continued clean up, removing comments, updating resource and variable…

… names, fmt
CDCgov · Jun 24, 2024 · ba79925 · ba79925
1 parent 2b3c8c3
commit ba79925
Show file tree

Hide file tree

Showing 17 changed files with 70 additions and 88 deletions.
diff --git a/terraform/implementation/ecs/_local.tf b/terraform/implementation/ecs/_local.tf
@@ -116,6 +116,9 @@ locals {
     }
   }
 
+  appmesh_name                 = "${var.project}-${var.appmesh_name}-${var.owner}-${terraform.workspace}"
+  cloudmap_namespace_name      = "${var.project}-${var.cloudmap_namespace_name}-${var.owner}-${terraform.workspace}"
+  cloudmap_service_name        = "${var.project}-${var.cloudmap_service_name}-${var.owner}-${terraform.workspace}"
   ecs_ecr_policy_name          = "${var.project}-${var.ecs_ecr_policy_name}-${var.owner}-${terraform.workspace}"
   ecs_alb_sg                   = "${var.project}-${var.ecs_alb_sg}-${var.owner}-${terraform.workspace}"
   ecs_alb_name                 = "${var.project}-${var.ecs_alb_name}-${var.owner}-${terraform.workspace}"
@@ -128,7 +131,7 @@ locals {
   s3_viewer_bucket_name        = "${var.project}-${var.s3_viewer_bucket_name}-${var.owner}-${terraform.workspace}-${random_string.s3_viewer.result}"
   s3_viewer_bucket_role_name   = "${var.project}-${var.s3_viewer_bucket_role_name}-${var.owner}-${terraform.workspace}"
   s3_viewer_bucket_policy_name = "${var.project}-${var.s3_viewer_bucket_policy_name}-${var.owner}-${terraform.workspace}"
-  vpc                          = "${var.project}-${var.vpc}-${var.owner}-${terraform.workspace}"
+  vpc_name                     = "${var.project}-${var.vpc}-${var.owner}-${terraform.workspace}"
 
   enable_nat_gateway = var.enable_nat_gateway
   single_nat_gateway = var.single_nat_gateway

diff --git a/terraform/implementation/ecs/_variable.tf b/terraform/implementation/ecs/_variable.tf
@@ -120,4 +120,16 @@ variable "ecs_cloudwatch_policy_name" {
 variable "ecs_cloudwatch_role_name" {
   type    = string
   default = "ecs-cwr"
+}
+variable "cloudmap_namespace_name" {
+  type    = string
+  default = "cloudmap-service-connect"
+}
+variable "cloudmap_service_name" {
+  type    = string
+  default = "cloudmap-services"
+}
+variable "appmesh_name" {
+  type    = string
+  default = "appmesh"
 }
diff --git a/terraform/implementation/ecs/backend.tf b/terraform/implementation/ecs/backend.tf
@@ -21,7 +21,8 @@ provider "aws" {
   default_tags {
     tags = {
       owner       = var.owner
-      Environment = terraform.workspace
+      environment = terraform.workspace
+      project     = var.project
     }
   }
 }
diff --git a/terraform/implementation/ecs/ecs.sh b/terraform/implementation/ecs/ecs.sh
@@ -79,13 +79,13 @@ fi
 if ! grep -q "project" "$ENVIRONMENT.tfvars"; then
     read -p "What is this project called? ( default=dibbs ): " project_choice
     project_choice=${project_choice:-dibbs}
-    echo "project  = \"$project_choice\"" >> "$ENVIRONMENT.tfvars"
+    echo "project = \"$project_choice\"" >> "$ENVIRONMENT.tfvars"
 fi
 
 if ! grep -q "region" "$ENVIRONMENT.tfvars"; then
     read -p "What aws region are you setting up in? ( default=us-east-1 ): " region_choice
     region_choice=${region_choice:-us-east-1}
-    echo "region  = \"$region_choice\"" >> "$ENVIRONMENT.tfvars"
+    echo "region = \"$region_choice\"" >> "$ENVIRONMENT.tfvars"
 fi
 
