continued refactor, parameterize some names, update terraform script …

…with additional checks
CDCgov · Jun 21, 2024 · 514fb8b · 514fb8b
1 parent d8a3e7f
commit 514fb8b
Show file tree

Hide file tree

Showing 15 changed files with 240 additions and 217 deletions.
diff --git a/terraform/implementation/ecs/_local.tf b/terraform/implementation/ecs/_local.tf
@@ -1,8 +1,15 @@
+resource "random_string" "s3_viewer" {
+  length  = 8
+  special = false
+  upper   = false
+}
+
 locals {
   service_data = {
     ecr-viewer = {
       fargate_cpu    = 1024,
       fargate_memory = 2048,
+      app_count      = 1
       app_image      = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/ecr-viewer:${var.phdi_version}",
       container_port = 3000,
       host_port      = 3000,
@@ -14,13 +21,14 @@ locals {
         },
         {
           name  = "ECR_BUCKET_NAME",
-          value = var.s3_viewer_bucket_name
+          value = local.s3_viewer_bucket_name
         }
       ]
     },
     fhir-converter = {
       fargate_cpu    = 1024,
       fargate_memory = 2048,
+      app_count      = 1
       app_image      = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/fhir-converter:${var.phdi_version}",
       container_port = 8080,
       host_port      = 8080,
@@ -30,6 +38,7 @@ locals {
     ingestion = {
       fargate_cpu    = 1024,
       fargate_memory = 2048,
+      app_count      = 1
       app_image      = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/ingestion:${var.phdi_version}",
       container_port = 8080,
       host_port      = 8080,
@@ -39,6 +48,7 @@ locals {
     validation = {
       fargate_cpu    = 1024,
       fargate_memory = 2048,
+      app_count      = 1
       app_image      = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/validation:${var.phdi_version}",
       container_port = 8080,
       host_port      = 8080,
@@ -48,6 +58,7 @@ locals {
     message-parser = {
       fargate_cpu    = 1024,
       fargate_memory = 2048,
+      app_count      = 1
       app_image      = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/message-parser:${var.phdi_version}",
       container_port = 8080,
       host_port      = 8080,
@@ -57,6 +68,7 @@ locals {
     trigger-code-reference = {
       fargate_cpu    = 1024,
       fargate_memory = 2048,
+      app_count      = 1
       app_image      = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/trigger-code-reference:${var.phdi_version}",
       container_port = 8080,
       host_port      = 8080,
@@ -66,6 +78,7 @@ locals {
     orchestration = {
       fargate_cpu    = 1024,
       fargate_memory = 2048,
+      app_count      = 1
       app_image      = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/orchestration:${var.phdi_version}",
       container_port = 8080,
       host_port      = 8080,
@@ -103,19 +116,19 @@ locals {
     }
   }
 
