From 2c8213b18a46e6b837e887d2bc76b60b30f0ac34 Mon Sep 17 00:00:00 2001 From: Bryce Covert Date: Sat, 26 Sep 2020 09:28:48 -0700 Subject: [PATCH] lots of nice tweaks --- terraform/deploy.tf | 23 +- terraform/prod-taskdef.json | 2 +- terraform/prod.tfvars | 1 + terraform/staging-taskdef.json | 2 +- .../prod/terraform.tfstate | 61 ++++- .../prod/terraform.tfstate.backup | 231 +++++++++++++++++- 6 files changed, 296 insertions(+), 24 deletions(-) diff --git a/terraform/deploy.tf b/terraform/deploy.tf index 95ad8aae..a3e8bd43 100644 --- a/terraform/deploy.tf +++ b/terraform/deploy.tf @@ -1,7 +1,7 @@ variable "task_role_arn" {} variable "execution_role_arn" {} variable "ecs_cluster" {} -variable "service_registry" {} +variable "local_namespace" {} variable "http_listener_sg" { default = "sg-0024906e0e1f78048" @@ -49,7 +49,7 @@ resource "aws_ecs_service" "integreat_app" { service_registries { container_port = 0 port = 0 - registry_arn = "${var.service_registry}" + registry_arn = aws_service_discovery_service.service.arn } timeouts {} @@ -216,3 +216,22 @@ resource "aws_acm_certificate" "cert" { domain_name = "${var.domain}" validation_method = "DNS" } + +resource "aws_service_discovery_service" "service" { + name = "integreat-app-${var.stage}" + + dns_config { + namespace_id = var.local_namespace + + dns_records { + ttl = 10 + type = "A" + } + + routing_policy = "MULTIVALUE" + } + + health_check_custom_config { + failure_threshold = 1 + } +} diff --git a/terraform/prod-taskdef.json b/terraform/prod-taskdef.json index 7e1c047e..83e481f4 100644 --- a/terraform/prod-taskdef.json +++ b/terraform/prod-taskdef.json @@ -26,7 +26,7 @@ "logConfiguration": { "logDriver": "awslogs", "options": { - "awslogs-group": "/ecs/integreat-app", + "awslogs-group": "/ecs/integreat-app-prod", "awslogs-region": "us-east-1", "awslogs-stream-prefix": "ecs" } diff --git a/terraform/prod.tfvars b/terraform/prod.tfvars index 8e6f282c..5ca69795 100644 --- a/terraform/prod.tfvars +++ b/terraform/prod.tfvars @@ -8,3 +8,4 @@ task_role_arn="arn:aws:iam::679918342773:role/datomic-ddb" execution_role_arn="arn:aws:iam::679918342773:role/ecsTaskExecutionRole" ecs_cluster="arn:aws:ecs:us-east-1:679918342773:cluster/default" service_registry="arn:aws:servicediscovery:us-east-1:679918342773:service/srv-6auj2wqsh55k2nuj" +local_namespace="ns-gv2z744em7myo2jp" diff --git a/terraform/staging-taskdef.json b/terraform/staging-taskdef.json index 51ca0363..0ffea933 100644 --- a/terraform/staging-taskdef.json +++ b/terraform/staging-taskdef.json @@ -26,7 +26,7 @@ "logConfiguration": { "logDriver": "awslogs", "options": { - "awslogs-group": "/ecs/integreat-app", + "awslogs-group": "/ecs/integreat-app-staging", "awslogs-region": "us-east-1", "awslogs-stream-prefix": "ecs" } diff --git a/terraform/terraform.tfstate.d/prod/terraform.tfstate b/terraform/terraform.tfstate.d/prod/terraform.tfstate index 743b5a9d..59c03105 100644 --- a/terraform/terraform.tfstate.d/prod/terraform.tfstate +++ b/terraform/terraform.tfstate.d/prod/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "0.13.3", - "serial": 57, + "serial": 72, "lineage": "9b630886-8cee-a57d-c7a2-4f19f13f9c51", "outputs": { "aws_access_key_id": { @@ -33,7 +33,7 @@ "attributes": { "account_id": "679918342773", "arn": "arn:aws:iam::679918342773:user/bryce", - "id": "2020-09-26 04:46:35.120739 +0000 UTC", + "id": "2020-09-26 05:35:11.176798 +0000 UTC", "user_id": "AIDAJPUJFTOKO4IRADMV4" } } @@ -68,7 +68,7 @@ } ], "private_key": null, - "status": "PENDING_VALIDATION", + "status": "ISSUED", "subject_alternative_names": [], "tags": {}, "validation_emails": [], @@ -136,11 +136,11 @@ "container_name": "", "container_port": 0, "port": 0, - "registry_arn": "arn:aws:servicediscovery:us-east-1:679918342773:service/srv-6auj2wqsh55k2nuj" + "registry_arn": "arn:aws:servicediscovery:us-east-1:679918342773:service/srv-m232jsqnpvd5e2xb" } ], - "tags": null, - "task_definition": "arn:aws:ecs:us-east-1:679918342773:task-definition/integreat_app_prod:1", + "tags": {}, + "task_definition": "arn:aws:ecs:us-east-1:679918342773:task-definition/integreat_app_prod:4", "timeouts": { "delete": null } @@ -148,7 +148,8 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjoxMjAwMDAwMDAwMDAwfX0=", "dependencies": [ "aws_ecs_task_definition.integreat_app", - "aws_lb_target_group.integreat_app" + "aws_lb_target_group.integreat_app", + "aws_service_discovery_service.service" ] } ] @@ -162,8 +163,8 @@ { "schema_version": 1, "attributes": { - "arn": "arn:aws:ecs:us-east-1:679918342773:task-definition/integreat_app_prod:1", - "container_definitions": "[{\"cpu\":0,\"environment\":[{\"name\":\"config\",\"value\":\"/usr/local/config/prod.edn\"}],\"essential\":true,\"image\":\"679918342773.dkr.ecr.us-east-1.amazonaws.com/integreat\",\"logConfiguration\":{\"logDriver\":\"awslogs\",\"options\":{\"awslogs-group\":\"/ecs/integreat-app\",\"awslogs-region\":\"us-east-1\",\"awslogs-stream-prefix\":\"ecs\"}},\"mountPoints\":[],\"name\":\"integreat-app\",\"portMappings\":[{\"containerPort\":3000,\"hostPort\":3000,\"protocol\":\"tcp\"},{\"containerPort\":9000,\"hostPort\":9000,\"protocol\":\"tcp\"}],\"volumesFrom\":[]}]", + "arn": "arn:aws:ecs:us-east-1:679918342773:task-definition/integreat_app_prod:4", + "container_definitions": "[{\"cpu\":0,\"environment\":[{\"name\":\"config\",\"value\":\"/usr/local/config/prod.edn\"}],\"essential\":true,\"image\":\"679918342773.dkr.ecr.us-east-1.amazonaws.com/integreat\",\"logConfiguration\":{\"logDriver\":\"awslogs\",\"options\":{\"awslogs-group\":\"/ecs/integreat-app-prod\",\"awslogs-region\":\"us-east-1\",\"awslogs-stream-prefix\":\"ecs\"}},\"mountPoints\":[],\"name\":\"integreat-app\",\"portMappings\":[{\"containerPort\":3000,\"hostPort\":3000,\"protocol\":\"tcp\"},{\"containerPort\":9000,\"hostPort\":9000,\"protocol\":\"tcp\"}],\"volumesFrom\":[]}]", "cpu": "2048", "execution_role_arn": "arn:aws:iam::679918342773:role/ecsTaskExecutionRole", "family": "integreat_app_prod", @@ -178,8 +179,8 @@ "requires_compatibilities": [ "FARGATE" ], - "revision": 1, - "tags": {}, + "revision": 4, + "tags": null, "task_role_arn": "arn:aws:iam::679918342773:role/datomic-ddb", "volume": [] }, @@ -733,6 +734,44 @@ } ] }, + { + "mode": "managed", + "type": "aws_service_discovery_service", + "name": "service", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:servicediscovery:us-east-1:679918342773:service/srv-m232jsqnpvd5e2xb", + "description": "", + "dns_config": [ + { + "dns_records": [ + { + "ttl": 10, + "type": "A" + } + ], + "namespace_id": "ns-gv2z744em7myo2jp", + "routing_policy": "MULTIVALUE" + } + ], + "health_check_config": [], + "health_check_custom_config": [ + { + "failure_threshold": 1 + } + ], + "id": "srv-m232jsqnpvd5e2xb", + "name": "integreat-app-prod", + "namespace_id": "ns-gv2z744em7myo2jp", + "tags": {} + }, + "private": "bnVsbA==" + } + ] + }, { "mode": "managed", "type": "aws_ses_receipt_rule", diff --git a/terraform/terraform.tfstate.d/prod/terraform.tfstate.backup