chore: var cleanup and enable ecs exec

Author: g-otn

README.md

@@ -1,6 +1,27 @@
 # terraform-computing
+
 [![Terraform Apply](https://github.com/soat-tech-challenge/terraform-computing/actions/workflows/main.yml/badge.svg)](https://github.com/soat-tech-challenge/terraform-computing/actions/workflows/main.yml)
 
 Part of a group course project of a self service and kitchen management system for a fictional fast food restaurant.
 
 Currently responsible for managing computing-related resources of the project.
+
+### Service
+
+#### ECS Exec
+
+Requires: AWS CLI, Session Manager plugin
+
+Enter ECS task container shell using ECS Exec:
+
+```
+aws ecs execute-command \
+  --region us-east-1 \
+  --cluster SOAT_Tech_Challenge_ECS_Cluster \
+  --task task-id \
+  --container SOAT-TC_ECS_<service>_SVC_Main_Container \
+  --interactive \
+  --command "/usr/bin/sh"
+```
+
+Read more: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html#ecs-exec-enabling-and-using

container_definitions/identification.json

@@ -27,10 +27,6 @@
       {
         "name": "AWS_DYNAMODB_ENDPOINT",
         "value": "${aws_dynamodb_endpoint}"
-      },
-      {
-        "name": "JWT_PUBLIC_KEY",
-        "value": "${client_jwt_pub_key}"
       }
     ],
     "logConfiguration": {

main.tf

@@ -10,37 +10,36 @@ locals {
 
 locals {
   identification_svc_container_definition = templatefile("./container_definitions/identification.json", {
-    id = "identification"
-
-    client_jwt_pub_key = var.client_jwt_public_key
+    id         = "identification"
+    aws_region = var.aws_region
 
     aws_access_key    = var.aws_access_key
     aws_secret_key    = var.aws_secret_key
     aws_session_token = var.aws_session_token
 
     aws_dynamodb_endpoint = local.dynamodb_endpoint
-
-    aws_region = var.aws_region
   })
   order_svc_container_definition = templatefile("./container_definitions/order.json", {
-    id = "order"
+    id         = "order"
+    aws_region = var.aws_region
+
+    db_username = var.order_svc_db_username
+    db_password = var.order_svc_db_password
+    db_name     = var.order_svc_db_name
+    db_host     = data.tfe_outputs.database.values.order_svc_db.endpoint
 
-    db_username            = var.order_svc_db_username
-    db_password            = var.order_svc_db_password
-    db_name                = var.order_svc_db_name
-    db_host                = data.tfe_outputs.database.values.order_svc_db.endpoint
     client_jwt_pub_key     = var.client_jwt_public_key
     api_url_identification = "${local.alb_url}/identification"
-
-    aws_region = var.aws_region
   })
   payment_svc_container_definition = templatefile("./container_definitions/payment.json", {
-    id = "payment"
+    id         = "payment"
+    aws_region = var.aws_region
+
+    db_username = var.payment_svc_db_username
+    db_password = var.payment_svc_db_password
+    db_name     = var.payment_svc_db_name
+    db_host     = data.tfe_outputs.database.values.payment_svc_db.endpoint
 
-    db_username        = var.payment_svc_db_username
-    db_password        = var.payment_svc_db_password
-    db_name            = var.payment_svc_db_name
-    db_host            = data.tfe_outputs.database.values.payment_svc_db.endpoint
     client_jwt_pub_key = var.client_jwt_public_key
     api_url_order      = "${local.alb_url}/order"
     api_url_production = "${local.alb_url}/production"
@@ -50,11 +49,10 @@ locals {
     aws_session_token = var.aws_session_token
 
     aws_sqs_endpoint = local.sqs_endpoint
-
-    aws_region = var.aws_region
   })
   production_svc_container_definition = templatefile("./container_definitions/production.json", {
-    id = "production"
+    id         = "production"
+    aws_region = var.aws_region
 
     client_jwt_pub_key = var.client_jwt_public_key
 
@@ -64,8 +62,6 @@ locals {
 
     aws_dynamodb_endpoint = local.dynamodb_endpoint
     aws_sqs_endpoint      = local.sqs_endpoint
-
-    aws_region = var.aws_region
   })
 }
 

modules/service/ecs.tf

@@ -29,6 +29,9 @@ resource "aws_ecs_service" "this" {
   force_new_deployment              = true
   health_check_grace_period_seconds = 180
 
+  # https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html#ecs-exec-enabling-and-using
+  enable_execute_command = true
+
   network_configuration {
     assign_public_ip = true
     subnets          = var.subnet_ids