WIP

infrastructure/modules/efs/efs.tf

@@ -1,10 +1,4 @@
-locals {
-  create_efs_file_system = var.file_system == null
-  efs_file_system        = local.create_efs_file_system ? aws_efs_file_system.this[0] : var.file_system
-}
-
 resource "aws_efs_file_system" "this" {
-  count          = local.create_efs_file_system ? 1 : 0
   creation_token = var.name
   encrypted      = true
 
@@ -22,9 +16,7 @@ resource "aws_efs_file_system" "this" {
 }
 
 resource "aws_efs_backup_policy" "this" {
-  count = local.create_efs_file_system ? 1 : 0
-
-  file_system_id = aws_efs_file_system.this[0].id
+  file_system_id = aws_efs_file_system.this.id
 
   backup_policy {
     status = "DISABLED"

infrastructure/modules/efs/mount_targets.tf

@@ -1,11 +1,11 @@
 locals {
-  security_group_name = var.security_group_name == null ? (var.name == null ? var.file_system.name : var.name) : var.security_group_name
+  security_group_name = var.security_group_name == null ? var.name : var.security_group_name
 }
 
 resource "aws_efs_mount_target" "this" {
   for_each = toset(var.vpc.intra_subnets)
 
-  file_system_id  = local.efs_file_system.id
+  file_system_id  = aws_efs_file_system.this.id
   subnet_id       = each.value
   security_groups = [aws_security_group.this.id]
 }

infrastructure/modules/efs/outputs.tf

@@ -1,3 +1,3 @@
 output "file_system" {
-  value = local.efs_file_system
+  value = aws_efs_file_system.this
 }

infrastructure/modules/switch/cache.tf

@@ -1,11 +1,6 @@
-locals {
-  cache_file_system = var.cache_file_system != null ? var.cache_file_system : module.cache.file_system
-}
-
 module "cache" {
   source              = "../efs"
   vpc                 = var.vpc
   name                = var.cache_name
   security_group_name = var.cache_security_group_name
-  file_system         = var.cache_file_system
 }

infrastructure/modules/switch/ecs.tf

@@ -326,7 +326,7 @@ resource "aws_ecs_task_definition" "this" {
     name = "cache"
 
     efs_volume_configuration {
-      file_system_id     = local.cache_file_system.id
+      file_system_id     = module.cache.file_system.id
       transit_encryption = "ENABLED"
     }
   }
@@ -355,11 +355,21 @@ resource "aws_ecs_service" "this" {
   }
 
   load_balancer {
-    target_group_arn = aws_lb_target_group.this.arn
+    target_group_arn = aws_lb_target_group.regional.arn
     container_name   = "nginx"
     container_port   = var.webserver_port
   }
 
+  dynamic "load_balancer" {
+    for_each = aws_lb_target_group.default
+
+    content {
+      target_group_arn = load_balancer.value.arn
+      container_name   = "nginx"
+      container_port   = var.webserver_port
+    }
+  }
+
   lifecycle {
     ignore_changes = [task_definition, desired_count]
   }

infrastructure/modules/switch/lb.tf

@@ -1,13 +1,31 @@
 locals {
   create_default_lb_rule = var.lb_default_rule_index != null
-  create_region_lb_rule  = var.lb_region_rule_index != null
 }
 
-resource "aws_lb_target_group" "this" {
+resource "aws_lb_target_group" "regional" {
+  name                 = "${var.identifier}-${var.region_alias}"
+  port                 = var.webserver_port
+  protocol             = "HTTP"
+  vpc_id               = var.default_vpc.vpc_id
+  target_type          = "ip"
+  deregistration_delay = 60
+
+  health_check {
+    protocol          = "HTTP"
+    path              = "/health_checks"
+    healthy_threshold = 3
+    interval          = 10
+  }
+
+  provider = aws.default
+}
+
+resource "aws_lb_target_group" "default" {
+  count                = local.create_default_lb_rule ? 1 : 0
   name                 = "${var.identifier}-internal"
   port                 = var.webserver_port
   protocol             = "HTTP"
-  vpc_id               = var.vpc.vpc_id
+  vpc_id               = var.default_vpc.vpc_id
   target_type          = "ip"
   deregistration_delay = 60
 
@@ -17,23 +35,26 @@ resource "aws_lb_target_group" "this" {
     healthy_threshold = 3
     interval          = 10
   }
+
+  provider = aws.default
 }
 
-resource "aws_lb_listener_rule" "region" {
-  count        = local.create_region_lb_rule ? 1 : 0
+resource "aws_lb_listener_rule" "regional" {
   priority     = var.lb_region_rule_index
   listener_arn = var.internal_listener.arn
 
   action {
     type             = "forward"
-    target_group_arn = aws_lb_target_group.this.id
+    target_group_arn = aws_lb_target_group.regional.id
   }
 
   condition {
     host_header {
       values = [local.route53_record.fqdn]
     }
+  }
 
+  condition {
     http_header {
       http_header_name = "X-Somleng-Region-Alias"
       values           = [var.region_alias]
@@ -43,6 +64,8 @@ resource "aws_lb_listener_rule" "region" {
   lifecycle {
     ignore_changes = [action]
   }
+
+  provider = aws.default
 }
 
 resource "aws_lb_listener_rule" "default" {
@@ -52,7 +75,7 @@ resource "aws_lb_listener_rule" "default" {
 
   action {
     type             = "forward"
-    target_group_arn = aws_lb_target_group.this.id
+    target_group_arn = aws_lb_target_group.default[0].id
   }
 
   condition {
@@ -64,4 +87,6 @@ resource "aws_lb_listener_rule" "default" {
   lifecycle {
     ignore_changes = [action]
   }
+
+  provider = aws.default
 }

infrastructure/modules/switch/outputs.tf

@@ -38,10 +38,6 @@ output "iam_task_execution_role" {
   value = local.iam_task_execution_role
 }
 