b/terraform/terraform.tfstate.d/prod/terraform.tfstate.backup index 67446de3..d019d050 100644 --- a/terraform/terraform.tfstate.d/prod/terraform.tfstate.backup +++ b/terraform/terraform.tfstate.d/prod/terraform.tfstate.backup @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "0.13.3", - "serial": 53, + "serial": 68, "lineage": "9b630886-8cee-a57d-c7a2-4f19f13f9c51", "outputs": { "aws_access_key_id": { @@ -33,7 +33,7 @@ "attributes": { "account_id": "679918342773", "arn": "arn:aws:iam::679918342773:user/bryce", - "id": "2020-09-26 04:38:28.157451 +0000 UTC", + "id": "2020-09-26 05:16:10.008633 +0000 UTC", "user_id": "AIDAJPUJFTOKO4IRADMV4" } } @@ -68,9 +68,9 @@ } ], "private_key": null, - "status": "PENDING_VALIDATION", + "status": "ISSUED", "subject_alternative_names": [], - "tags": null, + "tags": {}, "validation_emails": [], "validation_method": "DNS" }, @@ -78,6 +78,82 @@ } ] }, + { + "mode": "managed", + "type": "aws_ecs_service", + "name": "integreat_app", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "capacity_provider_strategy": [], + "cluster": "arn:aws:ecs:us-east-1:679918342773:cluster/default", + "deployment_controller": [ + { + "type": "ECS" + } + ], + "deployment_maximum_percent": 200, + "deployment_minimum_healthy_percent": 100, + "desired_count": 1, + "enable_ecs_managed_tags": false, + "force_new_deployment": null, + "health_check_grace_period_seconds": 600, + "iam_role": "aws-service-role", + "id": "arn:aws:ecs:us-east-1:679918342773:service/integreat_app_prod", + "launch_type": "FARGATE", + "load_balancer": [ + { + "container_name": "integreat-app", + "container_port": 3000, + "elb_name": "", + "target_group_arn": "arn:aws:elasticloadbalancing:us-east-1:679918342773:targetgroup/integreat-app-prod/d5b51736182d8407" + } + ], + "name": "integreat_app_prod", + "network_configuration": [ + { + "assign_public_ip": true, + "security_groups": [ + "sg-004e5855310c453a3", + "sg-02d167406b1082698" + ], + "subnets": [ + "subnet-5e675761", + "subnet-8519fde2", + "subnet-89bab8d4" + ] + } + ], + "ordered_placement_strategy": [], + "placement_constraints": [], + "platform_version": "LATEST", + "propagate_tags": "NONE", + "scheduling_strategy": "REPLICA", + "service_registries": [ + { + "container_name": "", + "container_port": 0, + "port": 0, + "registry_arn": "arn:aws:servicediscovery:us-east-1:679918342773:service/srv-m232jsqnpvd5e2xb" + } + ], + "tags": null, + "task_definition": "arn:aws:ecs:us-east-1:679918342773:task-definition/integreat_app_prod:1", + "timeouts": { + "delete": null + } + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjoxMjAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "aws_ecs_task_definition.integreat_app", + "aws_lb_target_group.integreat_app", + "aws_service_discovery_service.service" + ] + } + ] + }, { "mode": "managed", "type": "aws_ecs_task_definition", @@ -104,7 +180,7 @@ "FARGATE" ], "revision": 1, - "tags": null, + "tags": {}, "task_role_arn": "arn:aws:iam::679918342773:role/datomic-ddb", "volume": [] }, @@ -249,7 +325,7 @@ "subnet-8519fde2", "subnet-89bab8d4" ], - "tags": null, + "tags": {}, "timeouts": null, "vpc_id": "vpc-b5b7d6ce", "zone_id": "Z35SXDOTRQ7X7K" @@ -306,12 +382,111 @@ } ] }, + { + "mode": "managed", + "type": "aws_lb_listener", + "name": "https", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:elasticloadbalancing:us-east-1:679918342773:listener/app/integreat-app-prod/8cc253ef044f9626/c025e5fb0a1abd93", + "certificate_arn": "arn:aws:acm:us-east-1:679918342773:certificate/edf1d7f0-8358-4a40-a44f-3ccdb81da12f", + "default_action": [ + { + "authenticate_cognito": [], + "authenticate_oidc": [], + "fixed_response": [], + "forward": [], + "order": 1, + "redirect": [], + "target_group_arn": "arn:aws:elasticloadbalancing:us-east-1:679918342773:targetgroup/integreat-app-prod/d5b51736182d8407", + "type": "forward" + } + ], + "id": "arn:aws:elasticloadbalancing:us-east-1:679918342773:listener/app/integreat-app-prod/8cc253ef044f9626/c025e5fb0a1abd93", + "load_balancer_arn": "arn:aws:elasticloadbalancing:us-east-1:679918342773:loadbalancer/app/integreat-app-prod/8cc253ef044f9626", + "port": 443, + "protocol": "HTTPS", + "ssl_policy": "ELBSecurityPolicy-2016-08", + "timeouts": { + "read": null + } + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsicmVhZCI6NjAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "aws_acm_certificate.cert", + "aws_lb.integreat_app", + "aws_lb_target_group.integreat_app" + ] + } + ] + }, { "mode": "managed", "type": "aws_lb_listener_rule", "name": "static", "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [] + "instances": [ + { + "schema_version": 0, + "attributes": { + "action": [ + { + "authenticate_cognito": [], + "authenticate_oidc": [], + "fixed_response": [], + "forward": [], + "order": 1, + "redirect": [ + { + "host": "s3.amazonaws.com", + "path": "/app.integreatconsult.com/#{path}", + "port": "443", + "protocol": "HTTPS", + "query": "#{query}", + "status_code": "HTTP_301" + } + ], + "target_group_arn": "", + "type": "redirect" + } + ], + "arn": "arn:aws:elasticloadbalancing:us-east-1:679918342773:listener-rule/app/integreat-app-prod/8cc253ef044f9626/c025e5fb0a1abd93/648966d75d9f887e", + "condition": [ + { + "host_header": [], + "http_header": [], + "http_request_method": [], + "path_pattern": [ + { + "values": [ + "/css/*", + "/finance-font/*", + "/img/*", + "/js/compiled/app.js", + "index.html" + ] + } + ], + "query_string": [], + "source_ip": [] + } + ], + "id": "arn:aws:elasticloadbalancing:us-east-1:679918342773:listener-rule/app/integreat-app-prod/8cc253ef044f9626/c025e5fb0a1abd93/648966d75d9f887e", + "listener_arn": "arn:aws:elasticloadbalancing:us-east-1:679918342773:listener/app/integreat-app-prod/8cc253ef044f9626/c025e5fb0a1abd93", + "priority": 1 + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_acm_certificate.cert", + "aws_lb.integreat_app", + "aws_lb_listener.https", + "aws_lb_target_group.integreat_app" + ] + } + ] }, { "mode": "managed", @@ -354,7 +529,7 @@ "type": "lb_cookie" } ], - "tags": null, + "tags": {}, "target_type": "ip", "vpc_id": "vpc-b5b7d6ce" }, @@ -504,7 +679,7 @@ "replication_configuration": [], "request_payer": "BucketOwner", "server_side_encryption_configuration": [], - "tags": null, + "tags": {}, "versioning": [ { "enabled": false, @@ -559,6 +734,44 @@ } ] }, + { + "mode": "managed", + "type": "aws_service_discovery_service", + "name": "service", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:servicediscovery:us-east-1:679918342773:service/srv-m232jsqnpvd5e2xb", + "description": "", + "dns_config": [ + { + "dns_records": [ + { + "ttl": 10, + "type": "A" + } + ], + "namespace_id": "ns-gv2z744em7myo2jp", + "routing_policy": "MULTIVALUE" + } + ], + "health_check_config": [], + "health_check_custom_config": [ + { + "failure_threshold": 1 + } + ], + "id": "srv-m232jsqnpvd5e2xb", + "name": "integreat-app-prod", + "namespace_id": "ns-gv2z744em7myo2jp", + "tags": {} + }, + "private": "bnVsbA==" + } + ] + }, { "mode": "managed", "type": "aws_ses_receipt_rule",