diff --git a/infra/internal/prod/.terraform.lock.hcl b/infra/internal/prod/.terraform.lock.hcl new file mode 100644 index 00000000..afce80b2 --- /dev/null +++ b/infra/internal/prod/.terraform.lock.hcl @@ -0,0 +1,22 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.37.0" + constraints = "4.37.0" + hashes = [ + "h1:fLTymOb7xIdMkjQU1VDzPA5s+d2vNLZ2shpcFPF7KaY=", + "zh:12c2eb60cb1eb0a41d1afbca6fc6f0eed6ca31a12c51858f951a9e71651afbe0", + "zh:1e17482217c39a12e930e71fd2c9af8af577bec6736b184674476ebcaad28477", + "zh:1e8163c3d871bbd54c189bf2fe5e60e556d67fa399e4c88c8e6ee0834525dc33", + "zh:399c41a3e096fd75d487b98b1791f7cea5bd38567ac4e621c930cb67ec45977c", + "zh:40d4329eef2cc130e4cbed7a6345cb053dd258bf6f5f8eb0f8ce777ae42d5a01", + "zh:625db5fa75638d543b418be7d8046c4b76dc753d9d2184daa0faaaaebc02d207", + "zh:7785c8259f12b45d19fa5abdac6268f3b749fe5a35c8be762c27b7a634a4952b", + "zh:8a7611f33cc6422799c217ec2eeb79c779035ef05331d12505a6002bc48582f0", + "zh:9188178235a73c829872d2e82d88ac6d334d8bb01433e9be31615f1c1633e921", + "zh:994895b57bf225232a5fa7422e6ab87d8163a2f0605f54ff6a18cdd71f0aeadf", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:b57de6903ef30c9f22d38d595d64b4f92a89ea717b65782e1f44f57020ce8b1f", + ] +} diff --git a/infra/internal/prod/alb.tf b/infra/internal/prod/alb.tf index 4046fb7a..453d72d2 100644 --- a/infra/internal/prod/alb.tf +++ b/infra/internal/prod/alb.tf @@ -1,10 +1,10 @@ module "alb_acm" { source = "../../acm" - domain_name = "admin.${local.root_domain}" + domain_name = local.root_domain aws_region = "us-west-2" zone_id = data.aws_route53_zone.root.zone_id tags = { - Name = "admin-${local.root_domain}-alb" + Name = "${local.root_domain}-alb" } } @@ -13,7 +13,7 @@ resource "aws_alb" "alb" { internal = true drop_invalid_header_fields = true security_groups = [aws_security_group.ecs_alb_https_sg.id] - subnets = data.terraform_remote_state.vpc.outputs.public_subnets + subnets = data.terraform_remote_state.vpc.outputs.private_subnets tags = { Name = "${local.service_name}-alb" @@ -77,7 +77,7 @@ resource "aws_alb_listener_rule" "ecs_alb_listener_rule" { condition { host_header { - values = ["admin.${local.root_domain}"] + values = [local.root_domain] } } } diff --git a/infra/internal/prod/domain.tf b/infra/internal/prod/domain.tf index 1698c6c2..37d82807 100644 --- a/infra/internal/prod/domain.tf +++ b/infra/internal/prod/domain.tf @@ -3,7 +3,7 @@ data "aws_route53_zone" "root" { } resource "aws_route53_record" "domain" { - name = "admin.${local.root_domain}" + name = local.root_domain type = "A" zone_id = data.aws_route53_zone.root.zone_id alias { diff --git a/infra/internal/prod/ecs.tf b/infra/internal/prod/ecs.tf index 8c71ef2a..14c72c32 100644 --- a/infra/internal/prod/ecs.tf +++ b/infra/internal/prod/ecs.tf @@ -15,7 +15,7 @@ resource "aws_ecs_task_definition" "task_definition" { resource "aws_ecr_repository" "repo" { name = local.service_name - image_tag_mutability = "MUTABLE" + image_tag_mutability = "IMMUTABLE" image_scanning_configuration { scan_on_push = true diff --git a/infra/internal/prod/security_group.tf b/infra/internal/prod/security_group.tf index 2c294c1a..e95534e0 100644 --- a/infra/internal/prod/security_group.tf +++ b/infra/internal/prod/security_group.tf @@ -56,7 +56,7 @@ resource "aws_security_group" "ecs_task_sg" { # Give access to DB through Security group rule data "aws_security_group" "rds" { - name = "${local.env}-string-write-master-client-rds" + name = "pg-cluster-20221103192516479600000004" vpc_id = data.terraform_remote_state.vpc.outputs.id } @@ -81,4 +81,4 @@ resource "aws_security_group_rule" "redis_to_ecs" { to_port = local.redis_port source_security_group_id = aws_security_group.ecs_task_sg.id security_group_id = data.aws_security_group.redis.id -} \ No newline at end of file +} diff --git a/infra/internal/prod/ssm.tf b/infra/internal/prod/ssm.tf index e9e226bd..218b2c98 100644 --- a/infra/internal/prod/ssm.tf +++ b/infra/internal/prod/ssm.tf @@ -3,19 +3,19 @@ data "aws_ssm_parameter" "datadog" { } data "aws_ssm_parameter" "db_password" { - name = "string-rds-pg-db-password" + name = "string-pg-db-password" } data "aws_ssm_parameter" "db_username" { - name = "string-rds-pg-db-username" + name = "string-pg-db-username" } data "aws_ssm_parameter" "db_name" { - name = "string-rds-pg-db-name" + name = "string-pg-db-name" } data "aws_ssm_parameter" "db_host" { - name = "${local.env}-string-write-db-host-url" + name = "pg-cluster-write-host-url" } data "aws_ssm_parameter" "redis_auth_token" { @@ -23,7 +23,7 @@ data "aws_ssm_parameter" "redis_auth_token" { } data "aws_ssm_parameter" "redis_host_url" { - name = "redis-host-url" + name = "redis-host-url" } data "aws_kms_key" "kms_key" { diff --git a/infra/internal/prod/variables.tf b/infra/internal/prod/variables.tf index 90ecae90..327ea22b 100644 --- a/infra/internal/prod/variables.tf +++ b/infra/internal/prod/variables.tf @@ -1,8 +1,8 @@ locals { cluster_name = "admin" - env = "dev" + env = "prod" service_name = "admin" - root_domain = "string-api.xyz" + root_domain = "admin.string-api.xyz" container_port = "3000" origin_id = "admin-api" desired_task_count = "1" @@ -15,7 +15,7 @@ locals { variable "versioning" { type = string - default = "latest" + default = "v1.0.0.0" } locals { @@ -49,11 +49,11 @@ locals { valueFrom = data.aws_ssm_parameter.db_name.arn }, { - name = "REDIS_HOST", + name = "REDIS_HOST", valuefrom = data.aws_ssm_parameter.redis_host_url.arn }, { - name = "REDIS_PASSWORD", + name = "REDIS_PASSWORD", valuefrom = data.aws_ssm_parameter.redis_auth_token.arn } ] @@ -66,7 +66,7 @@ locals { name = "REDIS_PORT" value = local.redis_port }, - { + { name = "DB_PORT", value = local.db_port },