From 916c45d9aa7898eec5b97d5e7b0dee8610e633bf Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 16 Aug 2024 13:56:38 -0400 Subject: [PATCH 01/20] feat: multi-region deployment --- terraform/providers.tf | 19 +++++++++++++++++++ terraform/{ => region}/ecs/README.md | 0 terraform/{ => region}/ecs/cluster.tf | 0 .../{ => region}/ecs/cluster_autoscaling.tf | 0 terraform/{ => region}/ecs/cluster_iam.tf | 0 terraform/{ => region}/ecs/cluster_logs.tf | 0 terraform/{ => region}/ecs/context.tf | 0 terraform/{ => region}/ecs/dns.tf | 0 terraform/{ => region}/ecs/main.tf | 0 terraform/{ => region}/ecs/network.tf | 0 terraform/{ => region}/ecs/outputs.tf | 0 terraform/{ => region}/ecs/terraform.tf | 0 terraform/{ => region}/ecs/variables.tf | 0 terraform/{ => region}/postgres/context.tf | 0 terraform/{ => region}/postgres/main.tf | 0 terraform/{ => region}/postgres/outputs.tf | 0 terraform/{ => region}/postgres/password.tf | 0 terraform/{ => region}/postgres/terraform.tf | 0 terraform/{ => region}/postgres/variables.tf | 0 terraform/{ => region}/redis/README.md | 0 terraform/{ => region}/redis/context.tf | 0 terraform/{ => region}/redis/main.tf | 0 terraform/{ => region}/redis/outputs.tf | 0 terraform/{ => region}/redis/terraform.tf | 0 terraform/{ => region}/redis/variables.tf | 0 terraform/{ => region}/res_db.tf | 0 terraform/{ => region}/res_dns.tf | 0 terraform/{ => region}/res_ecs.tf | 0 terraform/{ => region}/res_network.tf | 0 terraform/{ => region}/res_redis.tf | 0 30 files changed, 19 insertions(+) rename terraform/{ => region}/ecs/README.md (100%) rename terraform/{ => region}/ecs/cluster.tf (100%) rename terraform/{ => region}/ecs/cluster_autoscaling.tf (100%) rename terraform/{ => region}/ecs/cluster_iam.tf (100%) rename terraform/{ => region}/ecs/cluster_logs.tf (100%) rename terraform/{ => region}/ecs/context.tf (100%) rename terraform/{ => region}/ecs/dns.tf (100%) rename terraform/{ => region}/ecs/main.tf (100%) rename terraform/{ => region}/ecs/network.tf (100%) rename terraform/{ => region}/ecs/outputs.tf (100%) rename terraform/{ => region}/ecs/terraform.tf (100%) rename terraform/{ => region}/ecs/variables.tf (100%) rename terraform/{ => region}/postgres/context.tf (100%) rename terraform/{ => region}/postgres/main.tf (100%) rename terraform/{ => region}/postgres/outputs.tf (100%) rename terraform/{ => region}/postgres/password.tf (100%) rename terraform/{ => region}/postgres/terraform.tf (100%) rename terraform/{ => region}/postgres/variables.tf (100%) rename terraform/{ => region}/redis/README.md (100%) rename terraform/{ => region}/redis/context.tf (100%) rename terraform/{ => region}/redis/main.tf (100%) rename terraform/{ => region}/redis/outputs.tf (100%) rename terraform/{ => region}/redis/terraform.tf (100%) rename terraform/{ => region}/redis/variables.tf (100%) rename terraform/{ => region}/res_db.tf (100%) rename terraform/{ => region}/res_dns.tf (100%) rename terraform/{ => region}/res_ecs.tf (100%) rename terraform/{ => region}/res_network.tf (100%) rename terraform/{ => region}/res_redis.tf (100%) diff --git a/terraform/providers.tf b/terraform/providers.tf index f7d191e3..ee05fa47 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -1,4 +1,5 @@ provider "aws" { + alias = "eu-central-1" region = var.region default_tags { @@ -6,6 +7,24 @@ provider "aws" { } } +provider "aws" { + alias = "us-east-1" + region = "us-east-1" + + default_tags { + tags = module.this.tags + } +} + +provider "aws" { + alias = "ap-southeast-1" + region = "ap-southeast-1" + + default_tags { + tags = module.this.tags + } +} + provider "grafana" { url = "https://${data.terraform_remote_state.monitoring.outputs.grafana_workspaces.central.grafana_endpoint}" auth = var.grafana_auth diff --git a/terraform/ecs/README.md b/terraform/region/ecs/README.md similarity index 100% rename from terraform/ecs/README.md rename to terraform/region/ecs/README.md diff --git a/terraform/ecs/cluster.tf b/terraform/region/ecs/cluster.tf similarity index 100% rename from terraform/ecs/cluster.tf rename to terraform/region/ecs/cluster.tf diff --git a/terraform/ecs/cluster_autoscaling.tf b/terraform/region/ecs/cluster_autoscaling.tf similarity index 100% rename from terraform/ecs/cluster_autoscaling.tf rename to terraform/region/ecs/cluster_autoscaling.tf diff --git a/terraform/ecs/cluster_iam.tf b/terraform/region/ecs/cluster_iam.tf similarity index 100% rename from terraform/ecs/cluster_iam.tf rename to terraform/region/ecs/cluster_iam.tf diff --git a/terraform/ecs/cluster_logs.tf b/terraform/region/ecs/cluster_logs.tf similarity index 100% rename from terraform/ecs/cluster_logs.tf rename to terraform/region/ecs/cluster_logs.tf diff --git a/terraform/ecs/context.tf b/terraform/region/ecs/context.tf similarity index 100% rename from terraform/ecs/context.tf rename to terraform/region/ecs/context.tf diff --git a/terraform/ecs/dns.tf b/terraform/region/ecs/dns.tf similarity index 100% rename from terraform/ecs/dns.tf rename to terraform/region/ecs/dns.tf diff --git a/terraform/ecs/main.tf b/terraform/region/ecs/main.tf similarity index 100% rename from terraform/ecs/main.tf rename to terraform/region/ecs/main.tf diff --git a/terraform/ecs/network.tf b/terraform/region/ecs/network.tf similarity index 100% rename from terraform/ecs/network.tf rename to terraform/region/ecs/network.tf diff --git a/terraform/ecs/outputs.tf b/terraform/region/ecs/outputs.tf similarity index 100% rename from terraform/ecs/outputs.tf rename to terraform/region/ecs/outputs.tf diff --git a/terraform/ecs/terraform.tf b/terraform/region/ecs/terraform.tf similarity index 100% rename from terraform/ecs/terraform.tf rename to terraform/region/ecs/terraform.tf diff --git a/terraform/ecs/variables.tf b/terraform/region/ecs/variables.tf similarity index 100% rename from terraform/ecs/variables.tf rename to terraform/region/ecs/variables.tf diff --git a/terraform/postgres/context.tf b/terraform/region/postgres/context.tf similarity index 100% rename from terraform/postgres/context.tf rename to terraform/region/postgres/context.tf diff --git a/terraform/postgres/main.tf b/terraform/region/postgres/main.tf similarity index 100% rename from terraform/postgres/main.tf rename to terraform/region/postgres/main.tf diff --git a/terraform/postgres/outputs.tf b/terraform/region/postgres/outputs.tf similarity index 100% rename from terraform/postgres/outputs.tf rename to terraform/region/postgres/outputs.tf diff --git a/terraform/postgres/password.tf b/terraform/region/postgres/password.tf similarity index 100% rename from terraform/postgres/password.tf rename to terraform/region/postgres/password.tf diff --git a/terraform/postgres/terraform.tf b/terraform/region/postgres/terraform.tf similarity index 100% rename from terraform/postgres/terraform.tf rename to terraform/region/postgres/terraform.tf diff --git a/terraform/postgres/variables.tf b/terraform/region/postgres/variables.tf similarity index 100% rename from terraform/postgres/variables.tf rename to terraform/region/postgres/variables.tf diff --git a/terraform/redis/README.md b/terraform/region/redis/README.md similarity index 100% rename from terraform/redis/README.md rename to terraform/region/redis/README.md diff --git a/terraform/redis/context.tf b/terraform/region/redis/context.tf similarity index 100% rename from terraform/redis/context.tf rename to terraform/region/redis/context.tf diff --git a/terraform/redis/main.tf b/terraform/region/redis/main.tf similarity index 100% rename from terraform/redis/main.tf rename to terraform/region/redis/main.tf diff --git a/terraform/redis/outputs.tf b/terraform/region/redis/outputs.tf similarity index 100% rename from terraform/redis/outputs.tf rename to terraform/region/redis/outputs.tf diff --git a/terraform/redis/terraform.tf b/terraform/region/redis/terraform.tf similarity index 100% rename from terraform/redis/terraform.tf rename to terraform/region/redis/terraform.tf diff --git a/terraform/redis/variables.tf b/terraform/region/redis/variables.tf similarity index 100% rename from terraform/redis/variables.tf rename to terraform/region/redis/variables.tf diff --git a/terraform/res_db.tf b/terraform/region/res_db.tf similarity index 100% rename from terraform/res_db.tf rename to terraform/region/res_db.tf diff --git a/terraform/res_dns.tf b/terraform/region/res_dns.tf similarity index 100% rename from terraform/res_dns.tf rename to terraform/region/res_dns.tf diff --git a/terraform/res_ecs.tf b/terraform/region/res_ecs.tf similarity index 100% rename from terraform/res_ecs.tf rename to terraform/region/res_ecs.tf diff --git a/terraform/res_network.tf b/terraform/region/res_network.tf similarity index 100% rename from terraform/res_network.tf rename to terraform/region/res_network.tf diff --git a/terraform/res_redis.tf b/terraform/region/res_redis.tf similarity index 100% rename from terraform/res_redis.tf rename to terraform/region/res_redis.tf From ed1af5275ca1b7503b1cd8c2cab5075adf94dec3 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 16 Aug 2024 16:30:37 -0400 Subject: [PATCH 02/20] fix: vars --- terraform/main.tf | 124 +++++++++++++++++++- terraform/region/res_ecs.tf | 5 + terraform/region/variables.tf | 208 ++++++++++++++++++++++++++++++++++ terraform/variables.tf | 6 +- 4 files changed, 336 insertions(+), 7 deletions(-) create mode 100644 terraform/region/variables.tf diff --git a/terraform/main.tf b/terraform/main.tf index ffac46e4..a1c13f38 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -4,10 +4,6 @@ resource "random_pet" "this" { length = 2 } -locals { - ecr_repository_url = module.stage.dev ? data.terraform_remote_state.org.outputs.accounts.sdlc.dev.ecr-urls.blockchain : data.terraform_remote_state.org.outputs.accounts.wl.blockchain[local.stage].ecr-url -} - resource "aws_kms_key" "cloudwatch_logs" { description = "KMS key for encrypting CloudWatch Logs" enable_key_rotation = true @@ -46,3 +42,123 @@ resource "aws_kms_alias" "cloudwatch_logs" { name = "alias/${module.this.id}-cloudwatch-logs" target_key_id = aws_kms_key.cloudwatch_logs.key_id } + +module "eu-central-1" { + source = "./region" + region = "eu-central-1" + image_version = var.image_version + log_level = var.log_level + app_autoscaling_desired_count = var.app_autoscaling_desired_count + app_autoscaling_min_capacity = var.app_autoscaling_min_capacity + app_autoscaling_max_capacity = var.app_autoscaling_max_capacity + ofac_blocked_countries = var.ofac_blocked_countries + registry_api_endpoint = var.registry_api_endpoint + registry_api_auth_token = var.registry_api_auth_token + project_cache_ttl = var.project_cache_ttl + infura_project_id = var.infura_project_id + pokt_project_id = var.pokt_project_id + zerion_api_key = var.zerion_api_key + quicknode_api_tokens = var.quicknode_api_tokens + coinbase_api_key = var.coinbase_api_key + coinbase_app_id = var.coinbase_app_id + one_inch_api_key = var.one_inch_api_key + one_inch_referrer = var.one_inch_referrer + getblock_access_tokens = var.getblock_access_tokens + pimlico_api_key = var.pimlico_api_key + testing_project_id = var.testing_project_id + geoip_db_key = var.geoip_db_key + rate_limiting_max_tokens = var.rate_limiting_max_tokens + rate_limiting_refill_interval = var.rate_limiting_refill_interval + rate_limiting_refill_rate = var.rate_limiting_refill_rate + irn_vpc_id = var.irn_vpc_ids["eu-central-1"] + irn_vpc_cidr = var.irn_vpc_cidrs["eu-central-1"] + irn_aws_account_id = var.irn_aws_account_id + irn_node = var.irn_nodes["eu-central-1"] + irn_key = var.irn_key + irn_namespace = var.irn_namespace + irn_namespace_secret = var.irn_namespace_secret + + providers = { + aws = aws.eu-central-1 + } +} + +module "us-east-1" { + source = "./region" + region = "us-east-1" + image_version = var.image_version + log_level = var.log_level + app_autoscaling_desired_count = var.app_autoscaling_desired_count + app_autoscaling_min_capacity = var.app_autoscaling_min_capacity + app_autoscaling_max_capacity = var.app_autoscaling_max_capacity + ofac_blocked_countries = var.ofac_blocked_countries + registry_api_endpoint = var.registry_api_endpoint + registry_api_auth_token = var.registry_api_auth_token + project_cache_ttl = var.project_cache_ttl + infura_project_id = var.infura_project_id + pokt_project_id = var.pokt_project_id + zerion_api_key = var.zerion_api_key + quicknode_api_tokens = var.quicknode_api_tokens + coinbase_api_key = var.coinbase_api_key + coinbase_app_id = var.coinbase_app_id + one_inch_api_key = var.one_inch_api_key + one_inch_referrer = var.one_inch_referrer + getblock_access_tokens = var.getblock_access_tokens + pimlico_api_key = var.pimlico_api_key + testing_project_id = var.testing_project_id + geoip_db_key = var.geoip_db_key + rate_limiting_max_tokens = var.rate_limiting_max_tokens + rate_limiting_refill_interval = var.rate_limiting_refill_interval + rate_limiting_refill_rate = var.rate_limiting_refill_rate + irn_vpc_id = var.irn_vpc_ids["us-east-1"] + irn_vpc_cidr = var.irn_vpc_cidrs["us-east-1"] + irn_aws_account_id = var.irn_aws_account_id + irn_node = var.irn_nodes["us-east-1"] + irn_key = var.irn_key + irn_namespace = var.irn_namespace + irn_namespace_secret = var.irn_namespace_secret + + providers = { + aws = aws.us-east-1 + } +} + +module "ap-southeast-1" { + source = "./region" + region = "ap-southeast-1" + image_version = var.image_version + log_level = var.log_level + app_autoscaling_desired_count = var.app_autoscaling_desired_count + app_autoscaling_min_capacity = var.app_autoscaling_min_capacity + app_autoscaling_max_capacity = var.app_autoscaling_max_capacity + ofac_blocked_countries = var.ofac_blocked_countries + registry_api_endpoint = var.registry_api_endpoint + registry_api_auth_token = var.registry_api_auth_token + project_cache_ttl = var.project_cache_ttl + infura_project_id = var.infura_project_id + pokt_project_id = var.pokt_project_id + zerion_api_key = var.zerion_api_key + quicknode_api_tokens = var.quicknode_api_tokens + coinbase_api_key = var.coinbase_api_key + coinbase_app_id = var.coinbase_app_id + one_inch_api_key = var.one_inch_api_key + one_inch_referrer = var.one_inch_referrer + getblock_access_tokens = var.getblock_access_tokens + pimlico_api_key = var.pimlico_api_key + testing_project_id = var.testing_project_id + geoip_db_key = var.geoip_db_key + rate_limiting_max_tokens = var.rate_limiting_max_tokens + rate_limiting_refill_interval = var.rate_limiting_refill_interval + rate_limiting_refill_rate = var.rate_limiting_refill_rate + irn_vpc_id = var.irn_vpc_ids["ap-southeast-1"] + irn_vpc_cidr = var.irn_vpc_cidrs["ap-southeast-1"] + irn_aws_account_id = var.irn_aws_account_id + irn_node = var.irn_nodes["ap-southeast-1"] + irn_key = var.irn_key + irn_namespace = var.irn_namespace + irn_namespace_secret = var.irn_namespace_secret + + providers = { + aws = aws.ap-southeast-1 + } +} diff --git a/terraform/region/res_ecs.tf b/terraform/region/res_ecs.tf index 744ac528..e19b38e0 100644 --- a/terraform/region/res_ecs.tf +++ b/terraform/region/res_ecs.tf @@ -1,3 +1,8 @@ +locals { + stage = module.stage.stage + ecr_repository_url = module.stage.dev ? data.terraform_remote_state.org.outputs.accounts.sdlc.dev.ecr-urls.blockchain : data.terraform_remote_state.org.outputs.accounts.wl.blockchain[local.stage].ecr-url +} + data "aws_s3_bucket" "geoip" { bucket = data.terraform_remote_state.infra_aws.outputs.geoip_bucked_id } diff --git a/terraform/region/variables.tf b/terraform/region/variables.tf new file mode 100644 index 00000000..f5a6a549 --- /dev/null +++ b/terraform/region/variables.tf @@ -0,0 +1,208 @@ +#------------------------------------------------------------------------------- +# Application + +# variable "name" { +# description = "The name of the application" +# type = string +# default = "blockchain-api" +# } + +variable "region" { + description = "AWS region to deploy to" + type = string +} + +variable "image_version" { + description = "The ECS tag of the image to deploy" + type = string +} + +variable "log_level" { + description = "Defines logging level for the application" + type = string +} + +variable "app_autoscaling_desired_count" { + description = "The desired number of tasks to run" + type = number + default = 2 +} + +variable "app_autoscaling_min_capacity" { + description = "The minimum number of tasks to run when autoscaling" + type = number + default = 2 +} + +variable "app_autoscaling_max_capacity" { + description = "The maximum number of tasks to run when autoscaling" + type = number + default = 8 +} + +variable "ofac_blocked_countries" { + description = "The list of countries to block" + type = string + default = "" +} + +#------------------------------------------------------------------------------- +# Project Registry + +variable "registry_api_endpoint" { + description = "The endpoint of the registry API" + type = string +} + +variable "registry_api_auth_token" { + description = "The auth token for the registry API" + type = string + sensitive = true +} + +variable "project_cache_ttl" { + description = "The TTL for project data cache" + type = number + default = 300 +} + + +#------------------------------------------------------------------------------- +# Providers + +variable "infura_project_id" { + description = "The project ID for Infura" + type = string + sensitive = true +} + +variable "pokt_project_id" { + description = "The project ID for POKT" + type = string + sensitive = true +} + +variable "zerion_api_key" { + description = "The API key for Zerion" + type = string + sensitive = true +} + +variable "quicknode_api_tokens" { + description = "API keys for Quicknode in JSON format" + type = string + sensitive = true +} + +variable "coinbase_api_key" { + description = "The API key for Coinbase Pay SDK" + type = string + sensitive = true +} + +variable "coinbase_app_id" { + description = "The APP-ID for Coinbase Pay SDK" + type = string + sensitive = true +} + +variable "one_inch_api_key" { + description = "The API key for 1inch" + type = string + sensitive = true +} + +variable "one_inch_referrer" { + description = "The referrer address for 1inch" + type = string + sensitive = true +} + +variable "getblock_access_tokens" { + description = "Mapping of API access tokens for GetBlock in JSON format" + type = string + sensitive = true +} + +variable "pimlico_api_key" { + description = "Pimlico bundler API token key" + type = string + sensitive = true +} + +variable "testing_project_id" { + description = "Project ID used in a testing suite" + type = string + sensitive = true +} + +#------------------------------------------------------------------------------- +# Analytics + +variable "geoip_db_key" { + description = "The name to the GeoIP database" + type = string +} + +#------------------------------------------------------------------------------- +# Rate-limiting (Token bucket) configuration + +variable "rate_limiting_max_tokens" { + description = "The maximum number of tokens in the bucket" + type = number + default = 30 +} + +variable "rate_limiting_refill_interval" { + description = "The interval in seconds to refill the bucket" + type = number + default = 1 +} + +variable "rate_limiting_refill_rate" { + description = "The number of tokens to refill the bucket with" + type = number + default = 3 +} + +#------------------------------------------------------------------------------- +# IRN VPC peering + +variable "irn_vpc_id" { + description = "ID of the IRN VPC" + type = string +} + +variable "irn_vpc_cidr" { + description = "CIDR block of the IRN VPC" + type = string +} + +variable "irn_aws_account_id" { + description = "ID of the AWS account in IRN is being deployed" + type = string +} + +#------------------------------------------------------------------------------- +# IRN client configuration + +variable "irn_node" { + description = "IRN node address in Address:Socket format" + type = string +} + +variable "irn_key" { + description = "IRN client key in base64 format" + type = string +} + +variable "irn_namespace" { + description = "IRN storage namespace" + type = string +} + +variable "irn_namespace_secret" { + description = "IRN storage namespace secret key" + type = string +} + diff --git a/terraform/variables.tf b/terraform/variables.tf index a93ede95..15b77435 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -198,12 +198,12 @@ variable "rate_limiting_refill_rate" { #------------------------------------------------------------------------------- # IRN VPC peering -variable "irn_vpc_id" { +variable "irn_vpc_ids" { description = "ID of the IRN VPC" type = string } -variable "irn_vpc_cidr" { +variable "irn_vpc_cidrs" { description = "CIDR block of the IRN VPC" type = string } @@ -216,7 +216,7 @@ variable "irn_aws_account_id" { #------------------------------------------------------------------------------- # IRN client configuration -variable "irn_node" { +variable "irn_nodes" { description = "IRN node address in Address:Socket format" type = string } From fae1cda42d8d6986f4d383d449d54619a3a990a8 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 16 Aug 2024 16:36:22 -0400 Subject: [PATCH 03/20] fix: this --- terraform/region/main.tf | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 terraform/region/main.tf diff --git a/terraform/region/main.tf b/terraform/region/main.tf new file mode 100644 index 00000000..4c8d2da3 --- /dev/null +++ b/terraform/region/main.tf @@ -0,0 +1,5 @@ +data "aws_caller_identity" "this" {} + +resource "random_pet" "this" { + length = 2 +} From fe837de4a121038d30046f6d1d049b1066f94db4 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 16 Aug 2024 16:40:11 -0400 Subject: [PATCH 04/20] chore: fmt --- terraform/region/res_ecs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/region/res_ecs.tf b/terraform/region/res_ecs.tf index e19b38e0..d5ad5bea 100644 --- a/terraform/region/res_ecs.tf +++ b/terraform/region/res_ecs.tf @@ -1,5 +1,5 @@ locals { - stage = module.stage.stage + stage = module.stage.stage ecr_repository_url = module.stage.dev ? data.terraform_remote_state.org.outputs.accounts.sdlc.dev.ecr-urls.blockchain : data.terraform_remote_state.org.outputs.accounts.wl.blockchain[local.stage].ecr-url } From b2e80f77762bb93a9a84f4bdb75ef56af190493f Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 16 Aug 2024 16:51:12 -0400 Subject: [PATCH 05/20] chore: fix links --- terraform/main.tf | 39 ----------------------------------- terraform/region/context.tf | 23 +++++++++++++++++++++ terraform/region/inputs.tf | 39 +++++++++++++++++++++++++++++++++++ terraform/region/main.tf | 39 +++++++++++++++++++++++++++++++++++ terraform/region/res_ecs.tf | 1 - terraform/region/terraform.tf | 11 ++++++++++ terraform/region/variables.tf | 10 ++++----- terraform/variables.tf | 6 +++--- 8 files changed, 120 insertions(+), 48 deletions(-) create mode 100644 terraform/region/context.tf create mode 100644 terraform/region/inputs.tf create mode 100644 terraform/region/terraform.tf diff --git a/terraform/main.tf b/terraform/main.tf index a1c13f38..7234bb17 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -4,45 +4,6 @@ resource "random_pet" "this" { length = 2 } -resource "aws_kms_key" "cloudwatch_logs" { - description = "KMS key for encrypting CloudWatch Logs" - enable_key_rotation = true - policy = jsonencode({ - Version = "2012-10-17" - Statement = [ - { - Sid = "Enable IAM User Permissions" - Effect = "Allow" - Principal = { - AWS = data.aws_caller_identity.this.account_id - } - Action = "kms:*" - Resource = "*" - }, - { - Sid = "AllowCloudWatchLogs" - Effect = "Allow" - Principal = { - Service = "logs.${module.this.region}.amazonaws.com" - } - Action = [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*" - ] - Resource = "*" - }, - ] - }) -} - -resource "aws_kms_alias" "cloudwatch_logs" { - name = "alias/${module.this.id}-cloudwatch-logs" - target_key_id = aws_kms_key.cloudwatch_logs.key_id -} - module "eu-central-1" { source = "./region" region = "eu-central-1" diff --git a/terraform/region/context.tf b/terraform/region/context.tf new file mode 100644 index 00000000..63691cbe --- /dev/null +++ b/terraform/region/context.tf @@ -0,0 +1,23 @@ +module "stage" { + source = "app.terraform.io/wallet-connect/stage/null" + version = "0.1.0" + project = "blockchain" +} + +locals { + stage = module.stage.stage +} + +module "this" { + source = "app.terraform.io/wallet-connect/label/null" + version = "0.3.2" + + namespace = "wc" + region = var.region + stage = local.stage + name = var.name + + tags = { + Application = var.name + } +} diff --git a/terraform/region/inputs.tf b/terraform/region/inputs.tf new file mode 100644 index 00000000..a5298e4c --- /dev/null +++ b/terraform/region/inputs.tf @@ -0,0 +1,39 @@ +data "terraform_remote_state" "org" { + backend = "remote" + config = { + organization = "wallet-connect" + workspaces = { + name = "aws-org" + } + } +} + +data "terraform_remote_state" "datalake" { + backend = "remote" + config = { + organization = "wallet-connect" + workspaces = { + name = "datalake-${module.stage.dev ? "staging" : local.stage}" + } + } +} + +data "terraform_remote_state" "infra_aws" { + backend = "remote" + config = { + organization = "wallet-connect" + workspaces = { + name = "infra-aws" + } + } +} + +data "terraform_remote_state" "monitoring" { + backend = "remote" + config = { + organization = "wallet-connect" + workspaces = { + name = "monitoring" + } + } +} diff --git a/terraform/region/main.tf b/terraform/region/main.tf index 4c8d2da3..d7db8664 100644 --- a/terraform/region/main.tf +++ b/terraform/region/main.tf @@ -3,3 +3,42 @@ data "aws_caller_identity" "this" {} resource "random_pet" "this" { length = 2 } + +resource "aws_kms_key" "cloudwatch_logs" { + description = "KMS key for encrypting CloudWatch Logs" + enable_key_rotation = true + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Sid = "Enable IAM User Permissions" + Effect = "Allow" + Principal = { + AWS = data.aws_caller_identity.this.account_id + } + Action = "kms:*" + Resource = "*" + }, + { + Sid = "AllowCloudWatchLogs" + Effect = "Allow" + Principal = { + Service = "logs.