WIP

somleng · Apr 15, 2024 · 344eb99 · 344eb99
1 parent fc563fd
commit 344eb99
Show file tree

Hide file tree

Showing 4 changed files with 83 additions and 26 deletions.
diff --git a/infrastructure/modules/somleng_switch/switch.tf b/infrastructure/modules/somleng_switch/switch.tf
@@ -459,6 +459,12 @@ resource "aws_ecs_service" "switch" {
     type = "distinctInstance"
   }
 
+  load_balancer {
+    target_group_arn = aws_lb_target_group.switch_public_http.arn
+    container_name   = "nginx"
+    container_port   = 80
+  }
+
   load_balancer {
     target_group_arn = aws_lb_target_group.switch_http.arn
     container_name   = "nginx"
@@ -475,7 +481,7 @@ resource "aws_ecs_service" "switch" {
 }
 
 # Load Balancer
-resource "aws_lb_target_group" "switch_http" {
+resource "aws_lb_target_group" "switch_public_http" {
   name                 = var.switch_identifier
   port                 = 80
   protocol             = "HTTP"
@@ -491,14 +497,30 @@ resource "aws_lb_target_group" "switch_http" {
   }
 }
 
+resource "aws_lb_target_group" "switch_http" {
+  name                 = "${var.switch_identifier}-internal"
+  port                 = 80
+  protocol             = "HTTP"
+  vpc_id               = var.vpc.vpc_id
+  target_type          = "ip"
+  deregistration_delay = 60
+
+  health_check {
+    protocol          = "HTTP"
+    path              = "/health_checks"
+    healthy_threshold = 3
+    interval          = 10
+  }
+}
+
 resource "aws_lb_listener_rule" "switch_public_http" {
   priority = var.app_environment == "production" ? 20 : 120
 
-  listener_arn = var.listener_arn
+  listener_arn = var.listener.arn
 
   action {
     type             = "forward"
-    target_group_arn = aws_lb_target_group.switch_http.id
+    target_group_arn = aws_lb_target_group.switch_public_http.id
   }
 
   condition {
@@ -512,6 +534,28 @@ resource "aws_lb_listener_rule" "switch_public_http" {
   }
 }
 
+resource "aws_lb_listener_rule" "switch_http" {
+  priority = var.app_environment == "production" ? 20 : 120
+
+  listener_arn = var.internal_listener.arn
+
+  action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.switch_http.id
+  }
+
+  condition {
+    host_header {
+      values = [aws_route53_record.switch.fqdn]
+    }
+  }
+
+  lifecycle {
+    ignore_changes = [action]
+  }
+}
+
+
 # Autoscaling
 resource "aws_appautoscaling_target" "switch_scale_target" {
   service_namespace  = "ecs"
@@ -576,7 +620,7 @@ resource "aws_cloudwatch_log_metric_filter" "freeswitch_session_count" {
 # Route53
 resource "aws_route53_record" "switch_public" {
   zone_id = var.route53_zone.zone_id
-  name    = var.switch_subdomain
+  name    = var.app_environment == "production" ? "ahn" : "switch-staging"
   type    = "A"
 
   alias {
@@ -586,14 +630,14 @@ resource "aws_route53_record" "switch_public" {
   }
 }
 
-# resource "aws_route53_record" "switch" {
-#   zone_id = var.route53_zone.zone_id
-#   name    = var.switch_subdomain
-#   type    = "A"
+resource "aws_route53_record" "switch" {
+  zone_id = var.internal_route53_zone.zone_id
+  name    = var.switch_subdomain
+  type    = "A"
 
-#   alias {
-#     name                   = var.load_balancer.dns_name
-#     zone_id                = var.load_balancer.zone_id
-#     evaluate_target_health = true
-#   }
-# }
+  alias {
+    name                   = var.internal_load_balancer.dns_name
+    zone_id                = var.internal_load_balancer.zone_id
+    evaluate_target_health = true
+  }
+}
diff --git a/infrastructure/modules/somleng_switch/variables.tf b/infrastructure/modules/somleng_switch/variables.tf
@@ -17,14 +17,17 @@ variable "public_gateway_image" {}
 variable "client_gateway_image" {}
 variable "media_proxy_image" {}
 variable "freeswitch_event_logger_image" {}
-variable s3_mpeg_ecr_repository_url {}
-variable services_ecr_repository_url {}
+variable "s3_mpeg_ecr_repository_url" {}
+variable "services_ecr_repository_url" {}
 variable "load_balancer" {}
+variable "internal_load_balancer" {}
 variable "network_load_balancer" {}
-variable "listener_arn" {}
+variable "listener" {}
+variable "internal_listener" {}
 variable "switch_subdomain" {}
 variable "client_gateway_subdomain" {}
 variable "route53_zone" {}
+variable "internal_route53_zone" {}
 variable "recordings_bucket_name" {}
 variable "efs_cache_name" {}
 variable "container_insights_enabled" {

diff --git a/infrastructure/production/main.tf b/infrastructure/production/main.tf
@@ -46,11 +46,16 @@ module "somleng_switch" {
   db_port                   = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.port
   db_security_group         = data.terraform_remote_state.core_infrastructure.outputs.db_security_group.id
 
-  load_balancer            = data.terraform_remote_state.core_infrastructure.outputs.application_load_balancer
-  network_load_balancer    = data.terraform_remote_state.core_infrastructure.outputs.network_load_balancer
-  route53_zone             = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_somleng_org
-  listener_arn             = data.terraform_remote_state.core_infrastructure.outputs.https_listener.arn
-  switch_subdomain         = "ahn"
+  load_balancer          = data.terraform_remote_state.core_infrastructure.outputs.application_load_balancer
+  internal_load_balancer = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer
+  network_load_balancer  = data.terraform_remote_state.core_infrastructure.outputs.network_load_balancer
+  listener               = data.terraform_remote_state.core_infrastructure.outputs.https_listener
+  internal_listener      = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener
+
+  route53_zone          = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_somleng_org
+  internal_route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org
+
+  switch_subdomain         = "switch"
   client_gateway_subdomain = "sip"
 
   recordings_bucket_name = "raw-recordings.somleng.org"

diff --git a/infrastructure/staging/main.tf b/infrastructure/staging/main.tf
@@ -47,10 +47,15 @@ module "somleng_switch_staging" {
   db_port                   = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.port
   db_security_group         = data.terraform_remote_state.core_infrastructure.outputs.db_security_group.id
 
-  load_balancer            = data.terraform_remote_state.core_infrastructure.outputs.application_load_balancer
-  network_load_balancer    = data.terraform_remote_state.core_infrastructure.outputs.network_load_balancer
-  route53_zone             = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_somleng_org
-  listener_arn             = data.terraform_remote_state.core_infrastructure.outputs.https_listener.arn
+  load_balancer          = data.terraform_remote_state.core_infrastructure.outputs.application_load_balancer
+  internal_load_balancer = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer
+  network_load_balancer  = data.terraform_remote_state.core_infrastructure.outputs.network_load_balancer
+  listener               = data.terraform_remote_state.core_infrastructure.outputs.https_listener
+  internal_listener      = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener
+
+  route53_zone          = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_somleng_org
+  internal_route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org
+
   switch_subdomain         = "switch-staging"
   client_gateway_subdomain = "sip-staging"