From 84d0ed4be0fad22af2b0392199de3aaf7a939549 Mon Sep 17 00:00:00 2001 From: Alis Akers Date: Wed, 20 Nov 2024 14:40:35 -0800 Subject: [PATCH] update with example of getting a cert to use --- terraform/implementation/ecs/SERVICEDATA.md | 170 -------------------- terraform/implementation/ecs/main.tf | 35 +++- 2 files changed, 30 insertions(+), 175 deletions(-) delete mode 100644 terraform/implementation/ecs/SERVICEDATA.md diff --git a/terraform/implementation/ecs/SERVICEDATA.md b/terraform/implementation/ecs/SERVICEDATA.md deleted file mode 100644 index a28d0ea..0000000 --- a/terraform/implementation/ecs/SERVICEDATA.md +++ /dev/null @@ -1,170 +0,0 @@ -# Integrated ecr-viewer - -```hcl -service_data = { - ecr-viewer = { - short_name = "ecrv", - fargate_cpu = 1024, - fargate_memory = 2048, - min_capacity = 1 - max_capacity = 5 - app_image = var.disable_ecr == false ? "${terraform.workspace}-ecr-viewer" : "ecr-viewer", - app_version = var.phdi_version, - container_port = 3000, - host_port = 3000, - public = true - registry_url = local.registry_url - env_vars = [ - { - name = "AWS_REGION", - value = var.region - }, - { - name = "ECR_BUCKET_NAME", - value = local.s3_viewer_bucket_name - }, - { - name = "HOSTNAME", - value = "0.0.0.0" - }, - { - name = "NEXT_PUBLIC_NON_INTEGRATED_VIEWER", - value = var.non_integrated_viewer - }, - { - name = "SOURCE", - value = "s3" - }, - { - name = "APP_ENV", - value = var.ecr_viewer_app_env - }, - { - name = "NBS_PUB_KEY", - value = var.ecr_viewer_auth_pub_key - }, - { - name = "NEXT_PUBLIC_BASEPATH", - value = var.ecr_viewer_basepath - } - ] - }, - fhir-converter = { - short_name = "fhirc", - fargate_cpu = 1024, - fargate_memory = 2048, - min_capacity = 1 - max_capacity = 5 - app_image = var.disable_ecr == false ? "${terraform.workspace}-fhir-converter" : "fhir-converter", - app_version = var.phdi_version, - container_port = 8080, - host_port = 8080, - public = false - registry_url = local.registry_url - env_vars = [] - }, - ingestion = { - short_name = "inge", - fargate_cpu = 1024, - fargate_memory = 2048, - min_capacity = 1 - max_capacity = 5 - app_image = var.disable_ecr == false ? "${terraform.workspace}-ingestion" : "ingestion", - app_version = var.phdi_version, - container_port = 8080, - host_port = 8080, - public = false - registry_url = local.registry_url - env_vars = [] - }, - validation = { - short_name = "vali", - fargate_cpu = 1024, - fargate_memory = 2048, - min_capacity = 1 - max_capacity = 5 - app_image = var.disable_ecr == false ? "${terraform.workspace}-validation" : "validation", - app_version = var.phdi_version, - container_port = 8080, - host_port = 8080, - public = false - registry_url = local.registry_url - env_vars = [] - }, - trigger-code-reference = { - short_name = "trigcr", - fargate_cpu = 1024, - fargate_memory = 2048, - min_capacity = 1 - max_capacity = 5 - app_image = var.disable_ecr == false ? "${terraform.workspace}-trigger-code-reference" : "trigger-code-reference", - app_version = var.phdi_version, - container_port = 8080, - host_port = 8080, - public = false - registry_url = local.registry_url - env_vars = [] - }, - message-parser = { - short_name = "msgp", - fargate_cpu = 1024, - fargate_memory = 2048, - min_capacity = 1 - max_capacity = 5 - app_image = var.disable_ecr == false ? "${terraform.workspace}-message-parser" : "message-parser", - app_version = var.phdi_version, - container_port = 8080, - host_port = 8080, - public = false - registry_url = local.registry_url - env_vars = [] - }, - orchestration = { - short_name = "orch", - fargate_cpu = 1024, - fargate_memory = 2048, - min_capacity = 1 - max_capacity = 5 - app_image = var.disable_ecr == false ? "${terraform.workspace}-orchestration" : "orchestration", - app_version = var.phdi_version, - container_port = 8080, - host_port = 8080, - public = true - registry_url = local.registry_url - env_vars = [ - { - name = "OTEL_METRICS", - value = "none" - }, - { - name = "OTEL_METRICS_EXPORTER", - value = "none" - }, - { - name = "INGESTION_URL", - value = "http://ingestion:8080" - }, - { - name = "VALIDATION_URL", - value = "http://validation:8080" - }, - { - name = "FHIR_CONVERTER_URL", - value = "http://fhir-converter:8080" - }, - { - name = "ECR_VIEWER_URL", - value = "http://ecr-viewer:3000${var.ecr_viewer_basepath}" - }, - { - name = "MESSAGE_PARSER_URL", - value = "http://message-parser:8080" - }, - { - name = "TRIGGER_CODE_REFERENCE_URL", - value = "http://trigger-code-reference:8080" - } - ] - } -} -``` \ No newline at end of file diff --git a/terraform/implementation/ecs/main.tf b/terraform/implementation/ecs/main.tf index a42cea0..2eeb2f5 100644 --- a/terraform/implementation/ecs/main.tf +++ b/terraform/implementation/ecs/main.tf @@ -1,3 +1,9 @@ +data "aws_acm_certificate" "this" { + domain = "streamline.dibbs.cloud" + types = ["AMAZON_ISSUED"] # or ["ISSUED"] or ["PRIVATE"] + statuses = ["ISSUED"] +} + module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "5.16.0" @@ -15,8 +21,9 @@ module "vpc" { } module "ecs" { - source = "CDCgov/dibbs-ecr-viewer/aws" - version = "0.1.2" + # source = "CDCgov/dibbs-ecr-viewer/aws" + # version = "0.1.2" + source = "../../../../terraform-aws-dibbs-ecr-viewer" public_subnet_ids = flatten(module.vpc.public_subnets) private_subnet_ids = flatten(module.vpc.private_subnets) @@ -31,13 +38,31 @@ module "ecs" { # If intent is to pull from the phdi GHCR, set disable_ecr to true (default is false) # disable_ecr = true - # If intent is to use the non-integrated viewer, set non_integrated_viewer to "true" (default is false) - # non_integrated_viewer = "true" - # If the intent is to make the ecr-viewer availabble on the public internet, set internal to false (default is true) # This requires an internet gateway to be present in the VPC. internal = var.internal + # If the intent is to use a custom domain, set certificate_domain to the domain name (default is "") + certificate_arn = data.aws_acm_certificate.this.arn + # If the intent is to disable authentication, set ecr_viewer_app_env to "test" (default is "prod") # ecr_viewer_app_env = "test" + + # If intent is to use a metadata database for polutating the ecr-viewer library, setup the database data object to connect to the database (supported databases are postgres and sqlserver) + # Postgresql database example + # postgres_database_data = { + # non_integrated_viewer = "true" + # metadata_database_type = "postgres" + # metadata_database_schema = "core" # (core or extended) + # secrets_manager_postgres_database_url_arn = "arn:aws:secretsmanager:us-east-1:123456789012:secret:my-secret-1a2b3c" + # } + # SqlServer database example + # sqlserver_database_data = { + # non_integrated_viewer = "true" + # metadata_database_type = "sqlserver" + # metadata_database_schema = "core" # (core or extended) + # secrets_manager_sqlserver_user_arn = "arn:aws:secretsmanager:us-east-1:123456789012:secret:my-secret" + # secrets_manager_sqlserver_password_arn = "arn:aws:secretsmanager:us-east-1:123456789012:secret:my-secret" + # secrets_manager_sqlserver_host_arn = "arn:aws:secretsmanager:us-east-1:123456789012:secret:my-secret" + # } }