diff --git a/.github/workflows/deployment.yaml b/.github/workflows/deployment.yaml
index abc709ec..2c43faa1 100644
--- a/.github/workflows/deployment.yaml
+++ b/.github/workflows/deployment.yaml
@@ -64,4 +64,4 @@ jobs:
echo "owner = \"$OWNER\"" >> $ENVIRONMENT.tfvars
echo "project = \"$PROJECT\"" >> $ENVIRONMENT.tfvars
echo "region = \"$REGION\"" >> $ENVIRONMENT.tfvars
- ./ecs.sh -e $ENVIRONMENT --ci
+ ./deploy.sh -e $ENVIRONMENT --ci
diff --git a/.github/workflows/destroy.yaml b/.github/workflows/destroy.yaml
deleted file mode 100644
index a83b0954..00000000
--- a/.github/workflows/destroy.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-name: Destroy ECS
-
-on:
- workflow_dispatch:
- inputs:
- environment:
- description: 'The environment to deploy to'
- required: true
- type: choice
- options:
- - ""
- - prod
-
-concurrency:
- group: ${{ github.event.inputs.environment }}-deploy
- cancel-in-progress: false
-
-permissions:
- id-token: write
- contents: read
-
-env:
- aws_region: us-east-1
- environment: ${{ github.event.inputs.environment }}
- owner: "skylight"
- project: "dibbs-ce"
-
-jobs:
- terraform:
- name: Run Terraform
- runs-on: ubuntu-latest
- defaults:
- run:
- shell: bash
- working-directory: ./terraform/implementation/ecs
- steps:
- - name: Check Out Changes
- uses: actions/checkout@v4
-
- - name: Setup Terraform
- uses: hashicorp/setup-terraform@v3
-
- - name: configure aws credentials
- uses: aws-actions/configure-aws-credentials@v4
- with:
- role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
- role-session-name: githubDeploymentWorkflow
- aws-region: ${{ env.aws_region }}
-
- - name: Terraform
- env:
- ENVIRONMENT: ${{ env.environment }}
- BUCKET: ${{ secrets.TFSTATE_BUCKET }}
- DYNAMODB_TABLE: ${{ secrets.TFSTATE_DYNAMODB_TABLE }}
- REGION: ${{ env.aws_region }}
- OWNER: ${{ env.owner }}
- PROJECT: ${{ env.project }}
- shell: bash
- run: |
- echo "ENVIRONMENT=$ENVIRONMENT" >> .env
- echo "BUCKET=$BUCKET" >> .env
- echo "DYNAMODB_TABLE=$DYNAMODB_TABLE" >> .env
- echo "REGION=$REGION" >> .env
- echo "owner = $OWNER" >> $ENVIRONMENT.tfvars
- echo "project = $PROJECT" >> $ENVIRONMENT.tfvars
- echo "region = $REGION" >> $ENVIRONMENT.tfvars
- ./destroy.sh $ENVIRONMENT
\ No newline at end of file
diff --git a/README.md b/README.md
index fee2d17d..fc00f25b 100644
--- a/README.md
+++ b/README.md
@@ -10,9 +10,20 @@
[3. Architectural Design](#3-architectural-design)\
[4. Getting Started](#4-getting-started)
+- [Table of Contents](#table-of-contents)
+- [1. Overview](#1-overview)
+- [2. Notices](#2-notices)
+ - [2.1 Public Domain Standard Notice](#21-public-domain-standard-notice)
+ - [2.2 License Standard Notice](#22-license-standard-notice)
+ - [2.3 Privacy Standard Notice](#23-privacy-standard-notice)
+ - [2.4 Contributing Standard Notice](#24-contributing-standard-notice)
+ - [2.5 Records Management Standard Notice](#25-records-management-standard-notice)
+ - [2.6 Additional Standard Notices](#26-additional-standard-notices)
+- [3. Architectural Design](#3-architectural-design)
+- [4. Getting Started](#4-getting-started)
- [4.1 Requirements](#41-requirements)
- [4.2 Clone DIBBS-AWS Repository](#42-clone-dibbs-aws-repository)
- - [4.3 Begin Using Repository](#43-begin-using-repository)
+ - [4.3 Begin Using Terraform](#43-begin-using-terraform)
- [4.4 Make A New Branch](#44-make-a-new-branch)
- [4.5 Update Terraform Through The Command Line](#45-update-terraform-through-the-command-line)
- [4.6 Run Terraform Code In Your Designated Environment](#46-run-terraform-code-in-your-designated-environment)
@@ -183,7 +194,7 @@ The setup.sh script will create the following files:
## 4.6 Run Terraform Code In Your Designated Environment
4.6.1. Run ECS Module Locally
* To run your ECS Module Changes in your local terminal, navigate to _terraform/implementation/ecs/_ and run the following command: `cd /terraform/implementation`.
