From 2e9b192cae526b23b9d075f6e4e76215e6c270c4 Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Mon, 21 Jul 2025 10:25:33 -0400 Subject: [PATCH 1/4] create terraform setup for QA --- .vscode/extensions.json | 3 +- cloudformation/logs.yml | 1 + terraform/.gitignore | 82 +++++++++++++++++++ terraform/envs/qa/.terraform.lock.hcl | 25 ++++++ terraform/envs/qa/main.tf | 20 +++++ terraform/envs/qa/variables.tf | 9 ++ terraform/modules/cloudwatch_logs/main.tf | 22 +++++ .../modules/cloudwatch_logs/variables.tf | 7 ++ 8 files changed, 168 insertions(+), 1 deletion(-) create mode 100644 terraform/.gitignore create mode 100644 terraform/envs/qa/.terraform.lock.hcl create mode 100644 terraform/envs/qa/main.tf create mode 100644 terraform/envs/qa/variables.tf create mode 100644 terraform/modules/cloudwatch_logs/main.tf create mode 100644 terraform/modules/cloudwatch_logs/variables.tf diff --git a/.vscode/extensions.json b/.vscode/extensions.json index 68614859..2c09cfc8 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -4,6 +4,7 @@ "rvest.vs-code-prettier-eslint", "eamodio.gitlens", "ms-vscode.makefile-tools", - "amazonwebservices.aws-toolkit-vscode" + "amazonwebservices.aws-toolkit-vscode", + "hashicorp.terraform" ] } diff --git a/cloudformation/logs.yml b/cloudformation/logs.yml index dc9be9b1..70b1956e 100644 --- a/cloudformation/logs.yml +++ b/cloudformation/logs.yml @@ -10,6 +10,7 @@ Parameters: Resources: AppApiLambdaLogGroup: Type: AWS::Logs::LogGroup + DeletionPolicy: Retain Properties: LogGroupName: Fn::Sub: /aws/lambda/${LambdaFunctionName} diff --git a/terraform/.gitignore b/terraform/.gitignore new file mode 100644 index 00000000..8b2acfa7 --- /dev/null +++ b/terraform/.gitignore @@ -0,0 +1,82 @@ +# OSX leaves these everywhere on SMB shares +._* + +# OSX trash +.DS_Store + +# Python +*.pyc + +# Emacs save files +*~ +\#*\# +.\#* + +# Vim-related files +[._]*.s[a-w][a-z] +[._]s[a-w][a-z] +*.un~ +Session.vim +.netrwhist + +### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore + +# Local .terraform directories +**/.terraform* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Local tfvars terraform.tfvars +**/*.tfvars + +# tf lock file +**/.terraform.lock.hcl + +# Crash log files +crash.log + +# Ignore any .tfvars files that are generated automatically for each Terraform run. Most +# .tfvars files are managed as part of configuration and so should be included in +# version control. +# +# example.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json +.idea/ +.vscode/ +# Kitchen files +**/inspec.lock +**.gem +**/.kitchen +**/.kitchen.local.yml +**/Gemfile.lock +# Plan files +**/tmp_plan +**/.tmp +**/tmp + +test/fixtures/shared/terraform.tfvars + +test/integration/gcloud/config.sh +test/integration/tmp + +credentials.json + +helpers/foundation-deployer/foundation-deployer +helpers/foundation-deployer/.steps.json + +# File to populate env vars used by Docker test runs +.envrc + +# Handle files generated on sed command by old (2013-) MacOS versions +*.tf-e + +# Go multi-module workspace sum +go.work.sum diff --git a/terraform/envs/qa/.terraform.lock.hcl b/terraform/envs/qa/.terraform.lock.hcl new file mode 100644 index 00000000..00f630cd --- /dev/null +++ b/terraform/envs/qa/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.100.0" + constraints = "~> 5.92" + hashes = [ + "h1:Ijt7pOlB7Tr7maGQIqtsLFbl7pSMIj06TVdkoSBcYOw=", + "zh:054b8dd49f0549c9a7cc27d159e45327b7b65cf404da5e5a20da154b90b8a644", + "zh:0b97bf8d5e03d15d83cc40b0530a1f84b459354939ba6f135a0086c20ebbe6b2", + "zh:1589a2266af699cbd5d80737a0fe02e54ec9cf2ca54e7e00ac51c7359056f274", + "zh:6330766f1d85f01ae6ea90d1b214b8b74cc8c1badc4696b165b36ddd4cc15f7b", + "zh:7c8c2e30d8e55291b86fcb64bdf6c25489d538688545eb48fd74ad622e5d3862", + "zh:99b1003bd9bd32ee323544da897148f46a527f622dc3971af63ea3e251596342", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9f8b909d3ec50ade83c8062290378b1ec553edef6a447c56dadc01a99f4eaa93", + "zh:aaef921ff9aabaf8b1869a86d692ebd24fbd4e12c21205034bb679b9caf883a2", + "zh:ac882313207aba00dd5a76dbd572a0ddc818bb9cbf5c9d61b28fe30efaec951e", + "zh:bb64e8aff37becab373a1a0cc1080990785304141af42ed6aa3dd4913b000421", + "zh:dfe495f6621df5540d9c92ad40b8067376350b005c637ea6efac5dc15028add4", + "zh:f0ddf0eaf052766cfe09dea8200a946519f653c384ab4336e2a4a64fdd6310e9", + "zh:f1b7e684f4c7ae1eed272b6de7d2049bb87a0275cb04dbb7cda6636f600699c9", + "zh:ff461571e3f233699bf690db319dfe46aec75e58726636a0d97dd9ac6e32fb70", + ] +} diff --git a/terraform/envs/qa/main.tf b/terraform/envs/qa/main.tf new file mode 100644 index 00000000..bd8e989a --- /dev/null +++ b/terraform/envs/qa/main.tf @@ -0,0 +1,20 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.92" + } + } + + required_version = ">= 1.2" +} + +provider "aws" { + region = "us-east-1" +} + +module "cloudwatch_logs" { + source = "../../modules/cloudwatch_logs" + resource_prefix = var.ResourcePrefix + retention_in_days = var.LogRetentionDays +} diff --git a/terraform/envs/qa/variables.tf b/terraform/envs/qa/variables.tf new file mode 100644 index 00000000..4c15ea97 --- /dev/null +++ b/terraform/envs/qa/variables.tf @@ -0,0 +1,9 @@ +variable "LogRetentionDays" { + type = number + default = 7 +} + +variable "ResourcePrefix" { + type = string + default = "infra-core-api" +} diff --git a/terraform/modules/cloudwatch_logs/main.tf b/terraform/modules/cloudwatch_logs/main.tf new file mode 100644 index 00000000..9ed8ea2d --- /dev/null +++ b/terraform/modules/cloudwatch_logs/main.tf @@ -0,0 +1,22 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.92" + } + } + + required_version = ">= 1.2" +} + + +import { + to = aws_cloudwatch_log_group.main_app_logs + id = "${var.resource_prefix}-logs" +} + + +resource "aws_cloudwatch_log_group" "main_app_logs" { + name = "${var.resource_prefix}-logs" + retention_in_days = var.retention_in_days +} diff --git a/terraform/modules/cloudwatch_logs/variables.tf b/terraform/modules/cloudwatch_logs/variables.tf new file mode 100644 index 00000000..f9a9c631 --- /dev/null +++ b/terraform/modules/cloudwatch_logs/variables.tf @@ -0,0 +1,7 @@ +variable "resource_prefix" { + type = string +} + +variable "retention_in_days" { + type = number +} From f873f104255f0a52c2621447ae4861eddf7768ba Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Mon, 21 Jul 2025 11:09:16 -0400 Subject: [PATCH 2/4] run terraform on deploy to QA --- .github/workflows/deploy-qa.yml | 11 ++++++++ Makefile | 6 +++++ cloudformation/logs.yml | 1 + .../cloudwatch_logs => envs/prod}/main.tf | 16 ++++++++---- terraform/envs/prod/variables.tf | 10 ++++++++ terraform/envs/qa/.terraform.lock.hcl | 25 ------------------- terraform/envs/qa/main.tf | 14 ++++++++--- terraform/envs/qa/variables.tf | 2 +- .../modules/cloudwatch_logs/variables.tf | 7 ------ 9 files changed, 51 insertions(+), 41 deletions(-) rename terraform/{modules/cloudwatch_logs => envs/prod}/main.tf (50%) create mode 100644 terraform/envs/prod/variables.tf delete mode 100644 terraform/envs/qa/.terraform.lock.hcl delete mode 100644 terraform/modules/cloudwatch_logs/variables.tf diff --git a/.github/workflows/deploy-qa.yml b/.github/workflows/deploy-qa.yml index 2db441a8..ab0d2b49 100644 --- a/.github/workflows/deploy-qa.yml +++ b/.github/workflows/deploy-qa.yml @@ -20,6 +20,12 @@ jobs: env: HUSKY: "0" + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.12.2 + + - name: Set up Node uses: actions/setup-node@v4 with: @@ -102,6 +108,11 @@ jobs: node-version: 22.x cache: "yarn" + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.12.2 + - name: Restore Yarn Cache uses: actions/cache@v4 with: diff --git a/Makefile b/Makefile index 0802cdbc..bce86814 100644 --- a/Makefile +++ b/Makefile @@ -96,6 +96,8 @@ deploy_prod: check_account_prod deploy_dev: check_account_dev @echo "Deploying CloudFormation stack..." sam deploy $(common_params) --parameter-overrides $(run_env)=dev $(set_application_prefix)=$(application_key) $(set_application_name)="$(application_name)" S3BucketPrefix="$(s3_bucket_prefix)" + @echo "Deploying Terraform..." + terraform -chdir=terraform/envs/qa apply -auto-approve make postdeploy invalidate_cloudfront: @@ -121,6 +123,10 @@ test_live_integration: install test_unit: install yarn lint cfn-lint cloudformation/**/* + terraform -chdir=terraform/envs/qa fmt -check + terraform -chdir=terraform/envs/prod fmt -check + terraform -chdir=terraform/envs/qa validate + terraform -chdir=terraform/envs/prod validate yarn prettier yarn test:unit diff --git a/cloudformation/logs.yml b/cloudformation/logs.yml index 70b1956e..7e7ed8f6 100644 --- a/cloudformation/logs.yml +++ b/cloudformation/logs.yml @@ -11,6 +11,7 @@ Resources: AppApiLambdaLogGroup: Type: AWS::Logs::LogGroup DeletionPolicy: Retain + UpdateReplacePolicy: Retain Properties: LogGroupName: Fn::Sub: /aws/lambda/${LambdaFunctionName} diff --git a/terraform/modules/cloudwatch_logs/main.tf b/terraform/envs/prod/main.tf similarity index 50% rename from terraform/modules/cloudwatch_logs/main.tf rename to terraform/envs/prod/main.tf index 9ed8ea2d..72b2fddf 100644 --- a/terraform/modules/cloudwatch_logs/main.tf +++ b/terraform/envs/prod/main.tf @@ -9,14 +9,20 @@ terraform { required_version = ">= 1.2" } +provider "aws" { + region = "us-east-1" + default_tags { + tags = { + project = var.ProjectId + } + } +} import { to = aws_cloudwatch_log_group.main_app_logs - id = "${var.resource_prefix}-logs" + id = "/aws/lambda/${var.ProjectId}-lambda" } - - resource "aws_cloudwatch_log_group" "main_app_logs" { - name = "${var.resource_prefix}-logs" - retention_in_days = var.retention_in_days + name = "/aws/lambda/${var.ProjectId}-lambda" + retention_in_days = var.LogRetentionDays } diff --git a/terraform/envs/prod/variables.tf b/terraform/envs/prod/variables.tf new file mode 100644 index 00000000..194e98a9 --- /dev/null +++ b/terraform/envs/prod/variables.tf @@ -0,0 +1,10 @@ +variable "LogRetentionDays" { + type = number + default = 90 +} + +variable "ProjectId" { + type = string + default = "infra-core-api" +} + diff --git a/terraform/envs/qa/.terraform.lock.hcl b/terraform/envs/qa/.terraform.lock.hcl deleted file mode 100644 index 00f630cd..00000000 --- a/terraform/envs/qa/.terraform.lock.hcl +++ /dev/null @@ -1,25 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.100.0" - constraints = "~> 5.92" - hashes = [ - "h1:Ijt7pOlB7Tr7maGQIqtsLFbl7pSMIj06TVdkoSBcYOw=", - "zh:054b8dd49f0549c9a7cc27d159e45327b7b65cf404da5e5a20da154b90b8a644", - "zh:0b97bf8d5e03d15d83cc40b0530a1f84b459354939ba6f135a0086c20ebbe6b2", - "zh:1589a2266af699cbd5d80737a0fe02e54ec9cf2ca54e7e00ac51c7359056f274", - "zh:6330766f1d85f01ae6ea90d1b214b8b74cc8c1badc4696b165b36ddd4cc15f7b", - "zh:7c8c2e30d8e55291b86fcb64bdf6c25489d538688545eb48fd74ad622e5d3862", - "zh:99b1003bd9bd32ee323544da897148f46a527f622dc3971af63ea3e251596342", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9f8b909d3ec50ade83c8062290378b1ec553edef6a447c56dadc01a99f4eaa93", - "zh:aaef921ff9aabaf8b1869a86d692ebd24fbd4e12c21205034bb679b9caf883a2", - "zh:ac882313207aba00dd5a76dbd572a0ddc818bb9cbf5c9d61b28fe30efaec951e", - "zh:bb64e8aff37becab373a1a0cc1080990785304141af42ed6aa3dd4913b000421", - "zh:dfe495f6621df5540d9c92ad40b8067376350b005c637ea6efac5dc15028add4", - "zh:f0ddf0eaf052766cfe09dea8200a946519f653c384ab4336e2a4a64fdd6310e9", - "zh:f1b7e684f4c7ae1eed272b6de7d2049bb87a0275cb04dbb7cda6636f600699c9", - "zh:ff461571e3f233699bf690db319dfe46aec75e58726636a0d97dd9ac6e32fb70", - ] -} diff --git a/terraform/envs/qa/main.tf b/terraform/envs/qa/main.tf index bd8e989a..72b2fddf 100644 --- a/terraform/envs/qa/main.tf +++ b/terraform/envs/qa/main.tf @@ -11,10 +11,18 @@ terraform { provider "aws" { region = "us-east-1" + default_tags { + tags = { + project = var.ProjectId + } + } } -module "cloudwatch_logs" { - source = "../../modules/cloudwatch_logs" - resource_prefix = var.ResourcePrefix +import { + to = aws_cloudwatch_log_group.main_app_logs + id = "/aws/lambda/${var.ProjectId}-lambda" +} +resource "aws_cloudwatch_log_group" "main_app_logs" { + name = "/aws/lambda/${var.ProjectId}-lambda" retention_in_days = var.LogRetentionDays } diff --git a/terraform/envs/qa/variables.tf b/terraform/envs/qa/variables.tf index 4c15ea97..5d2d4f92 100644 --- a/terraform/envs/qa/variables.tf +++ b/terraform/envs/qa/variables.tf @@ -3,7 +3,7 @@ variable "LogRetentionDays" { default = 7 } -variable "ResourcePrefix" { +variable "ProjectId" { type = string default = "infra-core-api" } diff --git a/terraform/modules/cloudwatch_logs/variables.tf b/terraform/modules/cloudwatch_logs/variables.tf deleted file mode 100644 index f9a9c631..00000000 --- a/terraform/modules/cloudwatch_logs/variables.tf +++ /dev/null @@ -1,7 +0,0 @@ -variable "resource_prefix" { - type = string -} - -variable "retention_in_days" { - type = number -} From de0606a70b286c047971866b64be5f4fc40a8a8e Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Mon, 21 Jul 2025 11:11:05 -0400 Subject: [PATCH 3/4] fix makefile --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index bce86814..93ba8457 100644 --- a/Makefile +++ b/Makefile @@ -116,6 +116,8 @@ invalidate_cloudfront: install: yarn -D pip install cfn-lint + terraform -chdir=terraform/envs/qa init + terraform -chdir=terraform/envs/prod init test_live_integration: install yarn test:live From f60b2bcbefe65cf4aa82cc8fa0e0ffd1f1e4f8ae Mon Sep 17 00:00:00 2001 From: Dev Singh Date: Tue, 22 Jul 2025 00:48:01 -0400 Subject: [PATCH 4/4] fix makefile --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 93ba8457..b89a1867 100644 --- a/Makefile +++ b/Makefile @@ -90,6 +90,8 @@ postdeploy: deploy_prod: check_account_prod @echo "Deploying CloudFormation stack..." + terraform -chdir=terraform/envs/prod apply -auto-approve + terraform -chdir=terraform/envs/prod init sam deploy $(common_params) --parameter-overrides $(run_env)=prod $(set_application_prefix)=$(application_key) $(set_application_name)="$(application_name)" S3BucketPrefix="$(s3_bucket_prefix)" make postdeploy @@ -97,6 +99,7 @@ deploy_dev: check_account_dev @echo "Deploying CloudFormation stack..." sam deploy $(common_params) --parameter-overrides $(run_env)=dev $(set_application_prefix)=$(application_key) $(set_application_name)="$(application_name)" S3BucketPrefix="$(s3_bucket_prefix)" @echo "Deploying Terraform..." + terraform -chdir=terraform/envs/qa init terraform -chdir=terraform/envs/qa apply -auto-approve make postdeploy