WIP

somleng · Aug 26, 2024 · 25abf83 · 25abf83
1 parent 1f65d19
commit 25abf83
Show file tree

Hide file tree

Showing 21 changed files with 138 additions and 177 deletions.
diff --git a/components/testing/infrastructure/ec2.tf b/components/testing/infrastructure/ec2.tf
@@ -10,7 +10,7 @@ data "archive_file" "test_files" {
 
 resource "aws_security_group" "this" {
   name   = "somleng-switch-testing"
-  vpc_id = data.terraform_remote_state.core_infrastructure.outputs.vpc.vpc_id
+  vpc_id = data.terraform_remote_state.core_infrastructure.outputs.hydrogen_region.vpc.vpc_id
 }
 
 resource "aws_security_group_rule" "ingress" {
@@ -21,7 +21,7 @@ resource "aws_security_group_rule" "ingress" {
   security_group_id = aws_security_group.this.id
   cidr_blocks = [
     "${data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip}/32",
-    "${data.terraform_remote_state.core_infrastructure.outputs.vpc.nat_public_ips[0]}/32",
+    "${data.terraform_remote_state.core_infrastructure.outputs.hydrogen_region.vpc.nat_public_ips[0]}/32",
   ]
 }
 
@@ -42,7 +42,7 @@ data "aws_network_interface" "nat_instance" {
 }
 
 resource "aws_route" "nat_instance" {
-  route_table_id         = data.terraform_remote_state.core_infrastructure.outputs.vpc.private_route_table_ids[0]
+  route_table_id         = data.terraform_remote_state.core_infrastructure.outputs.hydrogen_region.vpc.private_route_table_ids[0]
   destination_cidr_block = "${aws_instance.this.public_ip}/32"
   network_interface_id   = data.aws_network_interface.nat_instance.id
 }
@@ -51,7 +51,7 @@ resource "aws_instance" "this" {
   ami                         = data.aws_ssm_parameter.arm64_ami.value
   instance_type               = "t4g.small"
   vpc_security_group_ids      = [aws_security_group.this.id]
-  subnet_id                   = element(data.terraform_remote_state.core_infrastructure.outputs.vpc.public_subnets, 0)
+  subnet_id                   = element(data.terraform_remote_state.core_infrastructure.outputs.hydrogen_region.vpc.public_subnets, 0)
   associate_public_ip_address = true
   iam_instance_profile        = aws_iam_instance_profile.this.id
   user_data_replace_on_change = true

diff --git a/infrastructure/core/terraform.tf b/infrastructure/core/terraform.tf
@@ -12,6 +12,6 @@ provider "aws" {
 }
 
 provider "aws" {
-  region  = "us-east-1"
-  alias   = "us-east-1"
+  region = "us-east-1"
+  alias  = "us-east-1"
 }
diff --git a/infrastructure/modules/switch/cache.tf b/infrastructure/modules/switch/cache.tf
@@ -1,6 +1,6 @@
 module "cache" {
   source              = "../efs"
-  vpc                 = var.vpc
+  vpc                 = var.region.vpc
   name                = var.cache_name
   security_group_name = var.cache_security_group_name
 }
diff --git a/infrastructure/modules/switch/container_instances.tf b/infrastructure/modules/switch/container_instances.tf
@@ -2,8 +2,8 @@ module "container_instances" {
   source = "../container_instances"
 
   app_identifier       = var.identifier
-  vpc                  = var.vpc
-  instance_subnets     = var.vpc.private_subnets
+  vpc                  = var.region.vpc
+  instance_subnets     = var.region.vpc.private_subnets
   cluster_name         = var.ecs_cluster.name
   max_capacity         = var.max_tasks * 2
   iam_instance_profile = var.container_instance_profile

