WIP

infrastructure/modules/switch/ecs.tf

@@ -79,11 +79,11 @@ resource "aws_ecs_task_definition" "this" {
       secrets = [
         {
           name      = "APP_MASTER_KEY",
-          valueFrom = aws_ssm_parameter.application_master_key.arn
+          valueFrom = local.application_master_key_parameter.arn
         },
         {
           name      = "AHN_CORE_PASSWORD",
-          valueFrom = aws_ssm_parameter.rayo_password.arn
+          valueFrom = local.rayo_password_parameter.arn
         }
       ],
       environment = [
@@ -170,7 +170,7 @@ resource "aws_ecs_task_definition" "this" {
       secrets = [
         {
           name      = "FS_MOD_RAYO_PASSWORD",
-          valueFrom = aws_ssm_parameter.rayo_password.arn
+          valueFrom = local.rayo_password_parameter.arn
         },
         {
           name      = "FS_MOD_JSON_CDR_PASSWORD",
@@ -186,7 +186,7 @@ resource "aws_ecs_task_definition" "this" {
         },
         {
           name      = "FS_EVENT_SOCKET_PASSWORD",
-          valueFrom = aws_ssm_parameter.freeswitch_event_socket_password.arn
+          valueFrom = local.freeswitch_event_socket_password_parameter.arn
         }
       ],
       environment = [
@@ -292,7 +292,7 @@ resource "aws_ecs_task_definition" "this" {
       secrets = [
         {
           name      = "EVENT_SOCKET_PASSWORD",
-          valueFrom = aws_ssm_parameter.freeswitch_event_socket_password.arn
+          valueFrom = local.freeswitch_event_socket_password_parameter.arn
         }
       ],
       dependsOn = [

infrastructure/modules/switch/iam.tf

@@ -49,9 +49,9 @@ resource "aws_iam_policy" "task_execution_custom_policy" {
         "ssm:GetParameters"
       ],
       "Resource": [
-        "${aws_ssm_parameter.application_master_key.arn}",
-        "${aws_ssm_parameter.rayo_password.arn}",
-        "${aws_ssm_parameter.freeswitch_event_socket_password.arn}",
+        "${local.application_master_key_parameter.arn}",
+        "${local.rayo_password_parameter.arn}",
+        "${local.freeswitch_event_socket_password_parameter.arn}",
         "${var.json_cdr_password_parameter.arn}",
         "${local.recordings_bucket_access_key_id_parameter.arn}",
         "${local.recordings_bucket_secret_access_key_parameter.arn}"

infrastructure/modules/switch/outputs.tf

@@ -5,3 +5,23 @@ output "capacity_provider" {
 output "recordings_bucket" {
   value = local.recordings_bucket
 }
+
+output "recordings_bucket_access_key_id_parameter" {
+  value = local.recordings_bucket_access_key_id_parameter
+}
+
+output "recordings_bucket_secret_access_key_parameter" {
+  value = local.recordings_bucket_secret_access_key_parameter
+}
+
+output "application_master_key_parameter" {
+  value = local.application_master_key_parameter
+}
+
+output "rayo_password_parameter" {
+  value = local.rayo_password_parameter
+}
+
+output "freeswitch_event_socket_password_parameter" {
+  value = local.freeswitch_event_socket_password_parameter
+}

infrastructure/modules/switch/ssm.tf

@@ -1,10 +1,14 @@
 locals {
   recordings_bucket_access_key_id_parameter     = var.recordings_bucket_access_key_id_parameter != null ? var.recordings_bucket_access_key_id_parameter : module.recordings_bucket[0].access_key_id_parameter
   recordings_bucket_secret_access_key_parameter = var.recordings_bucket_secret_access_key_parameter != null ? var.recordings_bucket_secret_access_key_parameter : module.recordings_bucket[0].secret_access_key_parameter
+  application_master_key_parameter              = var.application_master_key_parameter != null ? var.application_master_key_parameter : aws_ssm_parameter.application_master_key[0]
+  rayo_password_parameter                       = var.rayo_password_parameter != null ? var.rayo_password_parameter : aws_ssm_parameter.rayo_password[0]
+  freeswitch_event_socket_password_parameter    = var.freeswitch_event_socket_password_parameter != null ? var.freeswitch_event_socket_password_parameter : aws_ssm_parameter.freeswitch_event_socket_password[0]
 }
 
 resource "aws_ssm_parameter" "application_master_key" {
-  name  = "somleng-switch.${var.app_environment}.application_master_key"
+  count = var.application_master_key_parameter != null ? 0 : 1
+  name  = var.application_master_key_parameter_name
   type  = "SecureString"
   value = "change-me"
 