 echo "Running Terraform with the following variables:"

diff --git a/terraform/implementation/ecs/main.tf b/terraform/implementation/ecs/main.tf
@@ -1,6 +1,6 @@
 module "vpc" {
   source                      = "terraform-aws-modules/vpc/aws"
-  name                        = local.vpc
+  name                        = local.vpc_name
   default_security_group_name = local.ecs_alb_sg
   cidr                        = var.vpc_cidr
   azs                         = var.availability_zones
@@ -28,8 +28,6 @@ module "ecr" {
   service_data            = local.service_data
   phdi_version            = var.phdi_version
   ecs_cluster_name        = local.ecs_cluster_name
-  tags                    = {}
-  lifecycle_policy        = ""
   region                  = var.region
 }
 
@@ -50,10 +48,12 @@ module "ecs" {
   availability_zones          = module.vpc.azs
   ecs_task_execution_role_arn = module.iam.ecs_task_execution_role.arn
   ecs_cluster_name            = local.ecs_cluster_name
-  app_task_name               = local.ecs_app_task_name
-  alb_name                    = local.ecs_alb_name
+  ecs_alb_name                = local.ecs_alb_name
   ecs_cloudwatch_group        = local.ecs_cloudwatch_group
   service_data                = local.service_data
-  retention_in_days           = var.cw_retention_in_days
+  cw_retention_in_days        = var.cw_retention_in_days
   region                      = var.region
+  cloudmap_namespace_name     = local.cloudmap_namespace_name
+  cloudmap_service_name       = local.cloudmap_service_name
+  appmesh_name                = local.appmesh_name
 }
diff --git a/terraform/implementation/setup/main.tf b/terraform/implementation/setup/main.tf
@@ -5,6 +5,7 @@ provider "aws" {
     tags = {
       Owner       = var.owner
       Environment = terraform.workspace
+      project     = var.project
     }
   }
 }

diff --git a/terraform/modules/ecr/_local.tf b/terraform/modules/ecr/_local.tf
@@ -1,6 +1,3 @@
 locals {
-  policy = var.lifecycle_policy == "" ? file("${path.module}/ecr-lifecycle-policy.json") : var.lifecycle_policy
-  tags = {
-    Automation = "Terraform"
-  }
+  policy = file("${path.module}/ecr-lifecycle-policy.json")
 }
diff --git a/terraform/modules/ecr/_output.tf b/terraform/modules/ecr/_output.tf
@@ -3,5 +3,3 @@
 output "repository_url" {
   value = [for repo in aws_ecr_repository.repo : repo.repository_url]
 }
-
-
diff --git a/terraform/modules/ecr/_variable.tf b/terraform/modules/ecr/_variable.tf
@@ -10,18 +10,6 @@ variable "ecs_cluster_name" {
   description = "ECS Cluster Name"
 }
 
-variable "lifecycle_policy" {
-  type        = string
-  description = "ECR repository lifecycle policy document. Used to override the default policy."
-  # default     = ""
-}
-
-variable "tags" {
-  type        = map(any)
-  description = "Additional tags to apply."
-  # default     = {}
-}
-
 variable "aws_caller_identity" {
   type        = string
   description = "AWS Caller Identity"

diff --git a/terraform/modules/ecr/docker.tf b/terraform/modules/ecr/docker.tf
@@ -1,8 +1,5 @@
-# Pull images from GitHub Container Registry and push to AWS Elastic Container Registry
-
 resource "time_static" "now" {}
 
