Skip to content

Commit

Permalink
fixed various terraform bugs
Browse files Browse the repository at this point in the history
Signed-off-by: Duncan Ragsdale <[email protected]>
  • Loading branch information
Thistleman committed Nov 3, 2023
1 parent 459e4fe commit 728780a
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 72 deletions.
59 changes: 11 additions & 48 deletions terraform/network/network.tf
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,7 @@ resource "aws_security_group" "load_balancer_security_group" {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [
var.vpc_cidr_block,
"pv-validation-hub.org",
]
cidr_blocks = ["0.0.0.0/0"]
}

egress {
Expand Down Expand Up @@ -116,9 +113,8 @@ resource "aws_security_group" "rds_proxy_security_group" {
security_groups = [
aws_security_group.valhub_api_service_security_group.id,
aws_security_group.rds_security_group.id,
aws_security_group.admin_ec2.id,
aws_security_group.valhub_worker_service_security_group.id,
aws_default_security_group.vpc_security_group.id
aws_security_group.admin_ec2_security_group.id,
aws_security_group.valhub_worker_service_security_group.id
]
}

Expand All @@ -135,7 +131,6 @@ resource "aws_security_group" "rds_proxy_security_group" {
# allows all egress and only ingress from within the vpc

resource "aws_default_security_group" "vpc_security_group" {
name_prefix = "${var.sg_name_prefix}-vpc"
vpc_id = aws_vpc.pv-validation-hub.id

ingress {
Expand All @@ -148,9 +143,8 @@ resource "aws_default_security_group" "vpc_security_group" {
aws_security_group.valhub_api_service_security_group.id,
aws_security_group.rds_security_group.id,
aws_security_group.rds_proxy_security_group.id,
aws_security_group.admin_ec2.id,
aws_security_group.valhub_worker_service_security_group.id,
aws_default_security_group.vpc_security_group.id
aws_security_group.admin_ec2_security_group.id,
aws_security_group.valhub_worker_service_security_group.id
]
}

Expand All @@ -176,42 +170,7 @@ resource "aws_vpc" "pv-validation-hub" {
resource "aws_sqs_queue" "valhub_submission_queue" {
name = "valhub_submission_queue.fifo"
fifo_queue = true

policy = jsonencode({
Version = "2012-10-17"
Id = "example-policy"
Statement = [
{
Sid = "allow-api-service-to-send-messages"
Effect = "Allow"
Principal = "*"
Action = "sqs:SendMessage"
Resource = aws_sqs_queue.example.arn
Condition = {
ArnEquals = {
"aws:SourceArn" = aws_security_group.valhub_api_service_security_group.arn
}
}
},
{
Sid = "allow-worker-service-to-receive-messages"
Effect = "Allow"
Principal = "*"
Action = [
"sqs:ReceiveMessage",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
]
Resource = aws_sqs_queue.example.arn
Condition = {
ArnEquals = {
"aws:SourceArn" = aws_security_group.valhub_worker_service_security_group.arn
}
}
}
]
})
tags = merge(var.project_tags)
}

resource "aws_internet_gateway" "pv-validation-hub_igw" {
Expand Down Expand Up @@ -323,6 +282,10 @@ output "valhub_api_service_security_group_id" {
value = aws_security_group.valhub_api_service_security_group.id
}

output "valhub_worker_service_security_group_id" {
value = aws_security_group.valhub_worker_service_security_group.id
}

output "rds_security_group_id" {
value = aws_security_group.rds_security_group.id
}
Expand All @@ -332,5 +295,5 @@ output "rds_proxy_security_group_id" {
}

output "vpc_security_group_id" {
value = aws_security_group.vpc_security_group.id
value = aws_default_security_group.vpc_security_group.id
}
8 changes: 0 additions & 8 deletions terraform/worker/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -108,19 +108,11 @@ resource "aws_ecs_service" "valhub_worker_service" {
launch_type = "FARGATE"
desired_count = var.worker_service_desired_count

load_balancer {
target_group_arn = aws_lb_target_group.target_group.arn
container_name = aws_ecs_task_definition.pv-validation-hub-worker-task.family
container_port = 80
}

network_configuration {
subnets = var.subnet_ids
assign_public_ip = true
security_groups = [ var.valhub_worker_service_security_group_id ]
}
# Add health check grace period (in seconds)
health_check_grace_period_seconds = 120 # Adjust this value as needed

tags = merge(var.project_tags)
}
2 changes: 1 addition & 1 deletion terraform/worker/terragrunt.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ dependency "api" {
inputs = {
vpc_id = dependency.network.outputs.vpc_id
subnet_ids = slice(dependency.network.outputs.subnet_ids, 0, 2)
valhub_api_service_security_group_id = dependency.network.outputs.valhub_worker_service_security_group_id
valhub_worker_service_security_group_id = dependency.network.outputs.valhub_worker_service_security_group_id
}

terraform {
Expand Down
15 changes: 0 additions & 15 deletions terraform/worker/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -51,16 +51,6 @@ variable "worker_task_definition_memory" {
type = number
}

variable "worker_alb_name" {
description = "The name of the Application Load Balancer"
type = string
}

variable "worker_lb_target_group_name" {
description = "The name of the load balancer target group"
type = string
}

variable "valhub_certificate_arn" {
description = "The name of the load balancer target group"
type = string
Expand Down Expand Up @@ -91,11 +81,6 @@ variable "subnet_ids" {
type = list(string)
}

variable "load_balancer_security_group_id" {
description = "The security group ID for the load balancer"
type = string
}

variable "vpc_id" {
description = "The VPC ID"
type = string
Expand Down

0 comments on commit 728780a

Please sign in to comment.