Merge pull request #49 from krolmic/chore/update-aws-terraform-config

Chore/update aws terraform config

.github/workflows/deployment-aws.yml

@@ -24,7 +24,7 @@ jobs:
           submodules: recursive
 
       - name: Setup Dart SDK
-        uses: dart-lang/setup-dart@v1.3
+        uses: dart-lang/setup-dart@v1.6.5
         with:
           sdk: 3.0
 
@@ -33,7 +33,7 @@ jobs:
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-west-2
+          aws-region: us-east-1
 
       - name: Create passwords file
         working-directory: tracking_server

tracking_server/.gitignore

@@ -10,3 +10,41 @@ doc/api/
 
 # Passwords file
 config/passwords.yaml
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

tracking_server/deploy/aws/terraform/code-deploy.tf

@@ -88,4 +88,13 @@ resource "aws_s3_bucket" "deployment" {
 resource "aws_s3_bucket_acl" "deployment" {
   bucket = aws_s3_bucket.deployment.id
   acl    = "private"
+  depends_on = [aws_s3_bucket_ownership_controls.deployment]
+}
+
+# Resource to avoid error "AccessControlListNotSupported: The bucket does not allow ACLs"
+resource "aws_s3_bucket_ownership_controls" "deployment" {
+  bucket = aws_s3_bucket.deployment.id
+  rule {
+    object_ownership = "ObjectWriter"
+  }
 }

tracking_server/deploy/aws/terraform/config.auto.tfvars

@@ -15,7 +15,7 @@ project_name = "tracking"
 # need to update the instance_ami variable (see below) and update the region in
 # the .github/workflows/deployment-aws.yml file. In some cases you will also
 # need to update your instance_type.
-aws_region = "us-west-2"
+aws_region = "us-east-1"
 
 # Enabling Redis may incur additional costs. You will also need to enable Redis
 # in your staging.yaml and production.yaml configuration files.

tracking_server/deploy/aws/terraform/database.tf

@@ -2,7 +2,7 @@ resource "aws_db_instance" "postgres" {
   identifier          = var.project_name
   allocated_storage   = 10
   engine              = "postgres"
-  engine_version      = "14.2"
+  engine_version      = "14.13"
   instance_class      = "db.t3.micro"
   db_name             = "serverpod"
   username            = "postgres"

tracking_server/deploy/aws/terraform/instances.tf

@@ -12,7 +12,7 @@ data "aws_ami" "amazon-linux" {
 
   filter {
     name   = "name"
-    values = ["amzn-ami-hvm-*-x86_64-ebs"]
+    values = ["amzn2-ami-hvm-*-x86_64-ebs"]
   }
 }
 

tracking_server/deploy/aws/terraform/storage.tf

@@ -11,6 +11,15 @@ resource "aws_s3_bucket" "public_storage" {
 resource "aws_s3_bucket_acl" "public_storage" {
   bucket = aws_s3_bucket.public_storage.id
   acl    = "private"
+  depends_on = [aws_s3_bucket_ownership_controls.public_storage]
+}
+
+# Resource to avoid error "AccessControlListNotSupported: The bucket does not allow ACLs"
+resource "aws_s3_bucket_ownership_controls" "public_storage" {
+  bucket = aws_s3_bucket.public_storage.id
+  rule {
+    object_ownership = "ObjectWriter"
+  }
 }
 
 resource "aws_s3_bucket" "private_storage" {
@@ -25,6 +34,15 @@ resource "aws_s3_bucket" "private_storage" {
 resource "aws_s3_bucket_acl" "private_storage" {
   bucket = aws_s3_bucket.private_storage.id
   acl    = "private"
+  depends_on = [aws_s3_bucket_ownership_controls.private_storage]
+}
+
+# Resource to avoid error "AccessControlListNotSupported: The bucket does not allow ACLs"
+resource "aws_s3_bucket_ownership_controls" "private_storage" {
+  bucket = aws_s3_bucket.private_storage.id
+  rule {
+    object_ownership = "ObjectWriter"
+  }
 }
 
 locals {