diff --git a/.github/workflows/sub-cd.yml b/.github/workflows/sub-cd.yml index f264f5b7..cdc269d2 100644 --- a/.github/workflows/sub-cd.yml +++ b/.github/workflows/sub-cd.yml @@ -45,12 +45,19 @@ jobs: validate-staging: name: Validate Staging + strategy: + matrix: + endpoint: + - "https://staging.rpc.walletconnect.com" + - "https://eu-central-1.staging.rpc.walletconnect.com" + # - "https://us-east-1.staging.rpc.walletconnect.com" + # - "https://ap-southeast-1.staging.rpc.walletconnect.com" needs: [ cd-staging ] uses: ./.github/workflows/sub-validate.yml secrets: inherit with: stage: staging - stage-url: https://staging.${{ vars.SUBDOMAIN_NAME }}.walletconnect.com + stage-url: ${{ matrix.endpoint }} cd-prod: name: Prod @@ -71,9 +78,16 @@ jobs: validate-prod: name: Validate Prod + strategy: + matrix: + endpoint: + - "https://rpc.walletconnect.com" + - "https://eu-central-1.rpc.walletconnect.com" + # - "https://us-east-1.rpc.walletconnect.com" + # - "https://ap-southeast-1.rpc.walletconnect.com" needs: [ cd-prod ] uses: ./.github/workflows/sub-validate.yml secrets: inherit with: stage: prod - stage-url: https://${{ vars.SUBDOMAIN_NAME }}.walletconnect.com + stage-url: ${{ matrix.endpoint }} diff --git a/.github/workflows/sub-validate.yml b/.github/workflows/sub-validate.yml index a2fffef8..c372bd3e 100644 --- a/.github/workflows/sub-validate.yml +++ b/.github/workflows/sub-validate.yml @@ -21,7 +21,7 @@ permissions: jobs: health-check: - name: Health Check - ${{ inputs.stage }} + name: Health Check - ${{ inputs.stage-url }} runs-on: ubuntu-latest environment: name: ${{ inputs.stage }} @@ -31,7 +31,7 @@ jobs: run: curl "${{ inputs.stage-url }}/health" integration-tests: - name: Integration Tests - ${{ inputs.stage }} + name: Integration Tests - ${{ inputs.stage-url }} runs-on: ubuntu-latest services: postgres: @@ -74,7 +74,7 @@ jobs: args: --test integration integration-tests-providers: - name: Providers Integration Tests - ${{ inputs.stage }} + name: Providers Integration Tests - ${{ inputs.stage-url }} uses: ./.github/workflows/sub-providers.yml secrets: inherit with: @@ -82,7 +82,7 @@ jobs: stage-url: ${{ inputs.stage-url }} integration-tests-ts: - name: TS Integration Tests - ${{ inputs.stage }} + name: TS Integration Tests - ${{ inputs.stage-url }} runs-on: ubuntu-latest steps: - name: Checkout diff --git a/.gitmodules b/.gitmodules index c89ebd8c..650f285e 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,5 +1,5 @@ -[submodule "terraform/monitoring/grafonnet-lib"] - path = terraform/monitoring/grafonnet-lib +[submodule "terraform/region/monitoring/grafonnet-lib"] + path = terraform/region/monitoring/grafonnet-lib url = git@github.com:WalletConnect/grafonnet-lib.git [submodule "irn"] path = irn diff --git a/terraform/ecs/dns.tf b/terraform/ecs/dns.tf deleted file mode 100644 index aaa95cd6..00000000 --- a/terraform/ecs/dns.tf +++ /dev/null @@ -1,14 +0,0 @@ -# DNS Records -resource "aws_route53_record" "dns_load_balancer" { - for_each = var.route53_zones - - zone_id = each.key - name = each.value - type = "A" - - alias { - name = aws_lb.load_balancer.dns_name - zone_id = aws_lb.load_balancer.zone_id - evaluate_target_health = true - } -} diff --git a/terraform/inputs.tf b/terraform/inputs.tf index a5298e4c..b16060b3 100644 --- a/terraform/inputs.tf +++ b/terraform/inputs.tf @@ -1,33 +1,3 @@ -data "terraform_remote_state" "org" { - backend = "remote" - config = { - organization = "wallet-connect" - workspaces = { - name = "aws-org" - } - } -} - -data "terraform_remote_state" "datalake" { - backend = "remote" - config = { - organization = "wallet-connect" - workspaces = { - name = "datalake-${module.stage.dev ? "staging" : local.stage}" - } - } -} - -data "terraform_remote_state" "infra_aws" { - backend = "remote" - config = { - organization = "wallet-connect" - workspaces = { - name = "infra-aws" - } - } -} - data "terraform_remote_state" "monitoring" { backend = "remote" config = { diff --git a/terraform/main.tf b/terraform/main.tf index ffac46e4..418f70d3 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,48 +1,44 @@ -data "aws_caller_identity" "this" {} +module "eu_central_1" { + source = "./region" + region = "eu-central-1" + image_version = var.image_version + log_level = var.log_level + app_autoscaling_desired_count = var.app_autoscaling_desired_count + app_autoscaling_min_capacity = var.app_autoscaling_min_capacity + app_autoscaling_max_capacity = var.app_autoscaling_max_capacity + ofac_blocked_countries = var.ofac_blocked_countries + registry_api_endpoint = var.registry_api_endpoint + registry_api_auth_token = var.registry_api_auth_token + project_cache_ttl = var.project_cache_ttl + infura_project_id = var.infura_project_id + pokt_project_id = var.pokt_project_id + zerion_api_key = var.zerion_api_key + quicknode_api_tokens = var.quicknode_api_tokens + coinbase_api_key = var.coinbase_api_key + coinbase_app_id = var.coinbase_app_id + one_inch_api_key = var.one_inch_api_key + one_inch_referrer = var.one_inch_referrer + getblock_access_tokens = var.getblock_access_tokens + pimlico_api_key = var.pimlico_api_key + solscan_api_v1_token = var.solscan_api_v1_token + solscan_api_v2_token = var.solscan_api_v2_token + testing_project_id = var.testing_project_id + geoip_db_key = var.geoip_db_key + notification_channels = var.notification_channels + webhook_cloudwatch_p2 = var.webhook_cloudwatch_p2 + webhook_prometheus_p2 = var.webhook_prometheus_p2 + rate_limiting_max_tokens = var.rate_limiting_max_tokens + rate_limiting_refill_interval = var.rate_limiting_refill_interval + rate_limiting_refill_rate = var.rate_limiting_refill_rate + irn_vpc_id = var.irn_vpc_ids["eu-central-1"] + irn_vpc_cidr = var.irn_vpc_cidrs["eu-central-1"] + irn_aws_account_id = var.irn_aws_account_id + irn_node = var.irn_nodes["eu-central-1"] + irn_key = var.irn_key + irn_namespace = var.irn_namespace + irn_namespace_secret = var.irn_namespace_secret -resource "random_pet" "this" { - length = 2 -} - -locals { - ecr_repository_url = module.stage.dev ? data.terraform_remote_state.org.outputs.accounts.sdlc.dev.ecr-urls.blockchain : data.terraform_remote_state.org.outputs.accounts.wl.blockchain[local.stage].ecr-url -} - -resource "aws_kms_key" "cloudwatch_logs" { - description = "KMS key for encrypting CloudWatch Logs" - enable_key_rotation = true - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Sid = "Enable IAM User Permissions" - Effect = "Allow" - Principal = { - AWS = data.aws_caller_identity.this.account_id - } - Action = "kms:*" - Resource = "*" - }, - { - Sid = "AllowCloudWatchLogs" - Effect = "Allow" - Principal = { - Service = "logs.${module.this.region}.amazonaws.com" - } - Action = [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ] - Resource = "*" - }, - ] - }) -} - -resource "aws_kms_alias" "cloudwatch_logs" { - name = "alias/${module.this.id}-cloudwatch-logs" - target_key_id = aws_kms_key.cloudwatch_logs.key_id + providers = { + aws = aws.eu-central-1 + } } diff --git a/terraform/moved.tf b/terraform/moved.tf new file mode 100644 index 00000000..2fe52260 --- /dev/null +++ b/terraform/moved.tf @@ -0,0 +1,774 @@ +moved { + from = data.aws_availability_zones.available + to = module.eu_central_1.data.aws_availability_zones.available +} + +moved { + from = data.aws_caller_identity.this + to = module.eu_central_1.data.aws_caller_identity.this +} + +moved { + from = data.aws_s3_bucket.geoip + to = module.eu_central_1.data.aws_s3_bucket.geoip +} + +moved { + from = data.terraform_remote_state.datalake + to = module.eu_central_1.data.terraform_remote_state.datalake +} + +moved { + from = data.terraform_remote_state.infra_aws + to = module.eu_central_1.data.terraform_remote_state.infra_aws +} + +# moved { +# from = data.terraform_remote_state.monitoring +# to = module.eu_central_1.data.terraform_remote_state.monitoring +# } + +moved { + from = data.terraform_remote_state.org + to = module.eu_central_1.data.terraform_remote_state.org +} + +moved { + from = aws_iam_role.application_role + to = module.eu_central_1.aws_iam_role.application_role +} + +moved { + from = aws_kms_alias.cloudwatch_logs + to = module.eu_central_1.aws_kms_alias.cloudwatch_logs +} + +moved { + from = aws_kms_key.cloudwatch_logs + to = module.eu_central_1.aws_kms_key.cloudwatch_logs +} + +moved { + from = aws_prometheus_workspace.prometheus + to = module.eu_central_1.aws_prometheus_workspace.prometheus +} + +moved { + from = aws_route.irn[0] + to = module.eu_central_1.aws_route.irn[0] +} + +moved { + from = aws_vpc_peering_connection.irn + to = module.eu_central_1.aws_vpc_peering_connection.irn +} + +moved { + from = random_pet.this + to = module.eu_central_1.random_pet.this +} + +moved { + from = module.alerting.aws_cloudwatch_metric_alarm.ecs_cpu_utilization + to = module.eu_central_1.module.alerting.aws_cloudwatch_metric_alarm.ecs_cpu_utilization +} + +moved { + from = module.alerting.aws_cloudwatch_metric_alarm.ecs_mem_utilization + to = module.eu_central_1.module.alerting.aws_cloudwatch_metric_alarm.ecs_mem_utilization +} + +moved { + from = module.alerting.aws_cloudwatch_metric_alarm.redis_available_memory + to = module.eu_central_1.module.alerting.aws_cloudwatch_metric_alarm.redis_available_memory +} + +moved { + from = module.alerting.aws_cloudwatch_metric_alarm.redis_cpu_utilization + to = module.eu_central_1.module.alerting.aws_cloudwatch_metric_alarm.redis_cpu_utilization +} + +moved { + from = module.alerting.aws_sns_topic.cloudwatch_webhook + to = module.eu_central_1.module.alerting.aws_sns_topic.cloudwatch_webhook +} + +moved { + from = module.alerting.aws_sns_topic.prometheus_webhook + to = module.eu_central_1.module.alerting.aws_sns_topic.prometheus_webhook +} + +moved { + from = module.dns_certificate["Z03351311B68L9FUYSBYK"].data.aws_default_tags.provider + to = module.eu_central_1.module.dns_certificate["Z03351311B68L9FUYSBYK"].data.aws_default_tags.provider +} + +moved { + from = module.dns_certificate["Z03351311B68L9FUYSBYK"].data.aws_route53_zone.hosted_zone + to = module.eu_central_1.module.dns_certificate["Z03351311B68L9FUYSBYK"].data.aws_route53_zone.hosted_zone +} + +moved { + from = module.dns_certificate["Z03351311B68L9FUYSBYK"].aws_acm_certificate.domain_certificate + to = module.eu_central_1.module.dns_certificate["Z03351311B68L9FUYSBYK"].aws_acm_certificate.domain_certificate +} + +moved { + from = module.dns_certificate["Z03351311B68L9FUYSBYK"].aws_route53_record.cert_verification[0] + to = module.eu_central_1.module.dns_certificate["Z03351311B68L9FUYSBYK"].aws_route53_record.cert_verification[0] +} + +moved { + from = module.dns_certificate["Z08482453O4S3RHV9217F"].data.aws_default_tags.provider + to = module.eu_central_1.module.dns_certificate["Z08482453O4S3RHV9217F"].data.aws_default_tags.provider +} + +moved { + from = module.dns_certificate["Z08482453O4S3RHV9217F"].data.aws_route53_zone.hosted_zone + to = module.eu_central_1.module.dns_certificate["Z08482453O4S3RHV9217F"].data.aws_route53_zone.hosted_zone +} + +moved { + from = module.dns_certificate["Z08482453O4S3RHV9217F"].aws_acm_certificate.domain_certificate + to = module.eu_central_1.module.dns_certificate["Z08482453O4S3RHV9217F"].aws_acm_certificate.domain_certificate +} + +moved { + from = module.dns_certificate["Z08482453O4S3RHV9217F"].aws_route53_record.cert_verification[0] + to = module.eu_central_1.module.dns_certificate["Z08482453O4S3RHV9217F"].aws_route53_record.cert_verification[0] +} + +moved { + from = module.ecs.data.aws_iam_role.ecs_task_execution_role + to = module.eu_central_1.module.ecs.data.aws_iam_role.ecs_task_execution_role +} + +moved { + from = module.ecs.aws_appautoscaling_policy.ecs_target_cpu + to = module.eu_central_1.module.ecs.aws_appautoscaling_policy.ecs_target_cpu +} + +moved { + from = module.ecs.aws_appautoscaling_policy.ecs_target_memory + to = module.eu_central_1.module.ecs.aws_appautoscaling_policy.ecs_target_memory +} + +moved { + from = module.ecs.aws_appautoscaling_target.ecs_target + to = module.eu_central_1.module.ecs.aws_appautoscaling_target.ecs_target +} + +moved { + from = module.ecs.aws_cloudwatch_log_group.cluster + to = module.eu_central_1.module.ecs.aws_cloudwatch_log_group.cluster +} + +moved { + from = module.ecs.aws_cloudwatch_log_group.otel + to = module.eu_central_1.module.ecs.aws_cloudwatch_log_group.otel +} + +moved { + from = module.ecs.aws_cloudwatch_log_group.prometheus_proxy + to = module.eu_central_1.module.ecs.aws_cloudwatch_log_group.prometheus_proxy +} + +moved { + from = module.ecs.aws_ecs_cluster.app_cluster + to = module.eu_central_1.module.ecs.aws_ecs_cluster.app_cluster +} + +moved { + from = module.ecs.aws_ecs_service.app_service + to = module.eu_central_1.module.ecs.aws_ecs_service.app_service +} + +moved { + from = module.ecs.aws_ecs_task_definition.app_task + to = module.eu_central_1.module.ecs.aws_ecs_task_definition.app_task +} + +moved { + from = module.ecs.aws_iam_policy.datalake_bucket_access + to = module.eu_central_1.module.ecs.aws_iam_policy.datalake_bucket_access +} + +moved { + from = module.ecs.aws_iam_policy.geoip_bucket_access + to = module.eu_central_1.module.ecs.aws_iam_policy.geoip_bucket_access +} + +moved { + from = module.ecs.aws_iam_policy.otel + to = module.eu_central_1.module.ecs.aws_iam_policy.otel +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.cloudwatch_write_policy + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.cloudwatch_write_policy +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.datalake_bucket_access + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.datalake_bucket_access +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_fetch_ghcr_secret_policy + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_fetch_ghcr_secret_policy +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_policy + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_policy +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.geoip_bucket_access + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.geoip_bucket_access +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.prometheus_read_policy + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.prometheus_read_policy +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.prometheus_write_policy + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.prometheus_write_policy +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.ssm_read_only_policy + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.ssm_read_only_policy +} + +moved { + from = module.ecs.aws_lb.load_balancer + to = module.eu_central_1.module.ecs.aws_lb.load_balancer +} + +moved { + from = module.ecs.aws_lb_listener.listener-http + to = module.eu_central_1.module.ecs.aws_lb_listener.listener-http +} + +moved { + from = module.ecs.aws_lb_listener.listener-https + to = module.eu_central_1.module.ecs.aws_lb_listener.listener-https +} + +moved { + from = module.ecs.aws_lb_listener_certificate.listener-https["Z08482453O4S3RHV9217F"] + to = module.eu_central_1.module.ecs.aws_lb_listener_certificate.listener-https["Z08482453O4S3RHV9217F"] +} + +moved { + from = module.ecs.aws_lb_target_group.target_group + to = module.eu_central_1.module.ecs.aws_lb_target_group.target_group +} + +moved { + from = module.ecs.aws_route53_record.dns_load_balancer["Z03351311B68L9FUYSBYK"] + to = module.eu_central_1.module.ecs.aws_route53_record.dns_load_balancer["Z03351311B68L9FUYSBYK"] +} + +moved { + from = module.ecs.aws_route53_record.dns_load_balancer["Z08482453O4S3RHV9217F"] + to = module.eu_central_1.module.ecs.aws_route53_record.dns_load_balancer["Z08482453O4S3RHV9217F"] +} + +moved { + from = module.ecs.aws_security_group.app_ingress + to = module.eu_central_1.module.ecs.aws_security_group.app_ingress +} + +moved { + from = module.ecs.aws_security_group.lb_ingress + to = module.eu_central_1.module.ecs.aws_security_group.lb_ingress +} + +moved { + from = module.ecs.random_pet.this + to = module.eu_central_1.module.ecs.random_pet.this +} + +moved { + from = module.monitoring.data.jsonnet_file.dashboard + to = module.eu_central_1.module.monitoring.data.jsonnet_file.dashboard +} + +moved { + from = module.monitoring.grafana_dashboard.main + to = module.eu_central_1.module.monitoring.grafana_dashboard.main +} + +moved { + from = module.monitoring.grafana_data_source.cloudwatch + to = module.eu_central_1.module.monitoring.grafana_data_source.cloudwatch +} + +moved { + from = module.monitoring.grafana_data_source.prometheus + to = module.eu_central_1.module.monitoring.grafana_data_source.prometheus +} + +moved { + from = module.postgres.data.aws_caller_identity.this + to = module.eu_central_1.module.postgres.data.aws_caller_identity.this +} + +moved { + from = module.postgres.aws_db_subnet_group.db_subnets + to = module.eu_central_1.module.postgres.aws_db_subnet_group.db_subnets +} + +moved { + from = module.postgres.aws_kms_alias.db_master_password + to = module.eu_central_1.module.postgres.aws_kms_alias.db_master_password +} + +moved { + from = module.postgres.aws_kms_key.db_master_password + to = module.eu_central_1.module.postgres.aws_kms_key.db_master_password +} + +moved { + from = module.postgres.aws_secretsmanager_secret.db_master_password + to = module.eu_central_1.module.postgres.aws_secretsmanager_secret.db_master_password +} + +moved { + from = module.postgres.aws_secretsmanager_secret_version.db_master_password + to = module.eu_central_1.module.postgres.aws_secretsmanager_secret_version.db_master_password +} + +moved { + from = module.postgres.random_password.db_master_password[0] + to = module.eu_central_1.module.postgres.random_password.db_master_password[0] +} + +moved { + from = module.redis.data.aws_vpc.vpc + to = module.eu_central_1.module.redis.data.aws_vpc.vpc +} + +moved { + from = module.redis.aws_elasticache_cluster.cache + to = module.eu_central_1.module.redis.aws_elasticache_cluster.cache +} + +moved { + from = module.redis.aws_elasticache_subnet_group.private_subnets + to = module.eu_central_1.module.redis.aws_elasticache_subnet_group.private_subnets +} + +moved { + from = module.redis.aws_security_group.service_security_group + to = module.eu_central_1.module.redis.aws_security_group.service_security_group +} + +moved { + from = module.vpc.data.aws_caller_identity.current[0] + to = module.eu_central_1.module.vpc.data.aws_caller_identity.current[0] +} + +moved { + from = module.vpc.data.aws_partition.current[0] + to = module.eu_central_1.module.vpc.data.aws_partition.current[0] +} + +moved { + from = module.vpc.data.aws_region.current[0] + to = module.eu_central_1.module.vpc.data.aws_region.current[0] +} + +moved { + from = module.vpc.aws_db_subnet_group.database[0] + to = module.eu_central_1.module.vpc.aws_db_subnet_group.database[0] +} + +moved { + from = module.vpc.aws_default_network_acl.this[0] + to = module.eu_central_1.module.vpc.aws_default_network_acl.this[0] +} + +moved { + from = module.vpc.aws_default_route_table.default[0] + to = module.eu_central_1.module.vpc.aws_default_route_table.default[0] +} + +moved { + from = module.vpc.aws_default_security_group.this[0] + to = module.eu_central_1.module.vpc.aws_default_security_group.this[0] +} + +moved { + from = module.vpc.aws_eip.nat[0] + to = module.eu_central_1.module.vpc.aws_eip.nat[0] +} + +moved { + from = module.vpc.aws_flow_log.this[0] + to = module.eu_central_1.module.vpc.aws_flow_log.this[0] +} + +moved { + from = module.vpc.aws_internet_gateway.this[0] + to = module.eu_central_1.module.vpc.aws_internet_gateway.this[0] +} + +moved { + from = module.vpc.aws_nat_gateway.this[0] + to = module.eu_central_1.module.vpc.aws_nat_gateway.this[0] +} + +moved { + from = module.vpc.aws_route.private_nat_gateway[0] + to = module.eu_central_1.module.vpc.aws_route.private_nat_gateway[0] +} + +moved { + from = module.vpc.aws_route.public_internet_gateway[0] + to = module.eu_central_1.module.vpc.aws_route.public_internet_gateway[0] +} + +moved { + from = module.vpc.aws_route_table.intra[0] + to = module.eu_central_1.module.vpc.aws_route_table.intra[0] +} + +moved { + from = module.vpc.aws_route_table.private[0] + to = module.eu_central_1.module.vpc.aws_route_table.private[0] +} + +moved { + from = module.vpc.aws_route_table.public[0] + to = module.eu_central_1.module.vpc.aws_route_table.public[0] +} + +moved { + from = module.vpc.aws_route_table_association.database[0] + to = module.eu_central_1.module.vpc.aws_route_table_association.database[0] +} + +moved { + from = module.vpc.aws_route_table_association.database[1] + to = module.eu_central_1.module.vpc.aws_route_table_association.database[1] +} + +moved { + from = module.vpc.aws_route_table_association.database[2] + to = module.eu_central_1.module.vpc.aws_route_table_association.database[2] +} + +moved { + from = module.vpc.aws_route_table_association.intra[0] + to = module.eu_central_1.module.vpc.aws_route_table_association.intra[0] +} + +moved { + from = module.vpc.aws_route_table_association.intra[1] + to = module.eu_central_1.module.vpc.aws_route_table_association.intra[1] +} + +moved { + from = module.vpc.aws_route_table_association.intra[2] + to = module.eu_central_1.module.vpc.aws_route_table_association.intra[2] +} + +moved { + from = module.vpc.aws_route_table_association.private[0] + to = module.eu_central_1.module.vpc.aws_route_table_association.private[0] +} + +moved { + from = module.vpc.aws_route_table_association.private[1] + to = module.eu_central_1.module.vpc.aws_route_table_association.private[1] +} + +moved { + from = module.vpc.aws_route_table_association.private[2] + to = module.eu_central_1.module.vpc.aws_route_table_association.private[2] +} + +moved { + from = module.vpc.aws_route_table_association.public[0] + to = module.eu_central_1.module.vpc.aws_route_table_association.public[0] +} + +moved { + from = module.vpc.aws_route_table_association.public[1] + to = module.eu_central_1.module.vpc.aws_route_table_association.public[1] +} + +moved { + from = module.vpc.aws_route_table_association.public[2] + to = module.eu_central_1.module.vpc.aws_route_table_association.public[2] +} + +moved { + from = module.vpc.aws_subnet.database[0] + to = module.eu_central_1.module.vpc.aws_subnet.database[0] +} + +moved { + from = module.vpc.aws_subnet.database[1] + to = module.eu_central_1.module.vpc.aws_subnet.database[1] +} + +moved { + from = module.vpc.aws_subnet.database[2] + to = module.eu_central_1.module.vpc.aws_subnet.database[2] +} + +moved { + from = module.vpc.aws_subnet.intra[0] + to = module.eu_central_1.module.vpc.aws_subnet.intra[0] +} + +moved { + from = module.vpc.aws_subnet.intra[1] + to = module.eu_central_1.module.vpc.aws_subnet.intra[1] +} + +moved { + from = module.vpc.aws_subnet.intra[2] + to = module.eu_central_1.module.vpc.aws_subnet.intra[2] +} + +moved { + from = module.vpc.aws_subnet.private[0] + to = module.eu_central_1.module.vpc.aws_subnet.private[0] +} + +moved { + from = module.vpc.aws_subnet.private[1] + to = module.eu_central_1.module.vpc.aws_subnet.private[1] +} + +moved { + from = module.vpc.aws_subnet.private[2] + to = module.eu_central_1.module.vpc.aws_subnet.private[2] +} + +moved { + from = module.vpc.aws_subnet.public[0] + to = module.eu_central_1.module.vpc.aws_subnet.public[0] +} + +moved { + from = module.vpc.aws_subnet.public[1] + to = module.eu_central_1.module.vpc.aws_subnet.public[1] +} + +moved { + from = module.vpc.aws_subnet.public[2] + to = module.eu_central_1.module.vpc.aws_subnet.public[2] +} + +moved { + from = module.vpc.aws_vpc.this[0] + to = module.eu_central_1.module.vpc.aws_vpc.this[0] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["cloudwatch"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["cloudwatch"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["cloudwatch-events"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["cloudwatch-events"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["cloudwatch-logs"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["cloudwatch-logs"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["ecs"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["ecs"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["ecs-agent"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["ecs-agent"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["ecs-telemetry"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["ecs-telemetry"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["elastic-load-balancing"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["elastic-load-balancing"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["kms"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["kms"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["s3"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["s3"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["cloudwatch"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["cloudwatch"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["cloudwatch-events"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["cloudwatch-events"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["cloudwatch-logs"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["cloudwatch-logs"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["ecs"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["ecs"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["ecs-agent"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["ecs-agent"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["ecs-telemetry"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["ecs-telemetry"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["elastic-load-balancing"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["elastic-load-balancing"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["kms"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["kms"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["s3"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["s3"] +} + +moved { + from = module.vpc_flow_s3_bucket.data.aws_caller_identity.current + to = module.eu_central_1.module.vpc_flow_s3_bucket.data.aws_caller_identity.current +} + +moved { + from = module.vpc_flow_s3_bucket.data.aws_partition.current + to = module.eu_central_1.module.vpc_flow_s3_bucket.data.aws_partition.current +} + +moved { + from = module.vpc_flow_s3_bucket.data.aws_region.current + to = module.eu_central_1.module.vpc_flow_s3_bucket.data.aws_region.current +} + +moved { + from = module.vpc_flow_s3_bucket.aws_s3_bucket.this[0] + to = module.eu_central_1.module.vpc_flow_s3_bucket.aws_s3_bucket.this[0] +} + +moved { + from = module.vpc_flow_s3_bucket.aws_s3_bucket_lifecycle_configuration.this[0] + to = module.eu_central_1.module.vpc_flow_s3_bucket.aws_s3_bucket_lifecycle_configuration.this[0] +} + +moved { + from = module.vpc_flow_s3_bucket.aws_s3_bucket_public_access_block.this[0] + to = module.eu_central_1.module.vpc_flow_s3_bucket.aws_s3_bucket_public_access_block.this[0] +} + +moved { + from = module.monitoring.module.monitoring-role.aws_iam_policy.prometheus[0] + to = module.eu_central_1.module.monitoring.module.monitoring-role.aws_iam_policy.prometheus[0] +} + +moved { + from = module.monitoring.module.monitoring-role.aws_iam_role.monitoring + to = module.eu_central_1.module.monitoring.module.monitoring-role.aws_iam_role.monitoring +} + +moved { + from = module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["athena"] + to = module.eu_central_1.module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["athena"] +} + +moved { + from = module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["cloudwatch"] + to = module.eu_central_1.module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["cloudwatch"] +} + +moved { + from = module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["prometheus"] + to = module.eu_central_1.module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["prometheus"] +} + +moved { + from = module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["xray"] + to = module.eu_central_1.module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["xray"] +} + +moved { + from = module.postgres.module.db_cluster.data.aws_iam_policy_document.monitoring_rds_assume_role[0] + to = module.eu_central_1.module.postgres.module.db_cluster.data.aws_iam_policy_document.monitoring_rds_assume_role[0] +} + +moved { + from = module.postgres.module.db_cluster.data.aws_partition.current + to = module.eu_central_1.module.postgres.module.db_cluster.data.aws_partition.current +} + +moved { + from = module.postgres.module.db_cluster.aws_iam_role.rds_enhanced_monitoring[0] + to = module.eu_central_1.module.postgres.module.db_cluster.aws_iam_role.rds_enhanced_monitoring[0] +} + +moved { + from = module.postgres.module.db_cluster.aws_iam_role_policy_attachment.rds_enhanced_monitoring[0] + to = module.eu_central_1.module.postgres.module.db_cluster.aws_iam_role_policy_attachment.rds_enhanced_monitoring[0] +} + +moved { + from = module.postgres.module.db_cluster.aws_rds_cluster.this[0] + to = module.eu_central_1.module.postgres.module.db_cluster.aws_rds_cluster.this[0] +} + +moved { + from = module.postgres.module.db_cluster.aws_rds_cluster_instance.this["1"] + to = module.eu_central_1.module.postgres.module.db_cluster.aws_rds_cluster_instance.this["1"] +} + +moved { + from = module.postgres.module.db_cluster.aws_security_group.this[0] + to = module.eu_central_1.module.postgres.module.db_cluster.aws_security_group.this[0] +} + +moved { + from = module.postgres.module.db_cluster.aws_security_group_rule.this["vpc_ingress"] + to = module.eu_central_1.module.postgres.module.db_cluster.aws_security_group_rule.this["vpc_ingress"] +} + +moved { + from = module.eu_central_1.module.ecs.aws_lb_listener_certificate.listener-https["Z08482453O4S3RHV9217F"] + to = module.eu_central_1.module.ecs.aws_lb_listener_certificate.listener-https["1"] +} + +moved { + from = module.eu_central_1.module.ecs.aws_lb_listener_certificate.listener-https["Z08394271XY7LL4G2RE1G"] + to = module.eu_central_1.module.ecs.aws_lb_listener_certificate.listener-https["1"] +} diff --git a/terraform/providers.tf b/terraform/providers.tf index f7d191e3..ee05fa47 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -1,4 +1,5 @@ provider "aws" { + alias = "eu-central-1" region = var.region default_tags { @@ -6,6 +7,24 @@ provider "aws" { } } +provider "aws" { + alias = "us-east-1" + region = "us-east-1" + + default_tags { + tags = module.this.tags + } +} + +provider "aws" { + alias = "ap-southeast-1" + region = "ap-southeast-1" + + default_tags { + tags = module.this.tags + } +} + provider "grafana" { url = "https://${data.terraform_remote_state.monitoring.outputs.grafana_workspaces.central.grafana_endpoint}" auth = var.grafana_auth diff --git a/terraform/alerting/README.md b/terraform/region/alerting/README.md similarity index 100% rename from terraform/alerting/README.md rename to terraform/region/alerting/README.md diff --git a/terraform/alerting/alarms_ecs.tf b/terraform/region/alerting/alarms_ecs.tf similarity index 100% rename from terraform/alerting/alarms_ecs.tf rename to terraform/region/alerting/alarms_ecs.tf diff --git a/terraform/alerting/alarms_redis.tf b/terraform/region/alerting/alarms_redis.tf similarity index 100% rename from terraform/alerting/alarms_redis.tf rename to terraform/region/alerting/alarms_redis.tf diff --git a/terraform/alerting/context.tf b/terraform/region/alerting/context.tf similarity index 100% rename from terraform/alerting/context.tf rename to terraform/region/alerting/context.tf diff --git a/terraform/alerting/main.tf