@@ -17,12 +17,12 @@ resource "aws_cloudwatch_log_group" "this" {
17
17
}
18
18
19
19
resource "aws_db_subnet_group" "this" {
20
- name = " ${ var . deployment_name } -retool"
20
+ name = " ${ var . deployment_name } -retool"
21
21
subnet_ids = var. subnet_ids
22
22
}
23
23
24
24
resource "aws_db_instance" "this" {
25
- identifier = " ${ var . deployment_name } -rds-instance"
25
+ identifier = " ${ var . deployment_name } -rds-instance"
26
26
allocated_storage = 80
27
27
instance_class = var. rds_instance_class
28
28
engine = " postgres"
@@ -35,9 +35,11 @@ resource "aws_db_instance" "this" {
35
35
vpc_security_group_ids = [aws_security_group . rds . id ]
36
36
db_subnet_group_name = aws_db_subnet_group. this . id
37
37
performance_insights_enabled = var. rds_performance_insights_enabled
38
-
39
- skip_final_snapshot = true
40
- apply_immediately = true
38
+ kms_key_id = var. rds_kms_key_id
39
+ storage_encrypted = var. rds_kms_key_id != null
40
+
41
+ skip_final_snapshot = true
42
+ apply_immediately = true
41
43
}
42
44
43
45
resource "aws_ecs_service" "retool" {
@@ -65,7 +67,7 @@ resource "aws_ecs_service" "retool" {
65
67
dynamic "network_configuration" {
66
68
for_each = var. launch_type == " FARGATE" ? toset ([1 ]) : toset ([])
67
69
68
- content {
70
+ content {
69
71
subnets = var. subnet_ids
70
72
security_groups = [
71
73
aws_security_group . containers . id
@@ -92,7 +94,7 @@ resource "aws_ecs_service" "jobs_runner" {
92
94
93
95
for_each = var. launch_type == " FARGATE" ? toset ([1 ]) : toset ([])
94
96
95
- content {
97
+ content {
96
98
subnets = var. subnet_ids
97
99
security_groups = [
98
100
aws_security_group . containers . id
@@ -108,7 +110,7 @@ resource "aws_ecs_service" "workflows_backend" {
108
110
cluster = aws_ecs_cluster. this . id
109
111
desired_count = 1
110
112
task_definition = aws_ecs_task_definition. retool_workflows_backend [0 ]. arn
111
-
113
+
112
114
# Need to explictly set this in aws_ecs_service to avoid destructive behavior: https://github.com/hashicorp/terraform-provider-aws/issues/22823
113
115
capacity_provider_strategy {
114
116
base = 1
@@ -123,7 +125,7 @@ resource "aws_ecs_service" "workflows_backend" {
123
125
124
126
for_each = var. launch_type == " FARGATE" ? toset ([1 ]) : toset ([])
125
127
126
- content {
128
+ content {
127
129
subnets = var. subnet_ids
128
130
security_groups = [
129
131
aws_security_group . containers . id
@@ -150,7 +152,7 @@ resource "aws_ecs_service" "workflows_worker" {
150
152
151
153
for_each = var. launch_type == " FARGATE" ? toset ([1 ]) : toset ([])
152
154
153
- content {
155
+ content {
154
156
subnets = var. subnet_ids
155
157
security_groups = [
156
158
aws_security_group . containers . id
@@ -161,13 +163,13 @@ resource "aws_ecs_service" "workflows_worker" {
161
163
}
162
164
163
165
resource "aws_ecs_task_definition" "retool_jobs_runner" {
164
- family = " retool-jobs-runner"
165
- task_role_arn = aws_iam_role. task_role . arn
166
- execution_role_arn = var. launch_type == " FARGATE" ? aws_iam_role. execution_role [0 ]. arn : null
166
+ family = " retool-jobs-runner"
167
+ task_role_arn = aws_iam_role. task_role . arn
168
+ execution_role_arn = var. launch_type == " FARGATE" ? aws_iam_role. execution_role [0 ]. arn : null
167
169
requires_compatibilities = var. launch_type == " FARGATE" ? [" FARGATE" ] : null
168
- network_mode = var. launch_type == " FARGATE" ? " awsvpc" : " bridge"
169
