From 728780a5833c9a2d0ed0e949f8db10e939ae3202 Mon Sep 17 00:00:00 2001 From: Duncan Ragsdale <88173870+Thistleman@users.noreply.github.com> Date: Thu, 2 Nov 2023 23:34:45 -0700 Subject: [PATCH] fixed various terraform bugs Signed-off-by: Duncan Ragsdale <88173870+Thistleman@users.noreply.github.com> --- terraform/network/network.tf | 59 ++++++--------------------------- terraform/worker/main.tf | 8 ----- terraform/worker/terragrunt.hcl | 2 +- terraform/worker/variables.tf | 15 --------- 4 files changed, 12 insertions(+), 72 deletions(-) diff --git a/terraform/network/network.tf b/terraform/network/network.tf index 26f9e527..c4f880de 100644 --- a/terraform/network/network.tf +++ b/terraform/network/network.tf @@ -13,10 +13,7 @@ resource "aws_security_group" "load_balancer_security_group" { from_port = 80 to_port = 80 protocol = "tcp" - cidr_blocks = [ - var.vpc_cidr_block, - "pv-validation-hub.org", - ] + cidr_blocks = ["0.0.0.0/0"] } egress { @@ -116,9 +113,8 @@ resource "aws_security_group" "rds_proxy_security_group" { security_groups = [ aws_security_group.valhub_api_service_security_group.id, aws_security_group.rds_security_group.id, - aws_security_group.admin_ec2.id, - aws_security_group.valhub_worker_service_security_group.id, - aws_default_security_group.vpc_security_group.id + aws_security_group.admin_ec2_security_group.id, + aws_security_group.valhub_worker_service_security_group.id ] } @@ -135,7 +131,6 @@ resource "aws_security_group" "rds_proxy_security_group" { # allows all egress and only ingress from within the vpc resource "aws_default_security_group" "vpc_security_group" { - name_prefix = "${var.sg_name_prefix}-vpc" vpc_id = aws_vpc.pv-validation-hub.id ingress { @@ -148,9 +143,8 @@ resource "aws_default_security_group" "vpc_security_group" { aws_security_group.valhub_api_service_security_group.id, aws_security_group.rds_security_group.id, aws_security_group.rds_proxy_security_group.id, - aws_security_group.admin_ec2.id, - aws_security_group.valhub_worker_service_security_group.id, - aws_default_security_group.vpc_security_group.id + aws_security_group.admin_ec2_security_group.id, + aws_security_group.valhub_worker_service_security_group.id ] } @@ -176,42 +170,7 @@ resource "aws_vpc" "pv-validation-hub" { resource "aws_sqs_queue" "valhub_submission_queue" { name = "valhub_submission_queue.fifo" fifo_queue = true - - policy = jsonencode({ - Version = "2012-10-17" - Id = "example-policy" - Statement = [ - { - Sid = "allow-api-service-to-send-messages" - Effect = "Allow" - Principal = "*" - Action = "sqs:SendMessage" - Resource = aws_sqs_queue.example.arn - Condition = { - ArnEquals = { - "aws:SourceArn" = aws_security_group.valhub_api_service_security_group.arn - } - } - }, - { - Sid = "allow-worker-service-to-receive-messages" - Effect = "Allow" - Principal = "*" - Action = [ - "sqs:ReceiveMessage", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ] - Resource = aws_sqs_queue.example.arn - Condition = { - ArnEquals = { - "aws:SourceArn" = aws_security_group.valhub_worker_service_security_group.arn - } - } - } - ] - }) + tags = merge(var.project_tags) } resource "aws_internet_gateway" "pv-validation-hub_igw" { @@ -323,6 +282,10 @@ output "valhub_api_service_security_group_id" { value = aws_security_group.valhub_api_service_security_group.id } +output "valhub_worker_service_security_group_id" { + value = aws_security_group.valhub_worker_service_security_group.id +} + output "rds_security_group_id" { value = aws_security_group.rds_security_group.id } @@ -332,5 +295,5 @@ output "rds_proxy_security_group_id" { } output "vpc_security_group_id" { - value = aws_security_group.vpc_security_group.id + value = aws_default_security_group.vpc_security_group.id } diff --git a/terraform/worker/main.tf b/terraform/worker/main.tf index 3b8b9e91..27777afb 100644 --- a/terraform/worker/main.tf +++ b/terraform/worker/main.tf @@ -108,19 +108,11 @@ resource "aws_ecs_service" "valhub_worker_service" { launch_type = "FARGATE" desired_count = var.worker_service_desired_count - load_balancer { - target_group_arn = aws_lb_target_group.target_group.arn - container_name = aws_ecs_task_definition.pv-validation-hub-worker-task.family - container_port = 80 - } - network_configuration { subnets = var.subnet_ids assign_public_ip = true security_groups = [ var.valhub_worker_service_security_group_id ] } - # Add health check grace period (in seconds) - health_check_grace_period_seconds = 120 # Adjust this value as needed tags = merge(var.project_tags) } diff --git a/terraform/worker/terragrunt.hcl b/terraform/worker/terragrunt.hcl index 05340866..579ef7bd 100644 --- a/terraform/worker/terragrunt.hcl +++ b/terraform/worker/terragrunt.hcl @@ -15,7 +15,7 @@ dependency "api" { inputs = { vpc_id = dependency.network.outputs.vpc_id subnet_ids = slice(dependency.network.outputs.subnet_ids, 0, 2) - valhub_api_service_security_group_id = dependency.network.outputs.valhub_worker_service_security_group_id + valhub_worker_service_security_group_id = dependency.network.outputs.valhub_worker_service_security_group_id } terraform { diff --git a/terraform/worker/variables.tf b/terraform/worker/variables.tf index b3592aec..b67e7842 100644 --- a/terraform/worker/variables.tf +++ b/terraform/worker/variables.tf @@ -51,16 +51,6 @@ variable "worker_task_definition_memory" { type = number } -variable "worker_alb_name" { - description = "The name of the Application Load Balancer" - type = string -} - -variable "worker_lb_target_group_name" { - description = "The name of the load balancer target group" - type = string -} - variable "valhub_certificate_arn" { description = "The name of the load balancer target group" type = string @@ -91,11 +81,6 @@ variable "subnet_ids" { type = list(string) } -variable "load_balancer_security_group_id" { - description = "The security group ID for the load balancer" - type = string -} - variable "vpc_id" { description = "The VPC ID" type = string