diff --git a/main.tf b/main.tf index 494b624..435f862 100644 --- a/main.tf +++ b/main.tf @@ -2,10 +2,385 @@ locals { include_scenarios = true } -module "scenarios" { +# Moved blocks to handle module restructuring without recreating resources +# VPC module moved from scenarios to baseline +moved { + from = module.scenarios[0].module.vpc + to = module.baseline.module.vpc +} + +# AMI data source moved from scenarios to baseline +moved { + from = module.scenarios[0].data.aws_ami.amazon_linux + to = module.baseline.data.aws_ami.amazon_linux +} + +# Memory optimization module moved from scenarios to heritage +moved { + from = module.scenarios[0].module.memory_optimization + to = module.heritage[0].module.memory_optimization +} + +# Message size breach module moved from scenarios to heritage +moved { + from = module.scenarios[0].module.message_size_breach[0] + to = module.heritage[0].module.message_size_breach[0] +} + +# All other resources in scenarios module moved to heritage module +# CloudFront module +moved { + from = module.scenarios[0].module.cloudfront + to = module.heritage[0].module.cloudfront +} + +# S3 module +moved { + from = module.scenarios[0].module.s3_one + to = module.heritage[0].module.s3_one +} + +# ECS module +moved { + from = module.scenarios[0].module.ecs + to = module.heritage[0].module.ecs +} + +# All other resources (loom.tf, s3_bucket_notification.tf, sns_lambda.tf, asg_change.tf, manual_sg.tf) +# These are individual resources, so we need to move them individually +# S3 bucket notification resources +moved { + from = module.scenarios[0].aws_s3_bucket.my_bucket + to = module.heritage[0].aws_s3_bucket.my_bucket +} + +moved { + from = module.scenarios[0].aws_sqs_queue.my_queue + to = module.heritage[0].aws_sqs_queue.my_queue +} + +moved { + from = module.scenarios[0].aws_s3_bucket_notification.bucket_notification + to = module.heritage[0].aws_s3_bucket_notification.bucket_notification +} + +moved { + from = module.scenarios[0].aws_sqs_queue_policy.my_queue_policy + to = module.heritage[0].aws_sqs_queue_policy.my_queue_policy +} + +# SNS/Lambda resources +moved { + from = module.scenarios[0].data.archive_file.lambda_zip + to = module.heritage[0].data.archive_file.lambda_zip +} + +moved { + from = module.scenarios[0].aws_iam_role.lambda_iam_role + to = module.heritage[0].aws_iam_role.lambda_iam_role +} + +moved { + from = module.scenarios[0].aws_lambda_function.example + to = module.heritage[0].aws_lambda_function.example +} + +moved { + from = module.scenarios[0].aws_sns_topic.example_topic + to = module.heritage[0].aws_sns_topic.example_topic +} + +# ASG resources +moved { + from = module.scenarios[0].aws_launch_template.my_launch_template + to = module.heritage[0].aws_launch_template.my_launch_template +} + +moved { + from = module.scenarios[0].aws_lb_target_group.my_target_group + to = module.heritage[0].aws_lb_target_group.my_target_group +} + +moved { + from = module.scenarios[0].aws_lb_target_group.my_new_target_group + to = module.heritage[0].aws_lb_target_group.my_new_target_group +} + +moved { + from = module.scenarios[0].aws_autoscaling_group.my_asg + to = module.heritage[0].aws_autoscaling_group.my_asg +} + +# Manual SG resources +moved { + from = module.scenarios[0].aws_security_group.allow_access + to = module.heritage[0].aws_security_group.allow_access +} + +moved { + from = module.scenarios[0].aws_subnet.restricted-2a + to = module.heritage[0].aws_subnet.restricted-2a +} + +moved { + from = module.scenarios[0].aws_subnet.restricted-2b + to = module.heritage[0].aws_subnet.restricted-2b +} + +moved { + from = module.scenarios[0].aws_route_table_association.restricted-2a + to = module.heritage[0].aws_route_table_association.restricted-2a +} + +moved { + from = module.scenarios[0].aws_route_table_association.restricted-2b + to = module.heritage[0].aws_route_table_association.restricted-2b +} + +moved { + from = module.scenarios[0].aws_network_acl.restricted + to = module.heritage[0].aws_network_acl.restricted +} + +moved { + from = module.scenarios[0].aws_network_acl_rule.allow_http + to = module.heritage[0].aws_network_acl_rule.allow_http +} + +moved { + from = module.scenarios[0].aws_network_acl_rule.allow_ssh + to = module.heritage[0].aws_network_acl_rule.allow_ssh +} + +moved { + from = module.scenarios[0].aws_network_acl_rule.allow_ephemeral + to = module.heritage[0].aws_network_acl_rule.allow_ephemeral +} + +moved { + from = module.scenarios[0].aws_network_acl_rule.deny_high_ports + to = module.heritage[0].aws_network_acl_rule.deny_high_ports +} + +moved { + from = module.scenarios[0].aws_network_acl_rule.allow_outbound + to = module.heritage[0].aws_network_acl_rule.allow_outbound +} + +moved { + from = module.scenarios[0].aws_instance.webserver + to = module.heritage[0].aws_instance.webserver +} + +moved { + from = module.scenarios[0].aws_instance.app_server + to = module.heritage[0].aws_instance.app_server +} + +moved { + from = module.scenarios[0].aws_security_group.instance_sg + to = module.heritage[0].aws_security_group.instance_sg +} + +# Loom resources (CloudFront, S3, ECS, RDS, etc.) +# Data sources +moved { + from = module.scenarios[0].data.aws_canonical_user_id.current + to = module.heritage[0].data.aws_canonical_user_id.current +} + +moved { + from = module.scenarios[0].data.aws_cloudfront_log_delivery_canonical_user_id.cloudfront + to = module.heritage[0].data.aws_cloudfront_log_delivery_canonical_user_id.cloudfront +} + +moved { + from = module.scenarios[0].data.aws_iam_policy_document.s3_policy + to = module.heritage[0].data.aws_iam_policy_document.s3_policy +} + +moved { + from = module.scenarios[0].data.aws_route53_zone.demo + to = module.heritage[0].data.aws_route53_zone.demo +} + +moved { + from = module.scenarios[0].data.aws_ssm_parameter.amzn2_latest + to = module.heritage[0].data.aws_ssm_parameter.amzn2_latest +} + +moved { + from = module.scenarios[0].random_pet.this + to = module.heritage[0].random_pet.this +} + +moved { + from = module.scenarios[0].random_pet.second + to = module.heritage[0].random_pet.second +} + +moved { + from = module.scenarios[0].aws_cloudfront_function.example + to = module.heritage[0].aws_cloudfront_function.example +} + +moved { + from = module.scenarios[0].aws_s3_bucket.b + to = module.heritage[0].aws_s3_bucket.b +} + +moved { + from = module.scenarios[0].aws_s3_bucket_ownership_controls.b + to = module.heritage[0].aws_s3_bucket_ownership_controls.b +} + +moved { + from = module.scenarios[0].aws_s3_bucket_acl.b_acl + to = module.heritage[0].aws_s3_bucket_acl.b_acl +} + +moved { + from = module.scenarios[0].aws_cloudfront_origin_access_control.b + to = module.heritage[0].aws_cloudfront_origin_access_control.b +} + +moved { + from = module.scenarios[0].aws_cloudfront_distribution.s3_distribution + to = module.heritage[0].aws_cloudfront_distribution.s3_distribution +} + +moved { + from = module.scenarios[0].aws_cloudfront_response_headers_policy.headers-policy + to = module.heritage[0].aws_cloudfront_response_headers_policy.headers-policy +} + +moved { + from = module.scenarios[0].aws_cloudfront_cache_policy.headers_based_policy + to = module.heritage[0].aws_cloudfront_cache_policy.headers_based_policy +} + +moved { + from = module.scenarios[0].aws_cloudfront_origin_request_policy.headers_based_policy + to = module.heritage[0].aws_cloudfront_origin_request_policy.headers_based_policy +} + +moved { + from = module.scenarios[0].aws_s3_bucket_policy.bucket_policy + to = module.heritage[0].aws_s3_bucket_policy.bucket_policy +} + +moved { + from = module.scenarios[0].aws_lb.main + to = module.heritage[0].aws_lb.main +} + +moved { + from = module.scenarios[0].aws_lb_listener.http + to = module.heritage[0].aws_lb_listener.http +} + +moved { + from = module.scenarios[0].aws_db_subnet_group.default + to = module.heritage[0].aws_db_subnet_group.default +} + +moved { + from = module.scenarios[0].aws_rds_cluster.face_database + to = module.heritage[0].aws_rds_cluster.face_database +} + +moved { + from = module.scenarios[0].aws_rds_cluster_instance.face_database + to = module.heritage[0].aws_rds_cluster_instance.face_database +} + +moved { + from = module.scenarios[0].aws_ecs_task_definition.face + to = module.heritage[0].aws_ecs_task_definition.face +} + +moved { + from = module.scenarios[0].aws_ecs_service.face + to = module.heritage[0].aws_ecs_service.face +} + +moved { + from = module.scenarios[0].aws_lb_listener_rule.face + to = module.heritage[0].aws_lb_listener_rule.face +} + +moved { + from = module.scenarios[0].aws_lb_target_group.face + to = module.heritage[0].aws_lb_target_group.face +} + +moved { + from = module.scenarios[0].aws_route53_record.face + to = module.heritage[0].aws_route53_record.face +} + +moved { + from = module.scenarios[0].aws_ecs_task_definition.visit_counter + to = module.heritage[0].aws_ecs_task_definition.visit_counter +} + +moved { + from = module.scenarios[0].aws_ecs_service.visit_counter + to = module.heritage[0].aws_ecs_service.visit_counter +} + +moved { + from = module.scenarios[0].aws_lb_listener_rule.visit_counter + to = module.heritage[0].aws_lb_listener_rule.visit_counter +} + +moved { + from = module.scenarios[0].aws_lb_target_group.visit_counter + to = module.heritage[0].aws_lb_target_group.visit_counter +} + +moved { + from = module.scenarios[0].aws_route53_record.visit_counter + to = module.heritage[0].aws_route53_record.visit_counter +} + +moved { + from = module.scenarios[0].aws_cloudfront_distribution.visit_counter + to = module.heritage[0].aws_cloudfront_distribution.visit_counter +} + +module "baseline" { + source = "./modules/baseline" + + example_env = var.example_env +} + +module "heritage" { count = local.include_scenarios ? 1 : 0 - source = "./modules/scenarios" + source = "./modules/heritage" example_env = var.example_env + + # VPC inputs from baseline + vpc_id = module.baseline.vpc_id + public_subnets = module.baseline.public_subnets + private_subnets = module.baseline.private_subnets + default_security_group_id = module.baseline.default_security_group_id + public_route_table_ids = module.baseline.public_route_table_ids + ami_id = module.baseline.ami_id + + # Memory optimization demo settings + enable_memory_optimization_demo = var.enable_memory_optimization_demo + memory_optimization_container_memory = var.memory_optimization_container_memory + memory_optimization_container_count = var.memory_optimization_container_count + days_until_black_friday = var.days_until_black_friday + + # Message size breach demo settings + enable_message_size_breach_demo = var.enable_message_size_breach_demo + message_size_breach_max_size = var.message_size_breach_max_size + message_size_breach_batch_size = var.message_size_breach_batch_size + message_size_breach_lambda_timeout = var.message_size_breach_lambda_timeout + message_size_breach_lambda_memory = var.message_size_breach_lambda_memory + message_size_breach_retention_days = var.message_size_breach_retention_days } diff --git a/modules/scenarios/main.tf b/modules/baseline/main.tf similarity index 53% rename from modules/scenarios/main.tf rename to modules/baseline/main.tf index b70c722..624301b 100644 --- a/modules/scenarios/main.tf +++ b/modules/baseline/main.tf @@ -66,40 +66,3 @@ module "vpc" { } } -# Memory optimization demo scenario -module "memory_optimization" { - source = "./memory-optimization" - - # Control whether this scenario is enabled - enabled = var.enable_memory_optimization_demo - - # Use the VPC created above instead of default VPC - use_default_vpc = false - vpc_id = module.vpc.vpc_id - subnet_ids = module.vpc.public_subnets - - # Demo configuration - name_prefix = "scenarios-memory-demo" - container_memory = var.memory_optimization_container_memory - number_of_containers = var.memory_optimization_container_count - - # Context for the demo - days_until_black_friday = var.days_until_black_friday - days_since_last_memory_change = 423 -} - -# Message size limit breach demo scenario -module "message_size_breach" { - count = var.enable_message_size_breach_demo ? 1 : 0 - source = "./message-size-breach" - - # Demo configuration - example_env = var.example_env - - # The configuration that looks innocent but will break Lambda - max_message_size = var.message_size_breach_max_size # 256KB (safe) vs 1MB (dangerous) - batch_size = var.message_size_breach_batch_size # 10 messages - lambda_timeout = var.message_size_breach_lambda_timeout - lambda_memory = var.message_size_breach_lambda_memory - retention_days = var.message_size_breach_retention_days -} diff --git a/modules/baseline/outputs.tf b/modules/baseline/outputs.tf new file mode 100644 index 0000000..71a8a6b --- /dev/null +++ b/modules/baseline/outputs.tf @@ -0,0 +1,30 @@ +output "vpc_id" { + description = "ID of the VPC" + value = module.vpc.vpc_id +} + +output "public_subnets" { + description = "IDs of the public subnets" + value = module.vpc.public_subnets +} + +output "private_subnets" { + description = "IDs of the private subnets" + value = module.vpc.private_subnets +} + +output "default_security_group_id" { + description = "ID of the default security group" + value = module.vpc.default_security_group_id +} + +output "public_route_table_ids" { + description = "IDs of the public route tables" + value = module.vpc.public_route_table_ids +} + +output "ami_id" { + description = "ID of the Amazon Linux 2 AMI" + value = data.aws_ami.amazon_linux.id +} + diff --git a/modules/baseline/variables.tf b/modules/baseline/variables.tf new file mode 100644 index 0000000..9361a01 --- /dev/null +++ b/modules/baseline/variables.tf @@ -0,0 +1,5 @@ +variable "example_env" { + description = "Indicate which example environment to use" + type = string +} + diff --git a/modules/scenarios/acl_block_high_ports.tf b/modules/heritage/acl_block_high_ports.tf similarity index 99% rename from modules/scenarios/acl_block_high_ports.tf rename to modules/heritage/acl_block_high_ports.tf index f52ec25..c37c75d 100644 --- a/modules/scenarios/acl_block_high_ports.tf +++ b/modules/heritage/acl_block_high_ports.tf @@ -58,3 +58,4 @@ # subnet_id = "subnet-0482035a966810071" # network_acl_id = aws_network_acl.block_high_ports.id # } + diff --git a/modules/scenarios/asg_change.tf b/modules/heritage/asg_change.tf similarity index 82% rename from modules/scenarios/asg_change.tf rename to modules/heritage/asg_change.tf index e7c4328..3ba2a18 100644 --- a/modules/scenarios/asg_change.tf +++ b/modules/heritage/asg_change.tf @@ -5,9 +5,9 @@ # Define an EC2 launch template resource "aws_launch_template" "my_launch_template" { name_prefix = "asg-change-launch-template-${var.example_env}" - image_id = data.aws_ami.amazon_linux.id + image_id = var.ami_id instance_type = "t3.micro" - vpc_security_group_ids = [module.vpc.default_security_group_id] + vpc_security_group_ids = [var.default_security_group_id] } # Create a Target Group @@ -15,7 +15,7 @@ resource "aws_lb_target_group" "my_target_group" { name = "asg-change-tg-${var.example_env}" port = 80 protocol = "HTTP" - vpc_id = module.vpc.vpc_id + vpc_id = var.vpc_id health_check { path = "/" @@ -27,7 +27,7 @@ resource "aws_lb_target_group" "my_new_target_group" { name = "asg-new-${var.example_env}" port = 80 protocol = "HTTP" - vpc_id = module.vpc.vpc_id + vpc_id = var.vpc_id health_check { path = "/" @@ -41,7 +41,7 @@ resource "aws_autoscaling_group" "my_asg" { max_size = 2 desired_capacity = 1 target_group_arns = [aws_lb_target_group.my_target_group.arn] - vpc_zone_identifier = module.vpc.public_subnets + vpc_zone_identifier = var.public_subnets health_check_type = "EC2" health_check_grace_period = 300 @@ -50,3 +50,4 @@ resource "aws_autoscaling_group" "my_asg" { version = "$Latest" } } + diff --git a/modules/heritage/example-function.js b/modules/heritage/example-function.js new file mode 100644 index 0000000..33cdbfd --- /dev/null +++ b/modules/heritage/example-function.js @@ -0,0 +1,13 @@ +function handler(event) { + // NOTE: This example function is for a viewer request event trigger. + // Choose viewer request for event trigger when you associate this function with a distribution. + var response = { + statusCode: 302, + statusDescription: 'Found', + headers: { + 'cloudfront-functions': { value: 'generated-by-CloudFront-Functions' }, + 'location': { value: 'https://aws.amazon.com/cloudfront/' } + } + }; + return response; +} \ No newline at end of file diff --git a/modules/scenarios/loom.tf b/modules/heritage/loom.tf similarity index 97% rename from modules/scenarios/loom.tf rename to modules/heritage/loom.tf index 75292a6..3fff298 100644 --- a/modules/scenarios/loom.tf +++ b/modules/heritage/loom.tf @@ -231,7 +231,7 @@ resource "random_pet" "second" { resource "aws_cloudfront_function" "example" { name = "${var.example_env}-${random_pet.this.id}" runtime = "cloudfront-js-1.0" - code = file("example-function.js") + code = file("${path.module}/example-function.js") } # Second resource @@ -451,7 +451,7 @@ resource "aws_lb" "main" { name = var.example_env internal = false load_balancer_type = "application" - subnets = module.vpc.public_subnets + subnets = var.public_subnets enable_deletion_protection = false } @@ -481,7 +481,7 @@ data "aws_route53_zone" "demo" { # to discover this relationship and therefore tell people about it resource "aws_db_subnet_group" "default" { name = "main-${var.example_env}" - subnet_ids = module.vpc.private_subnets + subnet_ids = var.private_subnets tags = { Name = "Default DB Subnet Group for ${var.example_env}" @@ -562,8 +562,8 @@ resource "aws_ecs_service" "face" { network_configuration { assign_public_ip = false - security_groups = [module.vpc.default_security_group_id] - subnets = module.vpc.private_subnets + security_groups = [var.default_security_group_id] + subnets = var.private_subnets } capacity_provider_strategy { @@ -600,7 +600,7 @@ resource "aws_lb_target_group" "face" { port = 1234 protocol = "HTTP" target_type = "ip" - vpc_id = module.vpc.vpc_id + vpc_id = var.vpc_id health_check { enabled = true @@ -668,8 +668,8 @@ resource "aws_ecs_service" "visit_counter" { network_configuration { assign_public_ip = false - security_groups = [module.vpc.default_security_group_id] - subnets = module.vpc.private_subnets + security_groups = [var.default_security_group_id] + subnets = var.private_subnets } capacity_provider_strategy { @@ -706,7 +706,7 @@ resource "aws_lb_target_group" "visit_counter" { port = 80 protocol = "HTTP" target_type = "ip" - vpc_id = module.vpc.vpc_id + vpc_id = var.vpc_id } resource "aws_route53_record" "visit_counter" { @@ -757,3 +757,4 @@ resource "aws_cloudfront_distribution" "visit_counter" { cloudfront_default_certificate = true } } + diff --git a/modules/heritage/main.tf b/modules/heritage/main.tf new file mode 100644 index 0000000..50a77ed --- /dev/null +++ b/modules/heritage/main.tf @@ -0,0 +1,38 @@ +# Memory optimization demo scenario +module "memory_optimization" { + source = "./memory-optimization" + + # Control whether this scenario is enabled + enabled = var.enable_memory_optimization_demo + + # Use the VPC created above instead of default VPC + use_default_vpc = false + vpc_id = var.vpc_id + subnet_ids = var.public_subnets + + # Demo configuration + name_prefix = "scenarios-memory-demo" + container_memory = var.memory_optimization_container_memory + number_of_containers = var.memory_optimization_container_count + + # Context for the demo + days_until_black_friday = var.days_until_black_friday + days_since_last_memory_change = 423 +} + +# Message size limit breach demo scenario +module "message_size_breach" { + count = var.enable_message_size_breach_demo ? 1 : 0 + source = "./message-size-breach" + + # Demo configuration + example_env = var.example_env + + # The configuration that looks innocent but will break Lambda + max_message_size = var.message_size_breach_max_size # 256KB (safe) vs 1MB (dangerous) + batch_size = var.message_size_breach_batch_size # 10 messages + lambda_timeout = var.message_size_breach_lambda_timeout + lambda_memory = var.message_size_breach_lambda_memory + retention_days = var.message_size_breach_retention_days +} + diff --git a/modules/scenarios/manual_sg.tf b/modules/heritage/manual_sg.tf similarity index 94% rename from modules/scenarios/manual_sg.tf rename to modules/heritage/manual_sg.tf index c468508..4c8f324 100644 --- a/modules/scenarios/manual_sg.tf +++ b/modules/heritage/manual_sg.tf @@ -6,7 +6,7 @@ resource "aws_security_group" "allow_access" { name = "allow_access-${var.example_env}" description = "Allow access security group" - vpc_id = module.vpc.vpc_id + vpc_id = var.vpc_id ingress { from_port = 22 @@ -31,7 +31,7 @@ resource "aws_security_group" "allow_access" { # communication. In fairness, the reachability analyser can answer this # question. resource "aws_subnet" "restricted-2a" { - vpc_id = module.vpc.vpc_id + vpc_id = var.vpc_id cidr_block = "10.0.9.0/24" availability_zone = "eu-west-2a" @@ -41,7 +41,7 @@ resource "aws_subnet" "restricted-2a" { } resource "aws_subnet" "restricted-2b" { - vpc_id = module.vpc.vpc_id + vpc_id = var.vpc_id cidr_block = "10.0.10.0/24" availability_zone = "eu-west-2b" @@ -54,15 +54,15 @@ resource "aws_subnet" "restricted-2b" { // the internet gateway created by the VPC module resource "aws_route_table_association" "restricted-2a" { subnet_id = aws_subnet.restricted-2a.id - route_table_id = module.vpc.public_route_table_ids[0] + route_table_id = var.public_route_table_ids[0] } resource "aws_route_table_association" "restricted-2b" { subnet_id = aws_subnet.restricted-2b.id - route_table_id = module.vpc.public_route_table_ids[0] + route_table_id = var.public_route_table_ids[0] } resource "aws_network_acl" "restricted" { - vpc_id = module.vpc.vpc_id + vpc_id = var.vpc_id subnet_ids = [ aws_subnet.restricted-2a.id, aws_subnet.restricted-2b.id @@ -173,7 +173,7 @@ resource "aws_instance" "app_server" { # that's what you'd expect. However, the network ACL is blocking the # communication resource "aws_security_group" "instance_sg" { - vpc_id = module.vpc.vpc_id + vpc_id = var.vpc_id ingress { from_port = 8080 @@ -196,3 +196,4 @@ resource "aws_security_group" "instance_sg" { cidr_blocks = ["0.0.0.0/0"] } } + diff --git a/modules/scenarios/memory-optimization/.terraform.lock.hcl b/modules/heritage/memory-optimization/.terraform.lock.hcl similarity index 100% rename from modules/scenarios/memory-optimization/.terraform.lock.hcl rename to modules/heritage/memory-optimization/.terraform.lock.hcl diff --git a/modules/scenarios/memory-optimization/README.md b/modules/heritage/memory-optimization/README.md similarity index 100% rename from modules/scenarios/memory-optimization/README.md rename to modules/heritage/memory-optimization/README.md diff --git a/modules/scenarios/memory-optimization/ecs.tf b/modules/heritage/memory-optimization/ecs.tf similarity index 100% rename from modules/scenarios/memory-optimization/ecs.tf rename to modules/heritage/memory-optimization/ecs.tf diff --git a/modules/scenarios/memory-optimization/main.tf b/modules/heritage/memory-optimization/main.tf similarity index 100% rename from modules/scenarios/memory-optimization/main.tf rename to modules/heritage/memory-optimization/main.tf diff --git a/modules/scenarios/memory-optimization/monitoring.tf b/modules/heritage/memory-optimization/monitoring.tf similarity index 100% rename from modules/scenarios/memory-optimization/monitoring.tf rename to modules/heritage/memory-optimization/monitoring.tf diff --git a/modules/scenarios/memory-optimization/networking.tf b/modules/heritage/memory-optimization/networking.tf similarity index 100% rename from modules/scenarios/memory-optimization/networking.tf rename to modules/heritage/memory-optimization/networking.tf diff --git a/modules/scenarios/memory-optimization/outputs.tf b/modules/heritage/memory-optimization/outputs.tf similarity index 100% rename from modules/scenarios/memory-optimization/outputs.tf rename to modules/heritage/memory-optimization/outputs.tf diff --git a/modules/scenarios/memory-optimization/variables.tf b/modules/heritage/memory-optimization/variables.tf similarity index 100% rename from modules/scenarios/memory-optimization/variables.tf rename to modules/heritage/memory-optimization/variables.tf diff --git a/modules/scenarios/message-size-breach/README.md b/modules/heritage/message-size-breach/README.md similarity index 100% rename from modules/scenarios/message-size-breach/README.md rename to modules/heritage/message-size-breach/README.md diff --git a/modules/scenarios/message-size-breach/data_sources.tf b/modules/heritage/message-size-breach/data_sources.tf similarity index 100% rename from modules/scenarios/message-size-breach/data_sources.tf rename to modules/heritage/message-size-breach/data_sources.tf diff --git a/modules/scenarios/message-size-breach/example.tf b/modules/heritage/message-size-breach/example.tf similarity index 100% rename from modules/scenarios/message-size-breach/example.tf rename to modules/heritage/message-size-breach/example.tf diff --git a/modules/scenarios/message-size-breach/iam.tf b/modules/heritage/message-size-breach/iam.tf similarity index 100% rename from modules/scenarios/message-size-breach/iam.tf rename to modules/heritage/message-size-breach/iam.tf diff --git a/modules/scenarios/message-size-breach/lambda_function.py b/modules/heritage/message-size-breach/lambda_function.py similarity index 100% rename from modules/scenarios/message-size-breach/lambda_function.py rename to modules/heritage/message-size-breach/lambda_function.py diff --git a/modules/scenarios/message-size-breach/lambda_function.zip b/modules/heritage/message-size-breach/lambda_function.zip similarity index 100% rename from modules/scenarios/message-size-breach/lambda_function.zip rename to modules/heritage/message-size-breach/lambda_function.zip