- cpu = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" jobs_runner" ][" cpu" ] : null
170
- memory = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" jobs_runner" ][" memory" ] : null
170
+ network_mode = var. launch_type == " FARGATE" ? " awsvpc" : " bridge"
171
+ cpu = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" jobs_runner" ][" cpu" ] : null
172
+ memory = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" jobs_runner" ][" memory" ] : null
171
173
container_definitions = jsonencode (
172
174
[
173
175
{
@@ -211,13 +213,13 @@ resource "aws_ecs_task_definition" "retool_jobs_runner" {
211
213
)
212
214
}
213
215
resource "aws_ecs_task_definition" "retool" {
214
- family = " retool"
215
- task_role_arn = aws_iam_role. task_role . arn
216
- execution_role_arn = var. launch_type == " FARGATE" ? aws_iam_role. execution_role [0 ]. arn : null
216
+ family = " retool"
217
+ task_role_arn = aws_iam_role. task_role . arn
218
+ execution_role_arn = var. launch_type == " FARGATE" ? aws_iam_role. execution_role [0 ]. arn : null
217
219
requires_compatibilities = var. launch_type == " FARGATE" ? [" FARGATE" ] : null
218
- network_mode = var. launch_type == " FARGATE" ? " awsvpc" : " bridge"
219
- cpu = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" main" ][" cpu" ] : null
220
- memory = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" main" ][" memory" ] : null
220
+ network_mode = var. launch_type == " FARGATE" ? " awsvpc" : " bridge"
221
+ cpu = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" main" ][" cpu" ] : null
222
+ memory = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" main" ][" memory" ] : null
221
223
container_definitions = jsonencode (
222
224
[
223
225
{
@@ -266,14 +268,14 @@ resource "aws_ecs_task_definition" "retool" {
266
268
}
267
269
268
270
resource "aws_ecs_task_definition" "retool_workflows_backend" {
269
- count = var. workflows_enabled ? 1 : 0
270
- family = " retool-workflows-backend"
271
- task_role_arn = aws_iam_role. task_role . arn
272
- execution_role_arn = var. launch_type == " FARGATE" ? aws_iam_role. execution_role [0 ]. arn : null
273
- requires_compatibilities = var. launch_type == " FARGATE" ? [" FARGATE" ] : null
274
- network_mode = var. launch_type == " FARGATE" ? " awsvpc" : " bridge"
275
- cpu = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" workflows_backend" ][" cpu" ] : null
276
- memory = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" workflows_backend" ][" memory" ] : null
271
+ count = var. workflows_enabled ? 1 : 0
272
+ family = " retool-workflows-backend"
273
+ task_role_arn = aws_iam_role. task_role . arn
274
+ execution_role_arn = var. launch_type == " FARGATE" ? aws_iam_role. execution_role [0 ]. arn : null
275
+ requires_compatibilities = var. launch_type == " FARGATE" ? [" FARGATE" ] : null
276
+ network_mode = var. launch_type == " FARGATE" ? " awsvpc" : " bridge"
277
+ cpu = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" workflows_backend" ][" cpu" ] : null
278
+ memory = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" workflows_backend" ][" memory" ] : null
277
279
container_definitions = jsonencode (
278
280
[
279
281
{
@@ -321,14 +323,14 @@ resource "aws_ecs_task_definition" "retool_workflows_backend" {
321
323
)
322
324
}
323
325
resource "aws_ecs_task_definition" "retool_workflows_worker" {
324
- count = var. workflows_enabled ? 1 : 0
325
