Merge pull request #473 from wri/shared-dev-lb

have dev branches share load balancer and api gateway stage
wri · Apr 24, 2024 · 945d157 · 945d157
2 parents 9e70a54 + 4bac228
commit 945d157
Show file tree

Hide file tree

Showing 11 changed files with 316 additions and 135 deletions.
diff --git a/.gitignore b/.gitignore
@@ -21,7 +21,14 @@ tests/cobertura.xml
 tests_v2/cobertura.xml
 
 # Terraform stuff
-terraform/*
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# .tfplan files
+*.tfplan
 
 # Virtual Environments
 .venv*
diff --git a/terraform/cloudfront.tf b/terraform/cloudfront.tf
@@ -1,17 +1,18 @@
 resource "aws_cloudfront_distribution" "data_api" {
-  enabled             = true
-  is_ipv6_enabled     = true
-  price_class         = "PriceClass_All"
-  aliases             = var.environment == "dev" ? null : [replace(var.service_url, "https://", "")]
+  count           = var.create_cloudfront_distribution == true ? 1 : 0
+  enabled         = true
+  is_ipv6_enabled = true
+  price_class     = "PriceClass_All"
+  aliases         = var.environment == "dev" ? null : [replace(var.service_url, "https://", "")]
 
- origin {
-    domain_name = module.fargate_autoscaling.lb_dns_name
+  origin {
+    domain_name = local.lb_dns_name
     custom_origin_config {
-      http_port = 80
-      https_port = 443
+      http_port                = 80
+      https_port               = 443
       origin_keepalive_timeout = 5
-      origin_protocol_policy = "http-only"
-      origin_read_timeout = 30
+      origin_protocol_policy   = "http-only"
+      origin_read_timeout      = 30
       origin_ssl_protocols = [
         "TLSv1",
         "TLSv1.1",
@@ -22,83 +23,83 @@ resource "aws_cloudfront_distribution" "data_api" {
   }
 
   ordered_cache_behavior {
-    path_pattern = "/"
-    target_origin_id       = "load_balancer"
-    default_ttl            = 0
-    min_ttl                = 0
-    max_ttl                = 31536000 # 1y
-
-    allowed_methods = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
-    cached_methods  = ["GET", "HEAD"]
+    path_pattern     = "/"
+    target_origin_id = "load_balancer"
+    default_ttl      = 0
+    min_ttl          = 0
+    max_ttl          = 31536000 # 1y
+
+    allowed_methods        = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
+    cached_methods         = ["GET", "HEAD"]
     viewer_protocol_policy = "redirect-to-https"
 
     forwarded_values {
-      headers                 = ["Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method", "x-api-key", "Referer", "Authorization"]
-      query_string            = true
+      headers      = ["Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method", "x-api-key", "Referer", "Authorization"]
+      query_string = true
 
       cookies {
-        forward = "none"
+        forward           = "none"
         whitelisted_names = []
       }
     }
   }
 
   ordered_cache_behavior {
-    path_pattern = "/openapi.json"
-    target_origin_id       = "load_balancer"
-    default_ttl            = 0
-    min_ttl                = 0
-    max_ttl                = 31536000 # 1y
-
-    allowed_methods = ["GET", "HEAD", "OPTIONS"]
-    cached_methods  = ["GET", "HEAD"]
+    path_pattern     = "/openapi.json"
+    target_origin_id = "load_balancer"
+    default_ttl      = 0
+    min_ttl          = 0
+    max_ttl          = 31536000 # 1y
+
+    allowed_methods        = ["GET", "HEAD", "OPTIONS"]
+    cached_methods         = ["GET", "HEAD"]
     viewer_protocol_policy = "redirect-to-https"
 
     forwarded_values {
-      headers                 = ["Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method", "x-api-key", "Referer", "Authorization"]
-      query_string            = true
+      headers      = ["Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method", "x-api-key", "Referer", "Authorization"]
+      query_string = true
 
       cookies {
-        forward = "none"
+        forward           = "none"
         whitelisted_names = []
       }
     }
   }
 
