notid/integreat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ta

Browse Source
This commit is contained in:
Bryce Covert
2020-09-24 17:39:55 -07:00
parent 9a96b4a287
commit efb6b76670
11 changed files with 2007 additions and 1310 deletions
Download Patch File Download Diff File Expand all files Collapse all files

218
terraform/deploy.tf Normal file
View File

@@ -0,0 +1,218 @@
variable "task_role_arn" {}
variable "execution_role_arn" {}
variable "ecs_cluster" {}
variable "service_registry" {}
variable "http_listener_sg" {
default = "sg-0024906e0e1f78048"
}
variable "lb_subnets" {
default = [ "subnet-16161a39", "subnet-323deb78", "subnet-44c2774b", "subnet-5e675761", "subnet-8519fde2", "subnet-89bab8d4", ]
}
resource "aws_ecs_task_definition" "integreat_app" {
family = "integreat_app_${var.stage}"
container_definitions = file("${var.stage}-taskdef.json")
memory = 4096
cpu = 2048
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
execution_role_arn = "${var.execution_role_arn}"
task_role_arn = "${var.task_role_arn}"
}
resource "aws_ecs_service" "integreat_app" {
name = "integreat_app_${var.stage}"
cluster = "${var.ecs_cluster}"
task_definition = aws_ecs_task_definition.integreat_app.arn
desired_count = 1
health_check_grace_period_seconds = 600
deployment_controller {
type = "ECS"
}
scheduling_strategy = "REPLICA"
launch_type = "FARGATE"
platform_version = "LATEST"
network_configuration {
assign_public_ip = true
security_groups = [ "sg-004e5855310c453a3", "sg-02d167406b1082698"]
subnets = [ "subnet-5e675761", "subnet-8519fde2", "subnet-89bab8d4" ]
}
load_balancer {
target_group_arn = aws_lb_target_group.integreat_app.arn
container_name = "integreat-app"
container_port = 3000
}
service_registries {
container_port = 0
port = 0
registry_arn = "${var.service_registry}"
}
timeouts {}
}
resource "aws_lb" "integreat_app" {
name = "integreat-app-${var.stage}"
internal = false
load_balancer_type = "application"
security_groups = ["${var.http_listener_sg}"]
subnets = var.lb_subnets
ip_address_type = "ipv4"
enable_deletion_protection = true
}
resource "aws_lb_target_group" "integreat_app" {
name = "integreat-app-${var.stage}"
port = 80
protocol = "HTTP"
vpc_id = "vpc-b5b7d6ce"
deregistration_delay = 120
load_balancing_algorithm_type = "round_robin"
slow_start = 0
tags = {}
target_type = "ip"
health_check {
enabled = true
healthy_threshold = 2
interval = 15
matcher = "200"
path = "/api/health-check"
port = "traffic-port"
protocol = "HTTP"
timeout = 5
unhealthy_threshold = 2
}
stickiness {
cookie_duration = 86400
enabled = false
type = "lb_cookie"
}
}
resource "aws_lb_listener" "http" {
load_balancer_arn = aws_lb.integreat_app.arn
port = 80
protocol = "HTTP"
default_action {
order = 1
type = "redirect"
redirect {
host = "#{host}"
path = "/#{path}"
port = "443"
protocol = "HTTPS"
query = "#{query}"
status_code = "HTTP_301"
}
}
timeouts {}
}
resource "aws_lb_listener" "https" {
certificate_arn = aws_acm_certificate.cert.arn
load_balancer_arn = aws_lb.integreat_app.arn
port = 443
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
default_action {
order = 1
target_group_arn = aws_lb_target_group.integreat_app.arn
type = "forward"
}
timeouts {}
}
resource "aws_lb_listener_rule" "static" {
listener_arn = aws_lb_listener.https.arn
priority = 1
action {
order = 1
type = "redirect"
redirect {
host = "s3.amazonaws.com"
path = "/${var.domain}/#{path}"
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
condition {
path_pattern {
values = [
"/css/*",
"/finance-font/*",
"/img/*",
"/js/compiled/app.js",
"index.html",
]
}
}
}
resource "aws_s3_bucket" "static" {
bucket = "${var.domain}"
request_payer = "BucketOwner"
tags = {}
cors_rule {
allowed_headers = [
"*",
]
allowed_methods = [
"PUT",
"POST",
"DELETE",
"GET",
]
allowed_origins = [
"${var.base_url}",
]
expose_headers = []
max_age_seconds = 0
}
versioning {
enabled = false
mfa_delete = false
}
website {
index_document = "index.html"
}
policy = <<POLICY
{
"Id": "Policy1526084187222",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1526084185514",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::${var.domain}/*",
"Principal": "*"
}
]
}
POLICY
}
resource "aws_acm_certificate" "cert" {
domain_name = "${var.domain}"
validation_method = "DNS"
}