b/terraform/region/alerting/main.tf similarity index 100% rename from terraform/alerting/main.tf rename to terraform/region/alerting/main.tf diff --git a/terraform/alerting/terraform.tf b/terraform/region/alerting/terraform.tf similarity index 100% rename from terraform/alerting/terraform.tf rename to terraform/region/alerting/terraform.tf diff --git a/terraform/alerting/variables.tf b/terraform/region/alerting/variables.tf similarity index 100% rename from terraform/alerting/variables.tf rename to terraform/region/alerting/variables.tf diff --git a/terraform/region/context.tf b/terraform/region/context.tf new file mode 100644 index 00000000..63691cbe --- /dev/null +++ b/terraform/region/context.tf @@ -0,0 +1,23 @@ +module "stage" { + source = "app.terraform.io/wallet-connect/stage/null" + version = "0.1.0" + project = "blockchain" +} + +locals { + stage = module.stage.stage +} + +module "this" { + source = "app.terraform.io/wallet-connect/label/null" + version = "0.3.2" + + namespace = "wc" + region = var.region + stage = local.stage + name = var.name + + tags = { + Application = var.name + } +} diff --git a/terraform/ecs/README.md b/terraform/region/ecs/README.md similarity index 100% rename from terraform/ecs/README.md rename to terraform/region/ecs/README.md diff --git a/terraform/ecs/cluster.tf b/terraform/region/ecs/cluster.tf similarity index 100% rename from terraform/ecs/cluster.tf rename to terraform/region/ecs/cluster.tf diff --git a/terraform/ecs/cluster_autoscaling.tf b/terraform/region/ecs/cluster_autoscaling.tf similarity index 100% rename from terraform/ecs/cluster_autoscaling.tf rename to terraform/region/ecs/cluster_autoscaling.tf diff --git a/terraform/ecs/cluster_iam.tf b/terraform/region/ecs/cluster_iam.tf similarity index 100% rename from terraform/ecs/cluster_iam.tf rename to terraform/region/ecs/cluster_iam.tf diff --git a/terraform/ecs/cluster_logs.tf b/terraform/region/ecs/cluster_logs.tf similarity index 100% rename from terraform/ecs/cluster_logs.tf rename to terraform/region/ecs/cluster_logs.tf diff --git a/terraform/ecs/context.tf b/terraform/region/ecs/context.tf similarity index 100% rename from terraform/ecs/context.tf rename to terraform/region/ecs/context.tf diff --git a/terraform/region/ecs/dns.tf b/terraform/region/ecs/dns.tf new file mode 100644 index 00000000..d892c12d --- /dev/null +++ b/terraform/region/ecs/dns.tf @@ -0,0 +1,42 @@ +# DNS Records +resource "aws_route53_record" "dns_load_balancer_region" { + depends_on = [aws_acm_certificate_validation.certificate_validation] + for_each = var.route53_zones + + zone_id = each.key + name = "${module.this.region}.${each.value}" + type = "A" + + alias { + name = aws_lb.load_balancer.dns_name + zone_id = aws_lb.load_balancer.zone_id + evaluate_target_health = true + } +} + +resource "aws_route53_record" "dns_load_balancer" { + for_each = var.route53_zones + + zone_id = each.key + name = each.value + type = "A" + + alias { + name = aws_lb.load_balancer.dns_name + zone_id = aws_lb.load_balancer.zone_id + evaluate_target_health = true + } +} + +# resource "aws_route53_health_check" "health_check" { +# fqdn = local.fqdn +# port = 443 +# type = "HTTPS" +# resource_path = "/health" +# failure_threshold = "5" +# request_interval = "30" + +# tags = { +# Name = "${var.environment}.${var.region}.${var.app_name}-health-check" +# } +# } diff --git a/terraform/ecs/main.tf b/terraform/region/ecs/main.tf similarity index 100% rename from terraform/ecs/main.tf rename to terraform/region/ecs/main.tf diff --git a/terraform/ecs/network.tf b/terraform/region/ecs/network.tf similarity index 93% rename from terraform/ecs/network.tf rename to terraform/region/ecs/network.tf index 923d6bd3..4bc2440a 100644 --- a/terraform/ecs/network.tf +++ b/terraform/region/ecs/network.tf @@ -22,7 +22,7 @@ resource "aws_lb" "load_balancer" { } locals { - main_certificate_key = keys(var.route53_zones_certificates)[0] + main_certificate_key = 0 main_certificate = var.route53_zones_certificates[local.main_certificate_key] additional_certificates = { for k, v in var.route53_zones_certificates : k => v if k != local.main_certificate_key } } @@ -45,9 +45,16 @@ resource "aws_lb_listener" "listener-https" { } resource "aws_lb_listener_certificate" "listener-https" { - for_each = local.additional_certificates + for_each = aws_acm_certificate_validation.certificate_validation listener_arn = aws_lb_listener.listener-https.arn + certificate_arn = each.value.certificate_arn +} + +resource "aws_acm_certificate_validation" "certificate_validation" { + for_each = local.additional_certificates certificate_arn = each.value + + # validation_record_fqdns = [...] } resource "aws_lb_listener" "listener-http" { diff --git a/terraform/ecs/outputs.tf b/terraform/region/ecs/outputs.tf similarity index 100% rename from terraform/ecs/outputs.tf rename to terraform/region/ecs/outputs.tf diff --git a/terraform/ecs/terraform.tf b/terraform/region/ecs/terraform.tf similarity index 100% rename from terraform/ecs/terraform.tf rename to terraform/region/ecs/terraform.tf diff --git a/terraform/ecs/variables.tf b/terraform/region/ecs/variables.tf similarity index 99% rename from terraform/ecs/variables.tf rename to terraform/region/ecs/variables.tf index b6c7c039..1860a775 100644 --- a/terraform/ecs/variables.tf +++ b/terraform/region/ecs/variables.tf @@ -65,7 +65,7 @@ variable "route53_zones" { variable "route53_zones_certificates" { description = "The ARNs of the ACM certificates to use for HTTPS" - type = map(string) + type = list(string) } #------------------------------------------------------------------------------- diff --git a/terraform/region/inputs.tf b/terraform/region/inputs.tf new file mode 100644 index 00000000..a5298e4c --- /dev/null +++ b/terraform/region/inputs.tf @@ -0,0 +1,39 @@ +data "terraform_remote_state" "org" { + backend = "remote" + config = { + organization = "wallet-connect" + workspaces = { + name = "aws-org" + } + } +} + +data "terraform_remote_state" "datalake" { + backend = "remote" + config = { + organization = "wallet-connect" + workspaces = { + name = "datalake-${module.stage.dev ? "staging" : local.stage}" + } + } +} + +data "terraform_remote_state" "infra_aws" { + backend = "remote" + config = { + organization = "wallet-connect" + workspaces = { + name = "infra-aws" + } + } +} + +data "terraform_remote_state" "monitoring" { + backend = "remote" + config = { + organization = "wallet-connect" + workspaces = { + name = "monitoring" + } + } +} diff --git a/terraform/region/main.tf b/terraform/region/main.tf new file mode 100644 index 00000000..d7db8664 --- /dev/null +++ b/terraform/region/main.tf @@ -0,0 +1,44 @@ +data "aws_caller_identity" "this" {} + +resource "random_pet" "this" { + length = 2 +} + +resource "aws_kms_key" "cloudwatch_logs" { + description = "KMS key for encrypting CloudWatch Logs" + enable_key_rotation = true + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Sid = "Enable IAM User Permissions" + Effect = "Allow" + Principal = { + AWS = data.aws_caller_identity.this.account_id + } + Action = "kms:*" + Resource = "*" + }, + { + Sid = "AllowCloudWatchLogs" + Effect = "Allow" + Principal = { + Service = "logs.