WIP

.github/workflows/switch.yml

@@ -8,6 +8,7 @@ jobs:
     outputs:
       matrix: ${{ steps.set-deployment-matrix.outputs.matrix }}
       matrixLength: ${{ steps.set-deployment-matrix.outputs.matrixLength }}
+      deployMatrix: ${{ steps.set-deployment-matrix.outputs.deployMatrix }}
     defaults:
       run:
         working-directory: components/app
@@ -60,7 +61,7 @@ jobs:
             {
               "identifier": "switch-staging",
               "environment": "staging",
-              "branch": "develop",
+              "branch": "modularize_infrastructure",
               "image_tag": "staging",
               "ecs_service": "switch-staging",
               "ecs_cluster": "somleng-switch-staging"
@@ -77,11 +78,12 @@ jobs:
           EOF
           )
           matrix=$(echo $matrixSource | jq --arg branchName "$branchName" 'map(. | select((.branch==$branchName)) )')
-          echo ::set-output name=matrix::{\"include\":$(echo $matrix)}\"
-          echo ::set-output name=matrixLength::$(echo $matrix | jq length)
+          echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT
+          echo "matrixLength=$(echo $matrix | jq length)" >> $GITHUB_OUTPUT
+          echo "deployMatrix={\"region\":[\"ap-southeast-1\",\"us-east-1\"],\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT
 
-  deploy:
-    name: Deploy
+  build-packages:
+    name: Build Packages
     runs-on: ubuntu-latest
     needs:
       - build
@@ -105,15 +107,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Create Sentry release
-        uses: getsentry/action-release@v1
-        env:
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_ORG: somleng
-          SENTRY_PROJECT: somleng-switch
-        with:
-          environment: ${{ matrix.environment }}
-
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
 
@@ -190,7 +183,7 @@ jobs:
             ${{ env.FREESWITCH_EVENT_LOGGER_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
             ${{ env.FREESWITCH_EVENT_LOGGER_GHCR_REPOSITORY_URI }}:${{ matrix.image_tag }}
 
-      - name: Build and push App
+      - name: Build and push Switch App
         uses: docker/build-push-action@v6
         with:
           context: components/app
@@ -203,6 +196,36 @@ jobs:
             ${{ env.APP_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
             ${{ env.APP_GHCR_REPOSITORY_URI }}:${{ matrix.image_tag }}
 
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    needs:
+      - build-packages
+    env:
+      IMAGE_TAG: ${{ github.sha }}
+      APP_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch
+      NGINX_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-nginx
+      FREESWITCH_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-freeswitch
+      FREESWITCH_EVENT_LOGGER_ECR_REPOSITORY_URI: public.ecr.aws/somleng/somleng-switch-freeswitch-event-logger
+
+    strategy:
+      matrix: ${{fromJSON(needs.build.outputs.deployMatrix)}}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        id: aws-login
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          role-skip-session-tagging: true
+          role-duration-seconds: 3600
+          aws-region:  ${{ matrix.region }}
+
       - name: Get current task definition
         run: |
           aws ecs describe-task-definition --task-definition "${{ matrix.identifier }}" --query 'taskDefinition' > task-definition.json
@@ -239,10 +262,29 @@ jobs:
           container-name: app
           image: ${{ env.APP_ECR_REPOSITORY_URI }}:${{ env.IMAGE_TAG }}
 
-      - name: Deploy App Server
+      - name: Deploy Switch
         uses: aws-actions/amazon-ecs-deploy-task-definition@v2
         with:
           task-definition: ${{ steps.render-app-task-def.outputs.task-definition }}
           service: ${{ matrix.ecs_service }}
           cluster: ${{ matrix.ecs_cluster }}
           wait-for-service-stability: true
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    needs:
+      - deploy
+
+    strategy:
+      matrix: ${{fromJson(needs.build.outputs.matrix)}}
+
+    steps:
+      - name: Create Sentry release
+        uses: getsentry/action-release@v1
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: somleng
+          SENTRY_PROJECT: somleng-switch
+        with:
+          environment: ${{ matrix.environment }}

components/app/config/app_settings.yml

@@ -11,6 +11,7 @@ default: &default
   redis_url: <%= ENV.fetch("REDIS_URL") { "redis://localhost:6379/1" } %>
   redis_pool_size: <%= ENV.fetch('DB_POOL') { 250 } %>
   services_function_arn: <%= ENV.fetch('SERVICES_FUNCTION_ARN') { "arn:aws:lambda:ap-southeast-1:12345:function:function-name" } %>
+  services_function_region: <%= ENV.fetch('SERVICES_FUNCTION_REGION') { "ap-southeast-1" } %>
 
 production: &production
   <<: *default

components/app/config/initializers/services.rb

@@ -1,3 +1,4 @@
 Services.configure do |config|
   config.function_arn = AppSettings.fetch(:services_function_arn)
+  config.function_region = AppSettings.fetch(:services_function_region)
 end

components/app/lib/services/client.rb

@@ -2,8 +2,8 @@ module Services
   class Client
     attr_reader :lambda_client
 
-    def initialize(lambda_client: Aws::Lambda::Client.new)
-      @lambda_client = lambda_client
+    def initialize(**options)
+      @lambda_client = options.fetch(:lambda_client) { default_client }
     end
 