-* In your terminal run the ECS Script in your designated environment `./ecs.sh -e {insertEnvironmentName}`.\
+* In your terminal run the deploy script for your designated environment `./deploy.sh -e {insertEnvironmentName}`.\
Note: The _-e_ tag stands for environment and you can specify `dev`, `stage`, `prod`
or whatever environment your team desires.
diff --git a/terraform/implementation/ecs/ecs.sh b/terraform/implementation/ecs/deploy.sh
similarity index 98%
rename from terraform/implementation/ecs/ecs.sh
rename to terraform/implementation/ecs/deploy.sh
index 245ae3d0..ad42a259 100755
--- a/terraform/implementation/ecs/ecs.sh
+++ b/terraform/implementation/ecs/deploy.sh
@@ -49,7 +49,7 @@ do
shift
;;
-h|--help)
- echo "Usage: ./ecs.sh [OPTIONS]"
+ echo "Usage: ./deploy.sh [OPTIONS]"
echo "Options:"
echo " -e, --env | Set the environment (e.g., production, staging) [REQUIRED]"
echo " -b, --bucket | Set the bucket name [REQUIRED]"
@@ -77,7 +77,7 @@ if [ -z "$ENVIRONMENT" ] || [ -z "$BUCKET" ] || [ -z "$DYNAMODB_TABLE" ] || [ -z
echo "BUCKET: $BUCKET"
echo "DYNAMODB_TABLE: $DYNAMODB_TABLE"
echo "REGION: $REGION"
- ./ecs.sh -h
+ ./deploy.sh -h
exit 1
fi
diff --git a/terraform/modules/ecs/README.md b/terraform/modules/ecs/README.md
index cc64af75..f350f5c1 100644
--- a/terraform/modules/ecs/README.md
+++ b/terraform/modules/ecs/README.md
@@ -74,6 +74,7 @@ No modules.
| [cloudmap\_namespace\_name](#input\_cloudmap\_namespace\_name) | Name of the AWS Cloud Map namespace | `string` | `""` | no |
| [cloudmap\_service\_name](#input\_cloudmap\_service\_name) | Name of the AWS Cloud Map service | `string` | `""` | no |
| [cw\_retention\_in\_days](#input\_cw\_retention\_in\_days) | Retention period in days for CloudWatch logs | `number` | `30` | no |
+| [disable\_ecr](#input\_disable\_ecr) | Flag to disable the aws ecr service for docker image storage, defaults to false | `bool` | `false` | no |
| [ecs\_alb\_name](#input\_ecs\_alb\_name) | Name of the Application Load Balancer (ALB) | `string` | `""` | no |
| [ecs\_alb\_sg](#input\_ecs\_alb\_sg) | Name of the ECS ALB Security Group | `string` | `""` | no |
| [ecs\_alb\_tg\_name](#input\_ecs\_alb\_tg\_name) | Name of the ALB Target Group | `string` | `""` | no |
@@ -81,9 +82,9 @@ No modules.