-# NOTE: This pulls image down from the docker registry
 resource "docker_image" "ghcr_image" {
   for_each      = var.service_data
   name          = data.docker_registry_image.ghcr_data[each.key].name

diff --git a/terraform/modules/ecr/ecr.tf b/terraform/modules/ecr/ecr.tf
@@ -1,5 +1,5 @@
 resource "aws_ecr_repository" "repo" {
-  for_each = var.service_data
-  name     = each.key
+  for_each     = var.service_data
+  name         = each.key
   force_delete = true
 }
diff --git a/terraform/modules/ecs/_variable.tf b/terraform/modules/ecs/_variable.tf
@@ -1,9 +1,4 @@
-variable "app_task_name" {
-  description = "ECS Task Name"
-  type        = string
-}
-
-variable "alb_name" {
+variable "ecs_alb_name" {
   description = "ALB Name"
   type        = string
 }
@@ -57,18 +52,10 @@ variable "fargate_memory" {
   default     = "2048"
 }
 
-# Note:  Retention period can change (i.e. 0, 7, 14, 90, 180, etc.)
-# See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group
-# In addition, if you want to delete log groups set "skip_destroy" to false
-variable "retention_in_days" {
+variable "cw_retention_in_days" {
   type = number
 }
 
-
-#################
-### NETWORKING ##
-#################
-
 variable "vpc_id" {
   type        = string
   description = "ID of the VPC"
@@ -88,3 +75,17 @@ variable "service_data" {
   type        = map(any)
   description = "Environment variables to pass to the container"
 }
+
+variable "cloudmap_namespace_name" {
+  type        = string
+  description = ""
+}
+variable "cloudmap_service_name" {
+  type        = string
+  description = ""
+}
+
+variable "appmesh_name" {
+  type        = string
+  description = ""
+}
diff --git a/terraform/modules/ecs/alb.tf b/terraform/modules/ecs/alb.tf
@@ -1,5 +1,5 @@
 resource "aws_alb" "ecs" {
-  name               = var.alb_name
+  name               = var.ecs_alb_name
   internal           = false
   load_balancer_type = "application"
   subnets            = flatten([var.public_subnet_ids])
@@ -8,11 +8,10 @@ resource "aws_alb" "ecs" {
   enable_deletion_protection = false
 
   tags = {
-    Name = var.alb_name
+    Name = var.ecs_alb_name
   }
 }
 
-# Defines the target gropu associated with the ALB
 resource "aws_alb_target_group" "this" {
   for_each = {
     for key, value in var.service_data : key => value
@@ -76,10 +75,8 @@ resource "aws_alb_listener_rule" "this" {
 
 }
 
-# Security Group for ECS
 resource "aws_security_group" "ecs" {
-  vpc_id = var.vpc_id
-  # TODO parameterize sg name
+  vpc_id                 = var.vpc_id
   name                   = "dibbs-aws-ecs"
   description            = "Security group for ECS"
   revoke_rules_on_delete = true

diff --git a/terraform/modules/ecs/ecs.tf b/terraform/modules/ecs/ecs.tf
@@ -59,6 +59,11 @@ resource "aws_ecs_service" "this" {
     type = "ECS"
   }
 
+  force_new_deployment = true
+  triggers = {
+    redeployment = plantimestamp()
+  }
+
   dynamic "load_balancer" {
     # The conditional for this for_each checks the key for the current interation of aws_ecs_task_definition.this
     # and var.service_data so that we only create a dynamic load_balancer block for the public services.

diff --git a/terraform/modules/ecs/logs.tf b/terraform/modules/ecs/logs.tf
@@ -1,22 +1,13 @@
 resource "aws_cloudwatch_log_group" "ecs_cloudwatch_logs" {
   name              = var.ecs_cloudwatch_group
-  retention_in_days = var.retention_in_days
+  retention_in_days = var.cw_retention_in_days
 }
 
 resource "aws_flow_log" "ecs_flow_log" {
-  vpc_id = var.vpc_id
-
-  # ARN of the IAM role that the flow log will assume to publish logs to CloudWatch Logs
-  iam_role_arn = var.ecs_task_execution_role_arn
-
-  # The type of traffic to capture. Valid values are ACCEPT, REJECT, or ALL.
-  traffic_type = "ALL"
-
-  # The ARN of the CloudWatch Logs group where the flow logs will be published
-  log_destination = aws_cloudwatch_log_group.ecs_cloudwatch_logs.arn
-
-  # IAM policy document for the IAM role assumed by the flow log
-  # Replace this with your own policy document as needed
+  vpc_id               = var.vpc_id
+  iam_role_arn         = var.ecs_task_execution_role_arn
+  traffic_type         = "ALL"
+  log_destination      = aws_cloudwatch_log_group.ecs_cloudwatch_logs.arn
   log_destination_type = "cloud-watch-logs"
 }
 
