fix destructive no-op updates and update README

Author: roberto-retool

modules/aws_ecs/workflows_aws_ecs/README.md renamed to modules/aws_ecs/README.md

@@ -50,7 +50,8 @@ To configure the EC instance size, set the `instance_type` input variable (e.g.
 To configure the RDS instance class, set the `instance_class` input variable (e.g. `db.m6g.large`).
 
 ## Advanced Configuration
-
+**Bring your own Temporal Cluster**
+To configure your own Temporal cluster, set the `use_existing_temporal_cluster` to `true` and configure your Temporal Cluster's Frontend service endpoint (and TLS if needed) using `temporal_cluster_config`. If configuring mTLS, we expect the cert and key values to be base64-encoded strings.
 ### Security Groups
 
 To customize the ingress and egress rules on the security groups, you can override specific input variable defaults.

modules/aws_ecs/workflows_aws_ecs/ecs.tf renamed to modules/aws_ecs/ecs.tf

@@ -9,15 +9,14 @@ resource "aws_ecs_cluster" "this" {
 
 # Fargate capacity provider
 resource "aws_ecs_cluster_capacity_providers" "this" {
-  count        = var.launch_type == "FARGATE" ? 1 : 0
   cluster_name = aws_ecs_cluster.this.name
 
-  capacity_providers = ["FARGATE"]
+  capacity_providers = var.launch_type == "FARGATE" ? ["FARGATE"] : [aws_ecs_capacity_provider.this[0].name]
 
   default_capacity_provider_strategy {
     base              = 1
     weight            = 100
-    capacity_provider = "FARGATE"
+    capacity_provider = var.launch_type == "FARGATE" ? "FARGATE" : aws_ecs_capacity_provider.this[0].name
   }
 }
 

modules/aws_ecs/workflows_aws_ecs/loadbalancers.tf renamed to modules/aws_ecs/loadbalancers.tf

@@ -46,7 +46,7 @@ resource "aws_lb_target_group" "this" {
     path                = "/api/checkHealth"
     protocol            = "HTTP"
     timeout             = 60
-    healthy_threshold   = 4
+    healthy_threshold   = 3
     unhealthy_threshold = 2
   }
 }

modules/aws_ecs/workflows_aws_ecs/locals.tf renamed to modules/aws_ecs/locals.tf

@@ -48,6 +48,14 @@ resource "aws_ecs_service" "retool" {
     container_name   = "retool"
     container_port   = 3000
   }
+
+  # Need to explictly set this in aws_ecs_service to avoid destructive behavior: https://github.com/hashicorp/terraform-provider-aws/issues/22823
+  capacity_provider_strategy {
+    base              = 1
+    weight            = 100
+    capacity_provider = var.launch_type == "FARGATE" ? "FARGATE" : aws_ecs_capacity_provider.this[0].name
+  }
+
   dynamic "network_configuration" {
     for_each = var.launch_type == "FARGATE" ? toset([1]) : toset([])
 
@@ -66,6 +74,14 @@ resource "aws_ecs_service" "jobs_runner" {
   cluster         = aws_ecs_cluster.this.id
   desired_count   = 1
   task_definition = aws_ecs_task_definition.retool_jobs_runner.arn
+
+  # Need to explictly set this in aws_ecs_service to avoid destructive behavior: https://github.com/hashicorp/terraform-provider-aws/issues/22823
+  capacity_provider_strategy {
+    base              = 1
+    weight            = 100
+    capacity_provider = var.launch_type == "FARGATE" ? "FARGATE" : aws_ecs_capacity_provider.this[0].name
+  }
+
   dynamic "network_configuration" {
 
     for_each = var.launch_type == "FARGATE" ? toset([1]) : toset([])
@@ -87,6 +103,13 @@ resource "aws_ecs_service" "workflows_backend" {
   desired_count   = 1
   task_definition = aws_ecs_task_definition.retool_workflows_backend[0].arn
 