${module.this.region}.amazonaws.com" + } + Action = [ + "kms:Encrypt*", + "kms:Decrypt*", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", + "kms:Describe*" + ] + Resource = "*" + }, + ] + }) +} + +resource "aws_kms_alias" "cloudwatch_logs" { + name = "alias/${module.this.id}-cloudwatch-logs" + target_key_id = aws_kms_key.cloudwatch_logs.key_id +} diff --git a/terraform/monitoring/README.md b/terraform/region/monitoring/README.md similarity index 100% rename from terraform/monitoring/README.md rename to terraform/region/monitoring/README.md diff --git a/terraform/monitoring/context.tf b/terraform/region/monitoring/context.tf similarity index 100% rename from terraform/monitoring/context.tf rename to terraform/region/monitoring/context.tf diff --git a/terraform/monitoring/dashboard.jsonnet b/terraform/region/monitoring/dashboard.jsonnet similarity index 100% rename from terraform/monitoring/dashboard.jsonnet rename to terraform/region/monitoring/dashboard.jsonnet diff --git a/terraform/monitoring/data_sources.tf b/terraform/region/monitoring/data_sources.tf similarity index 100% rename from terraform/monitoring/data_sources.tf rename to terraform/region/monitoring/data_sources.tf diff --git a/terraform/monitoring/grafonnet-lib b/terraform/region/monitoring/grafonnet-lib similarity index 100% rename from terraform/monitoring/grafonnet-lib rename to terraform/region/monitoring/grafonnet-lib diff --git a/terraform/monitoring/main.tf b/terraform/region/monitoring/main.tf similarity index 90% rename from terraform/monitoring/main.tf rename to terraform/region/monitoring/main.tf index 54c58b75..db88e97f 100644 --- a/terraform/monitoring/main.tf +++ b/terraform/region/monitoring/main.tf @@ -2,7 +2,7 @@ data "jsonnet_file" "dashboard" { source = "${path.module}/dashboard.jsonnet" ext_str = { - dashboard_title = "BlockchainAPI - ${title(module.this.stage)}" + dashboard_title = "Blockchain API - ${title(module.this.stage)} - ${module.this.region}" dashboard_uid = "blockchainapi-${module.this.stage}" prometheus_uid = grafana_data_source.prometheus.uid diff --git a/terraform/monitoring/outputs.tf b/terraform/region/monitoring/outputs.tf similarity index 100% rename from terraform/monitoring/outputs.tf rename to terraform/region/monitoring/outputs.tf diff --git a/terraform/monitoring/panels/ecs/availability.libsonnet b/terraform/region/monitoring/panels/ecs/availability.libsonnet similarity index 100% rename from terraform/monitoring/panels/ecs/availability.libsonnet rename to terraform/region/monitoring/panels/ecs/availability.libsonnet diff --git a/terraform/monitoring/panels/ecs/cpu.libsonnet b/terraform/region/monitoring/panels/ecs/cpu.libsonnet similarity index 100% rename from terraform/monitoring/panels/ecs/cpu.libsonnet rename to terraform/region/monitoring/panels/ecs/cpu.libsonnet diff --git a/terraform/monitoring/panels/ecs/memory.libsonnet b/terraform/region/monitoring/panels/ecs/memory.libsonnet similarity index 100% rename from terraform/monitoring/panels/ecs/memory.libsonnet rename to terraform/region/monitoring/panels/ecs/memory.libsonnet diff --git a/terraform/monitoring/panels/history/availability.libsonnet b/terraform/region/monitoring/panels/history/availability.libsonnet similarity index 100% rename from terraform/monitoring/panels/history/availability.libsonnet rename to terraform/region/monitoring/panels/history/availability.libsonnet diff --git a/terraform/monitoring/panels/history/latency.libsonnet b/terraform/region/monitoring/panels/history/latency.libsonnet similarity index 100% rename from terraform/monitoring/panels/history/latency.libsonnet rename to terraform/region/monitoring/panels/history/latency.libsonnet diff --git a/terraform/monitoring/panels/history/requests.libsonnet b/terraform/region/monitoring/panels/history/requests.libsonnet similarity index 100% rename from terraform/monitoring/panels/history/requests.libsonnet rename to terraform/region/monitoring/panels/history/requests.libsonnet diff --git a/terraform/monitoring/panels/identity/availability.libsonnet b/terraform/region/monitoring/panels/identity/availability.libsonnet similarity index 100% rename from terraform/monitoring/panels/identity/availability.libsonnet rename to terraform/region/monitoring/panels/identity/availability.libsonnet diff --git a/terraform/monitoring/panels/identity/cache.libsonnet b/terraform/region/monitoring/panels/identity/cache.libsonnet similarity index 100% rename from terraform/monitoring/panels/identity/cache.libsonnet rename to terraform/region/monitoring/panels/identity/cache.libsonnet diff --git a/terraform/monitoring/panels/identity/latency.libsonnet b/terraform/region/monitoring/panels/identity/latency.libsonnet similarity index 100% rename from terraform/monitoring/panels/identity/latency.libsonnet rename to terraform/region/monitoring/panels/identity/latency.libsonnet diff --git a/terraform/monitoring/panels/identity/requests.libsonnet b/terraform/region/monitoring/panels/identity/requests.libsonnet similarity index 100% rename from terraform/monitoring/panels/identity/requests.libsonnet rename to terraform/region/monitoring/panels/identity/requests.libsonnet diff --git a/terraform/monitoring/panels/identity/usage.libsonnet b/terraform/region/monitoring/panels/identity/usage.libsonnet similarity index 100% rename from terraform/monitoring/panels/identity/usage.libsonnet rename to terraform/region/monitoring/panels/identity/usage.libsonnet diff --git a/terraform/monitoring/panels/irn/latency.libsonnet b/terraform/region/monitoring/panels/irn/latency.libsonnet similarity index 100% rename from terraform/monitoring/panels/irn/latency.libsonnet rename to terraform/region/monitoring/panels/irn/latency.libsonnet diff --git a/terraform/monitoring/panels/lb/active_connections.libsonnet b/terraform/region/monitoring/panels/lb/active_connections.libsonnet similarity index 100% rename from terraform/monitoring/panels/lb/active_connections.libsonnet rename to terraform/region/monitoring/panels/lb/active_connections.libsonnet diff --git a/terraform/monitoring/panels/lb/error_4xx.libsonnet b/terraform/region/monitoring/panels/lb/error_4xx.libsonnet similarity index 100% rename from terraform/monitoring/panels/lb/error_4xx.libsonnet rename to terraform/region/monitoring/panels/lb/error_4xx.libsonnet diff --git a/terraform/monitoring/panels/lb/error_5xx.libsonnet b/terraform/region/monitoring/panels/lb/error_5xx.libsonnet similarity index 100% rename from terraform/monitoring/panels/lb/error_5xx.libsonnet rename to terraform/region/monitoring/panels/lb/error_5xx.libsonnet diff --git a/terraform/monitoring/panels/lb/error_5xx_logs.libsonnet b/terraform/region/monitoring/panels/lb/error_5xx_logs.libsonnet similarity index 100% rename from terraform/monitoring/panels/lb/error_5xx_logs.libsonnet rename to terraform/region/monitoring/panels/lb/error_5xx_logs.libsonnet diff --git a/terraform/monitoring/panels/lb/healthy_hosts.libsonnet b/terraform/region/monitoring/panels/lb/healthy_hosts.libsonnet similarity index 100% rename from terraform/monitoring/panels/lb/healthy_hosts.libsonnet rename to terraform/region/monitoring/panels/lb/healthy_hosts.libsonnet diff --git a/terraform/monitoring/panels/lb/requests.libsonnet b/terraform/region/monitoring/panels/lb/requests.libsonnet similarity index 100% rename from terraform/monitoring/panels/lb/requests.libsonnet rename to terraform/region/monitoring/panels/lb/requests.libsonnet diff --git a/terraform/monitoring/panels/names/registered.libsonnet b/terraform/region/monitoring/panels/names/registered.libsonnet similarity index 100% rename from terraform/monitoring/panels/names/registered.libsonnet rename to terraform/region/monitoring/panels/names/registered.libsonnet diff --git a/terraform/monitoring/panels/panels.libsonnet b/terraform/region/monitoring/panels/panels.libsonnet similarity index 100% rename from terraform/monitoring/panels/panels.libsonnet rename to terraform/region/monitoring/panels/panels.libsonnet diff --git a/terraform/monitoring/panels/proxy/calls.libsonnet b/terraform/region/monitoring/panels/proxy/calls.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/calls.libsonnet rename to terraform/region/monitoring/panels/proxy/calls.libsonnet diff --git a/terraform/monitoring/panels/proxy/errors_non_provider.libsonnet b/terraform/region/monitoring/panels/proxy/errors_non_provider.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/errors_non_provider.libsonnet rename to terraform/region/monitoring/panels/proxy/errors_non_provider.libsonnet diff --git a/terraform/monitoring/panels/proxy/errors_provider.libsonnet b/terraform/region/monitoring/panels/proxy/errors_provider.