Skip to content

Commit

Permalink
Simplify module requirements (#14)
Browse files Browse the repository at this point in the history 
* update module to reduce the number of arguments needed to use it

* update resources with tags

* Refactor OIDC permissions (#17)

* update docs and tf fmt

* upgrade to dibbs 1.6.1
  • Loading branch information
@alismx
alismx authored Sep 12, 2024
1 parent d0be5b9 commit 881d5d5
Show file tree
Hide file tree
Showing 38 changed files with 1,001 additions and 715 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,4 +64,4 @@ jobs:
echo "owner = \"$OWNER\"" >> $ENVIRONMENT.tfvars
echo "project = \"$PROJECT\"" >> $ENVIRONMENT.tfvars
echo "region = \"$REGION\"" >> $ENVIRONMENT.tfvars
./ecs.sh -e $ENVIRONMENT --ci
./deploy.sh -e $ENVIRONMENT --ci
67 changes: 0 additions & 67 deletions .github/workflows/destroy.yaml
View file

This file was deleted.

15 changes: 13 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,20 @@

[3. Architectural Design](#3-architectural-design)\
[4. Getting Started](#4-getting-started)
- [Table of Contents](#table-of-contents)
- [1. Overview](#1-overview)
- [2. Notices](#2-notices)
- [2.1 Public Domain Standard Notice](#21-public-domain-standard-notice)
- [2.2 License Standard Notice](#22-license-standard-notice)
- [2.3 Privacy Standard Notice](#23-privacy-standard-notice)
- [2.4 Contributing Standard Notice](#24-contributing-standard-notice)
- [2.5 Records Management Standard Notice](#25-records-management-standard-notice)
- [2.6 Additional Standard Notices](#26-additional-standard-notices)
- [3. Architectural Design](#3-architectural-design)
- [4. Getting Started](#4-getting-started)
- [4.1 Requirements](#41-requirements)
- [4.2 Clone DIBBS-AWS Repository](#42-clone-dibbs-aws-repository)
- [4.3 Begin Using Repository](#43-begin-using-repository)
- [4.3 Begin Using Terraform](#43-begin-using-terraform)
- [4.4 Make A New Branch](#44-make-a-new-branch)
- [4.5 Update Terraform Through The Command Line](#45-update-terraform-through-the-command-line)
- [4.6 Run Terraform Code In Your Designated Environment](#46-run-terraform-code-in-your-designated-environment)
Expand Down Expand Up @@ -183,7 +194,7 @@ The setup.sh script will create the following files:
## 4.6 Run Terraform Code In Your Designated Environment
<em><strong>4.6.1. Run ECS Module Locally</em></strong>
* To run your ECS Module Changes in your local terminal, navigate to _terraform/implementation/ecs/_ and run the following command: `cd /terraform/implementation`.
* In your terminal run the ECS Script in your designated environment `./ecs.sh -e {insertEnvironmentName}`.\
* In your terminal run the deploy script for your designated environment `./deploy.sh -e {insertEnvironmentName}`.\
&nbsp;&nbsp;&nbsp;&nbsp;<u><em><strong>Note</em></strong></u>: The _-e_ tag stands for environment and you can specify `dev`, `stage`, `prod`
&nbsp;&nbsp;&nbsp;&nbsp;or whatever environment your team desires.

Expand Down
18 changes: 2 additions & 16 deletions terraform/implementation/ecs/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,50 +10,36 @@
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.56.1 |
| <a name="provider_random"></a> [random](#provider\_random) | 3.6.2 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| <a name="module_ecr"></a> [ecr](#module\_ecr) | ../../modules/ecr | n/a |
| <a name="module_ecs"></a> [ecs](#module\_ecs) | ../../modules/ecs | n/a |
| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | n/a |

