diff --git a/main.tf b/main.tf index 9b2aaee..017e6a6 100644 --- a/main.tf +++ b/main.tf @@ -42,6 +42,8 @@ module "metaflow-metadata-service" { subnet2_id = var.subnet2_id vpc_cidr_blocks = var.vpc_cidr_blocks with_public_ip = var.with_public_ip + nlb_arn = var.nlb_arn + nlb_dns_name = var.nlb_dns_name standard_tags = var.tags } diff --git a/modules/datastore/rds.tf b/modules/datastore/rds.tf index cddfa76..3bbc9e2 100644 --- a/modules/datastore/rds.tf +++ b/modules/datastore/rds.tf @@ -96,24 +96,25 @@ resource "aws_rds_cluster_instance" "cluster_instances" { Define rds db instance. */ resource "aws_db_instance" "this" { - count = local.use_aurora ? 0 : 1 - publicly_accessible = false - allocated_storage = 20 # Allocate 20GB - storage_type = "gp2" # general purpose SSD - storage_encrypted = true - kms_key_id = aws_kms_key.rds.arn - engine = var.db_engine - engine_version = var.db_engine_version - instance_class = var.db_instance_type # Hardware configuration - identifier = "${var.resource_prefix}${var.db_name}${var.resource_suffix}" # used for dns hostname needs to be customer unique in region - db_name = var.db_name # unique id for CLI commands (name of DB table which is why we're not adding the prefix as no conflicts will occur and the API expects this table name) - username = var.db_username - password = random_password.this.result - db_subnet_group_name = aws_db_subnet_group.this.id - max_allocated_storage = 1000 # Upper limit of automatic scaled storage - multi_az = true # Multiple availability zone? - final_snapshot_identifier = "${var.resource_prefix}${var.db_name}-final-snapshot${var.resource_suffix}-${random_pet.final_snapshot_id.id}" # Snapshot upon delete - vpc_security_group_ids = [aws_security_group.rds_security_group.id] + count = local.use_aurora ? 0 : 1 + publicly_accessible = false + allocated_storage = 20 # Allocate 20GB + storage_type = "gp2" # general purpose SSD + storage_encrypted = true + kms_key_id = aws_kms_key.rds.arn + engine = var.db_engine + engine_version = var.db_engine_version + instance_class = var.db_instance_type # Hardware configuration + identifier = "${var.resource_prefix}${var.db_name}${var.resource_suffix}" # used for dns hostname needs to be customer unique in region + db_name = var.db_name # unique id for CLI commands (name of DB table which is why we're not adding the prefix as no conflicts will occur and the API expects this table name) + username = var.db_username + password = random_password.this.result + db_subnet_group_name = aws_db_subnet_group.this.id + max_allocated_storage = 1000 # Upper limit of automatic scaled storage + multi_az = false # Multiple availability zone? + final_snapshot_identifier = "${var.resource_prefix}${var.db_name}-final-snapshot${var.resource_suffix}-${random_pet.final_snapshot_id.id}" # Snapshot upon delete + vpc_security_group_ids = [aws_security_group.rds_security_group.id] + allow_major_version_upgrade = true tags = merge( var.standard_tags, diff --git a/modules/datastore/variables.tf b/modules/datastore/variables.tf index e294391..bdc3802 100644 --- a/modules/datastore/variables.tf +++ b/modules/datastore/variables.tf @@ -11,7 +11,7 @@ variable "db_engine" { variable "db_engine_version" { type = string - default = "11" + default = "13" } variable "db_name" { diff --git a/modules/metadata-service/api-gateway.tf b/modules/metadata-service/api-gateway.tf index f01cee9..71dbf41 100644 --- a/modules/metadata-service/api-gateway.tf +++ b/modules/metadata-service/api-gateway.tf @@ -56,7 +56,7 @@ resource "aws_api_gateway_resource" "db" { resource "aws_api_gateway_vpc_link" "this" { count = var.enable_api_gateway ? 1 : 0 name = "${var.resource_prefix}vpclink${var.resource_suffix}" - target_arns = [aws_lb.this.arn] + target_arns = [var.nlb_arn == "" ? aws_lb.this[0].arn : var.nlb_arn] tags = var.standard_tags } @@ -103,7 +103,7 @@ resource "aws_api_gateway_integration" "this" { } type = "HTTP_PROXY" - uri = "http://${aws_lb.this.dns_name}/{proxy}" + uri = "http://${var.nlb_dns_name == "" ? aws_lb.this[0].dns_name : var.nlb_dns_name}/{proxy}" integration_http_method = "ANY" passthrough_behavior = "WHEN_NO_MATCH" connection_type = "VPC_LINK" @@ -118,7 +118,7 @@ resource "aws_api_gateway_integration" "db" { type = "HTTP_PROXY" - uri = "http://${aws_lb.this.dns_name}:8082/db_schema_status" + uri = "http://${var.nlb_dns_name == "" ? aws_lb.this[0].dns_name : var.nlb_dns_name}:8082/db_schema_status" integration_http_method = "GET" passthrough_behavior = "WHEN_NO_MATCH" connection_type = "VPC_LINK" diff --git a/modules/metadata-service/ec2.tf b/modules/metadata-service/ec2.tf index 64ec728..418a444 100644 --- a/modules/metadata-service/ec2.tf +++ b/modules/metadata-service/ec2.tf @@ -45,6 +45,7 @@ resource "aws_security_group" "metadata_service_security_group" { } resource "aws_lb" "this" { + count = var.nlb_arn == "" ? 