diff --git a/infrastructure/modules/switch/ecs.tf b/infrastructure/modules/switch/ecs.tf
@@ -27,7 +27,7 @@ resource "aws_ecs_task_definition" "this" {
         logDriver = "awslogs",
         options = {
           awslogs-group         = aws_cloudwatch_log_group.nginx.name,
-          awslogs-region        = var.aws_region,
+          awslogs-region        = var.region.aws_region,
           awslogs-stream-prefix = var.app_environment
         }
       },
@@ -52,7 +52,7 @@ resource "aws_ecs_task_definition" "this" {
         logDriver = "awslogs",
         options = {
           awslogs-group         = aws_cloudwatch_log_group.app.name,
-          awslogs-region        = var.aws_region,
+          awslogs-region        = var.region.aws_region,
           awslogs-stream-prefix = var.app_environment
         }
       },
@@ -101,7 +101,7 @@ resource "aws_ecs_task_definition" "this" {
         },
         {
           name  = "AWS_DEFAULT_REGION",
-          value = var.aws_region
+          value = var.region.aws_region
         },
         {
           name  = "AHN_CORE_HTTP_PORT",
@@ -128,7 +128,7 @@ resource "aws_ecs_task_definition" "this" {
         logDriver = "awslogs",
         options = {
           awslogs-group         = aws_cloudwatch_log_group.freeswitch.name,
-          awslogs-region        = var.aws_region,
+          awslogs-region        = var.region.aws_region,
           awslogs-stream-prefix = var.app_environment
         }
       },
@@ -192,7 +192,7 @@ resource "aws_ecs_task_definition" "this" {
       environment = [
         {
           name  = "AWS_DEFAULT_REGION",
-          value = var.aws_region
+          value = var.region.aws_region
         },
         {
           name  = "FS_CACHE_DIRECTORY",
@@ -259,7 +259,7 @@ resource "aws_ecs_task_definition" "this" {
         logDriver = "awslogs",
         options = {
           awslogs-group         = aws_cloudwatch_log_group.redis.name,
-          awslogs-region        = var.aws_region,
+          awslogs-region        = var.region.aws_region,
           awslogs-stream-prefix = var.app_environment
         }
       },
@@ -283,7 +283,7 @@ resource "aws_ecs_task_definition" "this" {
         logDriver = "awslogs",
         options = {
           awslogs-group         = aws_cloudwatch_log_group.freeswitch_event_logger.name,
-          awslogs-region        = var.aws_region,
+          awslogs-region        = var.region.aws_region,
           awslogs-stream-prefix = var.app_environment
         }
       },
@@ -339,7 +339,7 @@ resource "aws_ecs_service" "this" {
   desired_count   = var.min_tasks
 
   network_configuration {
-    subnets = var.vpc.private_subnets
+    subnets = var.region.vpc.private_subnets
     security_groups = [
       aws_security_group.this.id
     ]
@@ -355,21 +355,11 @@ resource "aws_ecs_service" "this" {
   }
 
   load_balancer {
-    target_group_arn = aws_lb_target_group.regional.arn
+    target_group_arn = aws_lb_target_group.this.arn
     container_name   = "nginx"
     container_port   = var.webserver_port
   }
 
-  dynamic "load_balancer" {
-    for_each = aws_lb_target_group.default
-
-    content {
-      target_group_arn = load_balancer.value.arn
-      container_name   = "nginx"
-      container_port   = var.webserver_port
-    }
-  }
-
   lifecycle {
     ignore_changes = [task_definition, desired_count]
   }

diff --git a/infrastructure/modules/switch/lb.tf b/infrastructure/modules/switch/lb.tf
@@ -1,12 +1,13 @@
 locals {
-  create_default_lb_rule = var.lb_default_rule_index != null
+  subdomain         = "${var.identifier}-${var.region.alias}"
+  target_group_name = var.target_group_name == null ? local.subdomain : var.target_group_name
 }
 
-resource "aws_lb_target_group" "regional" {
-  name                 = "${var.identifier}-${var.region_alias}"
+resource "aws_lb_target_group" "this" {
+  name                 = local.target_group_name
   port                 = var.webserver_port
   protocol             = "HTTP"
-  vpc_id               = var.default_vpc.vpc_id
+  vpc_id               = var.region.vpc.vpc_id
   target_type          = "ip"
   deregistration_delay = 60
 
@@ -16,77 +17,24 @@ resource "aws_lb_target_group" "regional" {
     healthy_threshold = 3
     interval          = 10
   }
-
-  provider = aws.default
-}
-
-resource "aws_lb_target_group" "default" {
-  count                = local.create_default_lb_rule ? 1 : 0
-  name                 = "${var.identifier}-internal"
-  port                 = var.webserver_port
-  protocol             = "HTTP"
-  vpc_id               = var.default_vpc.vpc_id
-  target_type          = "ip"
-  deregistration_delay = 60
-
-  health_check {
-    protocol          = "HTTP"
-    path              = "/health_checks"
-    healthy_threshold = 3
-    interval          = 10
-  }
-
-  provider = aws.default
-}
-
-resource "aws_lb_listener_rule" "regional" {
-  priority     = var.lb_region_rule_index
-  listener_arn = var.internal_listener.arn
-
-  action {
-    type             = "forward"
-    target_group_arn = aws_lb_target_group.regional.id
-  }
-
-  condition {
-    host_header {
-      values = [local.route53_record.fqdn]
-    }
-  }
-
-  condition {
-    http_header {
-      http_header_name = "X-Somleng-Region-Alias"
-      values           = [var.region_alias]
-    }
-  }
-
-  lifecycle {
-    ignore_changes = [action]
-  }
-
-  provider = aws.default
 }
 
