From a0f6dd7b83fb84935bebe511c464b48d0f199a0d Mon Sep 17 00:00:00 2001 From: Alis Akers Date: Thu, 5 Sep 2024 11:33:04 -0700 Subject: [PATCH] update docs and tf fmt --- terraform/implementation/ecs/README.md | 2 + terraform/implementation/ecs/_local.tf | 4 +- terraform/implementation/ecs/destroy.sh | 92 ------------------------ terraform/implementation/ecs/main.tf | 4 +- terraform/implementation/setup/README.md | 18 +---- terraform/implementation/setup/main.tf | 10 +-- terraform/modules/ecs/README.md | 4 +- terraform/modules/ecs/_local.tf | 2 +- terraform/modules/ecs/ecs.tf | 2 +- terraform/modules/ecs/enable_ecr.tf | 2 +- terraform/modules/ecs/iam.tf | 8 +-- terraform/modules/ecs/logs.tf | 4 +- terraform/modules/ecs/s3.tf | 2 +- terraform/modules/oidc/_data.tf | 6 +- terraform/modules/oidc/_local.tf | 8 +-- terraform/modules/oidc/_variable.tf | 8 +-- 16 files changed, 36 insertions(+), 140 deletions(-) delete mode 100755 terraform/implementation/ecs/destroy.sh diff --git a/terraform/implementation/ecs/README.md b/terraform/implementation/ecs/README.md index 89490a32..db96994a 100644 --- a/terraform/implementation/ecs/README.md +++ b/terraform/implementation/ecs/README.md @@ -29,6 +29,8 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [availability\_zones](#input\_availability\_zones) | The availability zones to use | `list(string)` | 
[
  "us-east-1a",
  "us-east-1b",
  "us-east-1c"
]
| no | +| [ecr\_viewer\_database\_schema](#input\_ecr\_viewer\_database\_schema) | The database schema used for the eCR data tables | `string` | `"core"` | no | +| [ecr\_viewer\_database\_type](#input\_ecr\_viewer\_database\_type) | The SQL variant used for the eCR data tables | `string` | `"postgres"` | no | | [ecs\_alb\_sg](#input\_ecs\_alb\_sg) | The security group for the Application Load Balancer | `string` | `"ecs-albsg"` | no | | [enable\_nat\_gateway](#input\_enable\_nat\_gateway) | Enable NAT Gateway | `bool` | `true` | no | | [owner](#input\_owner) | The owner of the infrastructure | `string` | `"skylight"` | no | diff --git a/terraform/implementation/ecs/_local.tf b/terraform/implementation/ecs/_local.tf index 9269adc5..8e1dc945 100644 --- a/terraform/implementation/ecs/_local.tf +++ b/terraform/implementation/ecs/_local.tf @@ -1,8 +1,8 @@ locals { vpc_name = "${var.project}-${var.owner}-${terraform.workspace}" tags = { - project = var.project - owner = var.owner + project = var.project + owner = var.owner workspace = terraform.workspace } } diff --git a/terraform/implementation/ecs/destroy.sh b/terraform/implementation/ecs/destroy.sh deleted file mode 100755 index 6cfbb797..00000000 --- a/terraform/implementation/ecs/destroy.sh +++ /dev/null @@ -1,92 +0,0 @@ -#!/bin/bash - -# Load environment variables from .env file -if [ -f .env ]; then - export $(cat .env | xargs) -fi - -# set default values -ENVIRONMENT="${ENVIRONMENT:-}" -BUCKET="${BUCKET:-}" -DYNAMODB_TABLE="${DYNAMODB_TABLE:-}" -REGION="${REGION:-}" -TERRAFORM_ROLE="${TERRAFORM_ROLE:-}" -CI=false - -# parse command line arguments -while [[ $# -gt 0 ]] -do - key="$1" - - case $key in - -env|--env|-e) - ENVIRONMENT="$2" - shift - shift - ;; - -bucket|--bucket|-b) - BUCKET="$2" - shift - shift - ;; - -dynamodb-table|--dynamodb-table|-d) - DYNAMODB_TABLE="$2" - shift - shift - ;; - -region|--region|-r) - REGION="$2" - shift - shift - ;; - -terraform-role|--terraform-role) - TERRAFORM_ROLE="$2" - shift - shift - ;; - -ci|--ci) - CI=true - shift - ;; - -h|--help) - echo "Usage: ./ecs.sh [OPTIONS]" - echo "Options:" - echo " -e, --env | Set the environment (e.g., production, staging) [REQUIRED]" - echo " -b, --bucket | Set the bucket name [REQUIRED]" - echo " -d, --dynamodb-table | Set the DynamoDB table name [REQUIRED]" - echo " -r, --region | Set the AWS region [REQUIRED]" - echo " -ci, --ci | Skip creating files and assume all arguments have values" - echo " -h, --help | Show help" - exit 0 - ;; - *) - echo "Invalid argument: $1" - exit 1 - ;; - esac -done - -if ! command -v terraform &> /dev/null; then - echo "Terraform is not installed. Please install Terraform and try again." - exit 1 -fi - -if [ -z "$ENVIRONMENT" ] || [ -z "$BUCKET" ] || [ -z "$DYNAMODB_TABLE" ] || [ -z "$REGION" ]; then - echo "Missing required arguments. Please provide all the required arguments." - echo "ENVIRONMENT: $ENVIRONMENT" - echo "BUCKET: $BUCKET" - echo "DYNAMODB_TABLE: $DYNAMODB_TABLE" - echo "REGION: $REGION" - ./ecs.sh -h - exit 1 -fi - -# Danger zone! Destroy the ECS cluster -terraform init \ - -var-file="$ENVIRONMENT.tfvars" \ - -backend-config "bucket=$BUCKET" \ - -backend-config "dynamodb_table=$DYNAMODB_TABLE" \ - -backend-config "region=$REGION" \ - || (echo "terraform init failed, exiting..." && exit 1) - -terraform destroy -auto-approve -var-file="$ENVIRONMENT.tfvars" diff --git a/terraform/implementation/ecs/main.tf b/terraform/implementation/ecs/main.tf index de6e0d7f..a13b21b3 100644 --- a/terraform/implementation/ecs/main.tf +++ b/terraform/implementation/ecs/main.tf @@ -8,7 +8,7 @@ module "vpc" { public_subnets = var.public_subnets enable_nat_gateway = var.enable_nat_gateway single_nat_gateway = var.single_nat_gateway - tags = local.tags + tags = local.tags } module "ecs" { @@ -21,5 +21,5 @@ module "ecs" { owner = var.owner project = var.project - tags = local.tags + tags = local.tags } diff --git a/terraform/implementation/setup/README.md b/terraform/implementation/setup/README.md index 2b92a598..5837449c 100644 --- a/terraform/implementation/setup/README.md +++ b/terraform/implementation/setup/README.md @@ -13,15 +13,15 @@ No requirements. ## Modules -No modules. +| Name | Source | Version | +|------|--------|---------| +| [oidc](#module\_oidc) | ../../modules/oidc | n/a | ## Resources | Name | Type | |------|------| | [aws_dynamodb_table.tfstate_lock](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource | -| [aws_iam_policy.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | -| [aws_iam_role.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_s3_bucket.tfstate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | | [aws_s3_bucket_public_access_block.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource | | [aws_s3_bucket_server_side_encryption_configuration.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | @@ -29,18 +29,6 @@ No modules. | [local_file.ecs_env](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | | [local_file.setup_env](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | | [random_string.setup](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_iam_policy.amazon_dynamodb_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy.amazon_ec2_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy.amazon_route53_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy.amazon_vpc_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy.aws_appmesh_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy.aws_iam_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy.aws_logs_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy.aws_s3_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy.elastic_load_balancing_full_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | -| [aws_iam_policy_document.github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_iam_policy_document.github_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs diff --git a/terraform/implementation/setup/main.tf b/terraform/implementation/setup/main.tf index ade508cf..e46a5ef0 100644 --- a/terraform/implementation/setup/main.tf +++ b/terraform/implementation/setup/main.tf @@ -17,14 +17,14 @@ module "oidc" { # The github repo that will be used for OIDC oidc_github_repo = var.oidc_github_repo - + # These variables must match the values that you'll be using for your ECS module call in the /ecs module - region = var.region - owner = var.owner - project = var.project + region = var.region + owner = var.owner + project = var.project # This variable must match the name of the terraform workspace that you'll