89
terraform/events.tf
View File

@@ -1,89 +0,0 @@
resource "aws_sns_topic" "yodlee_topic" {
name = "events-yodlee-${var.stage}"
policy = <<EOF
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:Publish",
"SNS:RemovePermission",
"SNS:SetTopicAttributes",
"SNS:DeleteTopic",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:Receive",
"SNS:AddPermission",
"SNS:Subscribe"
],
"Resource": "arn:aws:sns:us-east-1:679918342773:yodlee",
"Condition": {
"StringEquals": {
"AWS:SourceOwner": "679918342773"
}
}
},
{
"Sid": "__console_pub_0",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:us-east-1:679918342773:yodlee"
}
]
}
EOF
}
resource "aws_sns_topic_subscription" "trigger_yodlee_import" {
topic_arn = "${aws_sns_topic.yodlee_topic.arn}"
protocol = "https"
endpoint = "${var.base_url}/api/events/yodlee-import"
endpoint_auto_confirms = true
}
resource "aws_cloudwatch_event_rule" "yodlee_rule" {
name = "schedule-yodlee-import-${var.stage}"
schedule_expression = "rate(4 hours)"
role_arn = "${aws_iam_role.yodlee_role.arn}"
}
resource "aws_cloudwatch_event_target" "yodlee_sns_target" {
rule = "${aws_cloudwatch_event_rule.yodlee_rule.name}"
target_id = "SendToSNS"
arn = "${aws_sns_topic.yodlee_topic.arn}"
}
resource "aws_iam_role" "yodlee_role" {
name = "yodlee-role-${var.stage}"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "events.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "allow_schedule_yodlee" {
role = "${aws_iam_role.yodlee_role.name}"
policy_arn = "arn:aws:iam::aws:policy/AmazonSNSFullAccess"
}

51
terraform/pipeline.tf.old Normal file
View File

@@ -0,0 +1,51 @@
resource "aws_codepipeline" "deploy" {
name="deploy-integreat-${var.stage}"
role_arn = "arn:aws:codepipeline:us-east-1:679918342773:deploy-app-s3"
artifact_store {
location = "${aws_s3_bucket.codepipeline_bucket.bucket}"
type = "S3"
}
stage {
name = "Source"
action {
name="Source"
category = "Source"
configuration {
BranchName = "master"
PollForSourcChanges = false
RepositoryName = "integreat"
}
provider = "CodeCommit"
run_order = 1
owner = "AWS"
version = 1
output_artifacts = ["SourceArtifact"]
}
}
stage {
name = "build"
action {
name="build"
category = "Build"
configuration {
ProjectName = "build-integreat-app"
}
input_artifacts = ["SourceArtifact"]
output_artifacts = ["jar", "web"]
owner = "AWS"
provider = "CodeBuild"
version = 1
}
}
}
resource "aws_s3_bucket" "codepipeline_bucket" {
bucket = "integreat-codepipeline-${var.stage}"
acl = "private"
}

35
terraform/prod-taskdef.json Normal file
View File

@@ -0,0 +1,35 @@
[
{
"name": "integreat-app",
"image": "679918342773.dkr.ecr.us-east-1.amazonaws.com/integreat",
"portMappings": [
{
"containerPort": 3000,
"hostPort": 3000,
"protocol": "tcp"
},
{
"containerPort": 9000,
"hostPort": 9000,
"protocol": "tcp"
}
],
"essential": true,
"environment": [
{
"name": "config",
"value": "/usr/local/config/prod.edn"
}
],
"mountPoints": [],
"volumesFrom": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/integreat-app",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
}
}
]