-  ecs_alb_sg                   = "${var.ecs_alb_sg}-${var.owner}-${terraform.workspace}"
-  ecs_alb_name                 = "${var.ecs_alb_name}-${var.owner}-${terraform.workspace}"
-  ecs_app_service_name         = "${var.ecs_app_service_name}-${var.owner}-${terraform.workspace}"
-  ecs_app_task_name            = "${var.ecs_app_task_name}-${var.owner}-${terraform.workspace}"
-  ecs_task_execution_role_name = "${var.ecs_task_execution_role_name}-${var.owner}-${terraform.workspace}"
-  ecs_cloudwatch_log_group     = "${var.ecs_cloudwatch_log_group}-${var.owner}-${terraform.workspace}"
-  ecs_target_group_name        = "${var.ecs_target_group_name}-${var.owner}-${terraform.workspace}"
-  ecs_app_task_family          = "${var.ecs_app_task_family}-${var.owner}-${terraform.workspace}"
-  ecs_cluster_name             = "${var.ecs_cluster_name}-${var.owner}-${terraform.workspace}"
-  s3_viewer_bucket_name        = "${var.s3_viewer_bucket_name}-${var.owner}-${terraform.workspace}"
-  s3_viewer_bucket_role_name   = "${var.s3_viewer_bucket_role_name}-${var.owner}-${terraform.workspace}"
-  s3_viewer_bucket_policy_name = "${var.s3_viewer_bucket_policy_name}-${var.owner}-${terraform.workspace}"
-  vpc                          = "${var.vpc}-${var.owner}-${terraform.workspace}"
+  ecs_ecr_policy_name          = "${var.project}-${var.ecs_ecr_policy_name}-${var.owner}-${terraform.workspace}"
+  ecs_alb_sg                   = "${var.project}-${var.ecs_alb_sg}-${var.owner}-${terraform.workspace}"
+  ecs_alb_name                 = "${var.project}-${var.ecs_alb_name}-${var.owner}-${terraform.workspace}"
+  ecs_app_task_name            = "${var.project}-${var.ecs_app_task_name}-${var.owner}-${terraform.workspace}"
+  ecs_task_execution_role_name = "${var.project}-${var.ecs_task_execution_role_name}-${var.owner}-${terraform.workspace}"
+  ecs_cloudwatch_group         = "/${var.project}-${var.ecs_cloudwatch_group}-${var.owner}-${terraform.workspace}"
+  ecs_cluster_name             = "${var.project}-${var.ecs_cluster_name}-${var.owner}-${terraform.workspace}"
+  ecs_cloudwatch_policy_name   = "${var.project}-${var.ecs_cloudwatch_policy_name}-${var.owner}-${terraform.workspace}"
+  ecs_cloudwatch_role_name     = "${var.project}-${var.ecs_cloudwatch_role_name}-${var.owner}-${terraform.workspace}"
+  s3_viewer_bucket_name        = "${var.project}-${var.s3_viewer_bucket_name}-${var.owner}-${terraform.workspace}-${random_string.s3_viewer.result}"
+  s3_viewer_bucket_role_name   = "${var.project}-${var.s3_viewer_bucket_role_name}-${var.owner}-${terraform.workspace}"
+  s3_viewer_bucket_policy_name = "${var.project}-${var.s3_viewer_bucket_policy_name}-${var.owner}-${terraform.workspace}"
+  vpc                          = "${var.project}-${var.vpc}-${var.owner}-${terraform.workspace}"
 
   enable_nat_gateway = var.enable_nat_gateway
   single_nat_gateway = var.single_nat_gateway

diff --git a/terraform/implementation/ecs/_variable.tf b/terraform/implementation/ecs/_variable.tf
@@ -1,6 +1,11 @@
 variable "owner" {
   description = "The owner of the infrastructure (use snake or camel case, no spaces, up to 10 characters)"
   type        = string
+  default     = "skylight"
+}
+variable "project" {
+  description = ""
+  type        = string
   default     = "dibbs"
 }
 variable "region" {
@@ -16,22 +21,17 @@ variable "availability_zones" {
 variable "ecs_alb_name" {
   description = "The name of the Application Load Balancer"
   type        = string
-  default     = "dibbs-ecs-alb"
+  default     = "ecs-alb"
 }
 variable "ecs_app_task_name" {
   description = "The name of the ECS task"
   type        = string
-  default     = "dibbs-ecs-task"
-}
-variable "ecs_app_service_name" {
-  description = "The name of the ECS service"
-  type        = string
-  default     = "dibbs-ecs-asn"
+  default     = "ecs-task"
 }
 variable "ecs_alb_sg" {
   description = "The security group for the Application Load Balancer"
   type        = string
-  default     = "dibbs-ecs-albsg"
+  default     = "ecs-albsg"
 }
 variable "cw_retention_in_days" {
   description = "The number of days to retain logs in CloudWatch"
@@ -43,25 +43,15 @@ variable "ecs_cluster_name" {
   type        = string
   default     = "ecs-cluster"
 }
-variable "ecs_target_group_name" {
-  description = "The name of the target group"
-  type        = string
-  default     = "dibbs-ecs-tgn"
-}
-variable "ecs_app_task_family" {
-  description = "The family of the ECS task"
-  type        = string
-  default     = "dibbs-ecs-atf"
-}
 variable "ecs_task_execution_role_name" {
   description = "The name of the ECS task execution role"
   type        = string
-  default     = "dibbs-ecs-tern"
+  default     = "ecs-tern"
 }
 variable "vpc" {
   description = "The name of the VPC"
   type        = string
-  default     = "dibbs-ecs-vpc"
+  default     = "ecs-vpc"
 }
 variable "private_subnets" {
   description = "The private subnets"
@@ -78,10 +68,10 @@ variable "vpc_cidr" {
   type        = string
   default     = "176.24.0.0/16"
 }
-variable "ecs_cloudwatch_log_group" {
+variable "ecs_cloudwatch_group" {
   description = "The name of the CloudWatch log group"
   type        = string
-  default     = "/dibbs-ecs-cwlg"
+  default     = "ecs-cwlg"
 }
 variable "enable_nat_gateway" {
   description = "Enable NAT Gateway"
@@ -96,27 +86,38 @@ variable "single_nat_gateway" {
 variable "s3_viewer_bucket_name" {
   description = "The name of the viewer bucket"
   type        = string
-  default     = "dibbs-s3-viewer"
+  default     = "s3-viewer"
 }
 variable "s3_viewer_bucket_role_name" {
   description = "The role for the viewer bucket"
   type        = string
-  default     = "dibbs-s3-viewer-role"
+  default     = "s3-viewer-role"
 }
 variable "s3_viewer_bucket_policy_name" {
   description = "The policy name for the viewer bucket"
   type        = string
-  default     = "dibbs-s3-viewer-policy"
+  default     = "s3-viewer-policy"
 }
 variable "tags" {
   description = "Tags to apply to resources"
   type        = map(string)
   default     = {}
 }
-
 # Manually update to set the version you want to run
 variable "phdi_version" {
   type        = string
   description = "PHDI container image version"
   default     = "v1.4.4"
+}
+variable "ecs_ecr_policy_name" {
+  type    = string
+  default = "ecs-ecrp"
+}
+variable "ecs_cloudwatch_policy_name" {
+  type    = string
+  default = "ecs-cwp"
+}
+variable "ecs_cloudwatch_role_name" {
+  type    = string
+  default = "ecs-cwr"
 }
diff --git a/terraform/implementation/ecs/ecs.sh b/terraform/implementation/ecs/ecs.sh
@@ -1,47 +1,100 @@
 #!/bin/bash
 
