ecr variable name change, docs updates, downgrade to dibbs 1.6.1

.github/workflows/deployment.yaml

@@ -64,4 +64,4 @@ jobs:
           echo "owner = \"$OWNER\"" >> $ENVIRONMENT.tfvars
           echo "project = \"$PROJECT\"" >> $ENVIRONMENT.tfvars
           echo "region = \"$REGION\"" >> $ENVIRONMENT.tfvars
-          ./ecs.sh -e $ENVIRONMENT --ci
+          ./deploy.sh -e $ENVIRONMENT --ci

README.md

@@ -10,9 +10,20 @@
 
 [3. Architectural Design](#3-architectural-design)\
 [4. Getting Started](#4-getting-started)
+- [Table of Contents](#table-of-contents)
+- [1. Overview](#1-overview)
+- [2. Notices](#2-notices)
+  - [2.1 Public Domain Standard Notice](#21-public-domain-standard-notice)
+  - [2.2 License Standard Notice](#22-license-standard-notice)
+  - [2.3 Privacy Standard Notice](#23-privacy-standard-notice)
+  - [2.4 Contributing Standard Notice](#24-contributing-standard-notice)
+  - [2.5 Records Management Standard Notice](#25-records-management-standard-notice)
+  - [2.6 Additional Standard Notices](#26-additional-standard-notices)
+- [3. Architectural Design](#3-architectural-design)
+- [4. Getting Started](#4-getting-started)
   - [4.1 Requirements](#41-requirements)
   - [4.2 Clone DIBBS-AWS Repository](#42-clone-dibbs-aws-repository)
-  - [4.3 Begin Using Repository](#43-begin-using-repository)
+  - [4.3 Begin Using Terraform](#43-begin-using-terraform)
   - [4.4 Make A New Branch](#44-make-a-new-branch)
   - [4.5 Update Terraform Through The Command Line](#45-update-terraform-through-the-command-line)
   - [4.6 Run Terraform Code In Your Designated Environment](#46-run-terraform-code-in-your-designated-environment)
@@ -183,7 +194,7 @@ The setup.sh script will create the following files:
 ## 4.6 Run Terraform Code In Your Designated Environment
 <em><strong>4.6.1. Run ECS Module Locally</em></strong>
 * To run your ECS Module Changes in your local terminal, navigate to _terraform/implementation/ecs/_ and run the following command: `cd /terraform/implementation`.
-* In your terminal run the ECS Script in your designated environment `./ecs.sh -e {insertEnvironmentName}`.\
+* In your terminal run the deploy script for your designated environment `./deploy.sh -e {insertEnvironmentName}`.\
 &nbsp;&nbsp;&nbsp;&nbsp;<u><em><strong>Note</em></strong></u>: The _-e_ tag stands for environment and you can specify `dev`, `stage`, `prod` 
 &nbsp;&nbsp;&nbsp;&nbsp;or whatever environment your team desires.
 

terraform/implementation/ecs/ecs.sh → terraform/implementation/ecs/deploy.sh

@@ -49,7 +49,7 @@ do
         shift
         ;;
         -h|--help)
-        echo "Usage: ./ecs.sh [OPTIONS]"
+        echo "Usage: ./deploy.sh [OPTIONS]"
         echo "Options:"
         echo "  -e, --env            | Set the environment (e.g., production, staging) [REQUIRED]"
         echo "  -b, --bucket         | Set the bucket name [REQUIRED]"
@@ -77,7 +77,7 @@ if [ -z "$ENVIRONMENT" ] || [ -z "$BUCKET" ] || [ -z "$DYNAMODB_TABLE" ] || [ -z
     echo "BUCKET: $BUCKET"
     echo "DYNAMODB_TABLE: $DYNAMODB_TABLE"
     echo "REGION: $REGION"
-    ./ecs.sh -h
+    ./deploy.sh -h
     exit 1
 fi
 

