diff --git a/.github/actions/setup-opentofu/action.yaml b/.github/actions/setup-opentofu/action.yaml new file mode 100644 index 0000000..b3bbdef --- /dev/null +++ b/.github/actions/setup-opentofu/action.yaml @@ -0,0 +1,47 @@ +name: Setup OpenTofu +description: Sets up OpenTofu and related environment variables +inputs: + config: + description: OpenTofu configuration to initialize. + required: true + default: service +runs: + using: composite + steps: + - name: Cache OpenTofu + uses: actions/cache@v4 + with: + path: ./tofu/config/${{ inputs.config }}/.terraform + key: ${{ runner.os }}-tofu-${{ hashFiles('./tofu/config/${{ inputs.config }}/.terraform.lock.hcl') }} + restore-keys: | + ${{ runner.os }}-tofu- + - name: Setup OpenTofu + uses: opentofu/setup-opentofu@v1 + with: + tofu_wrapper: false + - name: Display OpenTofu version + shell: bash + run: tofu version + - name: Set optional variables + shell: bash + run: | + variables=( + "apply_database_updates_immediately" "consumer_container_count" + "consumer_cpu" "consumer_memory" "database_instance_count" + "database_skip_final_snapshot" "deletion_protection" + "deployment_environments" "environment" "export_expiration" + "image_tags_mutable" "key_recovery_period" "program" "project" "repository" + ) + for var in ${variables[@]}; do + name="TF_VAR_$(echo $var | tr '[:lower:]' '[:upper:]')" + if [ -n "${!name}" ]; then + echo "Setting TF_VAR_$var" + echo "TF_VAR_$var=${!name}" >> $GITHUB_ENV + else + echo "$name is not set" + fi + done + - name: Initialize OpenTofu + shell: bash + working-directory: ./tofu/config/${{ inputs.config }} + run: tofu init diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 78c38c8..ec73d24 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -80,55 +80,35 @@ jobs: aws-region: ${{ secrets.AWS_REGION || 'us-west-1' }} role-to-assume: ${{ secrets.AWS_ROLE_ARN }} role-session-name: GitHub_to_AWS_via_FederatedOIDC - - name: Setup OpenTofu - uses: opentofu/setup-opentofu@v1 - with: - tofu_wrapper: false - - name: Display OpenTofu version - run: tofu version - - name: Set optional variables - env: - # For any of these that have a value, the corresponding TF_VAR_* - # environment variable will be set. - APPLY_DATABASE_UPDATES_IMMEDIATELY: ${{ secrets.TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY }} - TF_VAR_CONSUMER_CONTAINER_COUNT: ${{ secrets.TF_VAR_CONSUMER_CONTAINER_COUNT }} - CONSUMER_CPU: ${{ secrets.TF_VAR_CONSUMER_CPU }} - CONSUMER_MEMORY: ${{ secrets.TF_VAR_CONSUMER_MEMORY }} - DATABASE_SKIP_FINAL_SNAPSHOT: ${{ secrets.TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT }} - DELETION_PROTECTION: ${{ secrets.TF_VAR_DELETION_PROTECTION }} - DEPLOYMENT_ENVIRONMENTS: ${{ secrets.TF_VAR_DEPLOYMENT_ENVIRONMENTS }} - ENVIRONMENT: ${{ secrets.TF_VAR_ENVIRONMENT }} - EXPORT_EXPIRATION: ${{ secrets.TF_VAR_EXPORT_EXPIRATION }} - IMAGE_TAGS_MUTABLE: ${{ secrets.TF_VAR_IMAGE_TAGS_MUTABLE }} - KEY_RECOVERY_PERIOD: ${{ secrets.TF_VAR_KEY_RECOVERY_PERIOD }} - PROGRAM: ${{ secrets.TF_VAR_PROGRAM }} - PROJECT: ${{ secrets.TF_VAR_PROJECT }} - REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }} - run: | - variables=( - "apply_database_updates_immediately" "consumer_container_count" - "consumer_cpu" "consumer_memory" "database_skip_final_snapshot" - "deletion_protection" "deployment_environments" "environment" - "export_expiration" "image_tags_mutable" "key_recovery_period" - "program" "project" "repository" - ) - for var in ${variables[@]}; do - name="$(echo $var | tr '[:lower:]' '[:upper:]')" - if [ -n "${!name}" ]; then - echo "Setting TF_VAR_$var" - echo "TF_VAR_$var=${!name}" >> $GITHUB_ENV - else - echo "$name is not set" - fi - done - name: Download plan file uses: actions/download-artifact@v4 with: name: ${{ inputs.config }}-tfplan path: ./tofu/config/${{ inputs.config }} - - name: Initialize OpenTofu - working-directory: ./tofu/config/${{ inputs.config }} - run: tofu init + - name: Setup OpenTofu + uses: ./.github/actions/setup-opentofu + env: + TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY: ${{ secrets.TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY }} + TF_VAR_CONSUMER_CONTAINER_COUNT: ${{ secrets.TF_VAR_CONSUMER_CONTAINER_COUNT }} + TF_VAR_CONSUMER_CPU: ${{ secrets.TF_VAR_CONSUMER_CPU }} + TF_VAR_CONSUMER_MEMORY: ${{ secrets.TF_VAR_CONSUMER_MEMORY }} + TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT: ${{ secrets.TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT }} + TF_VAR_DATABASE_INSTANCE_COUNT: ${{ secrets.TF_VAR_DATABASE_INSTANCE_COUNT }} + TF_VAR_DELETION_PROTECTION: ${{ secrets.TF_VAR_DELETION_PROTECTION }} + TF_VAR_DEPLOYMENT_ENVIRONMENTS: ${{ secrets.TF_VAR_DEPLOYMENT_ENVIRONMENTS }} + TF_VAR_ENVIRONMENT: ${{ inputs.environment }} + TF_VAR_EXPORT_EXPIRATION: ${{ secrets.TF_VAR_EXPORT_EXPIRATION }} + TF_VAR_IMAGE_TAGS_MUTABLE: ${{ secrets.TF_VAR_IMAGE_TAGS_MUTABLE }} + TF_VAR_KEY_RECOVERY_PERIOD: ${{ secrets.TF_VAR_KEY_RECOVERY_PERIOD }} + TF_VAR_PROJECT: ${{ secrets.TF_VAR_PROJECT }} + TF_VAR_PROGRAM: ${{ secrets.TF_VAR_PROGRAM }} + TF_VAR_REPO_OIDC_ARN: ${{ secrets.TF_VAR_REPO_OIDC_ARN }} + TF_VAR_REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }} + TF_VAR_VPC_CIDR: ${{ secrets.TF_VAR_VPC_CIDR }} + TF_VAR_VPC_PRIVATE_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PRIVATE_SUBNET_CIDRS }} + TF_VAR_VPC_PUBLIC_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PUBLIC_SUBNET_CIDRS }} + with: + config: ${{ inputs.config }} - name: Deploy changes working-directory: ./tofu/config/${{ inputs.config }} run: tofu apply tfplan diff --git a/.github/workflows/launch-tools.yaml b/.github/workflows/launch-tools.yaml new file mode 100644 index 0000000..cebaff9 --- /dev/null +++ b/.github/workflows/launch-tools.yaml @@ -0,0 +1,110 @@ +name: Launch tools container + +on: + workflow_dispatch: + inputs: + environment: + description: Environment to destroy. + default: development + required: true + type: environment + command: + description: | + Command to run in the tools container in the CMD format: executable, + param1, param2, ... + default: "echo,hello world" + required: true + type: string + +permissions: + contents: read + id-token: write + +jobs: + launch: + name: Launch tools container in ${{ inputs.environment }} + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + env: + # Set required variables. + TF_VAR_repo_oidc_arn: ${{ secrets.TF_VAR_REPO_OIDC_ARN }} + TF_VAR_vpc_cidr: ${{ secrets.TF_VAR_VPC_CIDR }} + TF_VAR_vpc_private_subnet_cidrs: ${{ secrets.TF_VAR_VPC_PRIVATE_SUBNET_CIDRS }} + TF_VAR_vpc_public_subnet_cidrs: ${{ secrets.TF_VAR_VPC_PUBLIC_SUBNET_CIDRS }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Set up AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ secrets.AWS_REGION || 'us-west-1' }} + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + role-session-name: GitHub_to_AWS_via_FederatedOIDC + - name: Setup OpenTofu + uses: ./.github/actions/setup-opentofu + env: + TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY: ${{ secrets.TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY }} + TF_VAR_CONSUMER_CONTAINER_COUNT: ${{ secrets.TF_VAR_CONSUMER_CONTAINER_COUNT }} + TF_VAR_CONSUMER_CPU: ${{ secrets.TF_VAR_CONSUMER_CPU }} + TF_VAR_CONSUMER_MEMORY: ${{ secrets.TF_VAR_CONSUMER_MEMORY }} + TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT: ${{ secrets.TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT }} + TF_VAR_DATABASE_INSTANCE_COUNT: ${{ secrets.TF_VAR_DATABASE_INSTANCE_COUNT }} + TF_VAR_DELETION_PROTECTION: ${{ secrets.TF_VAR_DELETION_PROTECTION }} + TF_VAR_DEPLOYMENT_ENVIRONMENTS: ${{ secrets.TF_VAR_DEPLOYMENT_ENVIRONMENTS }} + TF_VAR_ENVIRONMENT: ${{ inputs.environment }} + TF_VAR_EXPORT_EXPIRATION: ${{ secrets.TF_VAR_EXPORT_EXPIRATION }} + TF_VAR_IMAGE_TAGS_MUTABLE: ${{ secrets.TF_VAR_IMAGE_TAGS_MUTABLE }} + TF_VAR_KEY_RECOVERY_PERIOD: ${{ secrets.TF_VAR_KEY_RECOVERY_PERIOD }} + TF_VAR_PROJECT: ${{ secrets.TF_VAR_PROJECT }} + TF_VAR_PROGRAM: ${{ secrets.TF_VAR_PROGRAM }} + TF_VAR_REPO_OIDC_ARN: ${{ secrets.TF_VAR_REPO_OIDC_ARN }} + TF_VAR_REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }} + TF_VAR_VPC_CIDR: ${{ secrets.TF_VAR_VPC_CIDR }} + TF_VAR_VPC_PRIVATE_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PRIVATE_SUBNET_CIDRS }} + TF_VAR_VPC_PUBLIC_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PUBLIC_SUBNET_CIDRS }} + with: + config: service + - name: Get OpenTofu outputs + id: outputs + working-directory: ./tofu/config/service + run: | + OUTPUTS=$(tofu output -json | jq -c) + echo "OUTPUTS=$OUTPUTS" + echo "outputs=$OUTPUTS" >> $GITHUB_OUTPUT + - name: Parse subnets + id: subnets + env: + SUBNETS: ${{ toJson(fromJson(steps.outputs.outputs.outputs).container_subnets.value) }} + run: | + SUBNET_STRING=$(echo "$SUBNETS" | jq -r '.[]') + echo "subnets<> $GITHUB_OUTPUT + echo "$SUBNET_STRING" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + - name: Parse command + id: command + env: + COMMAND: ${{ inputs.command }} + run: | + IFS=',' read -ra parts <<< "$COMMAND" + COMMAND_STRING=$(printf "%s\n" "${parts[@]}") + echo "command<> $GITHUB_OUTPUT + echo "$COMMAND_STRING" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + - name: Launch container + id: run-task + uses: geekcell/github-action-aws-ecs-run-task@v5 + with: + cluster: ${{ secrets.TF_VAR_PROJECT }}-${{ secrets.TF_VAR_ENVIRONMENT }} + task-definition: ${{ secrets.TF_VAR_PROJECT }}-${{ secrets.TF_VAR_ENVIRONMENT }}-tools + override-container: ${{ secrets.TF_VAR_PROJECT }}-${{ secrets.TF_VAR_ENVIRONMENT }}-tools + assign-public-ip: DISABLED + tail-logs: true + task-wait-until-stopped: true + # The block style indicator (|) is necessary to tell YAML to preserve + # newlines. + override-container-command: | + ${{ steps.command.outputs.command }} + subnet-ids: | + ${{ steps.subnets.outputs.subnets }} + security-group-ids: | + ${{ fromJson(steps.outputs.outputs.outputs).task_security_group_id.value }} diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 3a1a835..b09c244 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -68,6 +68,10 @@ on: default: development required: true type: environment + image_tag: + description: (Optional) Image tag to use for the OpenTofu containers. Defaults to latest SHA. + required: false + type: string permissions: contents: read @@ -95,49 +99,29 @@ jobs: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} role-session-name: GitHub_to_AWS_via_FederatedOIDC - name: Setup OpenTofu - uses: opentofu/setup-opentofu@v1 - with: - tofu_wrapper: false - - name: Display OpenTofu version - run: tofu