WIP

somleng · Aug 23, 2024 · 69fde52 · 69fde52
1 parent 8d97c9c
commit 69fde52
Show file tree

Hide file tree

Showing 8 changed files with 204 additions and 84 deletions.
diff --git a/infrastructure/modules/switch/ecs.tf b/infrastructure/modules/switch/ecs.tf
@@ -355,7 +355,7 @@ resource "aws_ecs_service" "this" {
   }
 
   load_balancer {
-    target_group_arn = aws_lb_target_group.http.arn
+    target_group_arn = aws_lb_target_group.this.arn
     container_name   = "nginx"
     container_port   = var.webserver_port
   }

diff --git a/infrastructure/modules/switch/lb.tf b/infrastructure/modules/switch/lb.tf
@@ -1,4 +1,9 @@
-resource "aws_lb_target_group" "http" {
+locals {
+  create_default_lb_rule = var.lb_default_rule_index != null
+  create_region_lb_rule  = var.lb_region_rule_index != null
+}
+
+resource "aws_lb_target_group" "this" {
   name                 = "${var.identifier}-internal"
   port                 = var.webserver_port
   protocol             = "HTTP"
@@ -14,19 +19,45 @@ resource "aws_lb_target_group" "http" {
   }
 }
 
-resource "aws_lb_listener_rule" "http" {
-  priority = var.app_environment == "production" ? 20 : 120
+resource "aws_lb_listener_rule" "region" {
+  count        = local.create_region_lb_rule ? 1 : 0
+  priority     = var.lb_region_rule_index
+  listener_arn = var.internal_listener.arn
+
+  action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.this.id
+  }
+
+  condition {
+    host_header {
+      values = [local.route53_record.fqdn]
+    }
+
+    http_header {
+      http_header_name = "X-Somleng-Region-Alias"
+      values           = [var.region_alias]
+    }
+  }
+
+  lifecycle {
+    ignore_changes = [action]
+  }
+}
 
+resource "aws_lb_listener_rule" "default" {
+  count        = local.create_default_lb_rule ? 1 : 0
+  priority     = var.lb_default_rule_index
   listener_arn = var.internal_listener.arn
 
   action {
     type             = "forward"
-    target_group_arn = aws_lb_target_group.http.id
+    target_group_arn = aws_lb_target_group.this.id
   }
 
   condition {
     host_header {
-      values = [aws_route53_record.this.fqdn]
+      values = [local.route53_record.fqdn]
     }
   }
 

diff --git a/infrastructure/modules/switch/outputs.tf b/infrastructure/modules/switch/outputs.tf
@@ -41,3 +41,71 @@ output "iam_task_execution_role" {
 output "cache_file_system" {
   value = local.cache_file_system
 }
+
+output "route53_record" {
+  value = local.route53_record
+}
+
+output "identifier" {
+  value = var.identifier
+}
+
+output "app_environment" {
+  value = var.app_environment
+}
+
+output "json_cdr_url" {
+  value = var.json_cdr_url
+}
+
+output "min_tasks" {
+  value = var.min_tasks
+}
+
+output "max_tasks" {
+  value = var.max_tasks
+}
+
+output "sip_port" {
+  value = var.sip_port
+}
+
+output "sip_alternative_port" {
+  value = var.sip_alternative_port
+}
+
+output "freeswitch_event_socket_port" {
+  value = var.freeswitch_event_socket_port
+}
+
+output "json_cdr_password_parameter" {
+  value = var.json_cdr_password_parameter
+}
+
+output "services_function" {
+  value = var.services_function
+}
+
+output "internal_load_balancer" {
+  value = var.internal_load_balancer
+}
+
+output "internal_listener" {
+  value = var.internal_listener
+}
+
+output "app_image" {
+  value = var.app_image
+}
+
+output "nginx_image" {
+  value = var.nginx_image
+}
+
+output "freeswitch_image" {
+  value = var.freeswitch_image
+}
+
+output "freeswitch_event_logger_image" {
+  value = var.freeswitch_event_logger_image
+}
diff --git a/infrastructure/modules/switch/route53.tf b/infrastructure/modules/switch/route53.tf
@@ -1,4 +1,10 @@
+locals {
+  create_route53_record = var.route53_record == null
+  route53_record        = local.create_route53_record ? aws_route53_record.this[0] : var.route53_record
+}
+
 resource "aws_route53_record" "this" {
+  count   = local.create_route53_record ? 1 : 0
   zone_id = var.internal_route53_zone.zone_id
   name    = var.subdomain
   type    = "A"

diff --git a/infrastructure/modules/switch/sg.tf b/infrastructure/modules/switch/sg.tf
@@ -16,6 +16,8 @@ resource "aws_security_group_rule" "ingress_http" {
   cidr_blocks       = ["0.0.0.0/0"]
 }
 
