From 1f65d19db5fade7efea7c194890f2cd5884d1e77 Mon Sep 17 00:00:00 2001 From: David Wilkie Date: Sat, 24 Aug 2024 12:36:48 +0700 Subject: [PATCH] WIP --- infrastructure/modules/efs/efs.tf | 10 +----- infrastructure/modules/efs/mount_targets.tf | 4 +-- infrastructure/modules/efs/outputs.tf | 2 +- infrastructure/modules/switch/cache.tf | 5 --- infrastructure/modules/switch/ecs.tf | 14 ++++++-- infrastructure/modules/switch/lb.tf | 39 +++++++++++++++++---- infrastructure/modules/switch/outputs.tf | 8 ++--- infrastructure/modules/switch/providers.tf | 8 +++++ infrastructure/modules/switch/variables.tf | 13 ++----- infrastructure/modules/switch/versions.tf | 8 ----- infrastructure/staging/switch.tf | 18 +++++++--- 11 files changed, 77 insertions(+), 52 deletions(-) create mode 100644 infrastructure/modules/switch/providers.tf delete mode 100644 infrastructure/modules/switch/versions.tf diff --git a/infrastructure/modules/efs/efs.tf b/infrastructure/modules/efs/efs.tf index 4b4c9e164..3ac2341af 100644 --- a/infrastructure/modules/efs/efs.tf +++ b/infrastructure/modules/efs/efs.tf @@ -1,10 +1,4 @@ -locals { - create_efs_file_system = var.file_system == null - efs_file_system = local.create_efs_file_system ? aws_efs_file_system.this[0] : var.file_system -} - resource "aws_efs_file_system" "this" { - count = local.create_efs_file_system ? 1 : 0 creation_token = var.name encrypted = true @@ -22,9 +16,7 @@ resource "aws_efs_file_system" "this" { } resource "aws_efs_backup_policy" "this" { - count = local.create_efs_file_system ? 1 : 0 - - file_system_id = aws_efs_file_system.this[0].id + file_system_id = aws_efs_file_system.this.id backup_policy { status = "DISABLED" diff --git a/infrastructure/modules/efs/mount_targets.tf b/infrastructure/modules/efs/mount_targets.tf index 44041f752..b33fb8f0d 100644 --- a/infrastructure/modules/efs/mount_targets.tf +++ b/infrastructure/modules/efs/mount_targets.tf @@ -1,11 +1,11 @@ locals { - security_group_name = var.security_group_name == null ? (var.name == null ? var.file_system.name : var.name) : var.security_group_name + security_group_name = var.security_group_name == null ? var.name : var.security_group_name } resource "aws_efs_mount_target" "this" { for_each = toset(var.vpc.intra_subnets) - file_system_id = local.efs_file_system.id + file_system_id = aws_efs_file_system.this.id subnet_id = each.value security_groups = [aws_security_group.this.id] } diff --git a/infrastructure/modules/efs/outputs.tf b/infrastructure/modules/efs/outputs.tf index 25b38c1d4..db1e200af 100644 --- a/infrastructure/modules/efs/outputs.tf +++ b/infrastructure/modules/efs/outputs.tf @@ -1,3 +1,3 @@ output "file_system" { - value = local.efs_file_system + value = aws_efs_file_system.this } diff --git a/infrastructure/modules/switch/cache.tf b/infrastructure/modules/switch/cache.tf index bbce1a62e..6654fb12f 100644 --- a/infrastructure/modules/switch/cache.tf +++ b/infrastructure/modules/switch/cache.tf @@ -1,11 +1,6 @@ -locals { - cache_file_system = var.cache_file_system != null ? var.cache_file_system : module.cache.file_system -} - module "cache" { source = "../efs" vpc = var.vpc name = var.cache_name security_group_name = var.cache_security_group_name - file_system = var.cache_file_system } diff --git a/infrastructure/modules/switch/ecs.tf b/infrastructure/modules/switch/ecs.tf index a958d7583..6b4487651 100644 --- a/infrastructure/modules/switch/ecs.tf +++ b/infrastructure/modules/switch/ecs.tf @@ -326,7 +326,7 @@ resource "aws_ecs_task_definition" "this" { name = "cache" efs_volume_configuration { - file_system_id = local.cache_file_system.id + file_system_id = module.cache.file_system.id transit_encryption = "ENABLED" } } @@ -355,11 +355,21 @@ resource "aws_ecs_service" "this" { } load_balancer { - target_group_arn = aws_lb_target_group.this.arn + target_group_arn = aws_lb_target_group.regional.arn container_name = "nginx" container_port = var.webserver_port } + dynamic "load_balancer" { + for_each = aws_lb_target_group.default + + content { + target_group_arn = load_balancer.value.arn + container_name = "nginx" + container_port = var.webserver_port + } + } + lifecycle { ignore_changes = [task_definition, desired_count] } diff --git a/infrastructure/modules/switch/lb.tf b/infrastructure/modules/switch/lb.tf index f362eaa8d..e75ea66b3 100644 --- a/infrastructure/modules/switch/lb.tf +++ b/infrastructure/modules/switch/lb.tf @@ -1,13 +1,31 @@ locals { create_default_lb_rule = var.lb_default_rule_index != null - create_region_lb_rule = var.lb_region_rule_index != null } -resource "aws_lb_target_group" "this" { +resource "aws_lb_target_group" "regional" { + name = "${var.identifier}-${var.region_alias}" + port = var.webserver_port + protocol = "HTTP" + vpc_id = var.default_vpc.vpc_id + target_type = "ip" + deregistration_delay = 60 + + health_check { + protocol = "HTTP" + path = "/health_checks" + healthy_threshold = 3 + interval = 10 + } + + provider = aws.default +} + +resource "aws_lb_target_group" "default" { + count = local.create_default_lb_rule ? 1 : 0 name = "${var.identifier}-internal" port = var.webserver_port protocol = "HTTP" - vpc_id = var.vpc.vpc_id + vpc_id = var.default_vpc.vpc_id target_type = "ip" deregistration_delay = 60 @@ -17,23 +35,26 @@ resource "aws_lb_target_group" "this" { healthy_threshold = 3 interval = 10 } + + provider = aws.default } -resource "aws_lb_listener_rule" "region" { - count = local.create_region_lb_rule ? 1 : 0 +resource "aws_lb_listener_rule" "regional" { priority = var.lb_region_rule_index listener_arn = var.internal_listener.arn action { type = "forward" - target_group_arn = aws_lb_target_group.this.id + target_group_arn = aws_lb_target_group.regional.id } condition { host_header { values = [local.route53_record.fqdn] } + } + condition { http_header { http_header_name = "X-Somleng-Region-Alias" values = [var.region_alias] @@ -43,6 +64,8 @@ resource "aws_lb_listener_rule" "region" { lifecycle { ignore_changes = [action] } + + provider = aws.default } resource "aws_lb_listener_rule" "default" { @@ -52,7 +75,7 @@ resource "aws_lb_listener_rule" "default" { action { type = "forward" - target_group_arn = aws_lb_target_group.this.id + target_group_arn = aws_lb_target_group.default[0].id } condition { @@ -64,4 +87,6 @@ resource "aws_lb_listener_rule" "default" { lifecycle { ignore_changes = [action] } + + provider = aws.default } diff --git a/infrastructure/modules/switch/outputs.tf b/infrastructure/modules/switch/outputs.tf index 3dc996040..f30a8f5ba 100644 --- a/infrastructure/modules/switch/outputs.tf +++ b/infrastructure/modules/switch/outputs.tf @@ -38,10 +38,6 @@ output "iam_task_execution_role" { value = local.iam_task_execution_role } -output "cache_file_system" { - value = local.cache_file_system -} - output "route53_record" { value = local.route53_record } @@ -70,6 +66,10 @@ output "sip_port" { value = var.sip_port } +output "cache_name" { + value = var.cache_name +} + output "sip_alternative_port" { value = var.sip_alternative_port } diff --git a/infrastructure/modules/switch/providers.tf b/infrastructure/modules/switch/providers.tf new file mode 100644 index 000000000..f5d4e48a2 --- /dev/null +++ b/infrastructure/modules/switch/providers.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + configuration_aliases = [aws, aws.default] + } + } +} diff --git a/infrastructure/modules/switch/variables.tf b/infrastructure/modules/switch/variables.tf index 643cc3a18..86e5c59b9 100644 --- a/infrastructure/modules/switch/variables.tf +++ b/infrastructure/modules/switch/variables.tf @@ -1,16 +1,12 @@ variable "identifier" {} variable "aws_region" {} variable "vpc" {} +variable "default_vpc" {} variable "ecs_cluster" {} variable "app_environment" {} -variable "region_alias" { - default = null -} - -variable "lb_region_rule_index" { - default = null -} +variable "region_alias" {} +variable "lb_region_rule_index" {} variable "lb_default_rule_index" { default = null @@ -84,9 +80,6 @@ variable "cache_name" { variable "cache_security_group_name" { default = null } -variable "cache_file_system" { - default = null -} variable "internal_route53_zone" { default = null } diff --git a/infrastructure/modules/switch/versions.tf b/infrastructure/modules/switch/versions.tf deleted file mode 100644 index 1d23dfe5c..000000000 --- a/infrastructure/modules/switch/versions.