-resource "aws_lb_listener_rule" "default" {
-  count        = local.create_default_lb_rule ? 1 : 0
-  priority     = var.lb_default_rule_index
-  listener_arn = var.internal_listener.arn
+resource "aws_lb_listener_rule" "this" {
+  priority     = var.lb_rule_index
+  listener_arn = var.region.internal_load_balancer.https_listener.arn
 
   action {
     type             = "forward"
-    target_group_arn = aws_lb_target_group.default[0].id
+    target_group_arn = aws_lb_target_group.this.id
   }
 
   condition {
     host_header {
-      values = [local.route53_record.fqdn]
+      values = [aws_route53_record.this.fqdn]
     }
   }
 
   lifecycle {
     ignore_changes = [action]
   }
-
-  provider = aws.default
 }
diff --git a/infrastructure/modules/switch/outputs.tf b/infrastructure/modules/switch/outputs.tf
@@ -38,10 +38,6 @@ output "iam_task_execution_role" {
   value = local.iam_task_execution_role
 }
 
-output "route53_record" {
-  value = local.route53_record
-}
-
 output "identifier" {
   value = var.identifier
 }
@@ -86,14 +82,6 @@ output "services_function" {
   value = var.services_function
 }
 
-output "internal_load_balancer" {
-  value = var.internal_load_balancer
-}
-
-output "internal_listener" {
-  value = var.internal_listener
-}
-
 output "app_image" {
   value = var.app_image
 }
@@ -109,3 +97,11 @@ output "freeswitch_image" {
 output "freeswitch_event_logger_image" {
   value = var.freeswitch_event_logger_image
 }
+
+output "internal_route53_zone" {
+  value = var.internal_route53_zone
+}
+
+output "target_group" {
+  value = aws_lb_target_group.this
+}
diff --git a/infrastructure/modules/switch/providers.tf b/infrastructure/modules/switch/providers.tf
@@ -1,8 +1,7 @@
 terraform {
   required_providers {
     aws = {
-      source                = "hashicorp/aws"
-      configuration_aliases = [aws, aws.default]
+      source = "hashicorp/aws"
     }
   }
 }
diff --git a/infrastructure/modules/switch/route53.tf b/infrastructure/modules/switch/route53.tf
@@ -1,17 +1,11 @@
-locals {
-  create_route53_record = var.route53_record == null
-  route53_record        = local.create_route53_record ? aws_route53_record.this[0] : var.route53_record
-}
-
 resource "aws_route53_record" "this" {
-  count   = local.create_route53_record ? 1 : 0
   zone_id = var.internal_route53_zone.zone_id
-  name    = var.subdomain
+  name    = local.subdomain
   type    = "A"
 
   alias {
-    name                   = var.internal_load_balancer.dns_name
-    zone_id                = var.internal_load_balancer.zone_id
+    name                   = var.region.internal_load_balancer.this.dns_name
+    zone_id                = var.region.internal_load_balancer.this.zone_id
     evaluate_target_health = true
   }
 }
diff --git a/infrastructure/modules/switch/sg.tf b/infrastructure/modules/switch/sg.tf
@@ -1,6 +1,6 @@
 resource "aws_security_group" "this" {
   name   = var.identifier
-  vpc_id = var.vpc.vpc_id
+  vpc_id = var.region.vpc.vpc_id
 
   tags = {
     "Name" = var.identifier
@@ -24,7 +24,7 @@ resource "aws_security_group_rule" "ingress_freeswitch_event_socket" {
   protocol          = "TCP"
   from_port         = 8021
   security_group_id = aws_security_group.this.id
-  cidr_blocks       = [var.vpc.vpc_cidr_block]
+  cidr_blocks       = [var.region.vpc.vpc_cidr_block]
 }
 
 resource "aws_security_group_rule" "ingress_sip" {
@@ -33,7 +33,7 @@ resource "aws_security_group_rule" "ingress_sip" {
   protocol          = "UDP"
   from_port         = var.sip_port
   security_group_id = aws_security_group.this.id
-  cidr_blocks       = [var.vpc.vpc_cidr_block]
+  cidr_blocks       = [var.region.vpc.vpc_cidr_block]
 }
 
 resource "aws_security_group_rule" "ingress_sip_alternative" {
@@ -42,7 +42,7 @@ resource "aws_security_group_rule" "ingress_sip_alternative" {
   protocol          = "UDP"
   from_port         = var.sip_alternative_port
   security_group_id = aws_security_group.this.id
-  cidr_blocks       = [var.vpc.vpc_cidr_block]
+  cidr_blocks       = [var.region.vpc.vpc_cidr_block]
 }
 
 resource "aws_security_group_rule" "egress" {