-#!/bin/bash
+# Load environment variables from .env file
+if [ -f ../.env ]; then
+    export $(cat ../.env | xargs)
+fi
+
+# set default values
+ENVIRONMENT="${ENVIRONMENT:-}"
+BUCKET="${BUCKET:-}"
+DYNAMODB_TABLE="${DYNAMODB_TABLE:-}"
+REGION="${REGION:-}"
 
-# set environment variables
-ENVIRONMENT=$1
-PRODUCTION="production"
+# parse command line arguments
+while [[ $# -gt 0 ]]
+do
+    key="$1"
+
+    case $key in
+        -env|--env|-e)
+        ENVIRONMENT="$2"
+        shift
+        shift
+        ;;
+        -bucket|--bucket|-b)
+        BUCKET="$2"
+        shift
+        shift
+        ;;
+        -dynamodb_table|--dynamodb-table|-d)
+        DYNAMODB_TABLE="$2"
+        shift
+        shift
+        ;;
+        -region|--region|-r)
+        REGION="$2"
+        shift
+        shift
+        ;;
+        -h|--help)
+        echo "Usage: ./ecs.sh [OPTIONS]"
+        echo "Options:"
+        echo "  -e, --env            | Set the environment (e.g., production, staging) [REQUIRED]"
+        echo "  -b, --bucket         | Set the bucket name [REQUIRED]"
+        echo "  -d, --dynamodb-table | Set the DynamoDB table name [REQUIRED]"
+        echo "  -r, --region         | Set the AWS region [REQUIRED]"
+        echo "  -h, --help           | Show help"
+        exit 0
+        ;;
+        *)
+        echo "Invalid argument: $1"
+        exit 1
+        ;;
+    esac
+done
+
+if [ -z "$ENVIRONMENT" ] || [ -z "$BUCKET" ] || [ -z "$DYNAMODB_TABLE" ] || [ -z "$REGION" ]; then
+    echo "Missing required arguments. Please provide all the required arguments."
+    ./ecs.sh -h
+    exit 1
+fi
 
 if ! command -v terraform &> /dev/null; then
     echo "Terraform is not installed. Please install Terraform and try again."
     exit 1
 fi
 