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/errors_provider.libsonnet rename to terraform/region/monitoring/panels/proxy/errors_provider.libsonnet diff --git a/terraform/monitoring/panels/proxy/http_codes.libsonnet b/terraform/region/monitoring/panels/proxy/http_codes.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/http_codes.libsonnet rename to terraform/region/monitoring/panels/proxy/http_codes.libsonnet diff --git a/terraform/monitoring/panels/proxy/latency.libsonnet b/terraform/region/monitoring/panels/proxy/latency.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/latency.libsonnet rename to terraform/region/monitoring/panels/proxy/latency.libsonnet diff --git a/terraform/monitoring/panels/proxy/quota_limited_projects.libsonnet b/terraform/region/monitoring/panels/proxy/quota_limited_projects.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/quota_limited_projects.libsonnet rename to terraform/region/monitoring/panels/proxy/quota_limited_projects.libsonnet diff --git a/terraform/monitoring/panels/proxy/rate_limited_counter.libsonnet b/terraform/region/monitoring/panels/proxy/rate_limited_counter.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/rate_limited_counter.libsonnet rename to terraform/region/monitoring/panels/proxy/rate_limited_counter.libsonnet diff --git a/terraform/monitoring/panels/proxy/rejected_projects.libsonnet b/terraform/region/monitoring/panels/proxy/rejected_projects.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/rejected_projects.libsonnet rename to terraform/region/monitoring/panels/proxy/rejected_projects.libsonnet diff --git a/terraform/monitoring/panels/proxy/rpc_retries.libsonnet b/terraform/region/monitoring/panels/proxy/rpc_retries.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/rpc_retries.libsonnet rename to terraform/region/monitoring/panels/proxy/rpc_retries.libsonnet diff --git a/terraform/monitoring/panels/status/provider.libsonnet b/terraform/region/monitoring/panels/status/provider.libsonnet similarity index 100% rename from terraform/monitoring/panels/status/provider.libsonnet rename to terraform/region/monitoring/panels/status/provider.libsonnet diff --git a/terraform/monitoring/panels/usage/provider.libsonnet b/terraform/region/monitoring/panels/usage/provider.libsonnet similarity index 100% rename from terraform/monitoring/panels/usage/provider.libsonnet rename to terraform/region/monitoring/panels/usage/provider.libsonnet diff --git a/terraform/monitoring/panels/weights/provider.libsonnet b/terraform/region/monitoring/panels/weights/provider.libsonnet similarity index 100% rename from terraform/monitoring/panels/weights/provider.libsonnet rename to terraform/region/monitoring/panels/weights/provider.libsonnet diff --git a/terraform/monitoring/terraform.tf b/terraform/region/monitoring/terraform.tf similarity index 100% rename from terraform/monitoring/terraform.tf rename to terraform/region/monitoring/terraform.tf diff --git a/terraform/monitoring/variables.tf b/terraform/region/monitoring/variables.tf similarity index 100% rename from terraform/monitoring/variables.tf rename to terraform/region/monitoring/variables.tf diff --git a/terraform/postgres/context.tf b/terraform/region/postgres/context.tf similarity index 100% rename from terraform/postgres/context.tf rename to terraform/region/postgres/context.tf diff --git a/terraform/postgres/main.tf b/terraform/region/postgres/main.tf similarity index 100% rename from terraform/postgres/main.tf rename to terraform/region/postgres/main.tf diff --git a/terraform/postgres/outputs.tf b/terraform/region/postgres/outputs.tf similarity index 100% rename from terraform/postgres/outputs.tf rename to terraform/region/postgres/outputs.tf diff --git a/terraform/postgres/password.tf b/terraform/region/postgres/password.tf similarity index 100% rename from terraform/postgres/password.tf rename to terraform/region/postgres/password.tf diff --git a/terraform/postgres/terraform.tf b/terraform/region/postgres/terraform.tf similarity index 100% rename from terraform/postgres/terraform.tf rename to terraform/region/postgres/terraform.tf diff --git a/terraform/postgres/variables.tf b/terraform/region/postgres/variables.tf similarity index 100% rename from terraform/postgres/variables.tf rename to terraform/region/postgres/variables.tf diff --git a/terraform/redis/README.md b/terraform/region/redis/README.md similarity index 100% rename from terraform/redis/README.md rename to terraform/region/redis/README.md diff --git a/terraform/redis/context.tf b/terraform/region/redis/context.tf similarity index 100% rename from terraform/redis/context.tf rename to terraform/region/redis/context.tf diff --git a/terraform/redis/main.tf b/terraform/region/redis/main.tf similarity index 100% rename from terraform/redis/main.tf rename to terraform/region/redis/main.tf diff --git a/terraform/redis/outputs.tf b/terraform/region/redis/outputs.tf similarity index 100% rename from terraform/redis/outputs.tf rename to terraform/region/redis/outputs.tf diff --git a/terraform/redis/terraform.tf b/terraform/region/redis/terraform.tf similarity index 100% rename from terraform/redis/terraform.tf rename to terraform/region/redis/terraform.tf diff --git a/terraform/redis/variables.tf b/terraform/region/redis/variables.tf similarity index 100% rename from terraform/redis/variables.tf rename to terraform/region/redis/variables.tf diff --git a/terraform/res_alerting.tf b/terraform/region/res_alerting.tf similarity index 100% rename from terraform/res_alerting.tf rename to terraform/region/res_alerting.tf diff --git a/terraform/res_db.tf b/terraform/region/res_db.tf similarity index 100% rename from terraform/res_db.tf rename to terraform/region/res_db.tf diff --git a/terraform/region/res_dns.tf b/terraform/region/res_dns.tf new file mode 100644 index 00000000..09823bd6 --- /dev/null +++ b/terraform/region/res_dns.tf @@ -0,0 +1,25 @@ +locals { + zones = { for k, v in tomap(data.terraform_remote_state.infra_aws.outputs.zones.blockchain[local.stage]) : v.id => v.name } + zones_certificates = concat( + [for k, v in module.dns_certificate : v.certificate_arn], + [for k, v in module.dns_certificate_region : v.certificate_arn] + ) +} + +module "dns_certificate_region" { + for_each = local.zones + source = "app.terraform.io/wallet-connect/dns/aws" + version = "0.1.3" + context = module.this + hosted_zone_name = each.value + fqdn = "${module.this.region}.${each.value}" +} + +module "dns_certificate" { + for_each = local.zones + source = "app.terraform.io/wallet-connect/dns/aws" + version = "0.1.3" + context = module.this + hosted_zone_name = each.value + fqdn = each.value +} diff --git a/terraform/res_ecs.tf b/terraform/region/res_ecs.tf similarity index 94% rename from terraform/res_ecs.tf rename to terraform/region/res_ecs.tf index 04832402..b9f346a3 100644 --- a/terraform/res_ecs.tf +++ b/terraform/region/res_ecs.tf @@ -1,3 +1,7 @@ +locals { + ecr_repository_url = module.stage.dev ? data.terraform_remote_state.org.outputs.accounts.sdlc.dev.ecr-urls.blockchain : data.terraform_remote_state.org.outputs.accounts.wl.blockchain[local.stage].ecr-url +} + data "aws_s3_bucket" "geoip" { bucket = data.terraform_remote_state.infra_aws.outputs.geoip_bucked_id } diff --git a/terraform/res_monitoring.tf b/terraform/region/res_monitoring.tf similarity index 100% rename from terraform/res_monitoring.tf rename to terraform/region/res_monitoring.tf diff --git a/terraform/res_network.tf b/terraform/region/res_network.tf similarity index 100% rename from terraform/res_network.tf rename to terraform/region/res_network.tf diff --git a/terraform/res_redis.tf b/terraform/region/res_redis.tf similarity index 100% rename from terraform/res_redis.tf rename to terraform/region/res_redis.tf diff --git