version - - name: Set optional variables + uses: ./.github/actions/setup-opentofu env: - # For any of these that have a value, the corresponding TF_VAR_* - # environment variable will be set. - APPLY_DATABASE_UPDATES_IMMEDIATELY: ${{ secrets.TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY }} + TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY: ${{ secrets.TF_VAR_APPLY_DATABASE_UPDATES_IMMEDIATELY }} TF_VAR_CONSUMER_CONTAINER_COUNT: ${{ secrets.TF_VAR_CONSUMER_CONTAINER_COUNT }} - CONSUMER_CPU: ${{ secrets.TF_VAR_CONSUMER_CPU }} - CONSUMER_MEMORY: ${{ secrets.TF_VAR_CONSUMER_MEMORY }} - DATABASE_SKIP_FINAL_SNAPSHOT: ${{ secrets.TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT }} - DELETION_PROTECTION: ${{ secrets.TF_VAR_DELETION_PROTECTION }} - DEPLOYMENT_ENVIRONMENTS: ${{ secrets.TF_VAR_DEPLOYMENT_ENVIRONMENTS }} - ENVIRONMENT: ${{ secrets.TF_VAR_ENVIRONMENT }} - EXPORT_EXPIRATION: ${{ secrets.TF_VAR_EXPORT_EXPIRATION }} - IMAGE_TAGS_MUTABLE: ${{ secrets.TF_VAR_IMAGE_TAGS_MUTABLE }} - KEY_RECOVERY_PERIOD: ${{ secrets.TF_VAR_KEY_RECOVERY_PERIOD }} - PROGRAM: ${{ secrets.TF_VAR_PROGRAM }} - PROJECT: ${{ secrets.TF_VAR_PROJECT }} - REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }} - run: | - variables=( - "apply_database_updates_immediately" "consumer_container_count" - "consumer_cpu" "consumer_memory" "database_skip_final_snapshot" - "deletion_protection" "deployment_environments" "environment" - "export_expiration" "image_tags_mutable" "key_recovery_period" - "program" "project" "repository" - ) - for var in ${variables[@]}; do - name="$(echo $var | tr '[:lower:]' '[:upper:]')" - if [ -n "${!name}" ]; then - echo "Setting TF_VAR_$var" - echo "TF_VAR_$var=${!name}" >> $GITHUB_ENV - else - echo "$name is not set" - fi - done - - name: Initialize OpenTofu - working-directory: ./tofu/config/${{ inputs.config }} - run: tofu init + TF_VAR_CONSUMER_CPU: ${{ secrets.TF_VAR_CONSUMER_CPU }} + TF_VAR_CONSUMER_MEMORY: ${{ secrets.TF_VAR_CONSUMER_MEMORY }} + TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT: ${{ secrets.TF_VAR_DATABASE_SKIP_FINAL_SNAPSHOT }} + TF_VAR_DATABASE_INSTANCE_COUNT: ${{ secrets.TF_VAR_DATABASE_INSTANCE_COUNT }} + TF_VAR_DELETION_PROTECTION: ${{ secrets.TF_VAR_DELETION_PROTECTION }} + TF_VAR_DEPLOYMENT_ENVIRONMENTS: ${{ secrets.TF_VAR_DEPLOYMENT_ENVIRONMENTS }} + TF_VAR_ENVIRONMENT: ${{ inputs.environment }} + TF_VAR_EXPORT_EXPIRATION: ${{ secrets.TF_VAR_EXPORT_EXPIRATION }} + TF_VAR_IMAGE_TAGS_MUTABLE: ${{ secrets.TF_VAR_IMAGE_TAGS_MUTABLE }} + TF_VAR_KEY_RECOVERY_PERIOD: ${{ secrets.TF_VAR_KEY_RECOVERY_PERIOD }} + TF_VAR_PROJECT: ${{ secrets.TF_VAR_PROJECT }} + TF_VAR_PROGRAM: ${{ secrets.TF_VAR_PROGRAM }} + TF_VAR_REPO_OIDC_ARN: ${{ secrets.TF_VAR_REPO_OIDC_ARN }} + TF_VAR_REPOSITORY: ${{ secrets.TF_VAR_REPOSITORY }} + TF_VAR_VPC_CIDR: ${{ secrets.TF_VAR_VPC_CIDR }} + TF_VAR_VPC_PRIVATE_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PRIVATE_SUBNET_CIDRS }} + TF_VAR_VPC_PUBLIC_SUBNET_CIDRS: ${{ secrets.TF_VAR_VPC_PUBLIC_SUBNET_CIDRS }} + with: + config: ${{ inputs.config }} - name: Plan changes working-directory: ./tofu/config/${{ inputs.config }} run: tofu plan -concise -no-color -out tfplan > plan.txt diff --git a/tofu/config/service/.terraform.lock.hcl b/tofu/config/service/.terraform.lock.hcl index a8e556c..967a113 100644 --- a/tofu/config/service/.terraform.lock.hcl +++ b/tofu/config/service/.terraform.lock.hcl @@ -19,22 +19,22 @@ provider "registry.opentofu.org/hashicorp/aws" { } provider "registry.opentofu.org/kreuzwerker/docker" { - version = "3.6.2" - constraints = "~> 3.6" + version = "3.7.0" + constraints = "~> 3.7" hashes = [ - "h1:/Oe7tViXf/xyQ4Pg8cDifMlD3RthOYkslwQiRgx7BTE=", - "zh:22b51a8fb63481d290bdad9a221bc8c9e45d66d1a0cd45beed3f3627bf1debd8", - "zh:2b902eb80a1ae033af1135cc165d192668820a7f8ea15beb5472f811c18bea1f", - "zh:57815dcea28aedb86ed33924cd186aaee8bd31670bd78437a2a2daf2b00ce2ae", - "zh:583af9c6fe7e3bfc04f50aec046a9b4f98b7eddd6d1e143454e5d06a66afcf87", - "zh:80f8cba54f639a53c4d7714edb7246064b7f4f48ba93a70f18c914d656d799db", - "zh:894709f0c393c4ee91fdb849128e7f0bce688f293cd1643a6d4e39c842367278", - "zh:a91b41dbcb203d6dae2bb72b98c4c21c41255026b35df01895882784c4650071", - "zh:aec40a8157aae093412a1fb9a71ab2bea370db152e285c2d81e37ed378444b9c", - "zh:b87d7def2485dde6e57723c1265158f371440a8a84954c9fdb0580cf89de66bf", - "zh:b9dc243200ad9cd00250cb8c793ecea4ee3c57a121faf8efdb289f30008b5778", - "zh:dcb103831db6d3ef95468685cd104be3928793996542a1f675dc34a2ce67951d", - "zh:e59b4a0f2b5881016896d4417b1ab2fb87f34450663efeb01f3bcf7c3606fbbb", - "zh:fbd068c01114f0712578cf02f363b5521338ab1befedddf7090da532298b43d0", + "h1:MgUzFRg3/IE9ejgIjxiPOCG0W4C7pLP3w0cg3A8Vs3E=", + "zh:049646ccea0f8a81dff6e3d0d51b5e146183ee2d7d49faf96e0adc94e7fa2395", + "zh:1caa1f735141c762f56837f74ee063c50bac2b08f9515958e27b251100d7c1a6", + "zh:3304db8ee1caf68684bd39efbc84e8a98f26239ba6fdf06f800e2bab8ee19920", + "zh:6c4d46a2cc246552e0fc6316d0d7fc23ef3e7fe4d247005f798f3daee5eb559c", + "zh:82013813c707c35287bab801386a464d3c56cba12bbf8c35d1d1e4469906d85b", + "zh:8e7bb5dfb10614a0156a07643f8eb17b04e4c2ced1923b77abd50aad4e0b206b", + "zh:9883846a430339ed518b56d0738be693fd625d32953f23b5a67dd8cea38675fb", + "zh:cfafc65ad1687b8f9735819fa84e9ae77dd9944714be09e27ae2f136bc0d7ae7", + "zh:e6db81e11e9b6aac1d341026bf6d2c4951e9a12ff93a8b478c0dfa1de3231e7c", + "zh:e8c9289bc1738dc0b80ca87619a67f266f4f1886a32339979462f7a53084abec", + "zh:e97fe458500a7ef94848b7fcc74bfc5c1cf81d428e8e6f30e81c5af7ca1a47f3", + "zh:f597dfb0c29555c7b0853a67b1b3cca8d0a4445b48d48f596d4d965a80acd28a", + "zh:fbf91e5874de90617a2b5be2a470ac1ba1f4c7539dd171a64edaeb72f38487c5", ] } diff --git a/tofu/config/service/locals.tf b/tofu/config/service/locals.tf new file mode 100644 index 0000000..181607b --- /dev/null +++ b/tofu/config/service/locals.tf @@ -0,0 +1,3 @@ +locals { + image_tag = var.image_tag != null ? var.image_tag : sha256(timestamp()) +} diff --git a/tofu/config/service/main.tf b/tofu/config/service/main.tf index 199c3aa..0bb4c13 100644 --- a/tofu/config/service/main.tf +++ b/tofu/config/service/main.tf @@ -30,9 +30,10 @@ module "system" { container_subnets = split(",", module.inputs.values["vpc/private_subnets"]) apply_database_updates_immediately = var.apply_database_updates_immediately + database_instance_count = var.database_instance_count database_skip_final_snapshot = var.database_skip_final_snapshot deletion_protection = var.deletion_protection - image_tag = var.image_tag != null ? var.image_tag : sha256(timestamp()) + image_tag = local.image_tag image_tags_mutable = var.image_tags_mutable consumer_container_count = var.consumer_container_count diff --git a/tofu/config/service/outputs.tf b/tofu/config/service/outputs.tf index 1c0f6c2..03c434f 100644 --- a/tofu/config/service/outputs.tf +++ b/tofu/config/service/outputs.tf @@ -1,9 +1,24 @@ +output "container_subnets" { + value = split(",", module.inputs.values["vpc/private_subnets"]) + description = "The IDs of the subnets in which the container resources will be deployed." +} + output "export_bucket" { value = module.system.export_bucket description = "The name of the S3 bucket for exports." } +output "image_tag" { + value = local.image_tag + description = "The tag of the container image used for the ECS tasks." +} + output "queue_url" { value = module.system.queue_url description = "The URL of the SQS queue." } + +output "task_security_group_id" { + value = module.system.task_security_group_id + description = "The ID of the security group attached to the ECS tasks." +} diff --git a/tofu/config/service/variables.tf b/tofu/config/service/variables.tf index 1217a32..c16f19b 100644 --- a/tofu/config/service/variables.tf +++ b/tofu/config/service/variables.tf @@ -22,6 +22,17 @@ variable "consumer_memory" { default = 4096 } +variable "database_instance_count" { + type = number + description = "Number of instances in the database cluster." + default = 1 + + validation { + condition = var.database_instance_count >= 0 && var.database_instance_count < 17 + error_message = "Database instance count must be between 0 and 16." + } +} + variable "database_skip_final_snapshot" { type = bool description = "Whether to skip the final snapshot when the database cluster is deleted." diff --git a/tofu/modules/ephemeral_service/docker.tf b/tofu/modules/ephemeral_service/docker.tf index 45463a5..c6f6616 100644 --- a/tofu/modules/ephemeral_service/docker.tf +++ b/tofu/modules/ephemeral_service/docker.tf @@ -9,6 +9,12 @@ resource "docker_image" "container" { "${local.prefix}:${var.image_tag}", "${module.ecr.repository_url}:${var.image_tag}" ] + + auth_config { + host_name = data.aws_ecr_authorization_token.token.proxy_endpoint + password = data.aws_ecr_authorization_token.token.password + user_name = data.aws_ecr_authorization_token.token.user_name + } } triggers = { @@ -28,8 +34,8 @@ resource "docker_registry_image" "container" { auth_config { address = data.aws_ecr_authorization_token.token.proxy_endpoint - username = data.aws_ecr_authorization_token.token.user_name password = data.aws_ecr_authorization_token.token.password + username = data.aws_ecr_authorization_token.token.user_name } triggers = { diff --git a/tofu/modules/ephemeral_service/versions.tf b/tofu/modules/ephemeral_service/versions.tf index adc9d9e..3609946 100644 --- a/tofu/modules/ephemeral_service/versions.tf +++ b/tofu/modules/ephemeral_service/versions.tf @@ -9,7 +9,7 @@ terraform { docker = { source = "kreuzwerker/docker" - version = "~> 3.6" + version = "~> 3.7" } } } diff --git a/tofu/modules/system/outputs.tf b/tofu/modules/system/outputs.tf index 30f9c9d..7e38f1a 100644 --- a/tofu/modules/system/outputs.tf +++ b/tofu/modules/system/outputs.tf @@ -7,3 +7,8 @@ output "queue_url" { value = module.sqs.queue_url description = "The URL of the SQS queue." } + +output "task_security_group_id" { + value = module.task_security_group.security_group_id + description = "The ID of the security group attached to the ECS tasks." +} diff --git a/tofu/modules/system/variables.tf b/tofu/modules/system/variables.tf index 9edb421..223654b 100644 --- a/tofu/modules/system/variables.tf +++ b/tofu/modules/system/variables.tf @@ -33,8 +33,8 @@ variable "database_instance_count" { default = 1 validation { - condition = var.database_instance_count > 0 && var.database_instance_count < 17 - error_message = "Database instance count must be between 1 and 16." + condition = var.database_instance_count >= 0 && var.database_instance_count < 17 + error_message = "Database instance count must be between 0 and 16." } }