From 28dd0f64c2f7b24f9eb3994cd49fc02dd267316a Mon Sep 17 00:00:00 2001
From: Chris Smith <chris@walletconnect.com>
Date: Fri, 27 Oct 2023 11:12:15 -0400
Subject: [PATCH 1/3] fix: remove unused database subnets and are causing ECS
 task rollout delays

---
 terraform/ecs/README.md      | 1 -
 terraform/ecs/cluster.tf     | 2 +-
 terraform/ecs/variables.tf   | 5 -----
 terraform/res_application.tf | 1 -
 terraform/res_network.tf     | 1 -
 5 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/terraform/ecs/README.md b/terraform/ecs/README.md
index 3de3a5ac..207f50dd 100644
--- a/terraform/ecs/README.md
+++ b/terraform/ecs/README.md
@@ -45,7 +45,6 @@ This module creates an ECS cluster and an autoscaling group of EC2 instances to
 | <a name="input_cloudwatch_logs_key_arn"></a> [cloudwatch\_logs\_key\_arn](#input\_cloudwatch\_logs\_key\_arn) | The ARN of the KMS key to use for encrypting CloudWatch logs |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_cloudwatch_retention_in_days"></a> [cloudwatch\_retention\_in\_days](#input\_cloudwatch\_retention\_in\_days) | The number of days to retain CloudWatch logs for the DB instance |  <pre lang="json">number</pre> |  <pre lang="json">14</pre> |  no |
 | <a name="input_context"></a> [context](#input\_context) | Single object for setting entire context at once.<br>See description of individual variables for details.<br>Leave string and numeric variables as `null` to use default value.<br>Individual variable settings (non-null) override settings in context object,<br>except for attributes and tags, which are merged. |  <pre lang="json">any</pre> |  <pre lang="json">n/a</pre> |  yes |
-| <a name="input_database_subnets"></a> [database\_subnets](#input\_database\_subnets) | The IDs of the database subnets |  <pre lang="json">list(string)</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_docdb_url"></a> [docdb\_url](#input\_docdb\_url) | The connection URL for the MongoDB instance |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_ecr_repository_url"></a> [ecr\_repository\_url](#input\_ecr\_repository\_url) | The URL of the ECR repository where the app image is stored |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
 | <a name="input_geoip_db_bucket_name"></a> [geoip\_db\_bucket\_name](#input\_geoip\_db\_bucket\_name) | The name of the S3 bucket where the GeoIP database is stored |  <pre lang="json">string</pre> |  <pre lang="json">n/a</pre> |  yes |
diff --git a/terraform/ecs/cluster.tf b/terraform/ecs/cluster.tf
index 1916c8cd..797a9d1b 100644
--- a/terraform/ecs/cluster.tf
+++ b/terraform/ecs/cluster.tf
@@ -178,7 +178,7 @@ resource "aws_ecs_service" "app_service" {
   wait_for_steady_state = true
 
   network_configuration {
-    subnets          = concat(var.database_subnets, var.private_subnets)
+    subnets          = var.private_subnets
     assign_public_ip = false
     security_groups  = [aws_security_group.app_ingress.id]
   }
diff --git a/terraform/ecs/variables.tf b/terraform/ecs/variables.tf
index 2354fc00..6a8d919d 100644
--- a/terraform/ecs/variables.tf
+++ b/terraform/ecs/variables.tf
@@ -86,11 +86,6 @@ variable "private_subnets" {
   type        = list(string)
 }
 
-variable "database_subnets" {
-  description = "The IDs of the database subnets"
-  type        = list(string)
-}
-
 variable "allowed_app_ingress_cidr_blocks" {
   description = "A list of CIDR blocks to allow ingress access to the application."
   type        = string
diff --git a/terraform/res_application.tf b/terraform/res_application.tf
index 7f12e89a..6cd7a5d8 100644
--- a/terraform/res_application.tf
+++ b/terraform/res_application.tf
@@ -50,7 +50,6 @@ module "ecs" {
   vpc_id                          = module.vpc.vpc_id
   public_subnets                  = module.vpc.public_subnets
   private_subnets                 = module.vpc.private_subnets
-  database_subnets                = module.vpc.database_subnets
   allowed_app_ingress_cidr_blocks = module.vpc.vpc_cidr_block
   allowed_lb_ingress_cidr_blocks  = module.vpc.vpc_cidr_block
 
diff --git a/terraform/res_network.tf b/terraform/res_network.tf
index c9eabfeb..a3491f3c 100644
--- a/terraform/res_network.tf
+++ b/terraform/res_network.tf
@@ -27,7 +27,6 @@ module "vpc" {
   cidr = local.vpc_cidr
   azs  = local.vpc_azs
 