4
terraform/prod.tfvars
View File

@@ -4,3 +4,7 @@ domain="app.integreatconsult.com"
invoice_address="invoices@mail.app.integreatconsult.com"
base_url="https://app.integreatconsult.com"
stage="prod"
task_role_arn="arn:aws:iam::679918342773:role/datomic-ddb"
execution_role_arn="arn:aws:iam::679918342773:role/ecsTaskExecutionRole"
ecs_cluster="arn:aws:ecs:us-east-1:679918342773:cluster/default"
service_registry="arn:aws:servicediscovery:us-east-1:679918342773:service/srv-6auj2wqsh55k2nuj"

89
terraform/reminders.tf
View File

@@ -1,89 +0,0 @@
resource "aws_sns_topic" "reminder_topic" {
name = "reminders-${var.stage}"
policy = <<EOF
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:Publish",
"SNS:RemovePermission",
"SNS:SetTopicAttributes",
"SNS:DeleteTopic",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:Receive",
"SNS:AddPermission",
"SNS:Subscribe"
],
"Resource": "arn:aws:sns:us-east-1:679918342773:reminders",
"Condition": {
"StringEquals": {
"AWS:SourceOwner": "679918342773"
}
}
},
{
"Sid": "__console_pub_0",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:us-east-1:679918342773:reminders"
}
]
}
EOF
}
resource "aws_sns_topic_subscription" "send_reminders_to_service" {
topic_arn = "${aws_sns_topic.reminder_topic.arn}"
protocol = "https"
endpoint = "${var.base_url}/api/reminders/send"
endpoint_auto_confirms = true
}
resource "aws_cloudwatch_event_rule" "scheduled_reminders" {
name = "send-scheduled-emails-${var.stage}"
schedule_expression = "rate(4 hours)"
role_arn = "${aws_iam_role.reminder_send_role.arn}"
}
resource "aws_cloudwatch_event_target" "sns" {
rule = "${aws_cloudwatch_event_rule.scheduled_reminders.name}"
target_id = "SendToSNS"
arn = "${aws_sns_topic.reminder_topic.arn}"
}
resource "aws_iam_role" "reminder_send_role" {
name = "reminder-send-role-${var.stage}"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "events.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "allow_send" {
role = "${aws_iam_role.reminder_send_role.name}"
policy_arn = "arn:aws:iam::aws:policy/AmazonSNSFullAccess"
}

35
terraform/staging-taskdef.json Normal file
View File

@@ -0,0 +1,35 @@
[
{
"name": "integreat-app",
"image": "679918342773.dkr.ecr.us-east-1.amazonaws.com/integreat",
"portMappings": [
{
"containerPort": 3000,
"hostPort": 3000,
"protocol": "tcp"
},
{
"containerPort": 9000,
"hostPort": 9000,
"protocol": "tcp"
}
],
"essential": true,
"environment": [
{
"name": "config",
"value": "/usr/local/config/staging.edn"
}
],
"mountPoints": [],
"volumesFrom": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/integreat-app",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
}
}
]

8
terraform/staging.tfvars
View File

@@ -1,6 +1,10 @@
aws_access_key_id="AKIAINHACMVQJ6NYD26A"
aws_secret_access_key="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"
domain="staging.app.integreatconsult.com"
domain="staging3.app.integreatconsult.com"
invoice_address="invoices-staging@mail.app.integreatconsult.com"
base_url="https://staging.app.integreatconsult.com"
base_url="https://staging3.app.integreatconsult.com"
stage="staging"
task_role_arn="arn:aws:iam::679918342773:role/datomic-ddb"
execution_role_arn="arn:aws:iam::679918342773:role/ecsTaskExecutionRole"
ecs_cluster="arn:aws:ecs:us-east-1:679918342773:cluster/default"
service_registry="arn:aws:servicediscovery:us-east-1:679918342773:service/srv-6auj2wqsh55k2nuj"

1192
terraform/terraform.tfstate.d/staging/terraform.tfstate
View File

File diff suppressed because it is too large Load Diff

1192
terraform/terraform.tfstate.d/staging/terraform.tfstate.backup
View File

File diff suppressed because it is too large Load Diff

8
terraform/versions.tf Normal file
View File

@@ -0,0 +1,8 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
required_version = ">= 0.13"
}