${module.this.region}.amazonaws.com" + } + Action = [ + "kms:Encrypt*", + "kms:Decrypt*", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", + "kms:Describe*" + ] + Resource = "*" + }, + ] + }) +} + +resource "aws_kms_alias" "cloudwatch_logs" { + name = "alias/${module.this.id}-cloudwatch-logs" + target_key_id = aws_kms_key.cloudwatch_logs.key_id +} diff --git a/terraform/region/res_ecs.tf b/terraform/region/res_ecs.tf index d5ad5bea..3798af1d 100644 --- a/terraform/region/res_ecs.tf +++ b/terraform/region/res_ecs.tf @@ -1,5 +1,4 @@ locals { - stage = module.stage.stage ecr_repository_url = module.stage.dev ? data.terraform_remote_state.org.outputs.accounts.sdlc.dev.ecr-urls.blockchain : data.terraform_remote_state.org.outputs.accounts.wl.blockchain[local.stage].ecr-url } diff --git a/terraform/region/terraform.tf b/terraform/region/terraform.tf new file mode 100644 index 00000000..2a367bb7 --- /dev/null +++ b/terraform/region/terraform.tf @@ -0,0 +1,11 @@ +# Terraform Configuration +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 5.7" + } + } +} diff --git a/terraform/region/variables.tf b/terraform/region/variables.tf index f5a6a549..2367add9 100644 --- a/terraform/region/variables.tf +++ b/terraform/region/variables.tf @@ -1,11 +1,11 @@ #------------------------------------------------------------------------------- # Application -# variable "name" { -# description = "The name of the application" -# type = string -# default = "blockchain-api" -# } +variable "name" { + description = "The name of the application" + type = string + default = "blockchain-api" +} variable "region" { description = "AWS region to deploy to" diff --git a/terraform/variables.tf b/terraform/variables.tf index 15b77435..f303a2c6 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -200,12 +200,12 @@ variable "rate_limiting_refill_rate" { variable "irn_vpc_ids" { description = "ID of the IRN VPC" - type = string + type = map(string) } variable "irn_vpc_cidrs" { description = "CIDR block of the IRN VPC" - type = string + type = map(string) } variable "irn_aws_account_id" { @@ -218,7 +218,7 @@ variable "irn_aws_account_id" { variable "irn_nodes" { description = "IRN node address in Address:Socket format" - type = string + type = map(string) } variable "irn_key" { From 65c40b103ce345dd9a3f33a7a2cf9a4ea27c01f6 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 16 Aug 2024 17:02:16 -0400 Subject: [PATCH 06/20] fix: alerting module --- terraform/main.tf | 9 ++++++++ terraform/{ => region}/alerting/README.md | 0 terraform/{ => region}/alerting/alarms_ecs.tf | 0 .../{ => region}/alerting/alarms_redis.tf | 0 terraform/{ => region}/alerting/context.tf | 0 terraform/{ => region}/alerting/main.tf | 0 terraform/{ => region}/alerting/terraform.tf | 0 terraform/{ => region}/alerting/variables.tf | 0 terraform/{ => region}/res_alerting.tf | 0 terraform/region/variables.tf | 21 +++++++++++++++++++ 10 files changed, 30 insertions(+) rename terraform/{ => region}/alerting/README.md (100%) rename terraform/{ => region}/alerting/alarms_ecs.tf (100%) rename terraform/{ => region}/alerting/alarms_redis.tf (100%) rename terraform/{ => region}/alerting/context.tf (100%) rename terraform/{ => region}/alerting/main.tf (100%) rename terraform/{ => region}/alerting/terraform.tf (100%) rename terraform/{ => region}/alerting/variables.tf (100%) rename terraform/{ => region}/res_alerting.tf (100%) diff --git a/terraform/main.tf b/terraform/main.tf index 7234bb17..4bf743f7 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -28,6 +28,9 @@ module "eu-central-1" { pimlico_api_key = var.pimlico_api_key testing_project_id = var.testing_project_id geoip_db_key = var.geoip_db_key + notification_channels = var.notification_channels + webhook_cloudwatch_p2 = var.webhook_cloudwatch_p2 + webhook_prometheus_p2 = var.webhook_cloudwatch_p2 rate_limiting_max_tokens = var.rate_limiting_max_tokens rate_limiting_refill_interval = var.rate_limiting_refill_interval rate_limiting_refill_rate = var.rate_limiting_refill_rate @@ -68,6 +71,9 @@ module "us-east-1" { pimlico_api_key = var.pimlico_api_key testing_project_id = var.testing_project_id geoip_db_key = var.geoip_db_key + notification_channels = var.notification_channels + webhook_cloudwatch_p2 = var.webhook_cloudwatch_p2 + webhook_prometheus_p2 = var.webhook_cloudwatch_p2 rate_limiting_max_tokens = var.rate_limiting_max_tokens rate_limiting_refill_interval = var.rate_limiting_refill_interval rate_limiting_refill_rate = var.rate_limiting_refill_rate @@ -108,6 +114,9 @@ module "ap-southeast-1" { pimlico_api_key = var.pimlico_api_key testing_project_id = var.testing_project_id geoip_db_key = var.geoip_db_key + notification_channels = var.notification_channels + webhook_cloudwatch_p2 = var.webhook_cloudwatch_p2 + webhook_prometheus_p2 = var.webhook_cloudwatch_p2 rate_limiting_max_tokens = var.rate_limiting_max_tokens rate_limiting_refill_interval = var.rate_limiting_refill_interval rate_limiting_refill_rate = var.rate_limiting_refill_rate diff --git a/terraform/alerting/README.md b/terraform/region/alerting/README.md similarity index 100% rename from terraform/alerting/README.md rename to terraform/region/alerting/README.md diff --git a/terraform/alerting/alarms_ecs.tf b/terraform/region/alerting/alarms_ecs.tf similarity index 100% rename from terraform/alerting/alarms_ecs.tf rename to terraform/region/alerting/alarms_ecs.tf diff --git a/terraform/alerting/alarms_redis.tf b/terraform/region/alerting/alarms_redis.tf similarity index 100% rename from terraform/alerting/alarms_redis.tf rename to terraform/region/alerting/alarms_redis.tf diff --git a/terraform/alerting/context.tf b/terraform/region/alerting/context.tf similarity index 100% rename from terraform/alerting/context.tf rename to terraform/region/alerting/context.tf diff --git a/terraform/alerting/main.tf b/terraform/region/alerting/main.tf similarity index 100% rename from terraform/alerting/main.tf rename to terraform/region/alerting/main.tf diff --git a/terraform/alerting/terraform.tf b/terraform/region/alerting/terraform.tf similarity index 100% rename from terraform/alerting/terraform.tf rename to terraform/region/alerting/terraform.tf diff --git a/terraform/alerting/variables.tf b/terraform/region/alerting/variables.tf similarity index 100% rename from terraform/alerting/variables.tf rename to terraform/region/alerting/variables.tf diff --git a/terraform/res_alerting.tf b/terraform/region/res_alerting.tf similarity index 100% rename from terraform/res_alerting.tf rename to terraform/region/res_alerting.tf diff --git a/terraform/region/variables.tf b/terraform/region/variables.tf index 2367add9..23cf0342 100644 --- a/terraform/region/variables.tf +++ b/terraform/region/variables.tf @@ -144,6 +144,27 @@ variable "geoip_db_key" { type = string } +#------------------------------------------------------------------------------- +# Alerting / Monitoring + +variable "notification_channels" { + description = "The notification channels to send alerts to" + type = list(any) + default = [] +} + +variable "webhook_cloudwatch_p2" { + description = "The webhook to send CloudWatch P2 alerts to" + type = string + default = "" +} + +variable "webhook_prometheus_p2" { + description = "The webhook to send Prometheus P2 alerts to" + type = string + default = "" +} + #------------------------------------------------------------------------------- # Rate-limiting (Token bucket) configuration From 67005ff237e873ad171582bd07d53bcfb4a58b49 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 16 Aug 2024 17:30:00 -0400 Subject: [PATCH 07/20] chore: move monitoring and other fixes --- .gitmodules | 4 +-- terraform/inputs.tf | 30 ------------------- terraform/main.tf | 14 ++++----- terraform/{ => region}/monitoring/README.md | 0 terraform/{ => region}/monitoring/context.tf | 0 .../{ => region}/monitoring/dashboard.jsonnet | 0 .../{ => region}/monitoring/data_sources.tf | 0 .../{ => region}/monitoring/grafonnet-lib | 0 terraform/{ => region}/monitoring/main.tf | 2 +- terraform/{ => region}/monitoring/outputs.tf | 0 .../panels/ecs/availability.libsonnet | 0 .../monitoring/panels/ecs/cpu.libsonnet | 0 .../monitoring/panels/ecs/memory.libsonnet | 0 .../panels/history/availability.libsonnet | 0 .../panels/history/latency.libsonnet | 0 .../panels/history/requests.libsonnet | 0 .../panels/identity/availability.libsonnet | 0 .../panels/identity/cache.libsonnet | 0 .../panels/identity/latency.libsonnet | 0 .../panels/identity/requests.libsonnet | 0 .../panels/identity/usage.libsonnet | 0 .../monitoring/panels/irn/latency.libsonnet | 0 .../panels/lb/active_connections.libsonnet | 0 .../monitoring/panels/lb/error_4xx.libsonnet | 0 .../monitoring/panels/lb/error_5xx.libsonnet | 0 .../panels/lb/error_5xx_logs.libsonnet | 0 .../panels/lb/healthy_hosts.libsonnet | 0 .../monitoring/panels/lb/requests.libsonnet | 0 .../panels/names/registered.libsonnet | 0 .../monitoring/panels/panels.libsonnet | 0 .../monitoring/panels/proxy/calls.libsonnet | 0 .../proxy/errors_non_provider.libsonnet | 0 .../panels/proxy/errors_provider.libsonnet | 0 .../panels/proxy/http_codes.libsonnet | 0 .../monitoring/panels/proxy/latency.libsonnet | 0 .../proxy/quota_limited_projects.libsonnet | 0 .../proxy/rate_limited_counter.libsonnet | 0 .../panels/proxy/rejected_projects.libsonnet | 0 .../panels/status/provider.libsonnet | 0 .../panels/usage/provider.libsonnet | 0 .../panels/weights/provider.libsonnet | 0 .../{ => region}/monitoring/terraform.tf | 0 .../{ => region}/monitoring/variables.tf | 0 terraform/{ => region}/res_monitoring.tf | 0 terraform/region/terraform.tf | 4 +++ terraform/region/variables.tf | 3 -- 46 files changed, 13 insertions(+), 44 deletions(-) rename terraform/{ => region}/monitoring/README.md (100%) rename terraform/{ => region}/monitoring/context.tf (100%) rename terraform/{ => region}/monitoring/dashboard.jsonnet (100%) rename terraform/{ => region}/monitoring/data_sources.tf (100%) rename terraform/{ => region}/monitoring/grafonnet-lib (100%) rename terraform/{ => region}/monitoring/main.tf (90%) rename terraform/{ => region}/monitoring/outputs.tf (100%) rename terraform/{ => region}/monitoring/panels/ecs/availability.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/ecs/cpu.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/ecs/memory.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/history/availability.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/history/latency.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/history/requests.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/identity/availability.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/identity/cache.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/identity/latency.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/identity/requests.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/identity/usage.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/irn/latency.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/lb/active_connections.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/lb/error_4xx.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/lb/error_5xx.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/lb/error_5xx_logs.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/lb/healthy_hosts.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/lb/requests.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/names/registered.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/panels.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/proxy/calls.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/proxy/errors_non_provider.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/proxy/errors_provider.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/proxy/http_codes.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/proxy/latency.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/proxy/quota_limited_projects.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/proxy/rate_limited_counter.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/proxy/rejected_projects.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/status/provider.