diff --git a/infrastructure/modules/switch/ecs.tf b/infrastructure/modules/switch/ecs.tf index e1c971ae1..ebc454ec9 100644 --- a/infrastructure/modules/switch/ecs.tf +++ b/infrastructure/modules/switch/ecs.tf @@ -79,11 +79,11 @@ resource "aws_ecs_task_definition" "this" { secrets = [ { name = "APP_MASTER_KEY", - valueFrom = aws_ssm_parameter.application_master_key.arn + valueFrom = local.application_master_key_parameter.arn }, { name = "AHN_CORE_PASSWORD", - valueFrom = aws_ssm_parameter.rayo_password.arn + valueFrom = local.rayo_password_parameter.arn } ], environment = [ @@ -170,7 +170,7 @@ resource "aws_ecs_task_definition" "this" { secrets = [ { name = "FS_MOD_RAYO_PASSWORD", - valueFrom = aws_ssm_parameter.rayo_password.arn + valueFrom = local.rayo_password_parameter.arn }, { name = "FS_MOD_JSON_CDR_PASSWORD", @@ -186,7 +186,7 @@ resource "aws_ecs_task_definition" "this" { }, { name = "FS_EVENT_SOCKET_PASSWORD", - valueFrom = aws_ssm_parameter.freeswitch_event_socket_password.arn + valueFrom = local.freeswitch_event_socket_password_parameter.arn } ], environment = [ @@ -292,7 +292,7 @@ resource "aws_ecs_task_definition" "this" { secrets = [ { name = "EVENT_SOCKET_PASSWORD", - valueFrom = aws_ssm_parameter.freeswitch_event_socket_password.arn + valueFrom = local.freeswitch_event_socket_password_parameter.arn } ], dependsOn = [ diff --git a/infrastructure/modules/switch/iam.tf b/infrastructure/modules/switch/iam.tf index 9ce5605bb..eec9c096a 100644 --- a/infrastructure/modules/switch/iam.tf +++ b/infrastructure/modules/switch/iam.tf @@ -49,9 +49,9 @@ resource "aws_iam_policy" "task_execution_custom_policy" { "ssm:GetParameters" ], "Resource": [ - "${aws_ssm_parameter.application_master_key.arn}", - "${aws_ssm_parameter.rayo_password.arn}", - "${aws_ssm_parameter.freeswitch_event_socket_password.arn}", + "${local.application_master_key_parameter.arn}", + "${local.rayo_password_parameter.arn}", + "${local.freeswitch_event_socket_password_parameter.arn}", "${var.json_cdr_password_parameter.arn}", "${local.recordings_bucket_access_key_id_parameter.arn}", "${local.recordings_bucket_secret_access_key_parameter.arn}" diff --git a/infrastructure/modules/switch/outputs.tf b/infrastructure/modules/switch/outputs.tf index 724f7301e..00217e1e8 100644 --- a/infrastructure/modules/switch/outputs.tf +++ b/infrastructure/modules/switch/outputs.tf @@ -5,3 +5,23 @@ output "capacity_provider" { output "recordings_bucket" { value = local.recordings_bucket } + +output "recordings_bucket_access_key_id_parameter" { + value = local.recordings_bucket_access_key_id_parameter +} + +output "recordings_bucket_secret_access_key_parameter" { + value = local.recordings_bucket_secret_access_key_parameter +} + +output "application_master_key_parameter" { + value = local.application_master_key_parameter +} + +output "rayo_password_parameter" { + value = local.rayo_password_parameter +} + +output "freeswitch_event_socket_password_parameter" { + value = local.freeswitch_event_socket_password_parameter +} diff --git a/infrastructure/modules/switch/ssm.tf b/infrastructure/modules/switch/ssm.tf index 82015ff85..dd8164c69 100644 --- a/infrastructure/modules/switch/ssm.tf +++ b/infrastructure/modules/switch/ssm.tf @@ -1,10 +1,14 @@ locals { recordings_bucket_access_key_id_parameter = var.recordings_bucket_access_key_id_parameter != null ? var.recordings_bucket_access_key_id_parameter : module.recordings_bucket[0].access_key_id_parameter recordings_bucket_secret_access_key_parameter = var.recordings_bucket_secret_access_key_parameter != null ? var.recordings_bucket_secret_access_key_parameter : module.recordings_bucket[0].secret_access_key_parameter + application_master_key_parameter = var.application_master_key_parameter != null ? var.application_master_key_parameter : aws_ssm_parameter.application_master_key[0] + rayo_password_parameter = var.rayo_password_parameter != null ? var.rayo_password_parameter : aws_ssm_parameter.rayo_password[0] + freeswitch_event_socket_password_parameter = var.freeswitch_event_socket_password_parameter != null ? var.freeswitch_event_socket_password_parameter : aws_ssm_parameter.freeswitch_event_socket_password[0] } resource "aws_ssm_parameter" "application_master_key" { - name = "somleng-switch.