be using for your ECS module call in the /ecs module - workspace = "prod" + workspace = "prod" state_bucket_arn = aws_s3_bucket.tfstate.arn dynamodb_table_arn = aws_dynamodb_table.tfstate_lock.arn diff --git a/terraform/modules/ecs/README.md b/terraform/modules/ecs/README.md index 2adf007a..cc64af75 100644 --- a/terraform/modules/ecs/README.md +++ b/terraform/modules/ecs/README.md @@ -91,6 +91,7 @@ No modules. | [s3\_viewer\_bucket\_name](#input\_s3\_viewer\_bucket\_name) | Name of the S3 bucket for the viewer | `string` | `""` | no | | [s3\_viewer\_bucket\_role\_name](#input\_s3\_viewer\_bucket\_role\_name) | Name of the IAM role for the ecr-viewer bucket | `string` | `""` | no | | [service\_data](#input\_service\_data) | Data for the DIBBS services | 
map(object({
    short_name     = string
    fargate_cpu    = number
    fargate_memory = number
    app_count      = number
    app_image      = string
    app_version    = string
    container_port = number
    host_port      = number
    public         = bool
    registry_url   = string
    env_vars = list(object({
      name  = string
      value = string
    }))
  }))
| `{}` | no | +| [tags](#input\_tags) | Tags to apply to resources | `map(string)` | `{}` | no | | [vpc\_id](#input\_vpc\_id) | ID of the VPC | `string` | n/a | yes | ## Outputs @@ -109,9 +110,6 @@ No modules. | [ecs\_task\_role\_arn](#output\_ecs\_task\_role\_arn) | n/a | | [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | The ARN of the S3 bucket | | [s3\_bucket\_ecr\_viewer\_policy\_arn](#output\_s3\_bucket\_ecr\_viewer\_policy\_arn) | n/a | -| [s3\_bucket\_public\_access\_block\_arn](#output\_s3\_bucket\_public\_access\_block\_arn) | S3 Bucket Public Access Block does not have an ARN | -| [s3\_bucket\_server\_side\_encryption\_configuration\_arn](#output\_s3\_bucket\_server\_side\_encryption\_configuration\_arn) | S3 Bucket Server-Side Encryption Configuration does not have an ARN | -| [s3\_bucket\_versioning\_arn](#output\_s3\_bucket\_versioning\_arn) | S3 Bucket Versioning does not have an ARN | | [s3\_role\_for\_ecr\_viewer\_arn](#output\_s3\_role\_for\_ecr\_viewer\_arn) | n/a | | [service\_data](#output\_service\_data) | n/a | \ No newline at end of file diff --git a/terraform/modules/ecs/_local.tf b/terraform/modules/ecs/_local.tf index c5a1851d..7d55e122 100644 --- a/terraform/modules/ecs/_local.tf +++ b/terraform/modules/ecs/_local.tf @@ -162,5 +162,5 @@ locals { ecs_cluster_name = var.ecs_cluster_name == "" ? local.local_name : var.ecs_cluster_name s3_viewer_bucket_name = var.s3_viewer_bucket_name == "" ? "${local.local_name}-${random_string.s3_viewer.result}" : var.s3_viewer_bucket_name s3_viewer_bucket_role_name = var.s3_viewer_bucket_role_name == "" ? local.local_name : var.s3_viewer_bucket_role_name - tags = var.tags + tags = var.tags } diff --git a/terraform/modules/ecs/ecs.tf b/terraform/modules/ecs/ecs.tf index f92b88dd..152d7348 100644 --- a/terraform/modules/ecs/ecs.tf +++ b/terraform/modules/ecs/ecs.tf @@ -35,7 +35,7 @@ resource "aws_ecs_task_definition" "this" { } ]) task_role_arn = each.key == "ecr-viewer" ? aws_iam_role.s3_role_for_ecr_viewer.arn : aws_iam_role.ecs_task.arn - tags = local.tags + tags = local.tags } resource "aws_ecs_service" "this" { diff --git a/terraform/modules/ecs/enable_ecr.tf b/terraform/modules/ecs/enable_ecr.tf index 29010e60..69a928ba 100644 --- a/terraform/modules/ecs/enable_ecr.tf +++ b/terraform/modules/ecs/enable_ecr.tf @@ -50,5 +50,5 @@ resource "aws_ecr_repository" "this" { for_each = var.enable_ecr == true ? local.service_data : {} name = each.value.app_image force_delete = true - tags = local.tags + tags = local.tags } \ No newline at end of file diff --git a/terraform/modules/ecs/iam.tf b/terraform/modules/ecs/iam.tf index e2a240e5..8ed00320 100644 --- a/terraform/modules/ecs/iam.tf +++ b/terraform/modules/ecs/iam.tf @@ -5,7 +5,7 @@ resource "aws_iam_role" "ecs_task_execution" { data.aws_iam_policy.ecs_task_execution.arn ] assume_role_policy = data.aws_iam_policy_document.assume_role.json - tags = local.tags + tags = local.tags } # task role @@ -15,7 +15,7 @@ resource "aws_iam_role" "ecs_task" { data.aws_iam_policy.amazon_ec2_container_service_for_ec2_role.arn ] assume_role_policy = data.aws_iam_policy_document.assume_role.json - tags = local.tags + tags = local.tags } # s3 @@ -26,12 +26,12 @@ resource "aws_iam_role" "s3_role_for_ecr_viewer" { aws_iam_policy.s3_bucket_ecr_viewer.arn ] assume_role_policy = data.aws_iam_policy_document.assume_role.json - tags = local.tags + tags = local.tags } # s3 resource "aws_iam_policy" "s3_bucket_ecr_viewer" { name = "${local.s3_viewer_bucket_role_name}-policy" description = "Policy for ECR-Viewer and S3 for DIBBS-AWS" policy = data.aws_iam_policy_document.ecr_viewer_s3.json - tags = local.tags + tags = local.tags } diff --git a/terraform/modules/ecs/logs.tf b/terraform/modules/ecs/logs.tf index 7b8a3c6d..3e14cb7e 100644 --- a/terraform/modules/ecs/logs.tf +++ b/terraform/modules/ecs/logs.tf @@ -1,7 +1,7 @@ resource "aws_cloudwatch_log_group" "ecs_cloudwatch_logs" { name = local.ecs_cloudwatch_group retention_in_days = var.cw_retention_in_days - tags = local.tags + tags = local.tags } resource "aws_flow_log" "ecs_flow_log" { @@ -10,5 +10,5 @@ resource "aws_flow_log" "ecs_flow_log" { traffic_type = "ALL" log_destination = aws_cloudwatch_log_group.ecs_cloudwatch_logs.arn log_destination_type = "cloud-watch-logs" - tags = local.tags + tags = local.tags } diff --git a/terraform/modules/ecs/s3.tf b/terraform/modules/ecs/s3.tf index 4fa622f0..6d6700ef 100644 --- a/terraform/modules/ecs/s3.tf +++ b/terraform/modules/ecs/s3.tf @@ -1,7 +1,7 @@ resource "aws_s3_bucket" "ecr_viewer" { bucket = var.s3_viewer_bucket_name force_destroy = true - tags = local.tags + tags = local.tags } resource "aws_s3_bucket_public_access_block" "ecr_viewer" { diff --git a/terraform/modules/oidc/_data.tf b/terraform/modules/oidc/_data.tf index a6c5083a..9116876a 100644 --- a/terraform/modules/oidc/_data.tf +++ b/terraform/modules/oidc/_data.tf @@ -211,7 +211,7 @@ data "aws_iam_policy_document" "request_tags_create_actions" { condition { test = "StringEquals" variable = "aws:RequestTag/workspace" - values = [ + values = [ var.project, var.owner, var.workspace @@ -280,7 +280,7 @@ data "aws_iam_policy_document" "resource_tags_update_actions" { condition { test = "StringEquals" variable = "aws:ResourceTag/workspace" - values = [ + values = [ var.project, var.owner, var.workspace @@ -348,7 +348,7 @@ data "aws_iam_policy_document" "resource_tags_delete_actions" { condition { test = "StringEquals" variable = "aws:ResourceTag/workspace" - values = [ + values = [ var.project, var.owner, var.workspace diff --git a/terraform/modules/oidc/_local.tf b/terraform/modules/oidc/_local.tf index 576d4dd9..c5d5a73b 100644 --- a/terraform/modules/oidc/_local.tf +++ b/terraform/modules/oidc/_local.tf @@ -1,7 +1,7 @@ locals { - github_role_name = "${var.project}-github-role-${var.owner}-${random_string.oidc.result}" + github_role_name = "${var.project}-github-role-${var.owner}-${random_string.oidc.result}" project_owner_workspace = "${var.project}-${var.owner}-${var.workspace}" - workspace = "${var.workspace}" - wildcard = "*" - vpc_id = var.vpc_id == "" ? local.wildcard : var.vpc_id + workspace = var.workspace + wildcard = "*" + vpc_id = var.vpc_id == "" ? local.wildcard : var.vpc_id } \ No newline at end of file diff --git a/terraform/modules/oidc/_variable.tf b/terraform/modules/oidc/_variable.tf index cde3b33c..91b2d7e0 100644 --- a/terraform/modules/oidc/_variable.tf +++ b/terraform/modules/oidc/_variable.tf @@ -1,7 +1,7 @@ -variable "oidc_github_repo" { +variable "oidc_github_repo" { description = "The GitHub repository for OIDC" type = string - default = "" + default = "" } variable "owner" { @@ -23,8 +23,8 @@ variable "region" { } variable "workspace" { - default = "" - type = string + default = "" + type = string description = "terraform workspace that OIDC will have permissions to" }