## Resources

| Name | Type |
|------|------|
| [random_string.s3_viewer](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/5.56.1/docs/data-sources/caller_identity) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_alb_internal"></a> [alb\_internal](#input\_alb\_internal) | Whether the ALB is public or private | `bool` | `true` | no |
| <a name="input_appmesh_name"></a> [appmesh\_name](#input\_appmesh\_name) | The name of the App Mesh | `string` | `"appmesh"` | no |
| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | The availability zones to use | `list(string)` | <pre>[<br> "us-east-1a",<br> "us-east-1b",<br> "us-east-1c"<br>]</pre> | no |
| <a name="input_cloudmap_namespace_name"></a> [cloudmap\_namespace\_name](#input\_cloudmap\_namespace\_name) | The name of the CloudMap namespace | `string` | `"cloudmap-service-connect"` | no |
| <a name="input_cloudmap_service_name"></a> [cloudmap\_service\_name](#input\_cloudmap\_service\_name) | The name of the CloudMap service | `string` | `"cloudmap-services"` | no |
| <a name="input_cw_retention_in_days"></a> [cw\_retention\_in\_days](#input\_cw\_retention\_in\_days) | The number of days to retain logs in CloudWatch | `number` | `30` | no |
| <a name="input_ecs_alb_name"></a> [ecs\_alb\_name](#input\_ecs\_alb\_name) | The name of the Application Load Balancer | `string` | `"ecs-alb"` | no |
| <a name="input_ecr_viewer_database_schema"></a> [ecr\_viewer\_database\_schema](#input\_ecr\_viewer\_database\_schema) | The database schema used for the eCR data tables | `string` | `"core"` | no |
| <a name="input_ecr_viewer_database_type"></a> [ecr\_viewer\_database\_type](#input\_ecr\_viewer\_database\_type) | The SQL variant used for the eCR data tables | `string` | `"postgres"` | no |
| <a name="input_ecs_alb_sg"></a> [ecs\_alb\_sg](#input\_ecs\_alb\_sg) | The security group for the Application Load Balancer | `string` | `"ecs-albsg"` | no |
| <a name="input_ecs_cloudwatch_group"></a> [ecs\_cloudwatch\_group](#input\_ecs\_cloudwatch\_group) | The name of the CloudWatch log group | `string` | `"ecs-cwlg"` | no |
| <a name="input_ecs_cluster_name"></a> [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | The name of the ECS cluster | `string` | `"ecs-cluster"` | no |
| <a name="input_ecs_task_execution_role_name"></a> [ecs\_task\_execution\_role\_name](#input\_ecs\_task\_execution\_role\_name) | The name of the ECS task execution role | `string` | `"ecs-tern"` | no |
| <a name="input_ecs_task_role_name"></a> [ecs\_task\_role\_name](#input\_ecs\_task\_role\_name) | The name of the ECS task role | `string` | `"ecs-tr"` | no |
| <a name="input_enable_nat_gateway"></a> [enable\_nat\_gateway](#input\_enable\_nat\_gateway) | Enable NAT Gateway | `bool` | `true` | no |
| <a name="input_owner"></a> [owner](#input\_owner) | The owner of the infrastructure | `string` | `"skylight"` | no |
| <a name="input_phdi_version"></a> [phdi\_version](#input\_phdi\_version) | PHDI container image version | `string` | `"v1.4.4"` | no |
| <a name="input_private_subnets"></a> [private\_subnets](#input\_private\_subnets) | The private subnets | `list(string)` | <pre>[<br> "176.24.1.0/24",<br> "176.24.3.0/24"<br>]</pre> | no |
| <a name="input_project"></a> [project](#input\_project) | The project name | `string` | `"dibbs-ce"` | no |
| <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | The public subnets | `list(string)` | <pre>[<br> "176.24.2.0/24",<br> "176.24.4.0/24"<br>]</pre> | no |
| <a name="input_region"></a> [region](#input\_region) | AWS region | `string` | `"us-east-1"` | no |
| <a name="input_s3_viewer_bucket_name"></a> [s3\_viewer\_bucket\_name](#input\_s3\_viewer\_bucket\_name) | The name of the viewer bucket | `string` | `"s3-viewer"` | no |
| <a name="input_s3_viewer_bucket_role_name"></a> [s3\_viewer\_bucket\_role\_name](#input\_s3\_viewer\_bucket\_role\_name) | The role for the ecr-viewer bucket | `string` | `"s3-viewer-role"` | no |
| <a name="input_single_nat_gateway"></a> [single\_nat\_gateway](#input\_single\_nat\_gateway) | Single NAT Gateway | `bool` | `true` | no |
| <a name="input_tags"></a> [tags](#input\_tags) | Tags to apply to resources | `map(string)` | `{}` | no |
| <a name="input_vpc"></a> [vpc](#input\_vpc) | The name of the VPC | `string` | `"ecs-vpc"` | no |
| <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | The CIDR block for the VPC | `string` | `"176.24.0.0/16"` | no |