-# check if $PRODUCTION or other environment
-if [ "$ENVIRONMENT" == "$PRODUCTION" ]; then
-    terraform init -var-file="$PRODUCTION.tfvars"
-    terraform plan -var-file="$PRODUCTION.tfvars"
-elif [ "$ENVIRONMENT" != "$PRODUCTION" ] && [ "$ENVIRONMENT" != "" ]; then
-    echo "$ENVIRONMENT"
-    terraform init \
-        -migrate-state \
-        -var-file="$ENVIRONMENT.tfvars" \
-        -backend-config "bucket=dibbs-aws-tfstate-alis-default" \
-        -backend-config "dynamodb_table=dibbs-aws-tfstate-lock-alis-default" \
-        -backend-config "region=us-east-1"
-    # terraform plan \
-    #     -var-file="$ENVIRONMENT.tfvars" \
-    #     -target=module.vpc -target=module.iam -target=module.ecr -target=module.s3 -target=module.ecs
-    terraform apply \
-        -var-file="$ENVIRONMENT.tfvars" \
-        -target=module.vpc -target=module.iam -target=module.ecr -target=module.s3 -target=module.ecs
-else
-    echo "Please provide a valid environment: $PRODUCTION or another string"
+if [ ! -f "$ENVIRONMENT.tfvars" ]; then
+    echo "No tfvars file exists, creating '$ENVIRONMENT.tfvars', use this to override variables"
+    touch "$ENVIRONMENT.tfvars"
     exit 1
 fi
 
+echo "$ENVIRONMENT"
+
+terraform init \
+    -migrate-state \
+    -var-file="$ENVIRONMENT.tfvars" \
+    -backend-config "bucket=$BUCKET" \
+    -backend-config "dynamodb_table=$DYNAMODB_TABLE" \
+    -backend-config "region=$REGION" \
+    || (echo "terraform init failed, exiting..." && exit 1)
+
+# Check if workspace exists
+if terraform workspace list | grep -q "$ENVIRONMENT"; then
+    echo "Selecting $ENVIRONMENT terraform workspace"
+    terraform workspace select "$ENVIRONMENT"
+else
+    read -p "Workspace '$ENVIRONMENT' does not exist. Do you want to create it? (y/n): " choice
+    if [[ $choice =~ ^[Yy]$ ]]; then
+        echo "Creating '$ENVIRONMENT' terraform workspace"
+        terraform workspace new "$ENVIRONMENT"
+    else
+        echo "Workspace creation cancelled."
+        exit 1
+    fi
+fi
 
-# terraform init \
-#     -backend-config "bucket=dibbs-aws-tfstate-alis-default" \
-#     -backend-config "dynamodb_table=dibbs-aws-tfstate-lock-alis-default" \
-#     -backend-config "region=us-east-1" \
-#     -var-file="$ENVIRONMENT.tfvars"
-# terraform plan \
-#     -backend-config "bucket=dibbs-aws-tfstate-alis-default" \
-#     -backend-config "dynamodb_table=dibbs-aws-tfstate-lock-alis-default" \
-#     -backend-config "region=us-east-1" \
-#     -var-file="$ENVIRONMENT.tfvars"
+terraform apply \
+    -var-file="$ENVIRONMENT.tfvars"
diff --git a/terraform/implementation/ecs/main.tf b/terraform/implementation/ecs/main.tf
@@ -16,6 +16,9 @@ module "iam" {
   ecs_cluster_name             = local.ecs_cluster_name
   aws_caller_identity          = data.aws_caller_identity.current.account_id
   region                       = var.region
+  ecs_ecr_policy_name          = local.ecs_ecr_policy_name
+  ecs_cloudwatch_policy_name   = local.ecs_cloudwatch_policy_name
+  ecs_cloudwatch_role_name     = local.ecs_cloudwatch_role_name
 }
 
 module "ecr" {
@@ -44,19 +47,13 @@ module "ecs" {
   public_subnet_ids           = flatten(module.vpc.public_subnets)
   private_subnet_ids          = flatten(module.vpc.private_subnets)
   vpc_id                      = module.vpc.vpc_id
-  cidr                        = module.vpc.vpc_cidr_block
   availability_zones          = module.vpc.azs
   ecs_task_execution_role_arn = module.iam.ecs_task_execution_role.arn
-  ecr_repo_url                = module.ecr.repository_url
   ecs_cluster_name            = local.ecs_cluster_name
-  ecs_s3_bucket_name          = module.s3.ecs_s3_bucket_name
-  app_service_name            = local.ecs_app_service_name
   app_task_name               = local.ecs_app_task_name
   alb_name                    = local.ecs_alb_name
-  ecs_cloudwatch_log_group    = local.ecs_cloudwatch_log_group
+  ecs_cloudwatch_group        = local.ecs_cloudwatch_group
   service_data                = local.service_data
-  ecs_app_task_family         = local.ecs_app_task_family
-  target_group_name           = local.ecs_target_group_name
   retention_in_days           = var.cw_retention_in_days
   region                      = var.region
 }