diff --git a/modules/scenarios/message-size-breach/main.tf b/modules/heritage/message-size-breach/main.tf similarity index 100% rename from modules/scenarios/message-size-breach/main.tf rename to modules/heritage/message-size-breach/main.tf diff --git a/modules/scenarios/message-size-breach/outputs.tf b/modules/heritage/message-size-breach/outputs.tf similarity index 100% rename from modules/scenarios/message-size-breach/outputs.tf rename to modules/heritage/message-size-breach/outputs.tf diff --git a/modules/scenarios/message-size-breach/variables.tf b/modules/heritage/message-size-breach/variables.tf similarity index 100% rename from modules/scenarios/message-size-breach/variables.tf rename to modules/heritage/message-size-breach/variables.tf diff --git a/modules/scenarios/outputs.tf b/modules/heritage/outputs.tf similarity index 83% rename from modules/scenarios/outputs.tf rename to modules/heritage/outputs.tf index 44dfd4a..2870e23 100644 --- a/modules/scenarios/outputs.tf +++ b/modules/heritage/outputs.tf @@ -1,5 +1,5 @@ # outputs.tf -# Outputs for the scenarios module +# Outputs for the heritage module # Memory optimization demo outputs output "memory_optimization_demo_status" { @@ -22,22 +22,6 @@ output "memory_optimization_cost_analysis" { value = var.enable_memory_optimization_demo ? module.memory_optimization.cost_analysis : null } -# VPC information (useful for other integrations) -output "vpc_id" { - description = "ID of the VPC created for scenarios" - value = module.vpc.vpc_id -} - -output "public_subnet_ids" { - description = "IDs of the public subnets" - value = module.vpc.public_subnets -} - -output "private_subnet_ids" { - description = "IDs of the private subnets" - value = module.vpc.private_subnets -} - # Message size limit breach demo outputs output "message_size_breach_demo_status" { description = "Status and analysis of the message size limit breach demo" @@ -54,7 +38,6 @@ output "message_size_breach_lambda_function_name" { value = length(module.message_size_breach) > 0 ? module.message_size_breach[0].lambda_function_name : null } - output "message_size_breach_payload_analysis" { description = "Analysis of payload size vs Lambda limits" value = length(module.message_size_breach) > 0 ? { @@ -64,4 +47,5 @@ output "message_size_breach_payload_analysis" { lambda_payload_limit_bytes = module.message_size_breach[0].lambda_payload_limit_bytes payload_limit_exceeded = module.message_size_breach[0].payload_limit_exceeded } : null -} \ No newline at end of file +} + diff --git a/modules/scenarios/s3_bucket_notification.tf b/modules/heritage/s3_bucket_notification.tf similarity index 99% rename from modules/scenarios/s3_bucket_notification.tf rename to modules/heritage/s3_bucket_notification.tf index 9d70a9e..77bbf81 100644 --- a/modules/scenarios/s3_bucket_notification.tf +++ b/modules/heritage/s3_bucket_notification.tf @@ -38,3 +38,4 @@ resource "aws_sqs_queue_policy" "my_queue_policy" { ] }) } + diff --git a/modules/scenarios/sns_lambda.tf b/modules/heritage/sns_lambda.tf similarity index 99% rename from modules/scenarios/sns_lambda.tf rename to modules/heritage/sns_lambda.tf index 5e241a1..ed7b032 100644 --- a/modules/scenarios/sns_lambda.tf +++ b/modules/heritage/sns_lambda.tf @@ -58,3 +58,4 @@ resource "aws_sns_topic" "example_topic" { # principal = "sns.amazonaws.com" # source_arn = aws_sns_topic.example_topic.arn # } + diff --git a/modules/scenarios/tmp/lambda_function.zip b/modules/heritage/tmp/lambda_function.zip similarity index 100% rename from modules/scenarios/tmp/lambda_function.zip rename to modules/heritage/tmp/lambda_function.zip diff --git a/modules/scenarios/variables.tf b/modules/heritage/variables.tf similarity index 84% rename from modules/scenarios/variables.tf rename to modules/heritage/variables.tf index df15e19..fb2d38a 100644 --- a/modules/scenarios/variables.tf +++ b/modules/heritage/variables.tf @@ -1,10 +1,40 @@ - variable "example_env" { description = "Indicate which example environment to use" default = "github" type = string } +# VPC inputs from baseline module +variable "vpc_id" { + description = "ID of the VPC" + type = string +} + +variable "public_subnets" { + description = "IDs of the public subnets" + type = list(string) +} + +variable "private_subnets" { + description = "IDs of the private subnets" + type = list(string) +} + +variable "default_security_group_id" { + description = "ID of the default security group" + type = string +} + +variable "public_route_table_ids" { + description = "IDs of the public route tables" + type = list(string) +} + +variable "ami_id" { + description = "ID of the Amazon Linux 2 AMI" + type = string +} + # Java application memory optimization settings variable "enable_memory_optimization_demo" { description = "Enable the Java application memory optimization in production" @@ -101,3 +131,4 @@ variable "message_size_breach_retention_days" { error_message = "Retention days must be between 1 and 3653 days." } } + diff --git a/variables.tf b/variables.tf index 53b7346..c99bb63 100644 --- a/variables.tf +++ b/variables.tf @@ -1,6 +1,102 @@ - variable "example_env" { description = "Indicate which example environment to use" default = "terraform-example" type = string } + +# Java application memory optimization settings +variable "enable_memory_optimization_demo" { + description = "Enable the Java application memory optimization in production" + type = bool + default = true +} + +variable "memory_optimization_container_memory" { + description = "Memory allocation per ECS container in MB. Optimized based on monitoring data showing 800MB average usage with 950MB peaks." + type = number + default = 2048 + + validation { + condition = var.memory_optimization_container_memory >= 512 && var.memory_optimization_container_memory <= 4096 + error_message = "Container memory must be between 512MB and 4GB." + } +} + +variable "memory_optimization_container_count" { + description = "Number of ECS service instances for load distribution" + type = number + default = 3 + + validation { + condition = var.memory_optimization_container_count >= 1 && var.memory_optimization_container_count <= 50 + error_message = "Container count must be between 1 and 50." + } +} + +variable "days_until_black_friday" { + description = "Business context: Days remaining until Black Friday peak traffic period" + type = number + default = 7 +} + +# Message size limit breach demo settings +variable "enable_message_size_breach_demo" { + description = "Enable the message size limit breach demo scenario" + type = bool + default = true +} + +variable "message_size_breach_max_size" { + description = "Maximum message size for SQS queue in bytes. 25KB (25600) is safe, 100KB (102400) will break Lambda batch processing. Based on AWS Lambda async payload limit of 256KB." + type = number + default = 25600 # 25KB - safe default + + validation { + condition = var.message_size_breach_max_size >= 1024 && var.message_size_breach_max_size <= 1048576 + error_message = "Message size must be between 1KB and 1MB for this demo. Reference: https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html" + } +} + +variable "message_size_breach_batch_size" { + description = "Number of messages to process in each Lambda batch. Combined with max_message_size, this determines total payload size" + type = number + default = 10 + + validation { + condition = var.message_size_breach_batch_size >= 1 && var.message_size_breach_batch_size <= 10 + error_message = "Batch size must be between 1 and 10 messages." + } +} + +variable "message_size_breach_lambda_timeout" { + description = "Lambda function timeout in seconds" + type = number + default = 180 + + validation { + condition = var.message_size_breach_lambda_timeout >= 30 && var.message_size_breach_lambda_timeout <= 900 + error_message = "Lambda timeout must be between 30 and 900 seconds." + } +} + +variable "message_size_breach_lambda_memory" { + description = "Lambda function memory allocation in MB" + type = number + default = 1024 + + validation { + condition = var.message_size_breach_lambda_memory >= 128 && var.message_size_breach_lambda_memory <= 10240 + error_message = "Lambda memory must be between 128 and 10240 MB." + } +} + +variable "message_size_breach_retention_days" { + description = "CloudWatch log retention period in days" + type = number + default = 14 + + validation { + condition = var.message_size_breach_retention_days >= 1 && var.message_size_breach_retention_days <= 3653 + error_message = "Retention days must be between 1 and 3653 days." + } +}