${var.app_environment}.application_master_key" + count = var.application_master_key_parameter != null ? 0 : 1 + name = var.application_master_key_parameter_name type = "SecureString" value = "change-me" @@ -14,7 +18,8 @@ resource "aws_ssm_parameter" "application_master_key" { } resource "aws_ssm_parameter" "rayo_password" { - name = "somleng-switch.${var.app_environment}.rayo_password" + count = var.rayo_password_parameter != null ? 0 : 1 + name = var.rayo_password_parameter_name type = "SecureString" value = "change-me" @@ -24,7 +29,8 @@ resource "aws_ssm_parameter" "rayo_password" { } resource "aws_ssm_parameter" "freeswitch_event_socket_password" { - name = "somleng-switch.${var.app_environment}.freeswitch_event_socket_password" + count = var.freeswitch_event_socket_password_parameter != null ? 0 : 1 + name = var.freeswitch_event_socket_password_parameter_name type = "SecureString" value = "change-me" diff --git a/infrastructure/modules/switch/variables.tf b/infrastructure/modules/switch/variables.tf index 23b0b1372..c9a551ff7 100644 --- a/infrastructure/modules/switch/variables.tf +++ b/infrastructure/modules/switch/variables.tf @@ -28,6 +28,30 @@ variable "recordings_bucket_secret_access_key_parameter" { default = null } +variable "application_master_key_parameter_name" { + default = null +} + +variable "application_master_key_parameter" { + default = null +} + +variable "rayo_password_parameter_name" { + default = null +} + +variable "rayo_password_parameter" { + default = null +} + +variable "freeswitch_event_socket_password_parameter_name" { + default = null +} + +variable "freeswitch_event_socket_password_parameter" { + default = null +} + variable "json_cdr_password_parameter" {} variable "services_function" {} variable "efs_cache_name" {} diff --git a/infrastructure/modules/switch/versions.tf b/infrastructure/modules/switch/versions.tf new file mode 100644 index 000000000..1d23dfe5c --- /dev/null +++ b/infrastructure/modules/switch/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + } + } + required_version = ">= 0.13" +} diff --git a/infrastructure/production/client_gateway.tf b/infrastructure/production/client_gateway.tf index de7e3eb68..074223caf 100644 --- a/infrastructure/production/client_gateway.tf +++ b/infrastructure/production/client_gateway.tf @@ -6,7 +6,7 @@ module "client_gateway" { identifier = var.client_gateway_identifier app_environment = var.app_environment - aws_region = var.aws_region + aws_region = var.aws_default_region vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc ecs_cluster = aws_ecs_cluster.this route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_somleng_org diff --git a/infrastructure/production/media_proxy.tf b/infrastructure/production/media_proxy.tf index a5a7be131..584ebc64c 100644 --- a/infrastructure/production/media_proxy.tf +++ b/infrastructure/production/media_proxy.tf @@ -3,7 +3,7 @@ module "media_proxy" { identifier = var.media_proxy_identifier app_environment = var.app_environment - aws_region = var.aws_region + aws_region = var.aws_default_region vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc ecs_cluster = aws_ecs_cluster.this diff --git a/infrastructure/production/public_gateway.tf b/infrastructure/production/public_gateway.tf index 8a7ff2b71..c730f66f9 100644 --- a/infrastructure/production/public_gateway.tf +++ b/infrastructure/production/public_gateway.tf @@ -4,7 +4,7 @@ module "public_gateway" { identifier = var.public_gateway_identifier app_environment = var.app_environment - aws_region = var.aws_region + aws_region = var.aws_default_region vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc ecs_cluster = aws_ecs_cluster.this diff --git a/infrastructure/production/switch.tf b/infrastructure/production/switch.tf index 1b8475951..2dcda17e1 100644 --- a/infrastructure/production/switch.tf +++ b/infrastructure/production/switch.tf @@ -7,11 +7,15 @@ module "switch" { subdomain = "switch" efs_cache_name = "somleng-switch-cache" recordings_bucket_name = "raw-recordings.somleng.org" + application_master_key_parameter_name = "somleng-switch.