+# TODO: this might be wrong for new VPC
+
 resource "aws_security_group_rule" "ingress_freeswitch_event_socket" {
   type              = "ingress"
   to_port           = 8021

diff --git a/infrastructure/modules/switch/variables.tf b/infrastructure/modules/switch/variables.tf
@@ -4,6 +4,18 @@ variable "vpc" {}
 variable "ecs_cluster" {}
 variable "app_environment" {}
 
+variable "region_alias" {
+  default = null
+}
+
+variable "lb_region_rule_index" {
+  default = null
+}
+
+variable "lb_default_rule_index" {
+  default = null
+}
+
 variable "recordings_bucket_name" {
   default = null
 }
@@ -75,7 +87,9 @@ variable "cache_security_group_name" {
 variable "cache_file_system" {
   default = null
 }
-variable "internal_route53_zone" {}
+variable "internal_route53_zone" {
+  default = null
+}
 variable "internal_load_balancer" {}
 variable "internal_listener" {}
 variable "app_image" {}
@@ -86,7 +100,12 @@ variable "external_rtp_ip" {}
 variable "alternative_sip_outbound_ip" {}
 variable "alternative_rtp_ip" {}
 variable "json_cdr_url" {}
-variable "subdomain" {}
+variable "subdomain" {
+  default = null
+}
+variable "route53_record" {
+  default = null
+}
 variable "sip_port" {}
 variable "sip_alternative_port" {}
 

diff --git a/infrastructure/production/switch.tf b/infrastructure/production/switch.tf
@@ -1,8 +1,6 @@
 module "switch" {
   source = "../modules/switch"
 
-  identifier                                         = var.switch_identifier
-  app_environment                                    = var.app_environment
   json_cdr_url                                       = "https://api.internal.somleng.org/services/call_data_records"
   subdomain                                          = "switch"
   cache_name                                         = "somleng-switch-cache"
@@ -13,26 +11,26 @@ module "switch" {
   freeswitch_event_socket_password_parameter_name    = "somleng-switch.${var.app_environment}.freeswitch_event_socket_password"
   recordings_bucket_access_key_id_parameter_name     = "somleng-switch.${var.app_environment}.recordings_bucket_access_key_id"
   recordings_bucket_secret_access_key_parameter_name = "somleng-switch.${var.app_environment}.recordings_bucket_secret_access_key"
-
-  max_tasks = 10
-
-  aws_region                   = var.aws_default_region
-  vpc                          = data.terraform_remote_state.core_infrastructure.outputs.vpc
-  ecs_cluster                  = aws_ecs_cluster.this
-  sip_port                     = var.sip_port
-  sip_alternative_port         = var.sip_alternative_port
-  freeswitch_event_socket_port = var.freeswitch_event_socket_port
-  json_cdr_password_parameter  = data.aws_ssm_parameter.somleng_services_password
-  services_function            = module.services.function
-  internal_route53_zone        = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org
-  internal_load_balancer       = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer
-  internal_listener            = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener
-
-  app_image                     = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri
-  nginx_image                   = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri
-  freeswitch_image              = data.terraform_remote_state.core.outputs.freeswitch_ecr_repository.repository_uri
-  freeswitch_event_logger_image = data.terraform_remote_state.core.outputs.freeswitch_event_logger_ecr_repository.repository_uri
-  external_rtp_ip               = data.terraform_remote_state.core_infrastructure.outputs.vpc.nat_public_ips[0]
-  alternative_sip_outbound_ip   = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip
-  alternative_rtp_ip            = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip
+  max_tasks                                          = 10
+  aws_region                                         = var.aws_default_region
+  identifier                                         = var.switch_identifier
+  app_environment                                    = var.app_environment
+  vpc                                                = data.terraform_remote_state.core_infrastructure.outputs.vpc
+  ecs_cluster                                        = aws_ecs_cluster.this
+  sip_port                                           = var.sip_port
+  sip_alternative_port                               = var.sip_alternative_port
+  freeswitch_event_socket_port                       = var.freeswitch_event_socket_port
+  json_cdr_password_parameter                        = data.aws_ssm_parameter.somleng_services_password
+  services_function                                  = module.services.function
+  internal_route53_zone                              = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org
+  internal_load_balancer                             = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer
+  internal_listener                                  = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener
+  lb_default_rule_index                              = 30
+  app_image                                          = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri
+  nginx_image                                        = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri
+  freeswitch_image                                   = data.terraform_remote_state.core.outputs.freeswitch_ecr_repository.repository_uri
+  freeswitch_event_logger_image                      = data.terraform_remote_state.core.outputs.freeswitch_event_logger_ecr_repository.repository_uri
+  external_rtp_ip                                    = data.terraform_remote_state.core_infrastructure.outputs.vpc.nat_public_ips[0]
+  alternative_sip_outbound_ip                        = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip
+  alternative_rtp_ip                                 = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip
 }
diff --git a/infrastructure/staging/switch.tf b/infrastructure/staging/switch.tf
@@ -1,8 +1,6 @@
 module "switch" {
   source = "../modules/switch"
 