-  database_subnets = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k)]
   intra_subnets    = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
   public_subnets   = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 8)]
   private_subnets  = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 12)]

From ea80871dc5336d5c522e56cad1094fa8fe420aed Mon Sep 17 00:00:00 2001
From: Chris Smith <chris@walletconnect.com>
Date: Fri, 27 Oct 2023 11:14:31 -0400
Subject: [PATCH 2/3] fix: revert at-most-one replica guarantee introduced in
 135c0df and 4ccc1af

---
 terraform/ecs/cluster.tf | 2 --
 1 file changed, 2 deletions(-)

diff --git a/terraform/ecs/cluster.tf b/terraform/ecs/cluster.tf
index 797a9d1b..1d95a49f 100644
--- a/terraform/ecs/cluster.tf
+++ b/terraform/ecs/cluster.tf
@@ -170,8 +170,6 @@ resource "aws_ecs_service" "app_service" {
   task_definition                    = aws_ecs_task_definition.app_task.arn
   launch_type                        = "FARGATE"
   desired_count                      = var.autoscaling_desired_count
-  deployment_maximum_percent         = 100 # guarantee no more than desired_count tasks are running at a time
-  deployment_minimum_healthy_percent = 0   # Fix "Both maximumPercent and minimumHealthyPercent cannot be 100 as this will block deployments."
   propagate_tags                     = "TASK_DEFINITION"
 
   # Wait for the service deployment to succeed

From 6d344a574da6f50408589731997049da6449f5be Mon Sep 17 00:00:00 2001
From: Chris Smith <chris@walletconnect.com>
Date: Fri, 27 Oct 2023 11:31:21 -0400
Subject: [PATCH 3/3] fix: terraform fmt

---
 terraform/ecs/cluster.tf | 12 ++++++------
 terraform/res_network.tf |  6 +++---
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/terraform/ecs/cluster.tf b/terraform/ecs/cluster.tf
index 1d95a49f..a250d5a6 100644
--- a/terraform/ecs/cluster.tf
+++ b/terraform/ecs/cluster.tf
@@ -165,12 +165,12 @@ resource "aws_ecs_task_definition" "app_task" {
 # ECS Service
 
 resource "aws_ecs_service" "app_service" {
-  name                               = "${module.this.id}-service"
-  cluster                            = aws_ecs_cluster.app_cluster.id
-  task_definition                    = aws_ecs_task_definition.app_task.arn
-  launch_type                        = "FARGATE"
-  desired_count                      = var.autoscaling_desired_count
-  propagate_tags                     = "TASK_DEFINITION"
+  name            = "${module.this.id}-service"
+  cluster         = aws_ecs_cluster.app_cluster.id
+  task_definition = aws_ecs_task_definition.app_task.arn
+  launch_type     = "FARGATE"
+  desired_count   = var.autoscaling_desired_count
+  propagate_tags  = "TASK_DEFINITION"
 
   # Wait for the service deployment to succeed
   wait_for_steady_state = true
diff --git a/terraform/res_network.tf b/terraform/res_network.tf
index a3491f3c..d44e44f8 100644
--- a/terraform/res_network.tf
+++ b/terraform/res_network.tf
@@ -27,9 +27,9 @@ module "vpc" {
   cidr = local.vpc_cidr
   azs  = local.vpc_azs
 
-  intra_subnets    = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
-  public_subnets   = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 8)]
-  private_subnets  = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 12)]
+  intra_subnets   = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 4)]
+  public_subnets  = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 8)]
+  private_subnets = [for k, v in local.vpc_azs : cidrsubnet(local.vpc_cidr, 8, k + 12)]
 
   enable_dns_support     = true
   enable_dns_hostnames   = true