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/usage/provider.libsonnet (100%) rename terraform/{ => region}/monitoring/panels/weights/provider.libsonnet (100%) rename terraform/{ => region}/monitoring/terraform.tf (100%) rename terraform/{ => region}/monitoring/variables.tf (100%) rename terraform/{ => region}/res_monitoring.tf (100%) diff --git a/.gitmodules b/.gitmodules index c89ebd8c..650f285e 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,5 +1,5 @@ -[submodule "terraform/monitoring/grafonnet-lib"] - path = terraform/monitoring/grafonnet-lib +[submodule "terraform/region/monitoring/grafonnet-lib"] + path = terraform/region/monitoring/grafonnet-lib url = git@github.com:WalletConnect/grafonnet-lib.git [submodule "irn"] path = irn diff --git a/terraform/inputs.tf b/terraform/inputs.tf index a5298e4c..b16060b3 100644 --- a/terraform/inputs.tf +++ b/terraform/inputs.tf @@ -1,33 +1,3 @@ -data "terraform_remote_state" "org" { - backend = "remote" - config = { - organization = "wallet-connect" - workspaces = { - name = "aws-org" - } - } -} - -data "terraform_remote_state" "datalake" { - backend = "remote" - config = { - organization = "wallet-connect" - workspaces = { - name = "datalake-${module.stage.dev ? "staging" : local.stage}" - } - } -} - -data "terraform_remote_state" "infra_aws" { - backend = "remote" - config = { - organization = "wallet-connect" - workspaces = { - name = "infra-aws" - } - } -} - data "terraform_remote_state" "monitoring" { backend = "remote" config = { diff --git a/terraform/main.tf b/terraform/main.tf index 4bf743f7..1d663d73 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,10 +1,8 @@ -data "aws_caller_identity" "this" {} - resource "random_pet" "this" { length = 2 } -module "eu-central-1" { +module "eu_central_1" { source = "./region" region = "eu-central-1" image_version = var.image_version @@ -30,7 +28,7 @@ module "eu-central-1" { geoip_db_key = var.geoip_db_key notification_channels = var.notification_channels webhook_cloudwatch_p2 = var.webhook_cloudwatch_p2 - webhook_prometheus_p2 = var.webhook_cloudwatch_p2 + webhook_prometheus_p2 = var.webhook_prometheus_p2 rate_limiting_max_tokens = var.rate_limiting_max_tokens rate_limiting_refill_interval = var.rate_limiting_refill_interval rate_limiting_refill_rate = var.rate_limiting_refill_rate @@ -47,7 +45,7 @@ module "eu-central-1" { } } -module "us-east-1" { +module "us_east_1" { source = "./region" region = "us-east-1" image_version = var.image_version @@ -73,7 +71,7 @@ module "us-east-1" { geoip_db_key = var.geoip_db_key notification_channels = var.notification_channels webhook_cloudwatch_p2 = var.webhook_cloudwatch_p2 - webhook_prometheus_p2 = var.webhook_cloudwatch_p2 + webhook_prometheus_p2 = var.webhook_prometheus_p2 rate_limiting_max_tokens = var.rate_limiting_max_tokens rate_limiting_refill_interval = var.rate_limiting_refill_interval rate_limiting_refill_rate = var.rate_limiting_refill_rate @@ -90,7 +88,7 @@ module "us-east-1" { } } -module "ap-southeast-1" { +module "ap_southeast_1" { source = "./region" region = "ap-southeast-1" image_version = var.image_version @@ -116,7 +114,7 @@ module "ap-southeast-1" { geoip_db_key = var.geoip_db_key notification_channels = var.notification_channels webhook_cloudwatch_p2 = var.webhook_cloudwatch_p2 - webhook_prometheus_p2 = var.webhook_cloudwatch_p2 + webhook_prometheus_p2 = var.webhook_prometheus_p2 rate_limiting_max_tokens = var.rate_limiting_max_tokens rate_limiting_refill_interval = var.rate_limiting_refill_interval rate_limiting_refill_rate = var.rate_limiting_refill_rate diff --git a/terraform/monitoring/README.md b/terraform/region/monitoring/README.md similarity index 100% rename from terraform/monitoring/README.md rename to terraform/region/monitoring/README.md diff --git a/terraform/monitoring/context.tf b/terraform/region/monitoring/context.tf similarity index 100% rename from terraform/monitoring/context.tf rename to terraform/region/monitoring/context.tf diff --git a/terraform/monitoring/dashboard.jsonnet b/terraform/region/monitoring/dashboard.jsonnet similarity index 100% rename from terraform/monitoring/dashboard.jsonnet rename to terraform/region/monitoring/dashboard.jsonnet diff --git a/terraform/monitoring/data_sources.tf b/terraform/region/monitoring/data_sources.tf similarity index 100% rename from terraform/monitoring/data_sources.tf rename to terraform/region/monitoring/data_sources.tf diff --git a/terraform/monitoring/grafonnet-lib b/terraform/region/monitoring/grafonnet-lib similarity index 100% rename from terraform/monitoring/grafonnet-lib rename to terraform/region/monitoring/grafonnet-lib diff --git a/terraform/monitoring/main.tf b/terraform/region/monitoring/main.tf similarity index 90% rename from terraform/monitoring/main.tf rename to terraform/region/monitoring/main.tf index 54c58b75..db88e97f 100644 --- a/terraform/monitoring/main.tf +++ b/terraform/region/monitoring/main.tf @@ -2,7 +2,7 @@ data "jsonnet_file" "dashboard" { source = "${path.module}/dashboard.jsonnet" ext_str = { - dashboard_title = "BlockchainAPI - ${title(module.this.stage)}" + dashboard_title = "Blockchain API - ${title(module.this.stage)} - ${module.this.region}" dashboard_uid = "blockchainapi-${module.this.stage}" prometheus_uid = grafana_data_source.prometheus.uid diff --git a/terraform/monitoring/outputs.tf b/terraform/region/monitoring/outputs.tf similarity index 100% rename from terraform/monitoring/outputs.tf rename to terraform/region/monitoring/outputs.tf diff --git a/terraform/monitoring/panels/ecs/availability.libsonnet b/terraform/region/monitoring/panels/ecs/availability.libsonnet similarity index 100% rename from terraform/monitoring/panels/ecs/availability.libsonnet rename to terraform/region/monitoring/panels/ecs/availability.libsonnet diff --git a/terraform/monitoring/panels/ecs/cpu.libsonnet b/terraform/region/monitoring/panels/ecs/cpu.libsonnet similarity index 100% rename from terraform/monitoring/panels/ecs/cpu.libsonnet rename to terraform/region/monitoring/panels/ecs/cpu.libsonnet diff --git a/terraform/monitoring/panels/ecs/memory.libsonnet b/terraform/region/monitoring/panels/ecs/memory.libsonnet similarity index 100% rename from terraform/monitoring/panels/ecs/memory.libsonnet rename to terraform/region/monitoring/panels/ecs/memory.libsonnet diff --git a/terraform/monitoring/panels/history/availability.libsonnet b/terraform/region/monitoring/panels/history/availability.libsonnet similarity index 100% rename from terraform/monitoring/panels/history/availability.libsonnet rename to terraform/region/monitoring/panels/history/availability.libsonnet diff --git a/terraform/monitoring/panels/history/latency.libsonnet b/terraform/region/monitoring/panels/history/latency.libsonnet similarity index 100% rename from terraform/monitoring/panels/history/latency.libsonnet rename to terraform/region/monitoring/panels/history/latency.libsonnet diff --git a/terraform/monitoring/panels/history/requests.libsonnet b/terraform/region/monitoring/panels/history/requests.libsonnet similarity index 100% rename from terraform/monitoring/panels/history/requests.libsonnet rename to terraform/region/monitoring/panels/history/requests.libsonnet diff --git a/terraform/monitoring/panels/identity/availability.libsonnet b/terraform/region/monitoring/panels/identity/availability.libsonnet similarity index 100% rename from terraform/monitoring/panels/identity/availability.libsonnet rename to terraform/region/monitoring/panels/identity/availability.libsonnet diff --git a/terraform/monitoring/panels/identity/cache.libsonnet b/terraform/region/monitoring/panels/identity/cache.libsonnet similarity index 100% rename from terraform/monitoring/panels/identity/cache.libsonnet rename to terraform/region/monitoring/panels/identity/cache.libsonnet diff --git a/terraform/monitoring/panels/identity/latency.libsonnet b/terraform/region/monitoring/panels/identity/latency.libsonnet similarity index 100% rename from terraform/monitoring/panels/identity/latency.libsonnet rename to terraform/region/monitoring/panels/identity/latency.libsonnet diff --git a/terraform/monitoring/panels/identity/requests.libsonnet b/terraform/region/monitoring/panels/identity/requests.libsonnet similarity index 100% rename from terraform/monitoring/panels/identity/requests.libsonnet rename to terraform/region/monitoring/panels/identity/requests.libsonnet diff --git a/terraform/monitoring/panels/identity/usage.libsonnet b/terraform/region/monitoring/panels/identity/usage.libsonnet similarity index 100% rename from terraform/monitoring/panels/identity/usage.libsonnet rename to terraform/region/monitoring/panels/identity/usage.libsonnet diff --git a/terraform/monitoring/panels/irn/latency.libsonnet b/terraform/region/monitoring/panels/irn/latency.libsonnet similarity index 100% rename from terraform/monitoring/panels/irn/latency.libsonnet rename to terraform/region/monitoring/panels/irn/latency.libsonnet diff --git a/terraform/monitoring/panels/lb/active_connections.libsonnet b/terraform/region/monitoring/panels/lb/active_connections.libsonnet similarity index 100% rename from terraform/monitoring/panels/lb/active_connections.libsonnet rename to terraform/region/monitoring/panels/lb/active_connections.libsonnet diff --git a/terraform/monitoring/panels/lb/error_4xx.libsonnet b/terraform/region/monitoring/panels/lb/error_4xx.libsonnet similarity index 100% rename from terraform/monitoring/panels/lb/error_4xx.libsonnet rename to terraform/region/monitoring/panels/lb/error_4xx.libsonnet diff --git a/terraform/monitoring/panels/lb/error_5xx.libsonnet b/terraform/region/monitoring/panels/lb/error_5xx.libsonnet similarity index 100% rename from terraform/monitoring/panels/lb/error_5xx.libsonnet rename to terraform/region/monitoring/panels/lb/error_5xx.libsonnet diff --git a/terraform/monitoring/panels/lb/error_5xx_logs.libsonnet b/terraform/region/monitoring/panels/lb/error_5xx_logs.libsonnet similarity index 100% rename from terraform/monitoring/panels/lb/error_5xx_logs.libsonnet rename to terraform/region/monitoring/panels/lb/error_5xx_logs.libsonnet diff --git a/terraform/monitoring/panels/lb/healthy_hosts.libsonnet b/terraform/region/monitoring/panels/lb/healthy_hosts.libsonnet similarity index 100% rename from terraform/monitoring/panels/lb/healthy_hosts.libsonnet rename to terraform/region/monitoring/panels/lb/healthy_hosts.libsonnet diff --git a/terraform/monitoring/panels/lb/requests.libsonnet b/terraform/region/monitoring/panels/lb/requests.libsonnet similarity index 100% rename from terraform/monitoring/panels/lb/requests.libsonnet rename to terraform/region/monitoring/panels/lb/requests.libsonnet diff --git a/terraform/monitoring/panels/names/registered.libsonnet b/terraform/region/monitoring/panels/names/registered.libsonnet similarity index 100% rename from terraform/monitoring/panels/names/registered.libsonnet rename to terraform/region/monitoring/panels/names/registered.libsonnet diff --git a/terraform/monitoring/panels/panels.libsonnet b/terraform/region/monitoring/panels/panels.libsonnet similarity index 100% rename from terraform/monitoring/panels/panels.libsonnet rename to terraform/region/monitoring/panels/panels.libsonnet diff --git a/terraform/monitoring/panels/proxy/calls.libsonnet b/terraform/region/monitoring/panels/proxy/calls.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/calls.libsonnet rename to terraform/region/monitoring/panels/proxy/calls.libsonnet diff --git a/terraform/monitoring/panels/proxy/errors_non_provider.libsonnet b/terraform/region/monitoring/panels/proxy/errors_non_provider.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/errors_non_provider.libsonnet rename to terraform/region/monitoring/panels/proxy/errors_non_provider.libsonnet diff --git a/terraform/monitoring/panels/proxy/errors_provider.libsonnet b/terraform/region/monitoring/panels/proxy/errors_provider.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/errors_provider.libsonnet rename to terraform/region/monitoring/panels/proxy/errors_provider.libsonnet diff --git a/terraform/monitoring/panels/proxy/http_codes.libsonnet b/terraform/region/monitoring/panels/proxy/http_codes.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/http_codes.libsonnet rename to terraform/region/monitoring/panels/proxy/http_codes.libsonnet diff --git a/terraform/monitoring/panels/proxy/latency.libsonnet b/terraform/region/monitoring/panels/proxy/latency.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/latency.libsonnet rename to terraform/region/monitoring/panels/proxy/latency.libsonnet diff --git a/terraform/monitoring/panels/proxy/quota_limited_projects.libsonnet b/terraform/region/monitoring/panels/proxy/quota_limited_projects.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/quota_limited_projects.libsonnet rename to terraform/region/monitoring/panels/proxy/quota_limited_projects.libsonnet diff --git a/terraform/monitoring/panels/proxy/rate_limited_counter.libsonnet b/terraform/region/monitoring/panels/proxy/rate_limited_counter.