Refactor initial infra code to support DEV instance resources

.github/workflows/aws-template-terraform.yml

@@ -61,6 +61,7 @@ jobs:
       TF_VAR_app_name: ${{ vars.APP_NAME }}
       TF_VAR_environment: ${{ vars.ENVIRONMENT_NAME }}
       TF_VAR_kms_key_name: ${{ vars.KMS_KEY_NAME }}
+      TF_VAR_vpc_id: ${{ vars.VPC_ID }}
     needs: [check_changes]
     steps:
       - name: Checkout repository

.github/workflows/deploy-infra-dev.yml

@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
 
 jobs:
-  infrastructure_deploy_snd:
+  infrastructure_deploy_dev:
     uses: ./.github/workflows/aws-template-terraform.yml
     with:
       CONTEXT_FOLDER: ./infrastructure/cloud/environments/dev

infrastructure/cloud/environments/dev/backend.tfvars

@@ -1,4 +1,4 @@
-bucket         = "terraform-remote-state-dev"
-dynamodb_table = "terraform-remote-state-lock"
+bucket         = "terraform-remote-state-b5e4f5-dev"
+dynamodb_table = "terraform-remote-state-lock-b5e4f5"
 key            = "terraform.tfstate"
 region         = "ca-central-1"

infrastructure/cloud/environments/dev/dev.tfvars

@@ -1,2 +1,5 @@
 region              = "ca-central-1"
-test_s3_bucket_name = "test-s3-bucket"
+test_s3_bucket_name = "jasper-test-s3-bucket-dev"
+web_subnet_names    = ["Web_Dev_aza_net", "Web_Dev_azb_net"]
+# api_subnet_names    = ["App_Dev_aza_net", "App_Dev_azb_net"]
+# db_subnet_names     = ["Data_Dev_aza_net", "Data_Dev_azb_net"]

infrastructure/cloud/environments/dev/variables.tf

@@ -22,3 +22,23 @@ variable "environment" {
   description = "The AWS environment to deploy to"
   type        = string
 }
+
+variable "vpc_id" {
+  description = "The provisioned VPC ID"
+  type        = string
+}
+
+variable "web_subnet_names" {
+  description = "List of Subnets for Web"
+  type        = list(string)
+}
+
+# variable "api_subnet_names" {
+#   description = "List of Subnets for API"
+#   type        = list(string)
+# }
+
+# variable "db_subnet_names" {
+#   description = "List of Subnets for Database"
+#   type        = list(string)
+# }

infrastructure/cloud/environments/dev/webapp.tf

@@ -15,23 +15,28 @@ module "storage" {
 }
 
 module "networking" {
-  source      = "../../modules/networking"
-  environment = var.environment
-  app_name    = var.app_name
-  region      = var.region
-  subnet_ids  = module.networking.subnet_ids
+  source           = "../../modules/networking"
+  environment      = var.environment
+  app_name         = var.app_name
+  region           = var.region
+  vpc_id           = var.vpc_id
+  web_subnet_names = var.web_subnet_names
+  # api_subnet_names = var.api_subnet_names
+  # db_subnet_names  = var.db_subnet_names
 }
 
 module "container" {
-  source                 = "../../modules/container"
-  environment            = var.environment
-  app_name               = var.app_name
-  region                 = var.region
-  ecs_execution_role_arn = module.security.ecs_execution_role_arn
-  subnet_ids             = module.networking.subnet_ids
-  sg_id                  = module.networking.sg_id
-  lb_tg_arn              = module.networking.lb_tg_arn
-  ecs_web_log_group_name = module.monitoring.ecs_web_log_group_name
+  source                    = "../../modules/container"
+  environment               = var.environment
+  app_name                  = var.app_name
+  region                    = var.region
+  ecs_execution_role_arn    = module.security.ecs_execution_role_arn
+  subnet_ids                = module.networking.web_subnets_ids
+  sg_id                     = module.networking.ecs_sg_id
+  lb_tg_arn                 = module.networking.lb_tg_arn
+  ecs_web_td_log_group_name = module.monitoring.ecs_web_td_log_group_name
+  depends_on                = [module.monitoring]
+
 }
 
 module "monitoring" {

infrastructure/cloud/environments/sandbox/sandbox.tfvars

@@ -1,2 +1,2 @@
 region              = "ca-central-1"
-test_s3_bucket_name = "test-s3-bucket"
+test_s3_bucket_name = "jasper-test-s3-bucket-snd"

infrastructure/cloud/environments/sandbox/webapp.tf

@@ -19,7 +19,6 @@ module "networking" {
   environment = var.environment
   app_name    = var.app_name
   region      = var.region
-  subnet_ids  = module.networking.subnet_ids
 }
 
 module "container" {
@@ -28,7 +27,7 @@ module "container" {
   app_name               = var.app_name
   region                 = var.region
   ecs_execution_role_arn = module.security.ecs_execution_role_arn
-  subnet_ids             = module.networking.subnet_ids
+  subnet_ids             = [module.networking.private_subnets_web[0], module.networking.private_subnets_web[1]]
   sg_id                  = module.networking.sg_id
   lb_tg_arn              = module.networking.lb_tg_arn
   ecs_web_log_group_name = module.monitoring.ecs_web_log_group_name

infrastructure/cloud/modules/container/ecs.tf

@@ -24,13 +24,13 @@ resource "aws_ecs_task_definition" "ecs_web_task_definition" {
         {
           containerPort = 8080
         }
-      ],
+      ]
       logConfiguration = {
-        logDriver = "awslogs",
+        logDriver = "awslogs"
         options = {
-          awslogs-group         = var.ecs_web_log_group_name,
-          awslogs-region        = var.region,
-          awslogs-stream-prefix = "ecs"
+          "awslogs-group"         = var.ecs_web_td_log_group_name
+          "awslogs-region"        = var.region
+          "awslogs-stream-prefix" = "ecs"
         }
       }
     }

infrastructure/cloud/modules/container/variables.tf

@@ -19,7 +19,7 @@ variable "ecs_execution_role_arn" {
 }
 
 variable "subnet_ids" {
-  description = "Public Subnet IDs"
+  description = "Subnet IDs in which ECS will deploy the tasks"
   type        = list(string)
 }
 
