fix: ECS rollout (#159)

* fix: remove unused database subnets and are causing ECS task rollout delays * fix: revert at-most-one replica guarantee introduced in 135c0df and 4ccc1af * fix: terraform fmt
WalletConnect · Oct 30, 2023 · f77049e · f77049e
1 parent f9c76bd
commit f77049e
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 20 deletions.
diff --git a/terraform/ecs/README.md b/terraform/ecs/README.md
@@ -45,7 +45,6 @@ This module creates an ECS cluster and an autoscaling group of EC2 instances to
 | <a name="input_cloudwatch_logs_key_arn"></a> [cloudwatch\_logs\_key\_arn](#input\_cloudwatch\_logs\_key\_arn) | The ARN of the KMS key to use for encrypting CloudWatch logs |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_cloudwatch_retention_in_days"></a> [cloudwatch\_retention\_in\_days](#input\_cloudwatch\_retention\_in\_days) | The number of days to retain CloudWatch logs for the DB instance |  <pre lang="json">number</pre> |  <pre lang="json">14</pre> |  no |
 | <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes and tags, which are merged. |  <pre lang="json">any</pre> |  <pre lang="json">n/a</pre> |  yes |
-| <a name="input_database_subnets"></a> [database\_subnets](#input\_database\_subnets) | The IDs of the database subnets |  <pre lang="json">list(string)</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_docdb_url"></a> [docdb\_url](#input\_docdb\_url) | The connection URL for the MongoDB instance |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_ecr_repository_url"></a> [ecr\_repository\_url](#input\_ecr\_repository\_url) | The URL of the ECR repository where the app image is stored |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_geoip_db_bucket_name"></a> [geoip\_db\_bucket\_name](#input\_geoip\_db\_bucket\_name) | The name of the S3 bucket where the GeoIP database is stored |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |

diff --git a/terraform/ecs/cluster.tf b/terraform/ecs/cluster.tf
@@ -165,20 +165,18 @@ resource "aws_ecs_task_definition" "app_task" {
 # ECS Service
 
 resource "aws_ecs_service" "app_service" {
-  name                               = "${module.this.id}-service"
-  cluster                            = aws_ecs_cluster.app_cluster.id
-  task_definition                    = aws_ecs_task_definition.app_task.arn
-  launch_type                        = "FARGATE"
-  desired_count                      = var.autoscaling_desired_count
-  deployment_maximum_percent         = 100 # guarantee no more than desired_count tasks are running at a time
-  deployment_minimum_healthy_percent = 0   # Fix "Both maximumPercent and minimumHealthyPercent cannot be 100 as this will block deployments."
-  propagate_tags                     = "TASK_DEFINITION"
+  name            = "${module.this.id}-service"
+  cluster         = aws_ecs_cluster.app_cluster.id
+  task_definition = aws_ecs_task_definition.app_task.arn
+  launch_type     = "FARGATE"
+  desired_count   = var.autoscaling_desired_count
+  propagate_tags  = "TASK_DEFINITION"
 
   # Wait for the service deployment to succeed
   wait_for_steady_state = true
 
   network_configuration {
-    subnets          = concat(var.database_subnets, var.private_subnets)
+    subnets          = var.private_subnets
     assign_public_ip = false
     security_groups  = [aws_security_group.app_ingress.id]
   }

diff --git a/terraform/ecs/variables.tf b/terraform/ecs/variables.tf
@@ -86,11 +86,6 @@ variable "private_subnets" {
   type        = list(string)
 }
 
-variable "database_subnets" {
-  description = "The IDs of the database subnets"
-  type        = list(string)
-}
-
 variable "allowed_app_ingress_cidr_blocks" {
   description = "A list of CIDR blocks to allow ingress access to the application."
   type        = string

diff --git a/terraform/res_application.tf b/terraform/res_application.tf
@@ -50,7 +50,6 @@ module "ecs" {
   vpc_id                          = module.vpc.vpc_id
   public_subnets                  = module.vpc.public_subnets
   private_subnets                 = module.vpc.private_subnets
-  database_subnets                = module.vpc.database_subnets
   allowed_app_ingress_cidr_blocks = module.vpc.vpc_cidr_block
   allowed_lb_ingress_cidr_blocks  = module.vpc.vpc_cidr_block
 

diff --git a/terraform/res_network.tf b/terraform/res_network.tf
@@ -27,10 +27,9 @@ module "vpc" {
   cidr = local.vpc_cidr
   azs  = local.vpc_azs
 
-  database_subnets = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k)]
-  intra_subnets    = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
-  public_subnets   = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 8)]
-  private_subnets  = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 12)]
+  intra_subnets   = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
+  public_subnets  = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 8)]
+  private_subnets = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 12)]
 
   enable_dns_support     = true
   enable_dns_hostnames   = true