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/rate_limited_counter.libsonnet rename to terraform/region/monitoring/panels/proxy/rate_limited_counter.libsonnet diff --git a/terraform/monitoring/panels/proxy/rejected_projects.libsonnet b/terraform/region/monitoring/panels/proxy/rejected_projects.libsonnet similarity index 100% rename from terraform/monitoring/panels/proxy/rejected_projects.libsonnet rename to terraform/region/monitoring/panels/proxy/rejected_projects.libsonnet diff --git a/terraform/monitoring/panels/status/provider.libsonnet b/terraform/region/monitoring/panels/status/provider.libsonnet similarity index 100% rename from terraform/monitoring/panels/status/provider.libsonnet rename to terraform/region/monitoring/panels/status/provider.libsonnet diff --git a/terraform/monitoring/panels/usage/provider.libsonnet b/terraform/region/monitoring/panels/usage/provider.libsonnet similarity index 100% rename from terraform/monitoring/panels/usage/provider.libsonnet rename to terraform/region/monitoring/panels/usage/provider.libsonnet diff --git a/terraform/monitoring/panels/weights/provider.libsonnet b/terraform/region/monitoring/panels/weights/provider.libsonnet similarity index 100% rename from terraform/monitoring/panels/weights/provider.libsonnet rename to terraform/region/monitoring/panels/weights/provider.libsonnet diff --git a/terraform/monitoring/terraform.tf b/terraform/region/monitoring/terraform.tf similarity index 100% rename from terraform/monitoring/terraform.tf rename to terraform/region/monitoring/terraform.tf diff --git a/terraform/monitoring/variables.tf b/terraform/region/monitoring/variables.tf similarity index 100% rename from terraform/monitoring/variables.tf rename to terraform/region/monitoring/variables.tf diff --git a/terraform/res_monitoring.tf b/terraform/region/res_monitoring.tf similarity index 100% rename from terraform/res_monitoring.tf rename to terraform/region/res_monitoring.tf diff --git a/terraform/region/terraform.tf b/terraform/region/terraform.tf index 2a367bb7..9b14a4a1 100644 --- a/terraform/region/terraform.tf +++ b/terraform/region/terraform.tf @@ -7,5 +7,9 @@ terraform { source = "hashicorp/aws" version = ">= 5.7" } + random = { + source = "hashicorp/random" + version = "3.5.1" + } } } diff --git a/terraform/region/variables.tf b/terraform/region/variables.tf index 23cf0342..ca0b9648 100644 --- a/terraform/region/variables.tf +++ b/terraform/region/variables.tf @@ -150,19 +150,16 @@ variable "geoip_db_key" { variable "notification_channels" { description = "The notification channels to send alerts to" type = list(any) - default = [] } variable "webhook_cloudwatch_p2" { description = "The webhook to send CloudWatch P2 alerts to" type = string - default = "" } variable "webhook_prometheus_p2" { description = "The webhook to send Prometheus P2 alerts to" type = string - default = "" } #------------------------------------------------------------------------------- From a2a66865b6814fb9c7690f66d077cfe01cdb2f66 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 23 Aug 2024 14:32:46 -0700 Subject: [PATCH 08/20] chore: complete move --- terraform/main.tf | 168 ++++---- terraform/moved.tf | 764 ++++++++++++++++++++++++++++++++++ terraform/region/terraform.tf | 4 + terraform/variables.tf | 1 - 4 files changed, 850 insertions(+), 87 deletions(-) create mode 100644 terraform/moved.tf diff --git a/terraform/main.tf b/terraform/main.tf index 1d663d73..eedcc4cf 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,7 +1,3 @@ -resource "random_pet" "this" { - length = 2 -} - module "eu_central_1" { source = "./region" region = "eu-central-1" @@ -45,88 +41,88 @@ module "eu_central_1" { } } -module "us_east_1" { - source = "./region" - region = "us-east-1" - image_version = var.image_version - log_level = var.log_level - app_autoscaling_desired_count = var.app_autoscaling_desired_count - app_autoscaling_min_capacity = var.app_autoscaling_min_capacity - app_autoscaling_max_capacity = var.app_autoscaling_max_capacity - ofac_blocked_countries = var.ofac_blocked_countries - registry_api_endpoint = var.registry_api_endpoint - registry_api_auth_token = var.registry_api_auth_token - project_cache_ttl = var.project_cache_ttl - infura_project_id = var.infura_project_id - pokt_project_id = var.pokt_project_id - zerion_api_key = var.zerion_api_key - quicknode_api_tokens = var.quicknode_api_tokens - coinbase_api_key = var.coinbase_api_key - coinbase_app_id = var.coinbase_app_id - one_inch_api_key = var.one_inch_api_key - one_inch_referrer = var.one_inch_referrer - getblock_access_tokens = var.getblock_access_tokens - pimlico_api_key = var.pimlico_api_key - testing_project_id = var.testing_project_id - geoip_db_key = var.geoip_db_key - notification_channels = var.notification_channels - webhook_cloudwatch_p2 = var.webhook_cloudwatch_p2 - webhook_prometheus_p2 = var.webhook_prometheus_p2 - rate_limiting_max_tokens = var.rate_limiting_max_tokens - rate_limiting_refill_interval = var.rate_limiting_refill_interval - rate_limiting_refill_rate = var.rate_limiting_refill_rate - irn_vpc_id = var.irn_vpc_ids["us-east-1"] - irn_vpc_cidr = var.irn_vpc_cidrs["us-east-1"] - irn_aws_account_id = var.irn_aws_account_id - irn_node = var.irn_nodes["us-east-1"] - irn_key = var.irn_key - irn_namespace = var.irn_namespace - irn_namespace_secret = var.irn_namespace_secret +# module "us_east_1" { +# source = "./region" +# region = "us-east-1" +# image_version = var.image_version +# log_level = var.log_level +# app_autoscaling_desired_count = var.app_autoscaling_desired_count +# app_autoscaling_min_capacity = var.app_autoscaling_min_capacity +# app_autoscaling_max_capacity = var.app_autoscaling_max_capacity +# ofac_blocked_countries = var.ofac_blocked_countries +# registry_api_endpoint = var.registry_api_endpoint +# registry_api_auth_token = var.registry_api_auth_token +# project_cache_ttl = var.project_cache_ttl +# infura_project_id = var.infura_project_id +# pokt_project_id = var.pokt_project_id +# zerion_api_key = var.zerion_api_key +# quicknode_api_tokens = var.quicknode_api_tokens +# coinbase_api_key = var.coinbase_api_key +# coinbase_app_id = var.coinbase_app_id +# one_inch_api_key = var.one_inch_api_key +# one_inch_referrer = var.one_inch_referrer +# getblock_access_tokens = var.getblock_access_tokens +# pimlico_api_key = var.pimlico_api_key +# testing_project_id = var.testing_project_id +# geoip_db_key = var.geoip_db_key +# notification_channels = var.notification_channels +# webhook_cloudwatch_p2 = var.webhook_cloudwatch_p2 +# webhook_prometheus_p2 = var.webhook_prometheus_p2 +# rate_limiting_max_tokens = var.rate_limiting_max_tokens +# rate_limiting_refill_interval = var.rate_limiting_refill_interval +# rate_limiting_refill_rate = var.rate_limiting_refill_rate +# irn_vpc_id = var.irn_vpc_ids["us-east-1"] +# irn_vpc_cidr = var.irn_vpc_cidrs["us-east-1"] +# irn_aws_account_id = var.irn_aws_account_id +# irn_node = var.irn_nodes["us-east-1"] +# irn_key = var.irn_key +# irn_namespace = var.irn_namespace +# irn_namespace_secret = var.irn_namespace_secret - providers = { - aws = aws.us-east-1 - } -} +# providers = { +# aws = aws.us-east-1 +# } +# } -module "ap_southeast_1" { - source = "./region" - region = "ap-southeast-1" - image_version = var.image_version - log_level = var.log_level - app_autoscaling_desired_count = var.app_autoscaling_desired_count - app_autoscaling_min_capacity = var.app_autoscaling_min_capacity - app_autoscaling_max_capacity = var.app_autoscaling_max_capacity - ofac_blocked_countries = var.ofac_blocked_countries - registry_api_endpoint = var.registry_api_endpoint - registry_api_auth_token = var.registry_api_auth_token - project_cache_ttl = var.project_cache_ttl - infura_project_id = var.infura_project_id - pokt_project_id = var.pokt_project_id - zerion_api_key = var.zerion_api_key - quicknode_api_tokens = var.quicknode_api_tokens - coinbase_api_key = var.coinbase_api_key - coinbase_app_id = var.coinbase_app_id - one_inch_api_key = var.one_inch_api_key - one_inch_referrer = var.one_inch_referrer - getblock_access_tokens = var.getblock_access_tokens - pimlico_api_key = var.pimlico_api_key - testing_project_id = var.testing_project_id - geoip_db_key = var.geoip_db_key - notification_channels = var.notification_channels - webhook_cloudwatch_p2 = var.webhook_cloudwatch_p2 - webhook_prometheus_p2 = var.webhook_prometheus_p2 - rate_limiting_max_tokens = var.rate_limiting_max_tokens - rate_limiting_refill_interval = var.rate_limiting_refill_interval - rate_limiting_refill_rate = var.rate_limiting_refill_rate - irn_vpc_id = var.irn_vpc_ids["ap-southeast-1"] - irn_vpc_cidr = var.irn_vpc_cidrs["ap-southeast-1"] - irn_aws_account_id = var.irn_aws_account_id - irn_node = var.irn_nodes["ap-southeast-1"] - irn_key = var.irn_key - irn_namespace = var.irn_namespace - irn_namespace_secret = var.irn_namespace_secret +# module "ap_southeast_1" { +# source = "./region" +# region = "ap-southeast-1" +# image_version = var.image_version +# log_level = var.log_level +# app_autoscaling_desired_count = var.app_autoscaling_desired_count +# app_autoscaling_min_capacity = var.app_autoscaling_min_capacity +# app_autoscaling_max_capacity = var.app_autoscaling_max_capacity +# ofac_blocked_countries = var.ofac_blocked_countries +# registry_api_endpoint = var.registry_api_endpoint +# registry_api_auth_token = var.registry_api_auth_token +# project_cache_ttl = var.project_cache_ttl +# infura_project_id = var.infura_project_id +# pokt_project_id = var.pokt_project_id +# zerion_api_key = var.zerion_api_key +# quicknode_api_tokens = var.quicknode_api_tokens +# coinbase_api_key = var.coinbase_api_key +# coinbase_app_id = var.coinbase_app_id +# one_inch_api_key = var.one_inch_api_key +# one_inch_referrer = var.one_inch_referrer +# getblock_access_tokens = var.getblock_access_tokens +# pimlico_api_key = var.pimlico_api_key +# testing_project_id = var.testing_project_id +# geoip_db_key = var.geoip_db_key +# notification_channels = var.notification_channels +# webhook_cloudwatch_p2 = var.webhook_cloudwatch_p2 +# webhook_prometheus_p2 = var.webhook_prometheus_p2 +# rate_limiting_max_tokens = var.rate_limiting_max_tokens +# rate_limiting_refill_interval = var.rate_limiting_refill_interval +# rate_limiting_refill_rate = var.rate_limiting_refill_rate +# irn_vpc_id = var.irn_vpc_ids["ap-southeast-1"] +# irn_vpc_cidr = var.irn_vpc_cidrs["ap-southeast-1"] +# irn_aws_account_id = var.irn_aws_account_id +# irn_node = var.irn_nodes["ap-southeast-1"] +# irn_key = var.irn_key +# irn_namespace = var.irn_namespace +# irn_namespace_secret = var.irn_namespace_secret - providers = { - aws = aws.ap-southeast-1 - } -} +# providers = { +# aws = aws.ap-southeast-1 +# } +# } diff --git a/terraform/moved.tf b/terraform/moved.tf new file mode 100644 index 00000000..13551f54 --- /dev/null +++ b/terraform/moved.tf @@ -0,0 +1,764 @@ +moved { + from = data.aws_availability_zones.available + to = module.eu_central_1.data.aws_availability_zones.available +} + +moved { + from = data.aws_caller_identity.this + to = module.eu_central_1.data.aws_caller_identity.this +} + +moved { + from = data.aws_s3_bucket.geoip + to = module.eu_central_1.data.aws_s3_bucket.geoip +} + +moved { + from = data.terraform_remote_state.datalake + to = module.eu_central_1.data.terraform_remote_state.datalake +} + +moved { + from = data.terraform_remote_state.infra_aws + to = module.eu_central_1.data.terraform_remote_state.infra_aws +} + +# moved { +# from = data.terraform_remote_state.monitoring +# to = module.eu_central_1.data.terraform_remote_state.monitoring +# } + +moved { + from = data.terraform_remote_state.org + to = module.eu_central_1.data.terraform_remote_state.org +} + +moved { + from = aws_iam_role.application_role + to = module.eu_central_1.aws_iam_role.application_role +} + +moved { + from = aws_kms_alias.cloudwatch_logs + to = module.eu_central_1.aws_kms_alias.cloudwatch_logs +} + +moved { + from = aws_kms_key.cloudwatch_logs + to = module.eu_central_1.aws_kms_key.cloudwatch_logs +} + +moved { + from = aws_prometheus_workspace.prometheus + to = module.eu_central_1.aws_prometheus_workspace.prometheus +} + +moved { + from = aws_route.irn[0] + to = module.eu_central_1.aws_route.irn[0] +} + +moved { + from = aws_vpc_peering_connection.irn + to = module.eu_central_1.aws_vpc_peering_connection.irn +} + +moved { + from = random_pet.this + to = module.eu_central_1.random_pet.this +} + +moved { + from = module.alerting.aws_cloudwatch_metric_alarm.ecs_cpu_utilization + to = module.eu_central_1.module.alerting.aws_cloudwatch_metric_alarm.ecs_cpu_utilization +} + +moved { + from = module.alerting.aws_cloudwatch_metric_alarm.ecs_mem_utilization + to = module.eu_central_1.module.alerting.aws_cloudwatch_metric_alarm.ecs_mem_utilization +} + +moved { + from = module.alerting.aws_cloudwatch_metric_alarm.redis_available_memory + to = module.eu_central_1.module.alerting.aws_cloudwatch_metric_alarm.redis_available_memory +} + +moved { + from = module.alerting.aws_cloudwatch_metric_alarm.redis_cpu_utilization + to = module.eu_central_1.module.alerting.aws_cloudwatch_metric_alarm.redis_cpu_utilization +} + +moved { + from = module.alerting.aws_sns_topic.cloudwatch_webhook + to = module.eu_central_1.module.alerting.aws_sns_topic.cloudwatch_webhook +} + +moved { + from = module.alerting.aws_sns_topic.prometheus_webhook + to = module.eu_central_1.module.alerting.aws_sns_topic.prometheus_webhook +} + +moved { + from = module.dns_certificate["Z03351311B68L9FUYSBYK"].data.aws_default_tags.provider + to = module.eu_central_1.module.dns_certificate["Z03351311B68L9FUYSBYK"].data.aws_default_tags.provider +} + +moved { + from = module.dns_certificate["Z03351311B68L9FUYSBYK"].data.aws_route53_zone.hosted_zone + to = module.eu_central_1.module.dns_certificate["Z03351311B68L9FUYSBYK"].data.aws_route53_zone.hosted_zone +} + +moved { + from = module.dns_certificate["Z03351311B68L9FUYSBYK"].aws_acm_certificate.domain_certificate + to = module.eu_central_1.module.dns_certificate["Z03351311B68L9FUYSBYK"].aws_acm_certificate.domain_certificate +} + +moved { + from = module.dns_certificate["Z03351311B68L9FUYSBYK"].aws_route53_record.cert_verification[0] + to = module.eu_central_1.module.dns_certificate["Z03351311B68L9FUYSBYK"].aws_route53_record.cert_verification[0] +} + +moved { + from = module.dns_certificate["Z08482453O4S3RHV9217F"].data.aws_default_tags.provider + to = module.eu_central_1.module.dns_certificate["Z08482453O4S3RHV9217F"].data.aws_default_tags.provider +} + +moved { + from = module.dns_certificate["Z08482453O4S3RHV9217F"].data.aws_route53_zone.hosted_zone + to = module.eu_central_1.module.dns_certificate["Z08482453O4S3RHV9217F"].data.aws_route53_zone.hosted_zone +} + +moved { + from = module.dns_certificate["Z08482453O4S3RHV9217F"].aws_acm_certificate.domain_certificate + to = module.eu_central_1.module.dns_certificate["Z08482453O4S3RHV9217F"].aws_acm_certificate.domain_certificate +} + +moved { + from = module.dns_certificate["Z08482453O4S3RHV9217F"].aws_route53_record.cert_verification[0] + to = module.eu_central_1.module.dns_certificate["Z08482453O4S3RHV9217F"].aws_route53_record.cert_verification[0] +} + +moved { + from = module.ecs.data.aws_iam_role.ecs_task_execution_role + to = module.eu_central_1.module.ecs.data.aws_iam_role.ecs_task_execution_role +} + +moved { + from = module.ecs.aws_appautoscaling_policy.ecs_target_cpu + to = module.eu_central_1.module.ecs.aws_appautoscaling_policy.ecs_target_cpu +} + +moved { + from = module.ecs.aws_appautoscaling_policy.ecs_target_memory + to = module.eu_central_1.module.ecs.aws_appautoscaling_policy.ecs_target_memory +} + +moved { + from = module.ecs.aws_appautoscaling_target.ecs_target + to = module.eu_central_1.module.ecs.aws_appautoscaling_target.ecs_target +} + +moved { + from = module.ecs.aws_cloudwatch_log_group.cluster + to = module.eu_central_1.module.ecs.aws_cloudwatch_log_group.cluster +} + +moved { + from = module.ecs.aws_cloudwatch_log_group.otel + to = module.eu_central_1.module.ecs.aws_cloudwatch_log_group.otel +} + +moved { + from = module.ecs.aws_cloudwatch_log_group.prometheus_proxy + to = module.eu_central_1.module.ecs.aws_cloudwatch_log_group.prometheus_proxy +} + +moved { + from = module.ecs.aws_ecs_cluster.app_cluster + to = module.eu_central_1.module.ecs.aws_ecs_cluster.app_cluster +} + +moved { + from = module.ecs.aws_ecs_service.app_service + to = module.eu_central_1.module.ecs.aws_ecs_service.app_service +} + +moved { + from = module.ecs.aws_ecs_task_definition.app_task + to = module.eu_central_1.module.ecs.aws_ecs_task_definition.app_task +} + +moved { + from = module.ecs.aws_iam_policy.datalake_bucket_access + to = module.eu_central_1.module.ecs.aws_iam_policy.datalake_bucket_access +} + +moved { + from = module.ecs.aws_iam_policy.geoip_bucket_access + to = module.eu_central_1.module.ecs.aws_iam_policy.geoip_bucket_access +} + +moved { + from = module.ecs.aws_iam_policy.otel + to = module.eu_central_1.module.ecs.aws_iam_policy.otel +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.cloudwatch_write_policy + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.cloudwatch_write_policy +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.datalake_bucket_access + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.datalake_bucket_access +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_fetch_ghcr_secret_policy + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_fetch_ghcr_secret_policy +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_policy + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.ecs_task_execution_role_policy +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.geoip_bucket_access + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.geoip_bucket_access +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.prometheus_read_policy + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.prometheus_read_policy +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.prometheus_write_policy + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.prometheus_write_policy +} + +moved { + from = module.ecs.aws_iam_role_policy_attachment.ssm_read_only_policy + to = module.eu_central_1.module.ecs.aws_iam_role_policy_attachment.ssm_read_only_policy +} + +moved { + from = module.ecs.aws_lb.load_balancer + to = module.eu_central_1.module.ecs.aws_lb.load_balancer +} + +moved { + from = module.ecs.aws_lb_listener.listener-http + to = module.eu_central_1.module.ecs.aws_lb_listener.listener-http +} + +moved { + from = module.ecs.aws_lb_listener.listener-https + to = module.eu_central_1.module.ecs.aws_lb_listener.listener-https +} + +moved { + from = module.ecs.aws_lb_listener_certificate.listener-https["Z08482453O4S3RHV9217F"] + to = module.eu_central_1.module.ecs.aws_lb_listener_certificate.listener-https["Z08482453O4S3RHV9217F"] +} + +moved { + from = module.ecs.aws_lb_target_group.target_group + to = module.eu_central_1.module.ecs.aws_lb_target_group.target_group +} + +moved { + from = module.ecs.aws_route53_record.dns_load_balancer["Z03351311B68L9FUYSBYK"] + to = module.eu_central_1.module.ecs.aws_route53_record.dns_load_balancer["Z03351311B68L9FUYSBYK"] +} + +moved { + from = module.ecs.aws_route53_record.dns_load_balancer["Z08482453O4S3RHV9217F"] + to = module.eu_central_1.module.ecs.aws_route53_record.dns_load_balancer["Z08482453O4S3RHV9217F"] +} + +moved { + from = module.ecs.aws_security_group.app_ingress + to = module.eu_central_1.module.ecs.aws_security_group.app_ingress +} + +moved { + from = module.ecs.aws_security_group.lb_ingress + to = module.eu_central_1.module.ecs.aws_security_group.lb_ingress +} + +moved { + from = module.ecs.random_pet.this + to = module.eu_central_1.module.ecs.random_pet.this +} + +moved { + from = module.monitoring.data.jsonnet_file.dashboard + to = module.eu_central_1.module.monitoring.data.jsonnet_file.dashboard +} + +moved { + from = module.monitoring.grafana_dashboard.main + to = module.eu_central_1.module.monitoring.grafana_dashboard.main +} + +moved { + from = module.monitoring.grafana_data_source.cloudwatch + to = module.eu_central_1.module.monitoring.grafana_data_source.cloudwatch +} + +moved { + from = module.monitoring.grafana_data_source.prometheus + to = module.eu_central_1.module.monitoring.grafana_data_source.prometheus +} + +moved { + from = module.postgres.data.aws_caller_identity.this + to = module.eu_central_1.module.postgres.data.aws_caller_identity.this +} + +moved { + from = module.postgres.aws_db_subnet_group.db_subnets + to = module.eu_central_1.module.postgres.aws_db_subnet_group.db_subnets +} + +moved { + from = module.postgres.aws_kms_alias.db_master_password + to = module.eu_central_1.module.postgres.aws_kms_alias.db_master_password +} + +moved { + from = module.postgres.aws_kms_key.db_master_password + to = module.eu_central_1.module.postgres.aws_kms_key.db_master_password +} + +moved { + from = module.postgres.aws_secretsmanager_secret.db_master_password + to = module.eu_central_1.module.postgres.aws_secretsmanager_secret.db_master_password +} + +moved { + from = module.postgres.aws_secretsmanager_secret_version.db_master_password + to = module.eu_central_1.module.postgres.aws_secretsmanager_secret_version.db_master_password +} + +moved { + from = module.postgres.random_password.db_master_password[0] + to = module.eu_central_1.module.postgres.random_password.db_master_password[0] +} + +moved { + from = module.redis.data.aws_vpc.vpc + to = module.eu_central_1.module.redis.data.aws_vpc.vpc +} + +moved { + from = module.redis.aws_elasticache_cluster.cache + to = module.eu_central_1.module.redis.aws_elasticache_cluster.cache +} + +moved { + from = module.redis.aws_elasticache_subnet_group.private_subnets + to = module.eu_central_1.module.redis.aws_elasticache_subnet_group.private_subnets +} + +moved { + from = module.redis.aws_security_group.service_security_group + to = module.eu_central_1.module.redis.aws_security_group.service_security_group +} + +moved { + from = module.vpc.data.aws_caller_identity.current[0] + to = module.eu_central_1.module.vpc.data.aws_caller_identity.current[0] +} + +moved { + from = module.vpc.data.aws_partition.current[0] + to = module.eu_central_1.module.vpc.data.aws_partition.current[0] +} + +moved { + from = module.vpc.data.aws_region.current[0] + to = module.eu_central_1.module.vpc.data.aws_region.current[0] +} + +moved { + from = module.vpc.aws_db_subnet_group.database[0] + to = module.eu_central_1.module.vpc.aws_db_subnet_group.database[0] +} + +moved { + from = module.vpc.aws_default_network_acl.this[0] + to = module.eu_central_1.module.vpc.aws_default_network_acl.this[0] +} + +moved { + from = module.vpc.aws_default_route_table.default[0] + to = module.eu_central_1.module.vpc.aws_default_route_table.default[0] +} + +moved { + from = module.vpc.aws_default_security_group.this[0] + to = module.eu_central_1.module.vpc.aws_default_security_group.this[0] +} + +moved { + from = module.vpc.aws_eip.nat[0] + to = module.eu_central_1.module.vpc.aws_eip.nat[0] +} + +moved { + from = module.vpc.aws_flow_log.this[0] + to = module.eu_central_1.module.vpc.aws_flow_log.this[0] +} + +moved { + from = module.vpc.aws_internet_gateway.this[0] + to = module.eu_central_1.module.vpc.aws_internet_gateway.this[0] +} + +moved { + from = module.vpc.aws_nat_gateway.this[0] + to = module.eu_central_1.module.vpc.aws_nat_gateway.this[0] +} + +moved { + from = module.vpc.aws_route.private_nat_gateway[0] + to = module.eu_central_1.module.vpc.aws_route.private_nat_gateway[0] +} + +moved { + from = module.vpc.aws_route.public_internet_gateway[0] + to = module.eu_central_1.module.vpc.aws_route.public_internet_gateway[0] +} + +moved { + from = module.vpc.aws_route_table.intra[0] + to = module.eu_central_1.module.vpc.aws_route_table.intra[0] +} + +moved { + from = module.vpc.aws_route_table.private[0] + to = module.eu_central_1.module.vpc.aws_route_table.private[0] +} + +moved { + from = module.vpc.aws_route_table.public[0] + to = module.eu_central_1.module.vpc.aws_route_table.public[0] +} + +moved { + from = module.vpc.aws_route_table_association.database[0] + to = module.eu_central_1.module.vpc.aws_route_table_association.database[0] +} + +moved { + from = module.vpc.aws_route_table_association.database[1] + to = module.eu_central_1.module.vpc.aws_route_table_association.database[1] +} + +moved { + from = module.vpc.aws_route_table_association.database[2] + to = module.eu_central_1.module.vpc.aws_route_table_association.database[2] +} + +moved { + from = module.vpc.aws_route_table_association.intra[0] + to = module.eu_central_1.module.vpc.aws_route_table_association.intra[0] +} + +moved { + from = module.vpc.aws_route_table_association.intra[1] + to = module.eu_central_1.module.vpc.aws_route_table_association.intra[1] +} + +moved { + from = module.vpc.aws_route_table_association.intra[2] + to = module.eu_central_1.module.vpc.aws_route_table_association.intra[2] +} + +moved { + from = module.vpc.aws_route_table_association.private[0] + to = module.eu_central_1.module.vpc.aws_route_table_association.private[0] +} + +moved { + from = module.vpc.aws_route_table_association.private[1] + to = module.eu_central_1.module.vpc.aws_route_table_association.private[1] +} + +moved { + from = module.vpc.aws_route_table_association.private[2] + to = module.eu_central_1.module.vpc.aws_route_table_association.private[2] +} + +moved { + from = module.vpc.aws_route_table_association.public[0] + to = module.eu_central_1.module.vpc.aws_route_table_association.public[0] +} + +moved { + from = module.vpc.aws_route_table_association.public[1] + to = module.eu_central_1.module.vpc.aws_route_table_association.public[1] +} + +moved { + from = module.vpc.aws_route_table_association.public[2] + to = module.eu_central_1.module.vpc.aws_route_table_association.public[2] +} + +moved { + from = module.vpc.aws_subnet.database[0] + to = module.eu_central_1.module.vpc.aws_subnet.database[0] +} + +moved { + from = module.vpc.aws_subnet.database[1] + to = module.eu_central_1.module.vpc.aws_subnet.database[1] +} + +moved { + from = module.vpc.aws_subnet.database[2] + to = module.eu_central_1.module.vpc.aws_subnet.database[2] +} + +moved { + from = module.vpc.aws_subnet.intra[0] + to = module.eu_central_1.module.vpc.aws_subnet.intra[0] +} + +moved { + from = module.vpc.aws_subnet.intra[1] + to = module.eu_central_1.module.vpc.aws_subnet.intra[1] +} + +moved { + from = module.vpc.aws_subnet.intra[2] + to = module.eu_central_1.module.vpc.aws_subnet.intra[2] +} + +moved { + from = module.vpc.aws_subnet.private[0] + to = module.eu_central_1.module.vpc.aws_subnet.private[0] +} + +moved { + from = module.vpc.aws_subnet.private[1] + to = module.eu_central_1.module.vpc.aws_subnet.private[1] +} + +moved { + from = module.vpc.aws_subnet.private[2] + to = module.eu_central_1.module.vpc.aws_subnet.private[2] +} + +moved { + from = module.vpc.aws_subnet.public[0] + to = module.eu_central_1.module.vpc.aws_subnet.public[0] +} + +moved { + from = module.vpc.aws_subnet.public[1] + to = module.eu_central_1.module.vpc.aws_subnet.public[1] +} + +moved { + from = module.vpc.aws_subnet.public[2] + to = module.eu_central_1.module.vpc.aws_subnet.public[2] +} + +moved { + from = module.vpc.aws_vpc.this[0] + to = module.eu_central_1.module.vpc.aws_vpc.this[0] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["cloudwatch"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["cloudwatch"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["cloudwatch-events"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["cloudwatch-events"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["cloudwatch-logs"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["cloudwatch-logs"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["ecs"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["ecs"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["ecs-agent"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["ecs-agent"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["ecs-telemetry"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["ecs-telemetry"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["elastic-load-balancing"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["elastic-load-balancing"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["kms"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["kms"] +} + +moved { + from = module.vpc_endpoints.data.aws_vpc_endpoint_service.this["s3"] + to = module.eu_central_1.module.vpc_endpoints.data.aws_vpc_endpoint_service.this["s3"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["cloudwatch"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["cloudwatch"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["cloudwatch-events"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["cloudwatch-events"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["cloudwatch-logs"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["cloudwatch-logs"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["ecs"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["ecs"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["ecs-agent"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["ecs-agent"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["ecs-telemetry"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["ecs-telemetry"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["elastic-load-balancing"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["elastic-load-balancing"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["kms"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["kms"] +} + +moved { + from = module.vpc_endpoints.aws_vpc_endpoint.this["s3"] + to = module.eu_central_1.module.vpc_endpoints.aws_vpc_endpoint.this["s3"] +} + +moved { + from = module.vpc_flow_s3_bucket.data.aws_caller_identity.current + to = module.eu_central_1.module.vpc_flow_s3_bucket.data.aws_caller_identity.current +} + +moved { + from = module.vpc_flow_s3_bucket.data.aws_partition.current + to = module.eu_central_1.module.vpc_flow_s3_bucket.data.aws_partition.current +} + +moved { + from = module.vpc_flow_s3_bucket.data.aws_region.current + to = module.eu_central_1.module.vpc_flow_s3_bucket.data.aws_region.current +} + +moved { + from = module.vpc_flow_s3_bucket.aws_s3_bucket.this[0] + to = module.eu_central_1.module.vpc_flow_s3_bucket.aws_s3_bucket.this[0] +} + +moved { + from = module.vpc_flow_s3_bucket.aws_s3_bucket_lifecycle_configuration.this[0] + to = module.eu_central_1.module.vpc_flow_s3_bucket.aws_s3_bucket_lifecycle_configuration.this[0] +} + +moved { + from = module.vpc_flow_s3_bucket.aws_s3_bucket_public_access_block.this[0] + to = module.eu_central_1.module.vpc_flow_s3_bucket.aws_s3_bucket_public_access_block.this[0] +} + +moved { + from = module.monitoring.module.monitoring-role.aws_iam_policy.prometheus[0] + to = module.eu_central_1.module.monitoring.module.monitoring-role.aws_iam_policy.prometheus[0] +} + +moved { + from = module.monitoring.module.monitoring-role.aws_iam_role.monitoring + to = module.eu_central_1.module.monitoring.module.monitoring-role.aws_iam_role.monitoring +} + +moved { + from = module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["athena"] + to = module.eu_central_1.module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["athena"] +} + +moved { + from = module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["cloudwatch"] + to = module.eu_central_1.module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["cloudwatch"] +} + +moved { + from = module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["prometheus"] + to = module.eu_central_1.module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["prometheus"] +} + +moved { + from = module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["xray"] + to = module.eu_central_1.module.monitoring.module.monitoring-role.aws_iam_role_policy_attachment.sources["xray"] +} + +moved { + from = module.postgres.module.db_cluster.data.aws_iam_policy_document.monitoring_rds_assume_role[0] + to = module.eu_central_1.module.postgres.module.db_cluster.data.aws_iam_policy_document.monitoring_rds_assume_role[0] +} + +moved { + from = module.postgres.module.db_cluster.data.aws_partition.current + to = module.eu_central_1.module.postgres.module.db_cluster.data.aws_partition.current +} + +moved { + from = module.postgres.module.db_cluster.aws_iam_role.rds_enhanced_monitoring[0] + to = module.eu_central_1.module.postgres.module.db_cluster.aws_iam_role.rds_enhanced_monitoring[0] +} + +moved { + from = module.postgres.module.db_cluster.aws_iam_role_policy_attachment.rds_enhanced_monitoring[0] + to = module.eu_central_1.module.postgres.module.db_cluster.aws_iam_role_policy_attachment.rds_enhanced_monitoring[0] +} + +moved { + from = module.postgres.module.db_cluster.aws_rds_cluster.this[0] + to = module.eu_central_1.module.postgres.module.db_cluster.aws_rds_cluster.this[0] +} + +moved { + from = module.postgres.module.db_cluster.aws_rds_cluster_instance.this["1"] + to = module.eu_central_1.module.postgres.module.db_cluster.aws_rds_cluster_instance.this["1"] +} + +moved { + from = module.postgres.module.db_cluster.aws_security_group.this[0] + to = module.eu_central_1.module.postgres.module.db_cluster.aws_security_group.this[0] +} + +moved { + from = module.postgres.module.db_cluster.aws_security_group_rule.this["vpc_ingress"] + to = module.eu_central_1.module.postgres.module.db_cluster.aws_security_group_rule.this["vpc_ingress"] +} diff --git a/terraform/region/terraform.tf b/terraform/region/terraform.tf index 9b14a4a1..fc6e6cb4 100644 --- a/terraform/region/terraform.tf +++ b/terraform/region/terraform.tf @@ -7,6 +7,10 @@ terraform { source = "hashicorp/aws" version = ">= 5.7" } + grafana = { + source = "grafana/grafana" + version = ">= 2.1" + } random = { source = "hashicorp/random" version = "3.5.1" diff --git a/terraform/variables.tf b/terraform/variables.tf index f303a2c6..490d881d 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -4,7 +4,6 @@ variable "grafana_auth" { description = "The API Token for the Grafana instance" type = string - default = "" } #------------------------------------------------------------------------------- From 618ff34a4883b15d2438128a4de054ed7fd16678 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 23 Aug 2024 14:39:00 -0700 Subject: [PATCH 09/20] chore: resolve merge residual --- terraform/main.tf | 3 +++ terraform/region/variables.tf | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/terraform/main.tf b/terraform/main.tf index eedcc4cf..6b2feb32 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -20,6 +20,7 @@ module "eu_central_1" { one_inch_referrer = var.one_inch_referrer getblock_access_tokens = var.getblock_access_tokens pimlico_api_key = var.pimlico_api_key + solscan_api_v1_token = var.solscan_api_v1_token testing_project_id = var.testing_project_id geoip_db_key = var.geoip_db_key notification_channels = var.notification_channels @@ -63,6 +64,7 @@ module "eu_central_1" { # one_inch_referrer = var.one_inch_referrer # getblock_access_tokens = var.getblock_access_tokens # pimlico_api_key = var.pimlico_api_key +# solscan_api_v1_token = var.solscan_api_v1_token # testing_project_id = var.testing_project_id # geoip_db_key = var.geoip_db_key # notification_channels = var.notification_channels @@ -106,6 +108,7 @@ module "eu_central_1" { # one_inch_referrer = var.one_inch_referrer # getblock_access_tokens = var.getblock_access_tokens # pimlico_api_key = var.pimlico_api_key +# solscan_api_v1_token = var.solscan_api_v1_token # testing_project_id = var.testing_project_id # geoip_db_key = var.geoip_db_key # notification_channels = var.notification_channels diff --git a/terraform/region/variables.tf b/terraform/region/variables.tf index ca0b9648..adb58415 100644 --- a/terraform/region/variables.tf +++ b/terraform/region/variables.tf @@ -130,6 +130,12 @@ variable "pimlico_api_key" { sensitive = true } +variable "solscan_api_v1_token" { + description = "Solscan API v1 token" + type = string + sensitive = true +} + variable "testing_project_id" { description = "Project ID used in a testing suite" type = string From 27e18e1b17a647750cf46f96ee73a6b16296bb2d Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Fri, 23 Aug 2024 14:59:54 -0700 Subject: [PATCH 10/20] chore: remove unused provider --- terraform/terraform.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/terraform/terraform.tf b/terraform/terraform.tf index cf344dfc..338453df 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -19,9 +19,5 @@ terraform { source = "grafana/grafana" version = ">= 2.1" } - random = { - source = "hashicorp/random" - version = "3.5.1" - } } } From 030e689189c843f770e2725cd1006ca6ef63c0d1 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Mon, 26 Aug 2024 11:22:14 -0700 Subject: [PATCH 11/20] chore: fix merge --- terraform/main.tf | 89 +---------------------------------- terraform/region/variables.tf | 6 +++ 2 files changed, 7 insertions(+), 88 deletions(-) diff --git a/terraform/main.tf b/terraform/main.tf index 6b2feb32..418f70d3 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -21,6 +21,7 @@ module "eu_central_1" { getblock_access_tokens = var.getblock_access_tokens pimlico_api_key = var.pimlico_api_key solscan_api_v1_token = var.solscan_api_v1_token + solscan_api_v2_token = var.solscan_api_v2_token testing_project_id = var.testing_project_id geoip_db_key = var.geoip_db_key notification_channels = var.notification_channels @@ -41,91 +42,3 @@ module "eu_central_1" { aws = aws.eu-central-1 } } - -# module "us_east_1" { -# source = "./region" -# region = "us-east-1" -# image_version = var.image_version -# log_level = var.log_level -# app_autoscaling_desired_count = var.app_autoscaling_desired_count -# app_autoscaling_min_capacity = var.app_autoscaling_min_capacity -# app_autoscaling_max_capacity = var.app_autoscaling_max_capacity -# ofac_blocked_countries = var.ofac_blocked_countries -# registry_api_endpoint = var.registry_api_endpoint -# registry_api_auth_token = var.registry_api_auth_token -# project_cache_ttl = var.project_cache_ttl -# infura_project_id = var.infura_project_id -# pokt_project_id = var.pokt_project_id -# zerion_api_key = var.zerion_api_key -# quicknode_api_tokens = var.quicknode_api_tokens -# coinbase_api_key = var.coinbase_api_key -# coinbase_app_id = var.coinbase_app_id -# one_inch_api_key = var.one_inch_api_key -# one_inch_referrer = var.one_inch_referrer -# getblock_access_tokens = var.getblock_access_tokens -# pimlico_api_key = var.pimlico_api_key -# solscan_api_v1_token = var.solscan_api_v1_token -# testing_project_id = var.testing_project_id -# geoip_db_key = var.geoip_db_key -# notification_channels = var.notification_channels -# webhook_cloudwatch_p2 = var.webhook_cloudwatch_p2 -# webhook_prometheus_p2 = var.webhook_prometheus_p2 -# rate_limiting_max_tokens = var.rate_limiting_max_tokens -# rate_limiting_refill_interval = var.rate_limiting_refill_interval -# rate_limiting_refill_rate = var.rate_limiting_refill_rate -# irn_vpc_id = var.irn_vpc_ids["us-east-1"] -# irn_vpc_cidr = var.irn_vpc_cidrs["us-east-1"] -# irn_aws_account_id = var.irn_aws_account_id -# irn_node = var.irn_nodes["us-east-1"] -# irn_key = var.irn_key -# irn_namespace = var.irn_namespace -# irn_namespace_secret = var.irn_namespace_secret - -# providers = { -# aws = aws.us-east-1 -# } -# } - -# module "ap_southeast_1" { -# source = "./region" -# region = "ap-southeast-1" -# image_version = var.image_version -# log_level = var.log_level -# app_autoscaling_desired_count = var.app_autoscaling_desired_count -# app_autoscaling_min_capacity = var.app_autoscaling_min_capacity -# app_autoscaling_max_capacity = var.app_autoscaling_max_capacity -# ofac_blocked_countries = var.ofac_blocked_countries -# registry_api_endpoint = var.registry_api_endpoint -# registry_api_auth_token = var.registry_api_auth_token -# project_cache_ttl = var.project_cache_ttl -# infura_project_id = var.infura_project_id -# pokt_project_id = var.pokt_project_id -# zerion_api_key = var.zerion_api_key -# quicknode_api_tokens = var.quicknode_api_tokens -# coinbase_api_key = var.coinbase_api_key -# coinbase_app_id = var.coinbase_app_id -# one_inch_api_key = var.one_inch_api_key -# one_inch_referrer = var.one_inch_referrer -# getblock_access_tokens = var.getblock_access_tokens -# pimlico_api_key = var.pimlico_api_key -# solscan_api_v1_token = var.solscan_api_v1_token -# testing_project_id = var.testing_project_id -# geoip_db_key = var.geoip_db_key -# notification_channels = var.notification_channels -# webhook_cloudwatch_p2 = var.webhook_cloudwatch_p2 -# webhook_prometheus_p2 = var.webhook_prometheus_p2 -# rate_limiting_max_tokens = var.rate_limiting_max_tokens -# rate_limiting_refill_interval = var.rate_limiting_refill_interval -# rate_limiting_refill_rate = var.rate_limiting_refill_rate -# irn_vpc_id = var.irn_vpc_ids["ap-southeast-1"] -# irn_vpc_cidr = var.irn_vpc_cidrs["ap-southeast-1"] -# irn_aws_account_id = var.irn_aws_account_id -# irn_node = var.irn_nodes["ap-southeast-1"] -# irn_key = var.irn_key -# irn_namespace = var.irn_namespace -# irn_namespace_secret = var.irn_namespace_secret - -# providers = { -# aws = aws.ap-southeast-1 -# } -# } diff --git a/terraform/region/variables.tf b/terraform/region/variables.tf index adb58415..b0738647 100644 --- a/terraform/region/variables.tf +++ b/terraform/region/variables.tf @@ -136,6 +136,12 @@ variable "solscan_api_v1_token" { sensitive = true } +variable "solscan_api_v2_token" { + description = "Solscan API v2 token" + type = string + sensitive = true +} + variable "testing_project_id" { description = "Project ID used in a testing suite" type = string From cab7842a37a276a73c4668f3abcab580fc8d28cd Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Mon, 26 Aug 2024 15:05:04 -0700 Subject: [PATCH 12/20] chore: regional endpoints --- .github/workflows/sub-cd.yml | 18 ++++++++++++++++-- terraform/region/ecs/dns.tf | 27 +++++++++++++++++++++++++++ terraform/region/res_dns.tf | 14 +++++++++++++- 3 files changed, 56 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sub-cd.yml b/.github/workflows/sub-cd.yml index f264f5b7..c5d5596f 100644 --- a/.github/workflows/sub-cd.yml +++ b/.github/workflows/sub-cd.yml @@ -45,12 +45,19 @@ jobs: validate-staging: name: Validate Staging + strategy: + matrix: + endpoint: + - "staging.rpc.walletconnect.com" + - "staging.eu-central-1.rpc.walletconnect.com" + # - "staging.us-east-1.rpc.walletconnect.com" + # - "staging.ap-southeast-1.rpc.walletconnect.com" needs: [ cd-staging ] uses: ./.github/workflows/sub-validate.yml secrets: inherit with: stage: staging - stage-url: https://staging.