-  identifier                                         = var.switch_identifier
-  app_environment                                    = var.app_environment
   json_cdr_url                                       = "https://api-staging.internal.somleng.org/services/call_data_records"
   subdomain                                          = "switch-staging"
   cache_name                                         = "switch-staging-cache"
@@ -13,38 +11,44 @@ module "switch" {
   freeswitch_event_socket_password_parameter_name    = "somleng-switch.${var.app_environment}.freeswitch_event_socket_password"
   recordings_bucket_access_key_id_parameter_name     = "somleng-switch.${var.app_environment}.recordings_bucket_access_key_id"
   recordings_bucket_secret_access_key_parameter_name = "somleng-switch.${var.app_environment}.recordings_bucket_secret_access_key"
-
-  min_tasks = 0
-  max_tasks = 2
-
-  aws_region                   = var.aws_default_region
-  vpc                          = data.terraform_remote_state.core_infrastructure.outputs.vpc
-  ecs_cluster                  = aws_ecs_cluster.this
-  sip_port                     = var.sip_port
-  sip_alternative_port         = var.sip_alternative_port
-  freeswitch_event_socket_port = var.freeswitch_event_socket_port
-  json_cdr_password_parameter  = data.aws_ssm_parameter.somleng_services_password
-  services_function            = module.services.function
-  internal_route53_zone        = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org
-  internal_load_balancer       = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer
-  internal_listener            = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener
-
-  app_image                     = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri
-  nginx_image                   = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri
-  freeswitch_image              = data.terraform_remote_state.core.outputs.freeswitch_ecr_repository.repository_uri
-  freeswitch_event_logger_image = data.terraform_remote_state.core.outputs.freeswitch_event_logger_ecr_repository.repository_uri
-  external_rtp_ip               = data.terraform_remote_state.core_infrastructure.outputs.vpc.nat_public_ips[0]
-  alternative_sip_outbound_ip   = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip
-  alternative_rtp_ip            = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip
+  min_tasks                                          = 0
+  max_tasks                                          = 2
+  aws_region                                         = var.aws_default_region
+  identifier                                         = var.switch_identifier
+  app_environment                                    = var.app_environment
+  vpc                                                = data.terraform_remote_state.core_infrastructure.outputs.vpc
+  ecs_cluster                                        = aws_ecs_cluster.this
+  sip_port                                           = var.sip_port
+  sip_alternative_port                               = var.sip_alternative_port
+  freeswitch_event_socket_port                       = var.freeswitch_event_socket_port
+  json_cdr_password_parameter                        = data.aws_ssm_parameter.somleng_services_password
+  services_function                                  = module.services.function
+  internal_route53_zone                              = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org
+  internal_load_balancer                             = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer
+  internal_listener                                  = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener
+  lb_default_rule_index                              = 130
+  app_image                                          = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri
+  nginx_image                                        = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri
+  freeswitch_image                                   = data.terraform_remote_state.core.outputs.freeswitch_ecr_repository.repository_uri
+  freeswitch_event_logger_image                      = data.terraform_remote_state.core.outputs.freeswitch_event_logger_ecr_repository.repository_uri
+  external_rtp_ip                                    = data.terraform_remote_state.core_infrastructure.outputs.vpc.nat_public_ips[0]
+  alternative_sip_outbound_ip                        = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip
+  alternative_rtp_ip                                 = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip
 }
 