-output "cache_file_system" {
-  value = local.cache_file_system
-}
-
 output "route53_record" {
   value = local.route53_record
 }
@@ -70,6 +66,10 @@ output "sip_port" {
   value = var.sip_port
 }
 
+output "cache_name" {
+  value = var.cache_name
+}
+
 output "sip_alternative_port" {
   value = var.sip_alternative_port
 }

infrastructure/modules/switch/providers.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    aws = {
+      source                = "hashicorp/aws"
+      configuration_aliases = [aws, aws.default]
+    }
+  }
+}

infrastructure/modules/switch/variables.tf

@@ -1,16 +1,12 @@
 variable "identifier" {}
 variable "aws_region" {}
 variable "vpc" {}
+variable "default_vpc" {}
 variable "ecs_cluster" {}
 variable "app_environment" {}
 
-variable "region_alias" {
-  default = null
-}
-
-variable "lb_region_rule_index" {
-  default = null
-}
+variable "region_alias" {}
+variable "lb_region_rule_index" {}
 
 variable "lb_default_rule_index" {
   default = null
@@ -84,9 +80,6 @@ variable "cache_name" {
 variable "cache_security_group_name" {
   default = null
 }
-variable "cache_file_system" {
-  default = null
-}
 variable "internal_route53_zone" {
   default = null
 }

infrastructure/staging/switch.tf

@@ -14,9 +14,13 @@ module "switch" {
   min_tasks                                          = 0
   max_tasks                                          = 2
   aws_region                                         = var.aws_default_region
+  region_alias                                       = "hydrogen"
+  lb_region_rule_index                               = 120
+  lb_default_rule_index                              = 130
   identifier                                         = var.switch_identifier
   app_environment                                    = var.app_environment
   vpc                                                = data.terraform_remote_state.core_infrastructure.outputs.vpc
+  default_vpc                                        = data.terraform_remote_state.core_infrastructure.outputs.vpc
   ecs_cluster                                        = aws_ecs_cluster.this
   sip_port                                           = var.sip_port
   sip_alternative_port                               = var.sip_alternative_port
@@ -26,29 +30,36 @@ module "switch" {
   internal_route53_zone                              = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org
   internal_load_balancer                             = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer
   internal_listener                                  = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener
-  lb_default_rule_index                              = 130
   app_image                                          = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri
   nginx_image                                        = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri
   freeswitch_image                                   = data.terraform_remote_state.core.outputs.freeswitch_ecr_repository.repository_uri
   freeswitch_event_logger_image                      = data.terraform_remote_state.core.outputs.freeswitch_event_logger_ecr_repository.repository_uri
   external_rtp_ip                                    = data.terraform_remote_state.core_infrastructure.outputs.vpc.nat_public_ips[0]
   alternative_sip_outbound_ip                        = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip
   alternative_rtp_ip                                 = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip
+
+  providers = {
+    aws         = aws
+    aws.default = aws
+  }
 }
 
 module "switch_helium" {
   source = "../modules/switch"
 
   aws_region                                    = var.aws_helium_region
   region_alias                                  = "helium"
+  lb_region_rule_index                          = 121
   vpc                                           = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium
+  default_vpc                                   = data.terraform_remote_state.core_infrastructure.outputs.vpc
   ecs_cluster                                   = aws_ecs_cluster.helium
   external_rtp_ip                               = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium.nat_public_ips[0]
   alternative_sip_outbound_ip                   = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium.nat_public_ips[0]
   alternative_rtp_ip                            = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium.nat_public_ips[0]
   identifier                                    = module.switch.identifier
   app_environment                               = module.switch.app_environment
   json_cdr_url                                  = module.switch.json_cdr_url
+  cache_name                                    = module.switch.cache_name
   recordings_bucket                             = module.switch.recordings_bucket
   recordings_bucket_access_key_id_parameter     = module.switch.recordings_bucket_access_key_id_parameter
   recordings_bucket_secret_access_key_parameter = module.switch.recordings_bucket_secret_access_key_parameter
@@ -58,7 +69,6 @@ module "switch_helium" {
   container_instance_profile                    = module.switch.container_instances.iam_instance_profile
   iam_task_role                                 = module.switch.iam_task_role
   iam_task_execution_role                       = module.switch.iam_task_execution_role
-  cache_file_system                             = module.switch.cache_file_system
   route53_record                                = module.switch.route53_record
   min_tasks                                     = module.switch.min_tasks
   max_tasks                                     = module.switch.max_tasks
@@ -69,13 +79,13 @@ module "switch_helium" {
   services_function                             = module.switch.services_function
   internal_load_balancer                        = module.switch.internal_load_balancer
   internal_listener                             = module.switch.internal_listener
-  lb_region_rule_index                          = 120
   app_image                                     = module.switch.app_image
   nginx_image                                   = module.switch.nginx_image
   freeswitch_image                              = module.switch.freeswitch_image
   freeswitch_event_logger_image                 = module.switch.freeswitch_event_logger_image
 
   providers = {
-    aws = aws.helium
+    aws         = aws.helium
+    aws.default = aws
   }
 }