a/terraform/region/terraform.tf b/terraform/region/terraform.tf new file mode 100644 index 00000000..fc6e6cb4 --- /dev/null +++ b/terraform/region/terraform.tf @@ -0,0 +1,19 @@ +# Terraform Configuration +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.7" + } + grafana = { + source = "grafana/grafana" + version = ">= 2.1" + } + random = { + source = "hashicorp/random" + version = "3.5.1" + } + } +} diff --git a/terraform/region/variables.tf b/terraform/region/variables.tf new file mode 100644 index 00000000..b0738647 --- /dev/null +++ b/terraform/region/variables.tf @@ -0,0 +1,238 @@ +#------------------------------------------------------------------------------- +# Application + +variable "name" { + description = "The name of the application" + type = string + default = "blockchain-api" +} + +variable "region" { + description = "AWS region to deploy to" + type = string +} + +variable "image_version" { + description = "The ECS tag of the image to deploy" + type = string +} + +variable "log_level" { + description = "Defines logging level for the application" + type = string +} + +variable "app_autoscaling_desired_count" { + description = "The desired number of tasks to run" + type = number + default = 2 +} + +variable "app_autoscaling_min_capacity" { + description = "The minimum number of tasks to run when autoscaling" + type = number + default = 2 +} + +variable "app_autoscaling_max_capacity" { + description = "The maximum number of tasks to run when autoscaling" + type = number + default = 8 +} + +variable "ofac_blocked_countries" { + description = "The list of countries to block" + type = string + default = "" +} + +#------------------------------------------------------------------------------- +# Project Registry + +variable "registry_api_endpoint" { + description = "The endpoint of the registry API" + type = string +} + +variable "registry_api_auth_token" { + description = "The auth token for the registry API" + type = string + sensitive = true +} + +variable "project_cache_ttl" { + description = "The TTL for project data cache" + type = number + default = 300 +} + + +#------------------------------------------------------------------------------- +# Providers + +variable "infura_project_id" { + description = "The project ID for Infura" + type = string + sensitive = true +} + +variable "pokt_project_id" { + description = "The project ID for POKT" + type = string + sensitive = true +} + +variable "zerion_api_key" { + description = "The API key for Zerion" + type = string + sensitive = true +} + +variable "quicknode_api_tokens" { + description = "API keys for Quicknode in JSON format" + type = string + sensitive = true +} + +variable "coinbase_api_key" { + description = "The API key for Coinbase Pay SDK" + type = string + sensitive = true +} + +variable "coinbase_app_id" { + description = "The APP-ID for Coinbase Pay SDK" + type = string + sensitive = true +} + +variable "one_inch_api_key" { + description = "The API key for 1inch" + type = string + sensitive = true +} + +variable "one_inch_referrer" { + description = "The referrer address for 1inch" + type = string + sensitive = true +} + +variable "getblock_access_tokens" { + description = "Mapping of API access tokens for GetBlock in JSON format" + type = string + sensitive = true +} + +variable "pimlico_api_key" { + description = "Pimlico bundler API token key" + type = string + sensitive = true +} + +variable "solscan_api_v1_token" { + description = "Solscan API v1 token" + type = string + sensitive = true +} + +variable "solscan_api_v2_token" { + description = "Solscan API v2 token" + type = string + sensitive = true +} + +variable "testing_project_id" { + description = "Project ID used in a testing suite" + type = string + sensitive = true +} + +#------------------------------------------------------------------------------- +# Analytics + +variable "geoip_db_key" { + description = "The name to the GeoIP database" + type = string +} + +#------------------------------------------------------------------------------- +# Alerting / Monitoring + +variable "notification_channels" { + description = "The notification channels to send alerts to" + type = list(any) +} + +variable "webhook_cloudwatch_p2" { + description = "The webhook to send CloudWatch P2 alerts to" + type = string +} + +variable "webhook_prometheus_p2" { + description = "The webhook to send Prometheus P2 alerts to" + type = string +} + +#------------------------------------------------------------------------------- +# Rate-limiting (Token bucket) configuration + +variable "rate_limiting_max_tokens" { + description = "The maximum number of tokens in the bucket" + type = number + default = 30 +} + +variable "rate_limiting_refill_interval" { + description = "The interval in seconds to refill the bucket" + type = number + default = 1 +} + +variable "rate_limiting_refill_rate" { + description = "The number of tokens to refill the bucket with" + type = number + default = 3 +} + +#------------------------------------------------------------------------------- +# IRN VPC peering + +variable "irn_vpc_id" { + description = "ID of the IRN VPC" + type = string +} + +variable "irn_vpc_cidr" { + description = "CIDR block of the IRN VPC" + type = string +} + +variable "irn_aws_account_id" { + description = "ID of the AWS account in IRN is being deployed" + type = string +} + +#------------------------------------------------------------------------------- +# IRN client configuration + +variable "irn_node" { + description = "IRN node address in Address:Socket format" + type = string +} + +variable "irn_key" { + description = "IRN client key in base64 format" + type = string +} + +variable "irn_namespace" { + description = "IRN storage namespace" + type = string +} + +variable "irn_namespace_secret" { + description = "IRN storage namespace secret key" + type = string +} + diff --git a/terraform/res_dns.tf b/terraform/res_dns.tf deleted file mode 100644 index 5557b82f..00000000 --- a/terraform/res_dns.tf +++ /dev/null @@ -1,13 +0,0 @@ -locals { - zones = { for k, v in tomap(data.terraform_remote_state.infra_aws.outputs.zones.blockchain[local.stage]) : v.id => v.name } - zones_certificates = { for k, v in module.dns_certificate : v.zone_id => v.certificate_arn } -} - -module "dns_certificate" { - for_each = local.zones - source = "app.terraform.io/wallet-connect/dns/aws" - version = "0.1.3" - context = module.this - hosted_zone_name = each.value - fqdn = each.value -} diff --git a/terraform/terraform.tf b/terraform/terraform.tf index cf344dfc..338453df 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -19,9 +19,5 @@ terraform { source = "grafana/grafana" version = ">= 2.1" } - random = { - source = "hashicorp/random" - version = "3.5.1" - } } } diff --git a/terraform/variables.tf b/terraform/variables.tf index edf9b4df..a83803fc 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -4,7 +4,6 @@ variable "grafana_auth" { description = "The API Token for the Grafana instance" type = string - default = "" } #------------------------------------------------------------------------------- @@ -210,14 +209,14 @@ variable "rate_limiting_refill_rate" { #------------------------------------------------------------------------------- # IRN VPC peering -variable "irn_vpc_id" { +variable "irn_vpc_ids" { description = "ID of the IRN VPC" - type = string + type = map(string) } -variable "irn_vpc_cidr" { +variable "irn_vpc_cidrs" { description = "CIDR block of the IRN VPC" - type = string + type = map(string) } variable "irn_aws_account_id" { @@ -228,9 +227,9 @@ variable "irn_aws_account_id" { #------------------------------------------------------------------------------- # IRN client configuration -variable "irn_node" { +variable "irn_nodes" { description = "IRN node address in Address:Socket format" - type = string + type = map(string) } variable "irn_key" {