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - } - } - required_version = ">= 0.13" -} diff --git a/infrastructure/staging/switch.tf b/infrastructure/staging/switch.tf index 9d8e525ed..742e74464 100644 --- a/infrastructure/staging/switch.tf +++ b/infrastructure/staging/switch.tf @@ -14,9 +14,13 @@ module "switch" { min_tasks = 0 max_tasks = 2 aws_region = var.aws_default_region + region_alias = "hydrogen" + lb_region_rule_index = 120 + lb_default_rule_index = 130 identifier = var.switch_identifier app_environment = var.app_environment vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc + default_vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc ecs_cluster = aws_ecs_cluster.this sip_port = var.sip_port sip_alternative_port = var.sip_alternative_port @@ -26,7 +30,6 @@ module "switch" { internal_route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org internal_load_balancer = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer internal_listener = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener - lb_default_rule_index = 130 app_image = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri nginx_image = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri freeswitch_image = data.terraform_remote_state.core.outputs.freeswitch_ecr_repository.repository_uri @@ -34,6 +37,11 @@ module "switch" { external_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.vpc.nat_public_ips[0] alternative_sip_outbound_ip = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip alternative_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip + + providers = { + aws = aws + aws.default = aws + } } module "switch_helium" { @@ -41,7 +49,9 @@ module "switch_helium" { aws_region = var.aws_helium_region region_alias = "helium" + lb_region_rule_index = 121 vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium + default_vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc ecs_cluster = aws_ecs_cluster.helium external_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium.nat_public_ips[0] alternative_sip_outbound_ip = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium.nat_public_ips[0] @@ -49,6 +59,7 @@ module "switch_helium" { identifier = module.switch.identifier app_environment = module.switch.app_environment json_cdr_url = module.switch.json_cdr_url + cache_name = module.switch.cache_name recordings_bucket = module.switch.recordings_bucket recordings_bucket_access_key_id_parameter = module.switch.recordings_bucket_access_key_id_parameter recordings_bucket_secret_access_key_parameter = module.switch.recordings_bucket_secret_access_key_parameter @@ -58,7 +69,6 @@ module "switch_helium" { container_instance_profile = module.switch.container_instances.iam_instance_profile iam_task_role = module.switch.iam_task_role iam_task_execution_role = module.switch.iam_task_execution_role - cache_file_system = module.switch.cache_file_system route53_record = module.switch.route53_record min_tasks = module.switch.min_tasks max_tasks = module.switch.max_tasks @@ -69,13 +79,13 @@ module "switch_helium" { services_function = module.switch.services_function internal_load_balancer = module.switch.internal_load_balancer internal_listener = module.switch.internal_listener - lb_region_rule_index = 120 app_image = module.switch.app_image nginx_image = module.switch.nginx_image freeswitch_image = module.switch.freeswitch_image freeswitch_event_logger_image = module.switch.freeswitch_event_logger_image providers = { - aws = aws.helium + aws = aws.helium + aws.default = aws } }