terraform/modules/ecs/README.md

@@ -74,16 +74,17 @@ No modules.
 | <a name="input_cloudmap_namespace_name"></a> [cloudmap\_namespace\_name](#input\_cloudmap\_namespace\_name) | Name of the AWS Cloud Map namespace | `string` | `""` | no |
 | <a name="input_cloudmap_service_name"></a> [cloudmap\_service\_name](#input\_cloudmap\_service\_name) | Name of the AWS Cloud Map service | `string` | `""` | no |
 | <a name="input_cw_retention_in_days"></a> [cw\_retention\_in\_days](#input\_cw\_retention\_in\_days) | Retention period in days for CloudWatch logs | `number` | `30` | no |
+| <a name="input_disable_ecr"></a> [disable\_ecr](#input\_disable\_ecr) | Flag to disable the aws ecr service for docker image storage, defaults to false | `bool` | `false` | no |
 | <a name="input_ecs_alb_name"></a> [ecs\_alb\_name](#input\_ecs\_alb\_name) | Name of the Application Load Balancer (ALB) | `string` | `""` | no |
 | <a name="input_ecs_alb_sg"></a> [ecs\_alb\_sg](#input\_ecs\_alb\_sg) | Name of the ECS ALB Security Group | `string` | `""` | no |
 | <a name="input_ecs_alb_tg_name"></a> [ecs\_alb\_tg\_name](#input\_ecs\_alb\_tg\_name) | Name of the ALB Target Group | `string` | `""` | no |
 | <a name="input_ecs_cloudwatch_group"></a> [ecs\_cloudwatch\_group](#input\_ecs\_cloudwatch\_group) | Name of the AWS CloudWatch Log Group for ECS | `string` | `""` | no |
 | <a name="input_ecs_cluster_name"></a> [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | Name of the ECS Cluster | `string` | `""` | no |
 | <a name="input_ecs_task_execution_role_name"></a> [ecs\_task\_execution\_role\_name](#input\_ecs\_task\_execution\_role\_name) | Name of the ECS Task Execution Role | `string` | `""` | no |
 | <a name="input_ecs_task_role_name"></a> [ecs\_task\_role\_name](#input\_ecs\_task\_role\_name) | Name of the ECS Task Role | `string` | `""` | no |
-| <a name="input_enable_ecr"></a> [enable\_ecr](#input\_enable\_ecr) | Flag to enable the aws ecr service for docker image storage, defaults to true | `bool` | `true` | no |
+| <a name="input_non_integrated_viewer"></a> [non\_integrated\_viewer](#input\_non\_integrated\_viewer) | A flag to determine if the viewer is the non-integrated version | `string` | `"false"` | no |
 | <a name="input_owner"></a> [owner](#input\_owner) | Owner of the resources | `string` | `"CDC"` | no |
-| <a name="input_phdi_version"></a> [phdi\_version](#input\_phdi\_version) | Version of the PHDI application | `string` | `"v1.4.4"` | no |
+| <a name="input_phdi_version"></a> [phdi\_version](#input\_phdi\_version) | Version of the PHDI application | `string` | `"v1.6.1"` | no |
 | <a name="input_private_subnet_ids"></a> [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet IDs | `list(string)` | n/a | yes |
 | <a name="input_project"></a> [project](#input\_project) | The project name | `string` | `"dibbs"` | no |
 | <a name="input_public_subnet_ids"></a> [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs | `list(string)` | n/a | yes |

terraform/modules/ecs/_local.tf

@@ -5,7 +5,7 @@ resource "random_string" "s3_viewer" {
 }
 
 locals {
-  registry_url      = var.enable_ecr == true ? "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com" : "ghcr.io/cdcgov/phdi"
+  registry_url      = var.disable_ecr == false ? "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com" : "ghcr.io/cdcgov/phdi"
   registry_auth     = data.aws_ecr_authorization_token.this.proxy_endpoint
   registry_username = data.aws_ecr_authorization_token.this.user_name
   registry_password = data.aws_ecr_authorization_token.this.password
@@ -32,12 +32,21 @@ locals {
         },
         {
           name  = "HOSTNAME",
-          value = "0.0.0.0"
+          value = "127.0.0.1"
         },
         {
           name  = "NEXT_PUBLIC_NON_INTEGRATED_VIEWER",
           value = var.non_integrated_viewer
+        },
+        {
+          name  = "SOURCE",
+          value = "s3"
+        },
+        {
+          name  = "APP_ENV",
+          value = "test"
         }
+
       ]
     },
     fhir-converter = {
@@ -139,7 +148,7 @@ locals {
         },
         {
           name  = "ECR_VIEWER_URL",
-          value = "http://ecr-viewer:3000/ecr-viewer"
+          value = "http://ecr-viewer:3000"
         },
         {
           name  = "MESSAGE_PARSER_URL",
@@ -165,6 +174,6 @@ locals {
   ecs_cloudwatch_group         = var.ecs_cloudwatch_group == "" ? "/${local.local_name}" : var.ecs_cloudwatch_group
   ecs_cluster_name             = var.ecs_cluster_name == "" ? local.local_name : var.ecs_cluster_name
   s3_viewer_bucket_name        = var.s3_viewer_bucket_name == "" ? "${local.local_name}-${random_string.s3_viewer.result}" : var.s3_viewer_bucket_name
-  s3_viewer_bucket_role_name   = var.s3_viewer_bucket_role_name == "" ? local.local_name : var.s3_viewer_bucket_role_name
+  s3_viewer_bucket_role_name   = var.s3_viewer_bucket_role_name == "" ? "${local.local_name}-ecrv" : var.s3_viewer_bucket_role_name
   tags                         = var.tags
 }

