From f855683923d91cfbe05a0bfadfb1f5171604d9aa Mon Sep 17 00:00:00 2001 From: Nikolai S <116316784+ns4plabs@users.noreply.github.com> Date: Tue, 6 Feb 2024 17:33:09 +0200 Subject: [PATCH] terraform: pin module versions and update grafana-agent (#110) * terraform: pin module versions and update grafana-agent * chore: terraform fmt * terraform: update GrafanaAgentConfigURL * thunderdome: update grafana-agent * gofmt --------- Co-authored-by: guillaumemichel Co-authored-by: Guillaume Michel - guissou --- cmd/thunderdome/infra/dealgood.go | 2 +- cmd/thunderdome/infra/target.go | 2 +- tf/.terraform.lock.hcl | 58 +++++++------- tf/.tool-versions | 2 +- tf/dynamodb.tf | 6 +- tf/ecs-asg.tf | 2 +- tf/grafana.tf | 2 +- tf/iam.tf | 128 +++++++++++++++--------------- tf/ironbar.tf | 22 ++--- tf/locals.tf | 36 ++++----- tf/main.tf | 14 ++-- tf/modules/experiment/dealgood.tf | 2 +- tf/modules/experiment/target.tf | 2 +- tf/s3.tf | 12 ++- tf/sgs.tf | 22 ++--- tf/skyfish.tf | 10 +-- tf/users.tf | 14 +--- 17 files changed, 168 insertions(+), 168 deletions(-) diff --git a/cmd/thunderdome/infra/dealgood.go b/cmd/thunderdome/infra/dealgood.go index 16fd894..1a4f0be 100644 --- a/cmd/thunderdome/infra/dealgood.go +++ b/cmd/thunderdome/infra/dealgood.go @@ -299,7 +299,7 @@ func (d *Dealgood) createTaskDefinition() Task { }, { Name: aws.String("grafana-agent"), - Image: aws.String("grafana/agent:v0.26.1"), + Image: aws.String("grafana/agent:v0.39.1"), Command: []*string{ aws.String("-metrics.wal-directory=/data/grafana-agent"), aws.String("-config.expand-env"), diff --git a/cmd/thunderdome/infra/target.go b/cmd/thunderdome/infra/target.go index 2adf5f1..d1831ca 100644 --- a/cmd/thunderdome/infra/target.go +++ b/cmd/thunderdome/infra/target.go @@ -274,7 +274,7 @@ func (t *Target) createTaskDefinition() Task { }, { Name: aws.String("grafana-agent"), - Image: aws.String("grafana/agent:v0.26.1"), + Image: aws.String("grafana/agent:v0.39.1"), Command: []*string{ aws.String("-metrics.wal-directory=/data/grafana-agent"), aws.String("-config.expand-env"), diff --git a/tf/.terraform.lock.hcl b/tf/.terraform.lock.hcl index 0f96cf6..c1a66ed 100644 --- a/tf/.terraform.lock.hcl +++ b/tf/.terraform.lock.hcl @@ -2,39 +2,43 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/archive" { - version = "2.2.0" + version = "2.4.1" hashes = [ - "h1:CIWi5G6ob7p2wWoThRQbOB8AbmFlCzp7Ka81hR3cVp0=", - "zh:06bd875932288f235c16e2237142b493c2c2b6aba0e82e8c85068332a8d2a29e", - "zh:0c681b481372afcaefddacc7ccdf1d3bb3a0c0d4678a526bc8b02d0c331479bc", - "zh:100fc5b3fc01ea463533d7bbfb01cb7113947a969a4ec12e27f5b2be49884d6c", - "zh:55c0d7ddddbd0a46d57c51fcfa9b91f14eed081a45101dbfc7fd9d2278aa1403", - "zh:73a5dd68379119167934c48afa1101b09abad2deb436cd5c446733e705869d6b", - "zh:841fc4ac6dc3479981330974d44ad2341deada8a5ff9e3b1b4510702dfbdbed9", - "zh:91be62c9b41edb137f7f835491183628d484e9d6efa82fcb75cfa538c92791c5", - "zh:acd5f442bd88d67eb948b18dc2ed421c6c3faee62d3a12200e442bfff0aa7d8b", - "zh:ad5720da5524641ad718a565694821be5f61f68f1c3c5d2cfa24426b8e774bef", - "zh:e63f12ea938520b3f83634fc29da28d92eed5cfbc5cc8ca08281a6a9c36cca65", - "zh:f6542918faa115df46474a36aabb4c3899650bea036b5f8a5e296be6f8f25767", + "h1:JgIo+nNySG8svjXevfoTRi0jzgHbLMDrnr55WBeRupw=", + "zh:00240c042740d18d6ba545b211ff7ed5a9e8490d30be3f865e71dba90d7a34cf", + "zh:230c285beafaffd8d60da3446157b95f8fb43b359ba94b09214c1822bf310c3d", + "zh:726672a0e61a1d39695ce5e330aa3e6caa97f2a9438cf8125360e80f4cb52fa5", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:7bc8f4a4fc7059ec01e767246df7937