+  # Need to explictly set this in aws_ecs_service to avoid destructive behavior: https://github.com/hashicorp/terraform-provider-aws/issues/22823
+  capacity_provider_strategy {
+    base              = 1
+    weight            = 100
+    capacity_provider = var.launch_type == "FARGATE" ? "FARGATE" : aws_ecs_capacity_provider.this[0].name
+  }
+
   service_registries {
     registry_arn = aws_service_discovery_service.retool_workflow_backend_service[0].arn
   }
@@ -110,6 +133,13 @@ resource "aws_ecs_service" "workflows_worker" {
   cluster         = aws_ecs_cluster.this.id
   desired_count   = 1
   task_definition = aws_ecs_task_definition.retool_workflows_worker[0].arn
+
+  # Need to explictly set this in aws_ecs_service to avoid destructive behavior: https://github.com/hashicorp/terraform-provider-aws/issues/22823
+  capacity_provider_strategy {
+    base              = 1
+    weight            = 100
+    capacity_provider = var.launch_type == "FARGATE" ? "FARGATE" : aws_ecs_capacity_provider.this[0].name
+  }
   dynamic "network_configuration" {
 
     for_each = var.launch_type == "FARGATE" ? toset([1]) : toset([])
@@ -130,16 +160,16 @@ resource "aws_ecs_task_definition" "retool_jobs_runner" {
   execution_role_arn = var.launch_type == "FARGATE" ? aws_iam_role.execution_role[0].arn : null
   requires_compatibilities = var.launch_type == "FARGATE" ? ["FARGATE"] : null
   network_mode  = var.launch_type == "FARGATE" ? "awsvpc" : "bridge"
-  cpu       = var.launch_type == "FARGATE" ? var.ecs_task_cpu : null
-  memory    = var.launch_type == "FARGATE" ? var.ecs_task_memory : null
+  cpu       = var.launch_type == "FARGATE" ? var.ecs_task_resource_map["jobs_runner"]["cpu"] : null
+  memory    = var.launch_type == "FARGATE" ? var.ecs_task_resource_map["jobs_runner"]["memory"] : null
   container_definitions = jsonencode(
     [
       {
         name      = "retool-jobs-runner"
         essential = true
         image     = var.ecs_retool_image
-        cpu       = var.launch_type == "EC2" ? var.ecs_task_cpu : null
-        memory    = var.launch_type == "EC2" ? var.ecs_task_memory : null
+        cpu       = var.launch_type == "EC2" ? var.ecs_task_resource_map["jobs_runner"]["cpu"] : null
+        memory    = var.launch_type == "EC2" ? var.ecs_task_resource_map["jobs_runner"]["memory"] : null
         command = [
           "./docker_scripts/start_api.sh"
         ]
@@ -180,16 +210,16 @@ resource "aws_ecs_task_definition" "retool" {
   execution_role_arn = var.launch_type == "FARGATE" ? aws_iam_role.execution_role[0].arn : null
   requires_compatibilities = var.launch_type == "FARGATE" ? ["FARGATE"] : null
   network_mode  = var.launch_type == "FARGATE" ? "awsvpc" : "bridge"
-  cpu       = var.launch_type == "FARGATE" ? var.ecs_task_cpu : null
-  memory    = var.launch_type == "FARGATE" ? var.ecs_task_memory : null
+  cpu       = var.launch_type == "FARGATE" ? var.ecs_task_resource_map["main"]["cpu"] : null
+  memory    = var.launch_type == "FARGATE" ? var.ecs_task_resource_map["main"]["memory"] : null
   container_definitions = jsonencode(
     [
       {
         name      = "retool"
         essential = true
         image     = var.ecs_retool_image
-        cpu       = var.launch_type == "EC2" ? var.ecs_task_cpu : null
-        memory    = var.launch_type == "EC2" ? var.ecs_task_memory : null
+        cpu       = var.launch_type == "EC2" ? var.ecs_task_resource_map["main"]["cpu"] : null
+        memory    = var.launch_type == "EC2" ? var.ecs_task_resource_map["main"]["memory"] : null
         command = [
           "./docker_scripts/start_api.sh"