diff --git a/terraform/modules/ecs/mesh.tf b/terraform/modules/ecs/mesh.tf
@@ -1,35 +1,29 @@
-# Create a Service Discovery Namespace
-resource "aws_service_discovery_private_dns_namespace" "dibbs_aws_ecs_ns" {
-  # TODO parameterize name
-  name = "dibbs-aws-ecs-service-connect-ns"
+resource "aws_service_discovery_private_dns_namespace" "this" {
+  name = var.cloudmap_namespace_name
   vpc  = var.vpc_id
 }
 
-# Register ECS Services with Service Discovery
 resource "aws_service_discovery_service" "this" {
   # TODO parameterize name
-  name         = "alis-services"
-  namespace_id = aws_service_discovery_private_dns_namespace.dibbs_aws_ecs_ns.id
+  name         = var.cloudmap_service_name
+  namespace_id = aws_service_discovery_private_dns_namespace.this.id
   dns_config {
-    namespace_id = aws_service_discovery_private_dns_namespace.dibbs_aws_ecs_ns.id
+    namespace_id = aws_service_discovery_private_dns_namespace.this.id
     dns_records {
       ttl  = 60
       type = "A"
     }
   }
 }
 
-# Define the AWS App Mesh resources
-resource "aws_appmesh_mesh" "dibbs_aws_ecs_mesh" {
-  # TODO parameterize name
-  name = "dibbs-aws-ecs-mesh"
+resource "aws_appmesh_mesh" "this" {
+  name = var.appmesh_name
 }
 
-# Define the AWS App Mesh resources
 resource "aws_appmesh_virtual_node" "this" {
   for_each  = aws_ecs_service.this
   name      = each.key
-  mesh_name = aws_appmesh_mesh.dibbs_aws_ecs_mesh.name
+  mesh_name = aws_appmesh_mesh.this.name
 
   # dynamic "spec" {
   #   # The conditional for this for_each checks the key for the current interation of aws_ecs_task_definition.this
@@ -49,7 +43,7 @@ resource "aws_appmesh_virtual_node" "this" {
   #     service_discovery {
   #       aws_cloud_map {
   #         service_name   = spec.key
-  #         namespace_name = aws_service_discovery_private_dns_namespace.dibbs_aws_ecs_ns.id
+  #         namespace_name = aws_service_discovery_private_dns_namespace.this.id
   #         # namespace_name = "dibbs-aws-service-connect-ns"
   #       }
   #     }
@@ -73,18 +67,16 @@ resource "aws_appmesh_virtual_node" "this" {
     service_discovery {
       aws_cloud_map {
         service_name   = each.key
-        namespace_name = aws_service_discovery_private_dns_namespace.dibbs_aws_ecs_ns.id
-        # namespace_name = "dibbs-aws-service-connect-ns"
+        namespace_name = aws_service_discovery_private_dns_namespace.this.id
       }
     }
   }
 }
 
-# Define the virtual service
 resource "aws_appmesh_virtual_service" "this" {
   for_each  = aws_appmesh_virtual_node.this
   name      = each.key
-  mesh_name = aws_appmesh_mesh.dibbs_aws_ecs_mesh.name
+  mesh_name = aws_appmesh_mesh.this.name
 
   spec {
     provider {

diff --git a/terraform/modules/s3/iam.tf b/terraform/modules/s3/iam.tf
@@ -1,4 +1,3 @@
-# s3 bucket role
 resource "aws_iam_role" "s3_role_for_ecr_viewer" {
   name               = var.s3_viewer_bucket_role_name
   assume_role_policy = var.ecs_assume_role_policy