@@ -14,7 +18,8 @@ resource "aws_ssm_parameter" "application_master_key" {
 }
 
 resource "aws_ssm_parameter" "rayo_password" {
-  name  = "somleng-switch.${var.app_environment}.rayo_password"
+  count = var.rayo_password_parameter != null ? 0 : 1
+  name  = var.rayo_password_parameter_name
   type  = "SecureString"
   value = "change-me"
 
@@ -24,7 +29,8 @@ resource "aws_ssm_parameter" "rayo_password" {
 }
 
 resource "aws_ssm_parameter" "freeswitch_event_socket_password" {
-  name  = "somleng-switch.${var.app_environment}.freeswitch_event_socket_password"
+  count = var.freeswitch_event_socket_password_parameter != null ? 0 : 1
+  name  = var.freeswitch_event_socket_password_parameter_name
   type  = "SecureString"
   value = "change-me"
 

infrastructure/modules/switch/variables.tf

@@ -28,6 +28,30 @@ variable "recordings_bucket_secret_access_key_parameter" {
   default = null
 }
 
+variable "application_master_key_parameter_name" {
+  default = null
+}
+
+variable "application_master_key_parameter" {
+  default = null
+}
+
+variable "rayo_password_parameter_name" {
+  default = null
+}
+
+variable "rayo_password_parameter" {
+  default = null
+}
+
+variable "freeswitch_event_socket_password_parameter_name" {
+  default = null
+}
+
+variable "freeswitch_event_socket_password_parameter" {
+  default = null
+}
+
 variable "json_cdr_password_parameter" {}
 variable "services_function" {}
 variable "efs_cache_name" {}

infrastructure/modules/switch/versions.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+  }
+  required_version = ">= 0.13"
+}

infrastructure/production/client_gateway.tf

@@ -6,7 +6,7 @@ module "client_gateway" {
   identifier      = var.client_gateway_identifier
   app_environment = var.app_environment
 
-  aws_region   = var.aws_region
+  aws_region   = var.aws_default_region
   vpc          = data.terraform_remote_state.core_infrastructure.outputs.vpc
   ecs_cluster  = aws_ecs_cluster.this
   route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_somleng_org

infrastructure/production/media_proxy.tf

@@ -3,7 +3,7 @@ module "media_proxy" {
 
   identifier      = var.media_proxy_identifier
   app_environment = var.app_environment
-  aws_region      = var.aws_region
+  aws_region      = var.aws_default_region
 
   vpc         = data.terraform_remote_state.core_infrastructure.outputs.vpc
   ecs_cluster = aws_ecs_cluster.this

infrastructure/production/public_gateway.tf

@@ -4,7 +4,7 @@ module "public_gateway" {
   identifier      = var.public_gateway_identifier
   app_environment = var.app_environment
 
-  aws_region  = var.aws_region
+  aws_region  = var.aws_default_region
   vpc         = data.terraform_remote_state.core_infrastructure.outputs.vpc
   ecs_cluster = aws_ecs_cluster.this
 

infrastructure/production/switch.tf

@@ -7,11 +7,15 @@ module "switch" {
   subdomain                                          = "switch"
   efs_cache_name                                     = "somleng-switch-cache"
   recordings_bucket_name                             = "raw-recordings.somleng.org"
+  application_master_key_parameter_name              = "somleng-switch.${var.app_environment}.application_master_key"
+  rayo_password_parameter_name                       = "somleng-switch.${var.app_environment}.rayo_password"
+  freeswitch_event_socket_password_parameter_name    = "somleng-switch.${var.app_environment}.freeswitch_event_socket_password"
   recordings_bucket_access_key_id_parameter_name     = "somleng-switch.${var.app_environment}.recordings_bucket_access_key_id"
   recordings_bucket_secret_access_key_parameter_name = "somleng-switch.${var.app_environment}.recordings_bucket_secret_access_key"
 
