[terraform] Remove references to legacy services

Summary: This fixes the no-op plan difference on staging. Part of [[ https://linear.app/comm/issue/ENG-4543/remove-legacy-ec2-service-instances | ENG-4543 ]]. ECS-based services work well for so long so we can remove the legacy ones. Test Plan: - terraform plan on staging now shows no changes - terraform plan on prod removes the legacy services and results in state being identical as staging Reviewers: varun, michal, jon Reviewed By: michal Subscribers: ashoat, tomek Differential Revision: https://phab.comm.dev/D9177
CommE2E · Sep 14, 2023 · b7e59f3 · b7e59f3
1 parent 5a81d89
commit b7e59f3
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 101 deletions.
diff --git a/services/terraform/remote/service_blob.tf b/services/terraform/remote/service_blob.tf
@@ -173,26 +173,8 @@ resource "aws_lb_listener" "blob_service_https" {
   certificate_arn   = data.aws_acm_certificate.blob_service.arn
 
   default_action {
-    type = "forward"
-
-    # TODO: Currently weights are set to direct 100% traffic
-    # to the legacy instance
-    forward {
-      # ECS target group
-      target_group {
-        arn    = aws_lb_target_group.blob_service_http.arn
-        weight = 1
-      }
-
-      # Legacy EC2 Target
-      dynamic "target_group" {
-        for_each = data.aws_lb_target_group.blob_service_legacy_ec2
-        content {
-          arn    = target_group.value["arn"]
-          weight = 0
-        }
-      }
-    }
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.blob_service_http.arn
   }
 
   lifecycle {
@@ -210,13 +192,6 @@ data "aws_acm_certificate" "blob_service" {
   statuses = ["ISSUED"]
 }
 
-# Legacy EC2 instance target
-data "aws_lb_target_group" "blob_service_legacy_ec2" {
-  # We don't have legacy EC2 services in staging
-  count = local.is_staging ? 0 : 1
-  name  = "blob-service-http-tg"
-}
-
 # Required for Route53 DNS record
 output "blob_service_load_balancer_dns_name" {
   value = aws_lb.blob_service.dns_name

diff --git a/services/terraform/remote/service_electron_update.tf b/services/terraform/remote/service_electron_update.tf
@@ -158,23 +158,8 @@ resource "aws_lb_listener" "electron_update_https" {
   certificate_arn   = data.aws_acm_certificate.electron_update.arn
 
   default_action {
-    type = "forward"
-    forward {
-      # ECS target group
-      target_group {
-        arn    = aws_lb_target_group.electron_update_ecs.arn
-        weight = 10
-      }
-
-      # Legacy EC2 Target
-      dynamic "target_group" {
-        for_each = data.aws_lb_target_group.electron_update_legacy_ec2
-        content {
-          arn    = target_group.value["arn"]
-          weight = 0
-        }
-      }
-    }
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.electron_update_ecs.arn
   }
 
   lifecycle {
@@ -189,13 +174,6 @@ data "aws_acm_certificate" "electron_update" {
   statuses = ["ISSUED"]
 }
 
-# Legacy EC2 instance target
-data "aws_lb_target_group" "electron_update_legacy_ec2" {
-  # We don't have legacy EC2 services in staging
-  count = local.is_staging ? 0 : 1
-  name  = "electron-update-tg"
-}
-
 # Required for Route53 DNS record
 output "electron_update_load_balancer_dns_name" {
   value = aws_lb.electron_update.dns_name

diff --git a/services/terraform/remote/service_feature_flags.tf b/services/terraform/remote/service_feature_flags.tf
@@ -164,29 +164,13 @@ resource "aws_lb_listener" "feature_flags_https" {
   certificate_arn   = data.aws_acm_certificate.feature_flags.arn
 
   default_action {
-    type = "forward"
-
-    forward {
-      # ECS target group
-      target_group {
-        arn    = aws_lb_target_group.feature_flags_ecs.arn
-        weight = 10
-      }
-
-      # Legacy EC2 Target
-      dynamic "target_group" {
-        for_each = data.aws_lb_target_group.feature_flags_legacy_ec2
-        content {
-          arn    = target_group.value["arn"]
-          weight = 0
-        }
-      }
-    }
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.feature_flags_ecs.arn
   }
 
   lifecycle {
-    # Required only for existing resources to avoid plan difference
-    ignore_changes = [default_action[0].forward[0].stickiness[0].duration]
+    ignore_changes       = [default_action[0].forward[0].stickiness[0].duration]
+    replace_triggered_by = [aws_lb_target_group.feature_flags_ecs]
   }
 }
 
@@ -196,13 +180,6 @@ data "aws_acm_certificate" "feature_flags" {
   statuses = ["ISSUED"]
 }
 
-# Legacy EC2 instance target
-data "aws_lb_target_group" "feature_flags_legacy_ec2" {
-  # We don't have legacy EC2 services in staging
-  count = local.is_staging ? 0 : 1
-  name  = "feature-flags-service-tg"
-}
-
 # Required for Route53 DNS record
 output "feature_flags_load_balancer_dns_name" {
   value = aws_lb.feature_flags.dns_name

diff --git a/services/terraform/remote/service_identity.tf b/services/terraform/remote/service_identity.tf
@@ -185,22 +185,8 @@ resource "aws_lb_listener" "identity_service_grpc" {
   certificate_arn   = data.aws_acm_certificate.identity_service.arn
 
   default_action {
-    type = "forward"
-    forward {
-      # ECS target group
-      target_group {
-        arn    = aws_lb_target_group.identity_service_grpc.arn
-        weight = 1
-      }
-      # Legacy EC2 Target
-      dynamic "target_group" {
-        for_each = data.aws_lb_target_group.identity_service_legacy_ec2
-        content {
-          arn    = target_group.value["arn"]
-          weight = 0
-        }
-      }
-    }
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.identity_service_grpc.arn
   }
 
   lifecycle {
@@ -218,13 +204,6 @@ data "aws_acm_certificate" "identity_service" {
   statuses = ["ISSUED"]
 }
 
-# Legacy EC2 instance target
-data "aws_lb_target_group" "identity_service_legacy_ec2" {
-  # We don't have legacy EC2 services in staging
-  count = local.is_staging ? 0 : 1
-  name  = "identity-service-tg"
-}
-
 # Required for Route53 DNS record
 output "identity_service_load_balancer_dns_name" {
   value = aws_lb.identity_service.dns_name