${{ vars.SUBDOMAIN_NAME }}.walletconnect.com + stage-url: ${{ matrix.endpoint }} cd-prod: name: Prod @@ -71,9 +78,16 @@ jobs: validate-prod: name: Validate Prod + strategy: + matrix: + endpoint: + - "rpc.walletconnect.com" + - "eu-central-1.rpc.walletconnect.com" + # - "us-east-1.rpc.walletconnect.com" + # - "ap-southeast-1.rpc.walletconnect.com" needs: [ cd-prod ] uses: ./.github/workflows/sub-validate.yml secrets: inherit with: stage: prod - stage-url: https://${{ vars.SUBDOMAIN_NAME }}.walletconnect.com + stage-url: ${{ matrix.endpoint }} diff --git a/terraform/region/ecs/dns.tf b/terraform/region/ecs/dns.tf index aaa95cd6..34ccbfbb 100644 --- a/terraform/region/ecs/dns.tf +++ b/terraform/region/ecs/dns.tf @@ -1,4 +1,18 @@ # DNS Records +resource "aws_route53_record" "dns_load_balancer_region" { + for_each = var.route53_zones + + zone_id = each.key + name = "${module.this.region}.${each.value}" + type = "A" + + alias { + name = aws_lb.load_balancer.dns_name + zone_id = aws_lb.load_balancer.zone_id + evaluate_target_health = true + } +} + resource "aws_route53_record" "dns_load_balancer" { for_each = var.route53_zones @@ -12,3 +26,16 @@ resource "aws_route53_record" "dns_load_balancer" { evaluate_target_health = true } } + +# resource "aws_route53_health_check" "health_check" { +# fqdn = local.fqdn +# port = 443 +# type = "HTTPS" +# resource_path = "/health" +# failure_threshold = "5" +# request_interval = "30" + +# tags = { +# Name = "${var.environment}.${var.region}.${var.app_name}-health-check" +# } +# } diff --git a/terraform/region/res_dns.tf b/terraform/region/res_dns.tf index 5557b82f..7d80dc58 100644 --- a/terraform/region/res_dns.tf +++ b/terraform/region/res_dns.tf @@ -1,6 +1,18 @@ locals { zones = { for k, v in tomap(data.terraform_remote_state.infra_aws.outputs.zones.blockchain[local.stage]) : v.id => v.name } - zones_certificates = { for k, v in module.dns_certificate : v.zone_id => v.certificate_arn } + zones_certificates = merge( + { for k, v in module.dns_certificate : v.zone_id => v.certificate_arn }, + { for k, v in module.dns_certificate_region : v.zone_id => v.certificate_arn } + ) +} + +module "dns_certificate_region" { + for_each = local.zones + source = "app.terraform.io/wallet-connect/dns/aws" + version = "0.1.3" + context = module.this + hosted_zone_name = each.value + fqdn = "${module.this.region}.${each.value}" } module "dns_certificate" { From 9a5fe8fa178cd1cddec6ce98124cd3febf1602ca Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Mon, 26 Aug 2024 15:11:42 -0700 Subject: [PATCH 13/20] chore: fmt --- terraform/region/res_dns.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/region/res_dns.tf b/terraform/region/res_dns.tf index 7d80dc58..a8833b7c 100644 --- a/terraform/region/res_dns.tf +++ b/terraform/region/res_dns.tf @@ -1,5 +1,5 @@ locals { - zones = { for k, v in tomap(data.terraform_remote_state.infra_aws.outputs.zones.blockchain[local.stage]) : v.id => v.name } + zones = { for k, v in tomap(data.terraform_remote_state.infra_aws.outputs.zones.blockchain[local.stage]) : v.id => v.name } zones_certificates = merge( { for k, v in module.dns_certificate : v.zone_id => v.certificate_arn }, { for k, v in module.dns_certificate_region : v.zone_id => v.certificate_arn } From ae27300dd4eb89bdb3566c8d837c1f913f413454 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Mon, 26 Aug 2024 15:46:05 -0700 Subject: [PATCH 14/20] chore: fix endpoints --- .github/workflows/sub-cd.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/sub-cd.yml b/.github/workflows/sub-cd.yml index c5d5596f..9493732d 100644 --- a/.github/workflows/sub-cd.yml +++ b/.github/workflows/sub-cd.yml @@ -48,10 +48,10 @@ jobs: strategy: matrix: endpoint: - - "staging.rpc.walletconnect.com" - - "staging.eu-central-1.rpc.walletconnect.com" - # - "staging.us-east-1.rpc.walletconnect.com" - # - "staging.ap-southeast-1.rpc.walletconnect.com" + - "https://staging.rpc.walletconnect.com" + - "https://staging.eu-central-1.rpc.walletconnect.com" + # - "https://staging.us-east-1.rpc.walletconnect.com" + # - "https://staging.ap-southeast-1.rpc.walletconnect.com" needs: [ cd-staging ] uses: ./.github/workflows/sub-validate.yml secrets: inherit @@ -81,10 +81,10 @@ jobs: strategy: matrix: endpoint: - - "rpc.walletconnect.com" - - "eu-central-1.rpc.walletconnect.com" - # - "us-east-1.rpc.walletconnect.com" - # - "ap-southeast-1.rpc.walletconnect.com" + - "https://rpc.walletconnect.com" + - "https://eu-central-1.rpc.walletconnect.com" + # - "https://us-east-1.rpc.walletconnect.com" + # - "https://ap-southeast-1.rpc.walletconnect.com" needs: [ cd-prod ] uses: ./.github/workflows/sub-validate.yml secrets: inherit From 291876cc3d1c120d398a3bafe78dc44827418727 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Mon, 26 Aug 2024 15:51:24 -0700 Subject: [PATCH 15/20] chore: certificate depends --- terraform/region/ecs/dns.tf | 3 ++- terraform/region/ecs/network.tf | 9 ++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/terraform/region/ecs/dns.tf b/terraform/region/ecs/dns.tf index 34ccbfbb..d892c12d 100644 --- a/terraform/region/ecs/dns.tf +++ b/terraform/region/ecs/dns.tf @@ -1,6 +1,7 @@ # DNS Records resource "aws_route53_record" "dns_load_balancer_region" { - for_each = var.route53_zones + depends_on = [aws_acm_certificate_validation.certificate_validation] + for_each = var.route53_zones zone_id = each.key name = "${module.this.region}.${each.value}" diff --git a/terraform/region/ecs/network.tf b/terraform/region/ecs/network.tf index 923d6bd3..9cc32142 100644 --- a/terraform/region/ecs/network.tf +++ b/terraform/region/ecs/network.tf @@ -45,9 +45,16 @@ resource "aws_lb_listener" "listener-https" { } resource "aws_lb_listener_certificate" "listener-https" { - for_each = local.additional_certificates + for_each = aws_acm_certificate_validation.certificate_validation listener_arn = aws_lb_listener.listener-https.arn + certificate_arn = each.value.certificate_arn +} + +resource "aws_acm_certificate_validation" "certificate_validation" { + for_each = local.additional_certificates certificate_arn = each.value + + # validation_record_fqdns = [...] } resource "aws_lb_listener" "listener-http" { From 3cf7258a136cf57c792af22f6ba3ca4f4d2f88c4 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Mon, 26 Aug 2024 17:48:55 -0700 Subject: [PATCH 16/20] fix: multiple domains per zone --- terraform/region/ecs/network.tf | 2 +- terraform/region/ecs/variables.tf | 2 +- terraform/region/res_dns.tf | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/terraform/region/ecs/network.tf b/terraform/region/ecs/network.tf index 9cc32142..4bc2440a 100644 --- a/terraform/region/ecs/network.tf +++ b/terraform/region/ecs/network.tf @@ -22,7 +22,7 @@ resource "aws_lb" "load_balancer" { } locals { - main_certificate_key = keys(var.route53_zones_certificates)[0] + main_certificate_key = 0 main_certificate = var.route53_zones_certificates[local.main_certificate_key] additional_certificates = { for k, v in var.route53_zones_certificates : k => v if k != local.main_certificate_key } } diff --git a/terraform/region/ecs/variables.tf b/terraform/region/ecs/variables.tf index b6c7c039..1860a775 100644 --- a/terraform/region/ecs/variables.tf +++ b/terraform/region/ecs/variables.tf @@ -65,7 +65,7 @@ variable "route53_zones" { variable "route53_zones_certificates" { description = "The ARNs of the ACM certificates to use for HTTPS" - type = map(string) + type = list(string) } #------------------------------------------------------------------------------- diff --git a/terraform/region/res_dns.tf b/terraform/region/res_dns.tf index a8833b7c..09823bd6 100644 --- a/terraform/region/res_dns.tf +++ b/terraform/region/res_dns.tf @@ -1,8 +1,8 @@ locals { zones = { for k, v in tomap(data.terraform_remote_state.infra_aws.outputs.zones.blockchain[local.stage]) : v.id => v.name } - zones_certificates = merge( - { for k, v in module.dns_certificate : v.zone_id => v.certificate_arn }, - { for k, v in module.dns_certificate_region : v.zone_id => v.certificate_arn } + zones_certificates = concat( + [for k, v in module.dns_certificate : v.certificate_arn], + [for k, v in module.dns_certificate_region : v.certificate_arn] ) } From e60d9d468a59666320735882edfd4c2cb387f927 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Mon, 26 Aug 2024 17:56:35 -0700 Subject: [PATCH 17/20] chore: fix URL --- .github/workflows/sub-cd.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sub-cd.yml b/.github/workflows/sub-cd.yml index 9493732d..cdc269d2 100644 --- a/.github/workflows/sub-cd.yml +++ b/.github/workflows/sub-cd.yml @@ -49,9 +49,9 @@ jobs: matrix: endpoint: - "https://staging.rpc.walletconnect.com" - - "https://staging.eu-central-1.rpc.walletconnect.com" - # - "https://staging.us-east-1.rpc.walletconnect.com" - # - "https://staging.ap-southeast-1.rpc.walletconnect.com" + - "https://eu-central-1.staging.rpc.walletconnect.com" + # - "https://us-east-1.staging.rpc.walletconnect.com" + # - "https://ap-southeast-1.staging.rpc.walletconnect.com" needs: [ cd-staging ] uses: ./.github/workflows/sub-validate.yml secrets: inherit From 46d533c007db60d19fd65ed78cd9bccfcd3a46bb Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Tue, 27 Aug 2024 11:57:20 -0700 Subject: [PATCH 18/20] chore: stage URL --- .github/workflows/sub-validate.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/sub-validate.yml b/.github/workflows/sub-validate.yml index a2fffef8..c372bd3e 100644 --- a/.github/workflows/sub-validate.yml +++ b/.github/workflows/sub-validate.yml @@ -21,7 +21,7 @@ permissions: jobs: health-check: - name: Health Check - ${{ inputs.stage }} + name: Health Check - ${{ inputs.stage-url }} runs-on: ubuntu-latest environment: name: ${{ inputs.stage }} @@ -31,7 +31,7 @@ jobs: run: curl "${{ inputs.stage-url }}/health" integration-tests: - name: Integration Tests - ${{ inputs.stage }} + name: Integration Tests - ${{ inputs.stage-url }} runs-on: ubuntu-latest services: postgres: @@ -74,7 +74,7 @@ jobs: args: --test integration integration-tests-providers: - name: Providers Integration Tests - ${{ inputs.stage }} + name: Providers Integration Tests - ${{ inputs.stage-url }} uses: ./.github/workflows/sub-providers.yml secrets: inherit with: @@ -82,7 +82,7 @@ jobs: stage-url: ${{ inputs.stage-url }} integration-tests-ts: - name: TS Integration Tests - ${{ inputs.stage }} + name: TS Integration Tests - ${{ inputs.stage-url }} runs-on: ubuntu-latest steps: - name: Checkout From 306f247cdd0c82ff4d187a88c9056e3285483345 Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Tue, 27 Aug 2024 17:28:13 -0700 Subject: [PATCH 19/20] chore: prevent taking down main region --- terraform/moved.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/terraform/moved.tf b/terraform/moved.tf index 13551f54..abdd7bbe 100644 --- a/terraform/moved.tf +++ b/terraform/moved.tf @@ -762,3 +762,8 @@ moved { from = module.postgres.module.db_cluster.aws_security_group_rule.this["vpc_ingress"] to = module.eu_central_1.module.postgres.module.db_cluster.aws_security_group_rule.this["vpc_ingress"] } + +moved { + from = module.eu_central_1.module.ecs.aws_lb_listener_certificate.listener-https["Z08482453O4S3RHV9217F"] + to = module.eu_central_1.module.ecs.aws_lb_listener_certificate.listener-https["1"] +} From ea5486c0d7b2583d018574137905cdfd61ce478e Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Tue, 27 Aug 2024 17:41:19 -0700 Subject: [PATCH 20/20] chore: prod listener move --- terraform/moved.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/terraform/moved.tf b/terraform/moved.tf index abdd7bbe..2fe52260 100644 --- a/terraform/moved.tf +++ b/terraform/moved.tf @@ -767,3 +767,8 @@ moved { from = module.eu_central_1.module.ecs.aws_lb_listener_certificate.listener-https["Z08482453O4S3RHV9217F"] to = module.eu_central_1.module.ecs.aws_lb_listener_certificate.listener-https["1"] } + +moved { + from = module.eu_central_1.module.ecs.aws_lb_listener_certificate.listener-https["Z08394271XY7LL4G2RE1G"] + to = module.eu_central_1.module.ecs.aws_lb_listener_certificate.listener-https["1"] +}