Expand Down
163 changes: 5 additions & 158 deletions terraform/implementation/ecs/_local.tf
View file
Original file line number Diff line number Diff line change
@@ -1,161 +1,8 @@
resource "random_string" "s3_viewer" {
length = 8
special = false
upper = false
}

locals {
service_data = {
ecr-viewer = {
short_name = "ecrv",
fargate_cpu = 1024,
fargate_memory = 2048,
app_count = 1
app_image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/${terraform.workspace}-ecr-viewer",
app_version = var.phdi_version,
container_port = 3000,
host_port = 3000,
public = true
env_vars = [
{
name = "AWS_REGION",
value = var.region
},
{
name = "ECR_BUCKET_NAME",
value = local.s3_viewer_bucket_name
},
{
name = "HOSTNAME",
value = "0.0.0.0"
},
{
name = "DATABASE_TYPE",
value = var.ecr_viewer_database_type,
},
{
name = "DATABASE_SCHEMA",
value = var.ecr_viewer_database_schema,
}
]
},
fhir-converter = {
short_name = "fhirc",
fargate_cpu = 1024,
fargate_memory = 2048,
app_count = 1
app_image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/${terraform.workspace}-fhir-converter",
app_version = var.phdi_version,
container_port = 8080,
host_port = 8080,
public = false
env_vars = []
},
ingestion = {
short_name = "inge",
fargate_cpu = 1024,
fargate_memory = 2048,
app_count = 1
app_image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/${terraform.workspace}-ingestion",
app_version = var.phdi_version,
container_port = 8080,
host_port = 8080,
public = false
env_vars = []
},
validation = {
short_name = "vali",
fargate_cpu = 1024,
fargate_memory = 2048,
app_count = 1
app_image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/${terraform.workspace}-validation",
app_version = var.phdi_version,
container_port = 8080,
host_port = 8080,
public = false
env_vars = []
},
trigger-code-reference = {
short_name = "trigcr",
fargate_cpu = 1024,
fargate_memory = 2048,
app_count = 1
app_image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/${terraform.workspace}-trigger-code-reference",
app_version = var.phdi_version,
container_port = 8080,
host_port = 8080,
public = false
env_vars = []
},
message-parser = {
short_name = "msgp",
fargate_cpu = 1024,
fargate_memory = 2048,
app_count = 1
app_image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/${terraform.workspace}-message-parser",
app_version = var.phdi_version,
container_port = 8080,
host_port = 8080,
public = false
env_vars = []
},
orchestration = {
short_name = "orch",
fargate_cpu = 1024,
fargate_memory = 2048,
app_count = 1
app_image = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com/${terraform.workspace}-orchestration",
app_version = var.phdi_version,
container_port = 8080,
host_port = 8080,
public = true
env_vars = [
{
name = "OTEL_METRICS",
value = "none"
},
{
name = "OTEL_METRICS_EXPORTER",
value = "none"
},
{
name = "INGESTION_URL",
value = "http://ingestion:8080"
},
{
name = "VALIDATION_URL",
value = "http://validation:8080"
},
{
name = "FHIR_CONVERTER_URL",
value = "http://fhir-converter:8080"
},
{
name = "ECR_VIEWER_URL",
value = "http://ecr-viewer:3000/ecr-viewer"
},
{
name = "MESSAGE_PARSER_URL",
value = "http://message-parser:8080"
},
{
name = "TRIGGER_CODE_REFERENCE_URL",
value = "http://trigger-code-reference:8080"
}
]
}
vpc_name = "${var.project}-${var.owner}-${terraform.workspace}"
tags = {
project = var.project
owner = var.owner
workspace = terraform.workspace
}
appmesh_name = "${var.project}-${var.appmesh_name}-${var.owner}-${terraform.workspace}"
cloudmap_namespace_name = "${var.project}-${var.cloudmap_namespace_name}-${var.owner}-${terraform.workspace}"
cloudmap_service_name = "${var.project}-${var.cloudmap_service_name}-${var.owner}-${terraform.workspace}"
ecs_alb_sg = "${var.project}-${var.ecs_alb_sg}-${var.owner}-${terraform.workspace}"
ecs_alb_name = "${var.project}-${var.ecs_alb_name}-${var.owner}-${terraform.workspace}"
ecs_alb_tg_name = "${var.project}-${var.owner}-${terraform.workspace}"
ecs_task_execution_role_name = "${var.project}-${var.ecs_task_execution_role_name}-${var.owner}-${terraform.workspace}"
ecs_task_role_name = "${var.project}-${var.ecs_task_role_name}-${var.owner}-${terraform.workspace}"
ecs_cloudwatch_group = "/${var.project}-${var.ecs_cloudwatch_group}-${var.owner}-${terraform.workspace}"
ecs_cluster_name = "${var.project}-${var.ecs_cluster_name}-${var.owner}-${terraform.workspace}"
s3_viewer_bucket_name = "${var.project}-${var.s3_viewer_bucket_name}-${var.owner}-${terraform.workspace}-${random_string.s3_viewer.result}"
s3_viewer_bucket_role_name = "${var.project}-${var.s3_viewer_bucket_role_name}-${var.owner}-${terraform.workspace}"
vpc_name = "${var.project}-${var.vpc}-${var.owner}-${terraform.workspace}"
}
Loading

0 comments on commit 881d5d5

Please sign in to comment.