| [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | Name of the ECS Cluster | `string` | `""` | no |
| [ecs\_task\_execution\_role\_name](#input\_ecs\_task\_execution\_role\_name) | Name of the ECS Task Execution Role | `string` | `""` | no |
| [ecs\_task\_role\_name](#input\_ecs\_task\_role\_name) | Name of the ECS Task Role | `string` | `""` | no |
-| [enable\_ecr](#input\_enable\_ecr) | Flag to enable the aws ecr service for docker image storage, defaults to true | `bool` | `true` | no |
+| [non\_integrated\_viewer](#input\_non\_integrated\_viewer) | A flag to determine if the viewer is the non-integrated version | `string` | `"false"` | no |
| [owner](#input\_owner) | Owner of the resources | `string` | `"CDC"` | no |
-| [phdi\_version](#input\_phdi\_version) | Version of the PHDI application | `string` | `"v1.4.4"` | no |
+| [phdi\_version](#input\_phdi\_version) | Version of the PHDI application | `string` | `"v1.6.1"` | no |
| [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet IDs | `list(string)` | n/a | yes |
| [project](#input\_project) | The project name | `string` | `"dibbs"` | no |
| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs | `list(string)` | n/a | yes |
diff --git a/terraform/modules/ecs/_local.tf b/terraform/modules/ecs/_local.tf
index 25040da3..cc6c6c18 100644
--- a/terraform/modules/ecs/_local.tf
+++ b/terraform/modules/ecs/_local.tf
@@ -5,7 +5,7 @@ resource "random_string" "s3_viewer" {
}
locals {
- registry_url = var.enable_ecr == true ? "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com" : "ghcr.io/cdcgov/phdi"
+ registry_url = var.disable_ecr == false ? "${data.aws_caller_identity.current.account_id}.dkr.ecr.${var.region}.amazonaws.com" : "ghcr.io/cdcgov/phdi"
registry_auth = data.aws_ecr_authorization_token.this.proxy_endpoint
registry_username = data.aws_ecr_authorization_token.this.user_name
registry_password = data.aws_ecr_authorization_token.this.password
@@ -32,12 +32,21 @@ locals {
},
{
name = "HOSTNAME",
- value = "0.0.0.0"
+ value = "127.0.0.1"
},
{
name = "NEXT_PUBLIC_NON_INTEGRATED_VIEWER",
value = var.non_integrated_viewer
+ },
+ {
+ name = "SOURCE",
+ value = "s3"
+ },
+ {
+ name = "APP_ENV",
+ value = "test"
}
+
]
},
fhir-converter = {
@@ -139,7 +148,7 @@ locals {
},
{
name = "ECR_VIEWER_URL",
- value = "http://ecr-viewer:3000/ecr-viewer"
+ value = "http://ecr-viewer:3000"
},
{
name = "MESSAGE_PARSER_URL",
@@ -165,6 +174,6 @@ locals {
ecs_cloudwatch_group = var.ecs_cloudwatch_group == "" ? "/${local.local_name}" : var.ecs_cloudwatch_group
ecs_cluster_name = var.ecs_cluster_name == "" ? local.local_name : var.ecs_cluster_name
s3_viewer_bucket_name = var.s3_viewer_bucket_name == "" ? "${local.local_name}-${random_string.s3_viewer.result}" : var.s3_viewer_bucket_name
- s3_viewer_bucket_role_name = var.s3_viewer_bucket_role_name == "" ? local.local_name : var.s3_viewer_bucket_role_name
+ s3_viewer_bucket_role_name = var.s3_viewer_bucket_role_name == "" ? "${local.local_name}-ecrv" : var.s3_viewer_bucket_role_name
tags = var.tags
}
diff --git a/terraform/modules/ecs/_variable.tf b/terraform/modules/ecs/_variable.tf
index 8bfa6158..ed3c02f0 100644
--- a/terraform/modules/ecs/_variable.tf
+++ b/terraform/modules/ecs/_variable.tf
@@ -99,7 +99,7 @@ variable "s3_viewer_bucket_role_name" {
variable "phdi_version" {
type = string
description = "Version of the PHDI application"
- default = "v1.6.2"
+ default = "v1.6.1"
}
variable "service_data" {
@@ -140,10 +140,10 @@ variable "project" {
default = "dibbs"
}
-variable "enable_ecr" {
+variable "disable_ecr" {
type = bool
- description = "Flag to enable the aws ecr service for docker image storage, defaults to true"
- default = true
+ description = "Flag to disable the aws ecr service for docker image storage, defaults to false"
+ default = false
}
variable "tags" {
diff --git a/terraform/modules/ecs/alb.tf b/terraform/modules/ecs/alb.tf
index d4b94c37..31bbe128 100644
--- a/terraform/modules/ecs/alb.tf
+++ b/terraform/modules/ecs/alb.tf
@@ -49,8 +49,12 @@ resource "aws_alb_listener" "http" {
port = "80"
protocol = "HTTP"
default_action {
- type = "forward"
- target_group_arn = aws_alb_target_group.this["ecr-viewer"].arn
+ type = "fixed-response"
+ fixed_response {
+ content_type = "text/plain"
+ message_body = "I care intently about your request but I'm afraid I don't have anything for you right now."