 module "switch_helium" {
   source = "../modules/switch"
 
-  identifier                                    = var.switch_identifier
-  app_environment                               = var.app_environment
-  json_cdr_url                                  = "https://api-staging.internal.somleng.org/services/call_data_records"
-  subdomain                                     = "switch-staging"
+  aws_region                                    = var.aws_helium_region
+  region_alias                                  = "helium"
+  vpc                                           = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium
+  ecs_cluster                                   = aws_ecs_cluster.helium
+  external_rtp_ip                               = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium.nat_public_ips[0]
+  alternative_sip_outbound_ip                   = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium.nat_public_ips[0]
+  alternative_rtp_ip                            = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium.nat_public_ips[0]
+  identifier                                    = module.switch.identifier
+  app_environment                               = module.switch.app_environment
+  json_cdr_url                                  = module.switch.json_cdr_url
   recordings_bucket                             = module.switch.recordings_bucket
   recordings_bucket_access_key_id_parameter     = module.switch.recordings_bucket_access_key_id_parameter
   recordings_bucket_secret_access_key_parameter = module.switch.recordings_bucket_secret_access_key_parameter
@@ -55,29 +59,21 @@ module "switch_helium" {
   iam_task_role                                 = module.switch.iam_task_role
   iam_task_execution_role                       = module.switch.iam_task_execution_role
   cache_file_system                             = module.switch.cache_file_system
-
-  min_tasks = 0
-  max_tasks = 2
-
-  aws_region                   = var.aws_helium_region
-  vpc                          = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium
-  ecs_cluster                  = aws_ecs_cluster.helium
-  sip_port                     = var.sip_port
-  sip_alternative_port         = var.sip_alternative_port
-  freeswitch_event_socket_port = var.freeswitch_event_socket_port
-  json_cdr_password_parameter  = data.aws_ssm_parameter.somleng_services_password
-  services_function            = module.services.function
-  internal_route53_zone        = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org
-  internal_load_balancer       = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer
-  internal_listener            = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener
-
-  app_image                     = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri
-  nginx_image                   = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri
-  freeswitch_image              = data.terraform_remote_state.core.outputs.freeswitch_ecr_repository.repository_uri
-  freeswitch_event_logger_image = data.terraform_remote_state.core.outputs.freeswitch_event_logger_ecr_repository.repository_uri
-  external_rtp_ip               = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium.nat_public_ips[0]
-  alternative_sip_outbound_ip   = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium.nat_public_ips[0]
-  alternative_rtp_ip            = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium.nat_public_ips[0]
+  route53_record                                = module.switch.route53_record
+  min_tasks                                     = module.switch.min_tasks
+  max_tasks                                     = module.switch.max_tasks
+  sip_port                                      = module.switch.sip_port
+  sip_alternative_port                          = module.switch.sip_alternative_port
+  freeswitch_event_socket_port                  = module.switch.freeswitch_event_socket_port
+  json_cdr_password_parameter                   = module.switch.json_cdr_password_parameter
+  services_function                             = module.switch.services_function
+  internal_load_balancer                        = module.switch.internal_load_balancer
+  internal_listener                             = module.switch.internal_listener
+  lb_region_rule_index                          = 120
+  app_image                                     = module.switch.app_image
+  nginx_image                                   = module.switch.nginx_image
+  freeswitch_image                              = module.switch.freeswitch_image
+  freeswitch_event_logger_image                 = module.switch.freeswitch_event_logger_image
 
   providers = {
     aws = aws.helium