   origin {
-    domain_name = trimsuffix(trimprefix(aws_api_gateway_stage.api_gw_stage.invoke_url, "https://"), "/${local.api_gw_stage_name}")
+    domain_name = trimsuffix(trimprefix(var.api_gateway_url == "" ? module.api_gateway[0].invoke_url : var.api_gateway_url, "https://"), "/${var.api_gateway_stage_name}")
     custom_origin_config {
-      http_port = 80
-      https_port = 443
+      http_port                = 80
+      https_port               = 443
       origin_keepalive_timeout = 5
-      origin_protocol_policy = "https-only"
-      origin_read_timeout = 30
+      origin_protocol_policy   = "https-only"
+      origin_read_timeout      = 30
       origin_ssl_protocols = [
         "TLSv1",
         "TLSv1.1",
         "TLSv1.2",
       ]
     }
-    origin_id = "api_gateway"
-    origin_path = "/${local.api_gw_stage_name}"
+    origin_id   = "api_gateway"
+    origin_path = "/${var.api_gateway_stage_name}"
   }
 
   default_cache_behavior {
-    target_origin_id       = "api_gateway"
-    default_ttl            = 0
-    min_ttl                = 0
-    max_ttl                = 31536000 # 1y
+    target_origin_id = "api_gateway"
+    default_ttl      = 0
+    min_ttl          = 0
+    max_ttl          = 31536000 # 1y
 
-    allowed_methods = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
-    cached_methods  = ["GET", "HEAD"]
+    allowed_methods        = ["GET", "HEAD", "OPTIONS", "PUT", "POST", "PATCH", "DELETE"]
+    cached_methods         = ["GET", "HEAD"]
     viewer_protocol_policy = "redirect-to-https"
 
     forwarded_values {
-      headers                 = ["Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method", "x-api-key", "Referer", "Authorization"]
-      query_string            = true
+      headers      = ["Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method", "x-api-key", "Referer", "Authorization"]
+      query_string = true
 
       cookies {
-        forward = "none"
+        forward           = "none"
         whitelisted_names = []
       }
     }

diff --git a/terraform/data.tf b/terraform/data.tf
@@ -74,10 +74,10 @@ data "template_file" "container_definition" {
     api_token_secret_arn        = data.terraform_remote_state.core.outputs.secrets_read-gfw-api-token_arn
     aws_gcs_key_secret_arn      = data.terraform_remote_state.core.outputs.secrets_read-gfw-gee-export_arn
 
-    api_gateway_id                  = aws_api_gateway_rest_api.api_gw_api.id
-    api_gateway_internal_usage_plan = aws_api_gateway_usage_plan.internal.id
-    api_gateway_external_usage_plan = aws_api_gateway_usage_plan.external.id
-    api_gateway_stage_name          = aws_api_gateway_stage.api_gw_stage.stage_name
+    api_gateway_id                  = var.api_gateway_id == "" ? module.api_gateway[0].api_gateway_id : var.api_gateway_id
+    api_gateway_external_usage_plan = var.api_gw_external_up_id == "" ? module.api_gateway[0].external_usage_plan_id : var.api_gw_external_up_id
+    api_gateway_internal_usage_plan = var.api_gw_internal_up_id == "" ? module.api_gateway[0].internal_usage_plan_id : var.api_gw_internal_up_id
+    api_gateway_stage_name          = var.api_gateway_stage_name
     internal_domains                = var.internal_domains
 
     # TODO move to core-infrastructure when operational
@@ -170,3 +170,8 @@ data "aws_iam_policy_document" "read_new_relic_lic" {
     effect    = "Allow"
   }
 }
+
+data "external" "generate_port" {
+  count   = var.environment == "dev" ? 1 : 0
+  program = ["python3", "${path.module}/generate_port.py", local.name_suffix, "30000", "31000"]
+}
diff --git a/terraform/generate_port.py b/terraform/generate_port.py
@@ -0,0 +1,18 @@
+import sys
+import random
+import json
+
+
+try:
+    input_string = sys.argv[1]
+    min_port = int(sys.argv[2])
+    max_port = int(sys.argv[3])
+
+    random.seed(input_string)
+    port = random.randint(min_port, max_port)
+
+    output = {"port": str(port)}
+    print(json.dumps(output))
+except Exception as e:
+    print(f"Error: {str(e)}", file=sys.stderr)
+    sys.exit(1)
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -27,7 +27,7 @@ locals {
   aurora_max_vcpus      = local.aurora_instance_class == "db.t3.medium" ? 2 : local.aurora_instance_class == "db.r6g.large" ? 2 : local.aurora_instance_class == "db.r6g.xlarge" ? 4 : local.aurora_instance_class == "db.r6g.2xlarge" ? 8 : local.aurora_instance_class == "db.r6g.4xlarge" ? 16 : local.aurora_instance_class == "db.r6g.8xlarge" ? 32 : local.aurora_instance_class == "db.r6g.16xlarge" ? 64 : local.aurora_instance_class == "db.r5.large" ? 2 : local.aurora_instance_class == "db.r5.xlarge" ? 4 : local.aurora_instance_class == "db.r5.2xlarge" ? 8 : local.aurora_instance_class == "db.r5.4xlarge" ? 16 : local.aurora_instance_class == "db.r5.8xlarge" ? 32 : local.aurora_instance_class == "db.r5.12xlarge" ? 48 : local.aurora_instance_class == "db.r5.16xlarge" ? 64 : local.aurora_instance_class == "db.r5.24xlarge" ? 96 : ""
   service_url           = var.environment == "dev" ? "http://${module.fargate_autoscaling.lb_dns_name}" : var.service_url
   container_tag         = substr(var.git_sha, 0, 7)
-  api_gw_stage_name     = substr("deploy${replace(local.name_suffix, "-", "_")}", 0, 64)
+  lb_dns_name           = coalesce(module.fargate_autoscaling.lb_dns_name, var.lb_dns_name)
 }
 