terraform/modules/ecs/_variable.tf

@@ -99,7 +99,7 @@ variable "s3_viewer_bucket_role_name" {
 variable "phdi_version" {
   type        = string
   description = "Version of the PHDI application"
-  default     = "v1.6.2"
+  default     = "v1.6.1"
 }
 
 variable "service_data" {
@@ -140,10 +140,10 @@ variable "project" {
   default     = "dibbs"
 }
 
-variable "enable_ecr" {
+variable "disable_ecr" {
   type        = bool
-  description = "Flag to enable the aws ecr service for docker image storage, defaults to true"
-  default     = true
+  description = "Flag to disable the aws ecr service for docker image storage, defaults to false"
+  default     = false
 }
 
 variable "tags" {

terraform/modules/ecs/alb.tf

@@ -49,8 +49,12 @@ resource "aws_alb_listener" "http" {
   port              = "80"
   protocol          = "HTTP"
   default_action {
-    type             = "forward"
-    target_group_arn = aws_alb_target_group.this["ecr-viewer"].arn
+    type = "fixed-response"
+    fixed_response {
+      content_type = "text/plain"
+      message_body = "I care intently about your request but I'm afraid I don't have anything for you right now."
+      status_code  = "404"
+    }
   }
   tags = local.tags
 }

terraform/modules/ecs/enable_ecr.tf

@@ -1,18 +1,18 @@
 data "docker_registry_image" "dibbs" {
-  for_each = var.enable_ecr == true ? local.service_data : {}
+  for_each = var.disable_ecr == false ? local.service_data : {}
   name     = "ghcr.io/cdcgov/phdi/${each.key}:${each.value.app_version}"
 }
 
 resource "docker_image" "dibbs" {
-  for_each      = var.enable_ecr == true ? local.service_data : {}
+  for_each      = var.disable_ecr == false ? local.service_data : {}
   name          = data.docker_registry_image.dibbs[each.key].name
   keep_locally  = true
   pull_triggers = [data.docker_registry_image.dibbs[each.key].sha256_digest, plantimestamp()]
   force_remove  = true
 }
 
 resource "docker_tag" "this" {
-  for_each     = var.enable_ecr == true ? local.service_data : {}
+  for_each     = var.disable_ecr == false ? local.service_data : {}
   source_image = docker_image.dibbs[each.key].name
   target_image = "${each.value.registry_url}/${each.value.app_image}:${each.value.app_version}"
   lifecycle {
@@ -23,7 +23,7 @@ resource "docker_tag" "this" {
 }
 
 resource "docker_registry_image" "this" {
-  for_each = var.enable_ecr == true ? local.service_data : {}
+  for_each = var.disable_ecr == false ? local.service_data : {}
   name     = "${each.value.registry_url}/${each.value.app_image}:${each.value.app_version}"
   depends_on = [
     docker_image.dibbs,
@@ -47,7 +47,7 @@ resource "null_resource" "docker_tag" {
 data "aws_ecr_authorization_token" "this" {}
 
 resource "aws_ecr_repository" "this" {
-  for_each     = var.enable_ecr == true ? local.service_data : {}
+  for_each     = var.disable_ecr == false ? local.service_data : {}
   name         = each.value.app_image
   force_delete = true
   tags         = local.tags

terraform/modules/ecs/provider.tf

@@ -12,7 +12,7 @@ provider "docker" {
   # Docker daemon using the default Unix socket 
   host = "unix:///var/run/docker.sock"
   registry_auth {
-    auth_disabled = var.enable_ecr == true ? false : true
+    auth_disabled = var.disable_ecr
     address       = local.registry_auth
     username      = local.registry_username
     password      = local.registry_password