${var.app_environment}.application_master_key" + rayo_password_parameter_name = "somleng-switch.${var.app_environment}.rayo_password" + freeswitch_event_socket_password_parameter_name = "somleng-switch.${var.app_environment}.freeswitch_event_socket_password" recordings_bucket_access_key_id_parameter_name = "somleng-switch.${var.app_environment}.recordings_bucket_access_key_id" recordings_bucket_secret_access_key_parameter_name = "somleng-switch.${var.app_environment}.recordings_bucket_secret_access_key" max_tasks = 10 + aws_region = var.aws_default_region vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc ecs_cluster = aws_ecs_cluster.this sip_port = var.sip_port @@ -22,7 +26,6 @@ module "switch" { internal_route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org internal_load_balancer = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer internal_listener = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener - aws_region = var.aws_region app_image = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri nginx_image = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri diff --git a/infrastructure/production/terraform.tf b/infrastructure/production/terraform.tf index c86381190..9878a0f06 100644 --- a/infrastructure/production/terraform.tf +++ b/infrastructure/production/terraform.tf @@ -8,7 +8,12 @@ terraform { } provider "aws" { - region = var.aws_region + region = var.aws_default_region +} + +provider "aws" { + region = var.aws_helium_region + alias = "helium" } data "terraform_remote_state" "core" { @@ -17,7 +22,7 @@ data "terraform_remote_state" "core" { config = { bucket = "infrastructure.somleng.org" key = "somleng_switch_core.tfstate" - region = var.aws_region + region = var.aws_default_region } } @@ -27,6 +32,6 @@ data "terraform_remote_state" "core_infrastructure" { config = { bucket = "infrastructure.somleng.org" key = "core.tfstate" - region = var.aws_region + region = var.aws_default_region } } diff --git a/infrastructure/production/variables.tf b/infrastructure/production/variables.tf index 6e3ae610f..af170b4e9 100644 --- a/infrastructure/production/variables.tf +++ b/infrastructure/production/variables.tf @@ -1,4 +1,4 @@ -variable "aws_region" { +variable "aws_default_region" { default = "ap-southeast-1" } diff --git a/infrastructure/staging/client_gateway.tf b/infrastructure/staging/client_gateway.tf index 469cbf8ef..44bea95e2 100644 --- a/infrastructure/staging/client_gateway.tf +++ b/infrastructure/staging/client_gateway.tf @@ -6,7 +6,7 @@ module "client_gateway" { identifier = var.client_gateway_identifier app_environment = var.app_environment - aws_region = var.aws_region + aws_region = var.aws_default_region vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc ecs_cluster = aws_ecs_cluster.this route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_somleng_org diff --git a/infrastructure/staging/ecs.tf b/infrastructure/staging/ecs.tf index 74e1bace9..71074c15a 100644 --- a/infrastructure/staging/ecs.tf +++ b/infrastructure/staging/ecs.tf @@ -1,5 +1,5 @@ resource "aws_ecs_cluster" "this" { - name = "somleng-switch-staging" + name = var.ecs_cluster_name } resource "aws_ecs_cluster_capacity_providers" "this" { @@ -12,3 +12,19 @@ resource "aws_ecs_cluster_capacity_providers" "this" { module.media_proxy.capacity_provider.name ] } + +resource "aws_ecs_cluster" "helium" { + name = var.ecs_cluster_name + + provider = aws.helium +} + +resource "aws_ecs_cluster_capacity_providers" "helium" { + cluster_name = aws_ecs_cluster.this.name + + capacity_providers = [ + module.switch_helium.capacity_provider.name + ] + + provider = aws.helium +} diff --git a/infrastructure/staging/media_proxy.tf b/infrastructure/staging/media_proxy.tf index 67b6daea6..e57be39d5 100644 --- a/infrastructure/staging/media_proxy.tf +++ b/infrastructure/staging/media_proxy.tf @@ -3,8 +3,8 @@ module "media_proxy" { identifier = var.media_proxy_identifier app_environment = var.app_environment - aws_region = var.aws_region + aws_region = var.aws_default_region vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc ecs_cluster = aws_ecs_cluster.this app_image = data.terraform_remote_state.core.outputs.media_proxy_ecr_repository.repository_uri diff --git a/infrastructure/staging/public_gateway.tf b/infrastructure/staging/public_gateway.tf index 29a06e757..491dbb02b 100644 --- a/infrastructure/staging/public_gateway.tf +++ b/infrastructure/staging/public_gateway.tf @@ -4,8 +4,9 @@ module "public_gateway" { identifier = var.public_gateway_identifier app_environment = var.app_environment - aws_region = var.aws_region - vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc + aws_region = var.aws_default_region + vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc + ecs_cluster = aws_ecs_cluster.this app_image = data.terraform_remote_state.core.outputs.public_gateway_ecr_repository.repository_uri diff --git a/infrastructure/staging/switch.tf b/infrastructure/staging/switch.tf index 6958fc9bc..42d66267e 100644 --- a/infrastructure/staging/switch.tf +++ b/infrastructure/staging/switch.tf @@ -7,12 +7,16 @@ module "switch" { subdomain = "switch-staging" efs_cache_name = "switch-staging-cache" recordings_bucket_name = "raw-recordings-staging.somleng.org" + application_master_key_parameter_name = "somleng-switch.${var.app_environment}.application_master_key" + rayo_password_parameter_name = "somleng-switch.${var.app_environment}.rayo_password" + freeswitch_event_socket_password_parameter_name = "somleng-switch.${var.app_environment}.freeswitch_event_socket_password" recordings_bucket_access_key_id_parameter_name = "somleng-switch.${var.app_environment}.recordings_bucket_access_key_id" recordings_bucket_secret_access_key_parameter_name = "somleng-switch.${var.app_environment}.recordings_bucket_secret_access_key" min_tasks = 0 max_tasks = 2 + aws_region = var.aws_default_region vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc ecs_cluster = aws_ecs_cluster.this sip_port = var.sip_port @@ -23,7 +27,6 @@ module "switch" { internal_route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org internal_load_balancer = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer internal_listener = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener - aws_region = var.aws_region app_image = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri nginx_image = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri @@ -34,38 +37,45 @@ module "switch" { alternative_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip } -# module "helium_switch" { -# source = "../modules/switch" +module "switch_helium" { + source = "../modules/switch" -# identifier = var.switch_identifier -# app_environment = var.app_environment -# json_cdr_url = "https://api-staging.internal.somleng.org/services/call_data_records" -# subdomain = "switch-staging" -# efs_cache_name = "switch-staging-cache" -# recordings_bucket = module.switch.recordings_bucket -# recordings_bucket_access_key_id_parameter = module.switch.recordings_bucket_access_key_id_parameter -# recordings_bucket_secret_access_key_parameter = module.switch.recordings_bucket_secret_access_key_parameter + identifier = var.switch_identifier + app_environment = var.app_environment + json_cdr_url = "https://api-staging.internal.somleng.org/services/call_data_records" + subdomain = "switch-staging" + efs_cache_name = "switch-staging-cache" + recordings_bucket = module.switch.recordings_bucket + recordings_bucket_access_key_id_parameter = module.switch.recordings_bucket_access_key_id_parameter + recordings_bucket_secret_access_key_parameter = module.switch.recordings_bucket_secret_access_key_parameter + application_master_key_parameter = module.switch.application_master_key_parameter + rayo_password_parameter = module.switch.rayo_password_parameter + freeswitch_event_socket_password_parameter = module.switch.freeswitch_event_socket_password_parameter -# min_tasks = 0 -# max_tasks = 2 + min_tasks = 0 + max_tasks = 2 + + aws_region = var.aws_helium_region + vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc_helium + ecs_cluster = aws_ecs_cluster.helium + sip_port = var.sip_port + sip_alternative_port = var.sip_alternative_port + freeswitch_event_socket_port = var.freeswitch_event_socket_port + json_cdr_password_parameter = data.aws_ssm_parameter.somleng_services_password + services_function = module.services.function + internal_route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org + internal_load_balancer = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer + internal_listener = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener -# vpc = data.terraform_remote_state.core_infrastructure.outputs.vpc -# ecs_cluster = aws_ecs_cluster.this -# sip_port = var.sip_port -# sip_alternative_port = var.sip_alternative_port -# freeswitch_event_socket_port = var.freeswitch_event_socket_port -# json_cdr_password_parameter = data.aws_ssm_parameter.somleng_services_password -# services_function = module.services.function -# internal_route53_zone = data.terraform_remote_state.core_infrastructure.outputs.route53_zone_internal_somleng_org -# internal_load_balancer = data.terraform_remote_state.core_infrastructure.outputs.internal_application_load_balancer -# internal_listener = data.terraform_remote_state.core_infrastructure.outputs.internal_https_listener -# aws_region = var.aws_region + app_image = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri + nginx_image = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri + freeswitch_image = data.terraform_remote_state.core.outputs.freeswitch_ecr_repository.repository_uri + freeswitch_event_logger_image = data.terraform_remote_state.core.outputs.freeswitch_event_logger_ecr_repository.repository_uri + external_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.vpc.nat_public_ips[0] + alternative_sip_outbound_ip = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip + alternative_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip -# app_image = data.terraform_remote_state.core.outputs.switch_ecr_repository.repository_uri -# nginx_image = data.terraform_remote_state.core.outputs.nginx_ecr_repository.repository_uri -# freeswitch_image = data.terraform_remote_state.core.outputs.freeswitch_ecr_repository.repository_uri -# freeswitch_event_logger_image = data.terraform_remote_state.core.outputs.freeswitch_event_logger_ecr_repository.repository_uri -# external_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.vpc.nat_public_ips[0] -# alternative_sip_outbound_ip = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip -# alternative_rtp_ip = data.terraform_remote_state.core_infrastructure.outputs.nat_instance_ip -# } + providers = { + aws = aws.helium + } +} diff --git a/infrastructure/staging/terraform.tf b/infrastructure/staging/terraform.tf index c49cda35d..b00b2308b 100644 --- a/infrastructure/staging/terraform.tf +++ b/infrastructure/staging/terraform.tf @@ -8,7 +8,12 @@ terraform { } provider "aws" { - region = var.aws_region + region = var.aws_default_region +} + +provider "aws" { + region = var.aws_helium_region + alias = "helium" } data "terraform_remote_state" "core" { @@ -17,7 +22,7 @@ data "terraform_remote_state" "core" { config = { bucket = "infrastructure.somleng.org" key = "somleng_switch_core.tfstate" - region = var.aws_region + region = var.aws_default_region } } @@ -27,6 +32,6 @@ data "terraform_remote_state" "core_infrastructure" { config = { bucket = "infrastructure.somleng.org" key = "core.tfstate" - region = var.aws_region + region = var.aws_default_region } } diff --git a/infrastructure/staging/variables.tf b/infrastructure/staging/variables.tf index 5060dae6f..aec8fb103 100644 --- a/infrastructure/staging/variables.tf +++ b/infrastructure/staging/variables.tf @@ -1,7 +1,15 @@ -variable "aws_region" { +variable "aws_default_region" { default = "ap-southeast-1" } +variable "aws_helium_region" { + default = "us-east-1" +} + +variable "ecs_cluster_name" { + default = "somleng-switch-staging" +} + variable "app_environment" { default = "staging" }