 # Docker image for FastAPI app
@@ -76,22 +76,25 @@ module "batch_tile_cache_image" {
 
 
 module "fargate_autoscaling" {
-  source                    = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/fargate_autoscaling?ref=v0.4.2.3"
-  project                   = local.project
-  name_suffix               = local.name_suffix
-  tags                      = local.fargate_tags
-  vpc_id                    = data.terraform_remote_state.core.outputs.vpc_id
-  private_subnet_ids        = data.terraform_remote_state.core.outputs.private_subnet_ids
-  public_subnet_ids         = data.terraform_remote_state.core.outputs.public_subnet_ids
-  container_name            = var.container_name
-  container_port            = var.container_port
-  desired_count             = var.desired_count
-  fargate_cpu               = var.fargate_cpu
-  fargate_memory            = var.fargate_memory
-  auto_scaling_cooldown     = var.auto_scaling_cooldown
-  auto_scaling_max_capacity = var.auto_scaling_max_capacity
-  auto_scaling_max_cpu_util = var.auto_scaling_max_cpu_util
-  auto_scaling_min_capacity = var.auto_scaling_min_capacity
+  source                       = "git::https://github.com/wri/gfw-terraform-modules.git//terraform/modules/fargate_autoscaling?ref=v0.4.2.5"
+  project                      = local.project
+  name_suffix                  = local.name_suffix
+  tags                         = local.fargate_tags
+  vpc_id                       = data.terraform_remote_state.core.outputs.vpc_id
+  private_subnet_ids           = data.terraform_remote_state.core.outputs.private_subnet_ids
+  public_subnet_ids            = data.terraform_remote_state.core.outputs.public_subnet_ids
+  container_name               = var.container_name
+  container_port               = var.container_port
+  desired_count                = var.desired_count
+  fargate_cpu                  = var.fargate_cpu
+  fargate_memory               = var.fargate_memory
+  load_balancer_arn            = var.load_balancer_arn
+  load_balancer_security_group = var.load_balancer_security_group
+  listener_port                = var.environment == "dev" ? data.external.generate_port[0].result.port : var.listener_port
+  auto_scaling_cooldown        = var.auto_scaling_cooldown
+  auto_scaling_max_capacity    = var.auto_scaling_max_capacity
+  auto_scaling_max_cpu_util    = var.auto_scaling_max_cpu_util
+  auto_scaling_min_capacity    = var.auto_scaling_min_capacity
   //  acm_certificate_arn       = var.environment == "dev" ? null : data.terraform_remote_state.core.outputs.acm_certificate
   security_group_ids = [data.terraform_remote_state.core.outputs.postgresql_security_group_id]
   task_role_policies = [
@@ -204,3 +207,13 @@ module "batch_job_queues" {
   aurora_max_vcpus = local.aurora_max_vcpus
   gcs_secret       = data.terraform_remote_state.core.outputs.secrets_read-gfw-gee-export_arn
 }
+
+module "api_gateway" {
+  count                   = var.api_gateway_id == "" ? 1 : 0
+  source                  = "./modules/api_gateway/gateway"
+  lb_dns_name             = local.lb_dns_name
+  api_gateway_role_policy = data.template_file.api_gateway_role_policy.rendered
+  lambda_role_policy      = data.template_file.lambda_role_policy.rendered
+  cloudwatch_policy       = data.local_file.cloudwatch_log_policy.content
+  lambda_invoke_policy    = data.local_file.iam_lambda_invoke.content
+}