sensor as side-car
+- To configure CPU and memory given to the container, update `percentage_cpu_utilization` and `percentage_memory_utilization` variables in the terraform script.
+
+*Note: The default values are set to 5% CPU and memory of the total given to the task.*
+<br>
+
+## Install using JSON
 
 The pcap Sensor can be installed as a sidecar on an existing AWS task by adding to its task definition via the AWS Console.
 
diff --git a/static/artifacts/pcap-sensor/main.tf b/static/artifacts/pcap-sensor/main.tf
new file mode 100644
index 000000000..887f6c594
--- /dev/null
+++ b/static/artifacts/pcap-sensor/main.tf
@@ -0,0 +1,170 @@
+variable "aws_region" {
+    description = "AWS region where resources will be deployed"
+    type        = string
+}
+
+variable "aws_log_group" {
+    description = "AWS log group name"
+    type = string
+}
+
+variable "task_definition_name" {
+    description = "Name of the ECS Task Definition to modify"
+    type = string
+}
+
+variable "image_name" {
+    description = "Levo.ai pcap sensor image name"
+    type = string
+    default = "levoai/pcap-sensor:0.1.9"
+}
+
+variable "satellite_url" {
+    description = "Enter your Satellite's Address"
+    type = string
+}
+
+variable "levo_env" {
+    description = "Enter your Application environment"
+    type = string
+}
+
+variable "org_id" {
+    description = "Specify your Organization ID (from the Levo Dashboard)"
+    type = string
+}
+
+variable "rate_limit" {
+    description = "Specify the rate-limit"
+    type = string
+    default = "50.0"
+}
+
+variable "trace_export_interval" {
+    description = "Specify the export interval for traces"
+    type = string
+    default = "1.0"
+}
+
+variable "stream_timeout_seconds" {
+    description = "Specify the stream timeout seconds for rearranging out of order packets"
+    type = string
+    default = "1.0"
+}
+
+variable "percentage_cpu_utilization" {
+    description = "Percentage of CPU allocated to the sensor container out of total task cpu"
+    type = string
+    default = "5"
+}
+
+variable "percentage_memory_utilization" {
+    description = "Percentage of memory allocated to the sensor container out of total task memory"
+    type = string
+    default = "5"
+}
+
+provider "aws" {
+    region = var.aws_region
+}
+
+resource "aws_ecs_task_definition" "modified_task_definition" {
+    family                   = local.task_def_json.taskDefinition.family
+    network_mode             = local.task_def_json.taskDefinition.networkMode
+    requires_compatibilities = local.task_def_json.taskDefinition.requiresCompatibilities
+    execution_role_arn       = local.task_def_json.taskDefinition.executionRoleArn
+    cpu                      = local.task_def_json.taskDefinition.cpu
+    memory                   = local.task_def_json.taskDefinition.memory
+    container_definitions    = jsonencode(local.updated_container_definitions)
+
+    # Add volumes if they exist in the old task definition
+    dynamic "volume" {
+        for_each = local.task_def_json.taskDefinition.volumes
+        content {
+            name      = volume.value.name
+            host_path = volume.value.hostPath
+        }
+    }
+}
+
+resource "null_resource" "fetch_task_definition" {
+    provisioner "local-exec" {
+        command = <<EOT
+        aws ecs describe-task-definition --task-definition ${var.task_definition_name} >  "${path.module}/task_definition.json"
+        EOT
+    }
+}
+
+data "local_file" "task_definition" {
+    filename = "${path.module}/task_definition.json"
+    depends_on = ["null_resource.fetch_task_definition"]
+}
+
+output "container_definitions" {
+    value = local.updated_container_definitions
+}
+
+
+locals {
+    # Decode the entire task definition JSON
+    task_def_json = jsondecode(data.local_file.task_definition.content)
+
+    # Extract the CPU and memory at the task level
+    task_cpu    = tonumber(local.task_def_json.taskDefinition.cpu)
+    task_memory = tonumber(local.task_def_json.taskDefinition.memory)
+
+    existing_container_definitions = local.task_def_json.taskDefinition.containerDefinitions
+
+    # Calculate 5% of the task CPU and memory
+    new_container_cpu_limit         = floor(local.task_cpu * var.percentage_cpu_utilization / 100)
+    new_container_memory_limit      = floor(local.task_memory * var.percentage_memory_utilization / 100)
+
+    # Add the new container definition
+    new_container_definitions = [{
+        "name": "levo-pcap-sensor",
+        "image": var.image_name,
+        "cpu": local.new_container_cpu_limit,
+        "memory": local.new_container_memory_limit,
+        "portMappings": [],
+        "essential": false,
+        "entryPoint": [
+            "./bin/init",
+            "apidump",
+            "--satellite-url",
+            var.satellite_url,
+            "--levo-env",
+            var.levo_env,
+            "--levoai-org-id",
+            var.org_id,
+            "--rate-limit",
+            var.rate_limit,
+            "--trace-export-interval",
+            var.trace_export_interval,
+            "--stream-timeout-seconds",
+            var.stream_timeout_seconds
+        ],
+        "environment": [
+            {
+                "name": "LEVO_AWS_REGION",
+                "value": var.aws_region
+            }
+        ],
+        "mountPoints": [],
+        "volumesFrom": [],
+        "logConfiguration": {
+            "logDriver": "awslogs",
+            "options": {
+                "awslogs-group": var.aws_log_group,
+                "awslogs-create-group": "true",
+                "awslogs-region": var.aws_region,
+                "awslogs-stream-prefix": "ecs-pcap"
+            }
+        }
+    }]
+
+    updated_container_definitions = concat([
+        for existing_container in local.existing_container_definitions :
+        existing_container
+        if length([for new_container in local.new_container_definitions : new_container if new_container.name == existing_container.name]) == 0
+    ], local.new_container_definitions)
+}