@@ -33,7 +33,7 @@ variable "lb_tg_arn" {
   type        = string
 }
 
-variable "ecs_web_log_group_name" {
-  description = "ECS Web Log Group Name in CloudWatch"
+variable "ecs_web_td_log_group_name" {
+  description = "ECS Web Task Definition Log Group Name in CloudWatch"
   type        = string
 }

infrastructure/cloud/modules/monitoring/logs.tf

@@ -1,4 +1,4 @@
-resource "aws_cloudwatch_log_group" "ecs_web_log_group" {
-  name              = "${var.app_name}-ecs-web-log-group-${var.environment}"
-  retention_in_days = 30
+resource "aws_cloudwatch_log_group" "ecs_web_td_log_group" {
+  name              = "${var.app_name}-ecs-web-td-log-group-${var.environment}"
+  retention_in_days = 90
 }

infrastructure/cloud/modules/monitoring/outputs.tf

@@ -1,3 +1,3 @@
-output "ecs_web_log_group_name" {
-  value = aws_cloudwatch_log_group.ecs_web_log_group.name
+output "ecs_web_td_log_group_name" {
+  value = aws_cloudwatch_log_group.ecs_web_td_log_group.name
 }

infrastructure/cloud/modules/networking/alb.tf

@@ -0,0 +1,48 @@
+resource "aws_lb" "lb" {
+  name               = "${var.app_name}-lb-${var.environment}"
+  subnets            = local.web_subnets
+  security_groups    = [aws_security_group.sg.id]
+  internal           = true
+  load_balancer_type = "application"
+  enable_http2       = true
+
+  tags = {
+    Name = "${var.app_name}-lb-${var.environment}"
+  }
+}
+
+resource "aws_lb_target_group" "lb_target_group" {
+  name                 = "${var.app_name}-lb-tg-${var.environment}"
+  port                 = 8080
+  protocol             = "HTTP"
+  vpc_id               = data.aws_vpc.vpc.id
+  target_type          = "ip"
+  deregistration_delay = 5
+
+  health_check {
+    enabled             = true
+    interval            = 15
+    path                = "/"
+    port                = 8080
+    protocol            = "HTTP"
+    timeout             = 10
+    healthy_threshold   = 2
+    unhealthy_threshold = 3
+    matcher             = "200"
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_lb_listener" "lb_listener" {
+  load_balancer_arn = aws_lb.lb.arn
+  port              = 80
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.lb_target_group.arn
+  }
+}

infrastructure/cloud/modules/networking/outputs.tf

@@ -6,6 +6,10 @@ output "lb_tg_arn" {
   value = aws_lb_target_group.lb_target_group.arn
 }
 
-output "subnet_ids" {
-  value = data.aws_subnets.default_public.ids
+output "ecs_sg_id" {
+  value = aws_security_group.ecs_sg.id
+}
+
+output "web_subnets_ids" {
+  value = local.web_subnets
 }

infrastructure/cloud/modules/networking/securitygroup.tf

@@ -1,7 +1,7 @@
-# Load Balancer Security Group
+# Load Balancer Security Group	
 resource "aws_security_group" "sg" {
   name   = "${var.app_name}-lb-sg-${var.environment}"
-  vpc_id = data.aws_vpc.default.id
+  vpc_id = data.aws_vpc.vpc.id
 
   ingress {
     from_port   = 80
@@ -23,25 +23,30 @@ resource "aws_security_group" "sg" {
     protocol    = "-1"
     cidr_blocks = ["0.0.0.0/0"]
   }
+
+  tags = {
+    Name = "${var.app_name}_sg_${var.environment}"
+  }
 }
 
 
-# # ECS Security Group
-# resource "aws_security_group" "ecs_sg" {
-#   name   = "${var.app_name}-ecs-sg-${var.environment}"
-#   vpc_id = aws_vpc.vpc.id
-
-#   ingress {
-#     from_port       = 80
-#     to_port         = 80
-#     protocol        = "tcp"
-#     security_groups = [aws_security_group.sg.id]
-#   }
-
-#   egress {
-#     from_port   = 0
-#     to_port     = 0
-#     protocol    = "-1"
-#     cidr_blocks = ["0.0.0.0/0"]
-#   }
-# }
+# ECS Security Group	
+resource "aws_security_group" "ecs_sg" {
+  name   = "${var.app_name}-ecs-sg-${var.environment}"
+  vpc_id = data.aws_vpc.vpc.id
+
+  ingress {
+    from_port       = 8080
+    to_port         = 8080
+    protocol        = "tcp"
+    cidr_blocks     = null
+    security_groups = [aws_security_group.sg.id]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}

infrastructure/cloud/modules/networking/variables.tf

@@ -13,8 +13,22 @@ variable "region" {
   type        = string
 }
 
-variable "subnet_ids" {
-  description = "The default VPC subnet ids"
+variable "vpc_id" {
+  description = "The provisioned VPC ID"
+  type        = string
+}
+
+variable "web_subnet_names" {
+  description = "List of Subnets for Web"
   type        = list(string)
 }
 
+# variable "api_subnet_names" {
+#   description = "List of Subnets for API"
+#   type        = list(string)
+# }
+
+# variable "db_subnet_names" {
+#   description = "List of Subnets for Database"
+#   type        = list(string)
+# }