     def build_client_gateway_dial_string(username:, destination:)
@@ -26,5 +26,9 @@ def invoke_lambda(payload)
       )
       JSON.parse(response.payload.read)
     end
+
+    def default_client
+      Aws::Lambda::Client.new(region: Services.configuration.function_region)
+    end
   end
 end

components/app/lib/services/configuration.rb

@@ -1,5 +1,5 @@
 module Services
   class Configuration
-    attr_accessor :function_arn
+    attr_accessor :function_arn, :function_region
   end
 end

infrastructure/modules/client_gateway/route53.tf

@@ -27,7 +27,7 @@ resource "aws_route53_record" "client_gateway" {
 
 resource "aws_lambda_invocation" "create_domain" {
   for_each      = aws_route53_record.client_gateway
-  function_name = var.services_function.function_name
+  function_name = var.services_function.this.function_name
 
   input = jsonencode({
     serviceAction = "CreateDomain",

infrastructure/modules/services/aws.tf

@@ -0,0 +1 @@
+data "aws_region" "this" {}

infrastructure/modules/services/outputs.tf

@@ -1,3 +1,7 @@
-output "function" {
+output "this" {
   value = aws_lambda_function.this
 }
+
+output "aws_region" {
+  value = data.aws_region.this.name
+}

infrastructure/modules/switch/ecs.tf

@@ -113,7 +113,7 @@ resource "aws_ecs_task_definition" "this" {
         },
         {
           name  = "SERVICES_FUNCTION_ARN",
-          value = var.services_function.arn
+          value = var.services_function.this.arn
         },
         {
           name  = "REDIS_URL",
@@ -194,6 +194,10 @@ resource "aws_ecs_task_definition" "this" {
           name  = "AWS_DEFAULT_REGION",
           value = var.region.aws_region
         },
+        {
+          name  = "SERVICES_FUNCTION_REGION",
+          value = var.services_function.aws_region
+        },
         {
           name  = "FS_CACHE_DIRECTORY",
           value = "/cache"

infrastructure/modules/switch/event_bridge.tf

@@ -0,0 +1,35 @@
+resource "aws_cloudwatch_event_rule" "ecs" {
+  name = "${var.identifier}-ecs-task-state-change"
+
+  event_pattern = jsonencode({
+    source      = ["aws.ecs"],
+    detail-type = ["ECS Task State Change"],
+    detail = {
+      group = ["service:${var.identifier}"]
+    }
+  })
+}
+
+resource "aws_cloudwatch_event_target" "services" {
+  count = var.services_function.aws_region == var.region.aws_region ? 1 : 0
+
+  arn  = var.services_function.this.arn
+  rule = aws_cloudwatch_event_rule.ecs.id
+}
+
+resource "aws_lambda_permission" "this" {
+  count = var.services_function.aws_region == var.region.aws_region ? 1 : 0
+
+  action        = "lambda:InvokeFunction"
+  function_name = var.services_function.this.arn
+  principal     = "events.amazonaws.com"
+  source_arn    = aws_cloudwatch_event_rule.ecs.arn
+}
+
+resource "aws_cloudwatch_event_target" "event_bus" {
+  count = var.services_function.aws_region != var.region.aws_region ? 1 : 0
+
+  arn      = var.target_event_bus.this.arn
+  role_arn = var.target_event_bus.target_role.arn
+  rule     = aws_cloudwatch_event_rule.ecs.id
+}

infrastructure/modules/switch/iam.tf

@@ -36,7 +36,7 @@ data "aws_iam_policy_document" "ecs_task_policy" {
   statement {
     effect    = "Allow"
     actions   = ["lambda:InvokeFunction"]
-    resources = [var.services_function.arn]
+    resources = [var.services_function.this.arn]
   }
 }
 

infrastructure/modules/switch/outputs.tf

@@ -105,3 +105,7 @@ output "internal_route53_zone" {
 output "target_group" {
   value = aws_lb_target_group.this
 }
+
+output "target_event_bus" {
+  value = var.target_event_bus == null ? var.region.event_bus : var.target_event_bus
+}

infrastructure/modules/switch/variables.tf

@@ -68,6 +68,10 @@ variable "iam_task_execution_role" {
   default = null
 }
 
+variable "target_event_bus" {
+  default = null
+}
+
 variable "json_cdr_password_parameter" {}
 variable "services_function" {}
 variable "cache_name" {

infrastructure/staging/client_gateway.tf

@@ -25,5 +25,5 @@ module "client_gateway" {
   db_username           = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.master_username
   db_host               = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.endpoint
   db_port               = data.terraform_remote_state.core_infrastructure.outputs.db_cluster.port
-  services_function     = module.services.function
+  services_function     = module.services
 }

infrastructure/staging/switch.tf

@@ -22,7 +22,7 @@ module "switch" {
   sip_alternative_port                               = var.sip_alternative_port
   freeswitch_event_socket_port                       = var.freeswitch_event_socket_port
   json_cdr_password_parameter                        = data.aws_ssm_parameter.somleng_services_password
-  services_function                                  = module.services.function
+  services_function                                  = module.services
   internal_route53_zone                              = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org
   app_image                                          = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri
   nginx_image                                        = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri
@@ -67,6 +67,7 @@ module "switch_helium" {
   freeswitch_image                              = module.switch.freeswitch_image
   freeswitch_event_logger_image                 = module.switch.freeswitch_event_logger_image
   internal_route53_zone                         = module.switch.internal_route53_zone
+  target_event_bus                              = module.switch.target_event_bus
 
   providers = {
     aws = aws.helium