         ]
@@ -236,16 +266,16 @@ resource "aws_ecs_task_definition" "retool_workflows_backend" {
   execution_role_arn = var.launch_type == "FARGATE" ? aws_iam_role.execution_role[0].arn : null
   requires_compatibilities = var.launch_type == "FARGATE" ?  ["FARGATE"] : null
   network_mode  = var.launch_type == "FARGATE" ? "awsvpc" : "bridge"
-  cpu       = var.launch_type == "FARGATE" ? var.ecs_task_cpu : null
-  memory    = var.launch_type == "FARGATE" ? var.ecs_task_memory : null
+  cpu       = var.launch_type == "FARGATE" ? var.ecs_task_resource_map["workflows_backend"]["cpu"] : null
+  memory    = var.launch_type == "FARGATE" ? var.ecs_task_resource_map["workflows_backend"]["memory"] : null
   container_definitions = jsonencode(
     [
       {
-        name      = "retool"
+        name      = "retool-workflows-backend"
         essential = true
         image     = var.ecs_retool_image
-        cpu       = var.launch_type == "EC2" ? var.ecs_task_cpu : null
-        memory    = var.launch_type == "EC2" ? var.ecs_task_memory : null
+        cpu       = var.launch_type == "EC2" ? var.ecs_task_resource_map["workflows_backend"]["cpu"] : null
+        memory    = var.launch_type == "EC2" ? var.ecs_task_resource_map["workflows_backend"]["memory"] : null
         command = [
           "./docker_scripts/start_api.sh"
         ]
@@ -291,16 +321,16 @@ resource "aws_ecs_task_definition" "retool_workflows_worker" {
   execution_role_arn = var.launch_type == "FARGATE" ? aws_iam_role.execution_role[0].arn : null
   requires_compatibilities = var.launch_type == "FARGATE" ?  ["FARGATE"] : null
   network_mode  = var.launch_type == "FARGATE" ? "awsvpc" : "bridge"
-  cpu       = var.launch_type == "FARGATE" ? var.ecs_task_cpu : null
-  memory    = var.launch_type == "FARGATE" ? var.ecs_task_memory : null
+  cpu       = var.launch_type == "FARGATE" ? var.ecs_task_resource_map["workflows_worker"]["cpu"] : null
+  memory    = var.launch_type == "FARGATE" ? var.ecs_task_resource_map["workflows_worker"]["memory"] : null
   container_definitions = jsonencode(
     [
       {
-        name      = "retool"
+        name      = "retool-workflows-worker"
         essential = true
         image     = var.ecs_retool_image
-        cpu       = var.launch_type == "EC2" ? var.ecs_task_cpu : null
-        memory    = var.launch_type == "EC2" ? var.ecs_task_memory : null
+        cpu       = var.launch_type == "EC2" ? var.ecs_task_resource_map["workflows_worker"]["cpu"] : null
+        memory    = var.launch_type == "EC2" ? var.ecs_task_resource_map["workflows_worker"]["memory"] : null
         command = [
           "./docker_scripts/start_api.sh"
         ]
@@ -372,7 +402,7 @@ resource "aws_service_discovery_service" "retool_workflow_backend_service" {
 }
 
 module "temporal" {
-  count = var.workflows_enabled ? 1 : 0
+  count = var.workflows_enabled && !var.use_exising_temporal_cluster ? 1 : 0
   source = "./temporal"
 
   deployment_name   = "${var.deployment_name}-temporal"
@@ -384,4 +414,5 @@ module "temporal" {
   aws_ecs_cluster_id = aws_ecs_cluster.this.id
   launch_type = var.launch_type
   container_sg_id = aws_security_group.containers.id
+  aws_ecs_capacity_provider_name = var.launch_type == "EC2" ? aws_ecs_capacity_provider.this[0].name : null
 }

modules/aws_ecs/workflows_aws_ecs/main.tf renamed to modules/aws_ecs/main.tf

@@ -41,6 +41,10 @@ locals {
       {
         "name": "DYNAMIC_CONFIG_FILE_PATH",
         "value": "/etc/temporal/ecs/dynamic_config/dynamicconfig-sql.yaml"
+      },
+      {
+        "name": "ECS_DEPLOYED",
+        "value": "true"
       }
     ]
   )