- family = " retool-workflows-worker"
326
- task_role_arn = aws_iam_role. task_role . arn
327
- execution_role_arn = var. launch_type == " FARGATE" ? aws_iam_role. execution_role [0 ]. arn : null
328
- requires_compatibilities = var. launch_type == " FARGATE" ? [" FARGATE" ] : null
329
- network_mode = var. launch_type == " FARGATE" ? " awsvpc" : " bridge"
330
- cpu = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" workflows_worker" ][" cpu" ] : null
331
- memory = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" workflows_worker" ][" memory" ] : null
326
+ count = var. workflows_enabled ? 1 : 0
327
+ family = " retool-workflows-worker"
328
+ task_role_arn = aws_iam_role. task_role . arn
329
+ execution_role_arn = var. launch_type == " FARGATE" ? aws_iam_role. execution_role [0 ]. arn : null
330
+ requires_compatibilities = var. launch_type == " FARGATE" ? [" FARGATE" ] : null
331
+ network_mode = var. launch_type == " FARGATE" ? " awsvpc" : " bridge"
332
+ cpu = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" workflows_worker" ][" cpu" ] : null
333
+ memory = var. launch_type == " FARGATE" ? var. ecs_task_resource_map [" workflows_worker" ][" memory" ] : null
332
334
container_definitions = jsonencode (
333
335
[
334
336
{
@@ -381,13 +383,13 @@ resource "aws_ecs_task_definition" "retool_workflows_worker" {
381
383
}
382
384
383
385
resource "aws_service_discovery_private_dns_namespace" "retoolsvc" {
384
- count = var. workflows_enabled ? 1 : 0
386
+ count = var. workflows_enabled ? 1 : 0
385
387
name = " retoolsvc"
386
388
description = " Service Discovery namespace for Retool deployment"
387
389
vpc = var. vpc_id
388
390
}
389
391
390
- resource "aws_service_discovery_service" "retool_workflow_backend_service" {
392
+ resource "aws_service_discovery_service" "retool_workflow_backend_service" {
391
393
count = var. workflows_enabled ? 1 : 0
392
394
name = " workflow-backend"
393
395
@@ -408,17 +410,18 @@ resource "aws_service_discovery_service" "retool_workflow_backend_service" {
408
410
}
409
411
410
412
module "temporal" {
411
- count = var. workflows_enabled && ! var. use_exising_temporal_cluster ? 1 : 0
413
+ count = var. workflows_enabled && ! var. use_exising_temporal_cluster ? 1 : 0
412
414
source = " ./temporal"
413
-
414
- deployment_name = " ${ var . deployment_name } -temporal"
415
- vpc_id = var. vpc_id
416
- subnet_ids = var. subnet_ids
417
- private_dns_namespace_id = aws_service_discovery_private_dns_namespace. retoolsvc [0 ]. id
418
- aws_cloudwatch_log_group_id = aws_cloudwatch_log_group. this . id
419
- aws_region = var. aws_region
420
- aws_ecs_cluster_id = aws_ecs_cluster. this . id
421
- launch_type = var. launch_type
422
- container_sg_id = aws_security_group. containers . id
415
+
416
+ deployment_name = " ${ var . deployment_name } -temporal"
417
+ vpc_id = var. vpc_id
418
+ subnet_ids = var. subnet_ids
419
+ private_dns_namespace_id = aws_service_discovery_private_dns_namespace. retoolsvc [0 ]. id
420
+ aws_cloudwatch_log_group_id = aws_cloudwatch_log_group. this . id
421
+ aws_region = var. aws_region
422
+ aws_ecs_cluster_id = aws_ecs_cluster. this . id
423
+ launch_type = var. launch_type
424
+ container_sg_id = aws_security_group. containers . id
423
425
aws_ecs_capacity_provider_name = var. launch_type == " EC2" ? aws_ecs_capacity_provider. this [0 ]. name : null
426
+ kms_key_id = var. temporal_aurora_kms_key_id
424
427
}
0 commit comments