1 : 0 name = "${var.resource_prefix}nlb${var.resource_suffix}" internal = true load_balancer_type = "network" @@ -89,7 +90,7 @@ resource "aws_lb_target_group" "db_migrate" { } resource "aws_lb_listener" "this" { - load_balancer_arn = aws_lb.this.arn + load_balancer_arn = var.nlb_arn == "" ? aws_lb.this[0].arn : var.nlb_arn port = "80" protocol = "TCP" @@ -100,7 +101,7 @@ resource "aws_lb_listener" "this" { } resource "aws_lb_listener" "db_migrate" { - load_balancer_arn = aws_lb.this.arn + load_balancer_arn = var.nlb_arn == "" ? aws_lb.this[0].arn : var.nlb_arn port = "8082" protocol = "TCP" diff --git a/modules/metadata-service/ecs.tf b/modules/metadata-service/ecs.tf index 1abd89d..4df73ea 100644 --- a/modules/metadata-service/ecs.tf +++ b/modules/metadata-service/ecs.tf @@ -94,5 +94,6 @@ resource "aws_ecs_service" "this" { ignore_changes = [desired_count] } + propagate_tags = "SERVICE" tags = var.standard_tags } diff --git a/modules/metadata-service/lambda.tf b/modules/metadata-service/lambda.tf index af5fce8..2d97fa7 100644 --- a/modules/metadata-service/lambda.tf +++ b/modules/metadata-service/lambda.tf @@ -124,7 +124,7 @@ resource "aws_lambda_function" "db_migrate_lambda" { environment { variables = { - MD_LB_ADDRESS = "http://${aws_lb.this.dns_name}:8082" + MD_LB_ADDRESS = "http://${var.nlb_dns_name == "" ? aws_lb.this[0].dns_name : var.nlb_dns_name}:8082" } } diff --git a/modules/metadata-service/outputs.tf b/modules/metadata-service/outputs.tf index 5b93e41..975e1cf 100644 --- a/modules/metadata-service/outputs.tf +++ b/modules/metadata-service/outputs.tf @@ -1,5 +1,5 @@ output "METAFLOW_SERVICE_INTERNAL_URL" { - value = "http://${aws_lb.this.dns_name}/" + value = "http://${var.nlb_dns_name == "" ? aws_lb.this[0].dns_name : var.nlb_dns_name}/" description = "URL for Metadata Service (Accessible in VPC)" } @@ -34,6 +34,6 @@ output "metadata_svc_ecs_task_role_arn" { } output "network_load_balancer_dns_name" { - value = aws_lb.this.dns_name + value = var.nlb_dns_name == "" ? aws_lb.this[0].dns_name : var.nlb_dns_name description = "The DNS addressable name for the Network Load Balancer that accepts requests and forwards them to our Fargate MetaData service instance(s)" } diff --git a/modules/metadata-service/variables.tf b/modules/metadata-service/variables.tf index b38f99c..764c158 100644 --- a/modules/metadata-service/variables.tf +++ b/modules/metadata-service/variables.tf @@ -126,3 +126,13 @@ variable "with_public_ip" { type = bool description = "Enable public IP assignment for the Metadata Service. Typically you want this to be set to true if using public subnets as subnet1_id and subnet2_id, and false otherwise" } + +variable "nlb_arn" { + type = string + description = "The ARN of the network load balancer to use for Metaflow. A new resource will be created if unfilled. Must be provided together with nlb_dns_name." +} + +variable "nlb_dns_name" { + type = string + description = "The DNS name of the network load balancer to use for Metaflow. Must be provided together with nlb_arn." +} diff --git a/modules/ui/ecs_ui_backend.tf b/modules/ui/ecs_ui_backend.tf index 61b855a..fcf8864 100644 --- a/modules/ui/ecs_ui_backend.tf +++ b/modules/ui/ecs_ui_backend.tf @@ -74,5 +74,6 @@ resource "aws_ecs_service" "ui_backend" { ignore_changes = [desired_count] } + propagate_tags = "SERVICE" tags = var.standard_tags } diff --git a/modules/ui/ecs_ui_static.tf b/modules/ui/ecs_ui_static.tf index dfa99f3..613dcb7 100644 --- a/modules/ui/ecs_ui_static.tf +++ b/modules/ui/ecs_ui_static.tf @@ -66,5 +66,6 @@ resource "aws_ecs_service" "ui_static" { ignore_changes = [desired_count] } + propagate_tags = "SERVICE" tags = var.standard_tags } diff --git a/variables.tf b/variables.tf index 1738c0b..2cbb89f 100644 --- a/variables.tf +++ b/variables.tf @@ -70,12 +70,12 @@ variable "compute_environment_egress_cidr_blocks" { variable "db_instance_type" { type = string description = "RDS instance type to launch for PostgresQL database." - default = "db.t2.small" + default = "db.t3.small" } variable "db_engine_version" { type = string - default = "11" + default = "13" } variable "launch_template_http_endpoint" { @@ -199,3 +199,15 @@ variable "enable_key_rotation" { description = "Enable key rotation for KMS keys" default = false } + +variable "nlb_arn" { + type = string + description = "The ARN of the network load balancer to use for Metaflow. A new resource will be created if unfilled. Must be provided together with nlb_dns_name." + default = "" +} + +variable "nlb_dns_name" { + type = string + description = "The DNS name of the network load balancer to use for Metaflow. Must be provided together with nlb_arn." + default = "" +}