   max_tasks = 10
 
+  aws_region                   = var.aws_default_region
   vpc                          = data.terraform_remote_state.core_infrastructure.outputs.vpc
   ecs_cluster                  = aws_ecs_cluster.this
   sip_port                     = var.sip_port
@@ -22,7 +26,6 @@ module "switch" {
   internal_route53_zone        = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org
   internal_load_balancer       = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer
   internal_listener            = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener
-  aws_region                   = var.aws_region
 
   app_image                     = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri
   nginx_image                   = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri

infrastructure/production/terraform.tf

@@ -8,7 +8,12 @@ terraform {
 }
 
 provider "aws" {
-  region = var.aws_region
+  region = var.aws_default_region
+}
+
+provider "aws" {
+  region = var.aws_helium_region
+  alias  = "helium"
 }
 
 data "terraform_remote_state" "core" {
@@ -17,7 +22,7 @@ data "terraform_remote_state" "core" {
   config = {
     bucket = "infrastructure.somleng.org"
     key    = "somleng_switch_core.tfstate"
-    region = var.aws_region
+    region = var.aws_default_region
   }
 }
 
@@ -27,6 +32,6 @@ data "terraform_remote_state" "core_infrastructure" {
   config = {
     bucket = "infrastructure.somleng.org"
     key    = "core.tfstate"
-    region = var.aws_region
+    region = var.aws_default_region
   }
 }

infrastructure/production/variables.tf

@@ -1,4 +1,4 @@
-variable "aws_region" {
+variable "aws_default_region" {
   default = "ap-southeast-1"
 }
 

infrastructure/staging/client_gateway.tf

@@ -6,7 +6,7 @@ module "client_gateway" {
   identifier      = var.client_gateway_identifier
   app_environment = var.app_environment
 
-  aws_region   = var.aws_region
+  aws_region   = var.aws_default_region
   vpc          = data.terraform_remote_state.core_infrastructure.outputs.vpc
   ecs_cluster  = aws_ecs_cluster.this
   route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_somleng_org

infrastructure/staging/ecs.tf

@@ -1,5 +1,5 @@
 resource "aws_ecs_cluster" "this" {
-  name = "somleng-switch-staging"
+  name = var.ecs_cluster_name
 }
 
 resource "aws_ecs_cluster_capacity_providers" "this" {
@@ -12,3 +12,19 @@ resource "aws_ecs_cluster_capacity_providers" "this" {
     module.media_proxy.capacity_provider.name
   ]
 }
+
+resource "aws_ecs_cluster" "helium" {
+  name = var.ecs_cluster_name
+
+  provider = aws.helium
+}
+
+resource "aws_ecs_cluster_capacity_providers" "helium" {
+  cluster_name = aws_ecs_cluster.this.name
+
+  capacity_providers = [
+    module.switch_helium.capacity_provider.name
+  ]
+
+  provider = aws.helium
+}

infrastructure/staging/media_proxy.tf

@@ -3,8 +3,8 @@ module "media_proxy" {
 
   identifier      = var.media_proxy_identifier
   app_environment = var.app_environment
-  aws_region      = var.aws_region
 
+  aws_region  = var.aws_default_region
   vpc         = data.terraform_remote_state.core_infrastructure.outputs.vpc
   ecs_cluster = aws_ecs_cluster.this
   app_image   = data.terraform_remote_state.core.outputs.media_proxy_ecr_repository.repository_uri

infrastructure/staging/public_gateway.tf

@@ -4,8 +4,9 @@ module "public_gateway" {
   identifier      = var.public_gateway_identifier
   app_environment = var.app_environment
 
-  aws_region  = var.aws_region
-  vpc         = data.terraform_remote_state.core_infrastructure.outputs.vpc
+  aws_region = var.aws_default_region
+  vpc        = data.terraform_remote_state.core_infrastructure.outputs.vpc
+
   ecs_cluster = aws_ecs_cluster.this
 
   app_image       = data.terraform_remote_state.core.outputs.public_gateway_ecr_repository.repository_uri