+ status_code = "404"
+ }
}
tags = local.tags
}
diff --git a/terraform/modules/ecs/enable_ecr.tf b/terraform/modules/ecs/enable_ecr.tf
index 69a928ba..4058535c 100644
--- a/terraform/modules/ecs/enable_ecr.tf
+++ b/terraform/modules/ecs/enable_ecr.tf
@@ -1,10 +1,10 @@
data "docker_registry_image" "dibbs" {
- for_each = var.enable_ecr == true ? local.service_data : {}
+ for_each = var.disable_ecr == false ? local.service_data : {}
name = "ghcr.io/cdcgov/phdi/${each.key}:${each.value.app_version}"
}
resource "docker_image" "dibbs" {
- for_each = var.enable_ecr == true ? local.service_data : {}
+ for_each = var.disable_ecr == false ? local.service_data : {}
name = data.docker_registry_image.dibbs[each.key].name
keep_locally = true
pull_triggers = [data.docker_registry_image.dibbs[each.key].sha256_digest, plantimestamp()]
@@ -12,7 +12,7 @@ resource "docker_image" "dibbs" {
}
resource "docker_tag" "this" {
- for_each = var.enable_ecr == true ? local.service_data : {}
+ for_each = var.disable_ecr == false ? local.service_data : {}
source_image = docker_image.dibbs[each.key].name
target_image = "${each.value.registry_url}/${each.value.app_image}:${each.value.app_version}"
lifecycle {
@@ -23,7 +23,7 @@ resource "docker_tag" "this" {
}
resource "docker_registry_image" "this" {
- for_each = var.enable_ecr == true ? local.service_data : {}
+ for_each = var.disable_ecr == false ? local.service_data : {}
name = "${each.value.registry_url}/${each.value.app_image}:${each.value.app_version}"
depends_on = [
docker_image.dibbs,
@@ -47,7 +47,7 @@ resource "null_resource" "docker_tag" {
data "aws_ecr_authorization_token" "this" {}
resource "aws_ecr_repository" "this" {
- for_each = var.enable_ecr == true ? local.service_data : {}
+ for_each = var.disable_ecr == false ? local.service_data : {}
name = each.value.app_image
force_delete = true
tags = local.tags
diff --git a/terraform/modules/ecs/provider.tf b/terraform/modules/ecs/provider.tf
index 895565ad..d59d1dac 100644
--- a/terraform/modules/ecs/provider.tf
+++ b/terraform/modules/ecs/provider.tf
@@ -12,7 +12,7 @@ provider "docker" {
# Docker daemon using the default Unix socket
host = "unix:///var/run/docker.sock"
registry_auth {
- auth_disabled = var.enable_ecr == true ? false : true
+ auth_disabled = var.disable_ecr
address = local.registry_auth
username = local.registry_username
password = local.registry_password