603dbc6ec49cb3eedffe6ecb68dbe9cb4", + "zh:800d898ce8ac96b244746c5a41f4107bd3c883fe6093d9a972a28b138ac02c4e", + "zh:9a8ea216af3840af48c08ef5ed998606c556b15be30d7b42c89a62df54285903", + "zh:b9905d0ac55b61ea78ecf0e6b07d54a9863a9f02e249d0d492e68cfcede0d89f", + "zh:c822495ba01ab7cee66c892f941097971c3be122a6200d556f462a751d446df8", + "zh:e05c31f2f4dca9eaada2726d16d2ffb03d6441b4eb55547b93d62d81383cd0ef", + "zh:ec14c68ca5d881bac73dbbd298f0ca84444001a81d473f51e36c4e29df040983", + "zh:ed32ebccb20b21c112f01d73d138ba5ada28cf8ede175441738a30711c79119a", ] } provider "registry.terraform.io/hashicorp/aws" { - version = "4.26.0" - constraints = ">= 3.63.0, >= 4.6.0, 4.26.0" + version = "5.33.0" + constraints = ">= 3.44.0, >= 3.75.0, >= 4.0.0, >= 4.57.0, >= 4.66.1, >= 5.20.0, >= 5.27.0" hashes = [ - "h1:jt8jLpFFhaapdbBqw4WQpDuLN8y7zF8/iLyCzypDxSQ=", - "zh:0579b105ae471894846fbd740bc9f10b2bd8a48860d8e640b4a9b53fb7d63ffe", - "zh:0ce445cfbffb6c0eee9e0e2a95850b5749d56aa8211b95a686c24dc2847a36ea", - "zh:41f0cf0810363cea4e54f3d9c452f2eb77123bcdaacc18b978c825496168cae2", - "zh:431a7e967b5c9d7ebde6c714abedd9464be6a62f7eafa1808a86a8bd92851317", - "zh:4afebd3c3a8c0646f0874493840b6f8c82f7f4302780faec5c7b0c616077eebe", - "zh:7f077662efc8d7b91ef604999daf6b45a968cb2f5d8c4512a00d2feb4db05a7a", - "zh:9a58d1ef049ccaa9615fe5722ba815065f45d172f8bc656ffdbab4ca16f6b786", + "h1:rAmKVvvzUqVocFppyheelWGnyfCcIGxLV31iFBY2sz4=", + "zh:10bb683f2a9306e881f51a971ad3b2bb654ac94b54945dd63769876a343b5b04", + "zh:3916406db958d5487ea0c2d2320012d1907c29e6d01bf693560fe05e38ee0601", + "zh:3cb54b76b2f9e30620f3281ab7fb20633b1e4584fc84cc4ecd5752546252e86f", + "zh:513bcfd6971482215c5d64725189f875cbcbd260c6d11f0da4d66321efd93a92", + "zh:545a34427ebe7a950056627e7c980c9ba16318bf086d300eb808ffc41c52b7a8", + "zh:5a44b90faf1c8e8269f389c04bfac25ad4766d26360e7f7ac371be12a442981c", + "zh:64e1ef83162f78538dccad8b035577738851395ba774d6919cb21eb465a21e3a", + "zh:7315c70cb6b7f975471ea6129474639a08c58c071afc95a36cfaa41a13ae7fb9", + "zh:9806faae58938d638b757f54414400be998dddb45edfd4a29c85e827111dc93d", + "zh:997fa2e2db242354d9f772fba7eb17bd6d18d28480291dd93f85a18ca0a67ac2", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9d30b70a2daa0d94661590f6533e07071d2c7052b8279f05090f1bf037f56607", - "zh:b75f88be5d048849a632895d43b836ed1693031e586cd873ee915b5d3cf4fae6", - "zh:c57ac099b01fe49dd4e1e4674a06f61029fa6316e4f92a6a2a3bdc0444b371f9", - "zh:cb48a175ebb2a12fecae7dc6580bf88fbcf5408cdc53f3cf057150ebe9144034", + "zh:9f9e076b7e9752971f39eead6eda69df1c5e890c82ba2ca95f56974af7adfe79", + "zh:b1d6af047f96de7f97d38b685654f1aed4356d5060b0e696d87d0270f5d49f75", + "zh:bfb0654b6f34398aeffdf907b744af06733d168db610a2c5747263380f817ac7", + "zh:e25203ee8cedccf60bf450950d533d3c172509bda8af97dbc3bc817d2a503c57", ] } diff --git a/tf/.tool-versions b/tf/.tool-versions index 4ee1aec..891d549 100644 --- a/tf/.tool-versions +++ b/tf/.tool-versions @@ -1,2 +1,2 @@ -terraform 1.2.6 +terraform 1.7.0 tflint 0.39.1 diff --git a/tf/dynamodb.tf b/tf/dynamodb.tf index fd3e458..569975f 100644 --- a/tf/dynamodb.tf +++ b/tf/dynamodb.tf @@ -1,7 +1,7 @@ resource "aws_dynamodb_table" "experiments" { - name = "experiments" - billing_mode = "PROVISIONED" - hash_key = "name" + name = "experiments" + billing_mode = "PROVISIONED" + hash_key = "name" read_capacity = 1 write_capacity = 1 diff --git a/tf/ecs-asg.tf b/tf/ecs-asg.tf index b06783f..8839218 100644 --- a/tf/ecs-asg.tf +++ b/tf/ecs-asg.tf @@ -127,7 +127,7 @@ module "autoscaling" { instance_type = "i3en.2xlarge" } - io_medium = { + io_medium = { # 32GB RAM, 4 CPU, Up to 25 Gigabit, $0.31 hourly instance_type = "i3en.xlarge" } diff --git a/tf/grafana.tf b/tf/grafana.tf index 8aaeb63..aae7dde 100644 --- a/tf/grafana.tf +++ b/tf/grafana.tf @@ -78,6 +78,6 @@ module "grafana_agent_config" { file_source = "./files/grafana-agent-config/${each.key}.yaml" # ensure changes to local file are detected and then uploaded - etag = "${filemd5("./files/grafana-agent-config/${each.key}.yaml")}" + etag = filemd5("./files/grafana-agent-config/${each.key}.yaml") } diff --git a/tf/iam.tf b/tf/iam.tf index 450371e..15a8f3b 100644 --- a/tf/iam.tf +++ b/tf/iam.tf @@ -155,33 +155,33 @@ resource "aws_iam_role" "ironbar" { inline_policy { name = "ironbar_inline" policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ironbar", - "Effect": "Allow", - "Action": [ - "dynamodb:BatchGetItem", - "dynamodb:BatchWriteItem", - "dynamodb:PutItem", - "dynamodb:DescribeTable", - "dynamodb:DeleteItem", - "dynamodb:GetItem", - "dynamodb:Scan", - "dynamodb:Query", - "dynamodb:UpdateItem", - "dynamodb:UpdateTable", - "ecs:DescribeTasks", - "ecs:DescribeTaskDefinition", - "ecs:DeregisterTaskDefinition", - "sns:GetSubscriptionAttributes", - "ecs:StopTask", - "sns:Unsubscribe", - "sqs:DeleteQueue", - "sqs:GetQueueAttributes" - ], - "Resource": "*" - } + "Version" : "2012-10-17", + "Statement" : [ + { + "Sid" : "ironbar", + "Effect" : "Allow", + "Action" : [ + "dynamodb:BatchGetItem", + "dynamodb:BatchWriteItem", + "dynamodb:PutItem", + "dynamodb:DescribeTable", + "dynamodb:DeleteItem", + "dynamodb:GetItem", + "dynamodb:Scan", + "dynamodb:Query", + "dynamodb:UpdateItem", + "dynamodb:UpdateTable", + "ecs:DescribeTasks", + "ecs:DescribeTaskDefinition", + "ecs:DeregisterTaskDefinition", + "sns:GetSubscriptionAttributes", + "ecs:StopTask", + "sns:Unsubscribe", + "sqs:DeleteQueue", + "sqs:GetQueueAttributes" + ], + "Resource" : "*" + } ] }) } @@ -220,7 +220,7 @@ resource "aws_iam_group" "deployers" { resource "aws_iam_user_group_membership" "deployer" { for_each = aws_iam_user.deployer - user = each.value.name + user = each.value.name groups = [ aws_iam_group.deployers.name, @@ -228,42 +228,42 @@ resource "aws_iam_user_group_membership" "deployer" { } resource "aws_iam_group_policy" "deployers" { - name = "deployers" + name = "deployers" group = aws_iam_group.deployers.name policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "ironbar", - "Effect": "Allow", - "Action": [ - "ec2:DescribeInstances", - "ecr:BatchCheckLayerAvailability", - "ecr:CompleteLayerUpload", - "ecr:DescribeImages", - "ecr:GetAuthorizationToken", - "ecr:UploadLayerPart", - "ecr:InitiateLayerUpload", - "ecr:PutImage", - "ecs:DeregisterTaskDefinition", - "ecs:DescribeClusters", - "ecs:DescribeTasks", - "ecs:DescribeTaskDefinition", - "ecs:DescribeContainerInstances", - "ecs:RegisterTaskDefinition", - "ecs:RunTask", - "ecs:StopTask", - "s3:GetObject", - "sns:GetSubscriptionAttributes", - "sns:Subscribe", - "sns:Unsubscribe", - "sqs:CreateQueue", - "sqs:DeleteQueue", - "sqs:GetQueueAttributes", - "sqs:SetQueueAttributes" - ], - "Resource": "*" - } + "Version" : "2012-10-17", + "Statement" : [ + { + "Sid" : "ironbar", + "Effect" : "Allow", + "Action" : [ + "ec2:DescribeInstances", + "ecr:BatchCheckLayerAvailability", + "ecr:CompleteLayerUpload", + "ecr:DescribeImages", + "ecr:GetAuthorizationToken", + "ecr:UploadLayerPart", + "ecr:InitiateLayerUpload", + "ecr:PutImage", + "ecs:DeregisterTaskDefinition", + "ecs:DescribeClusters", + "ecs:DescribeTasks", + "ecs:DescribeTaskDefinition", + "ecs:DescribeContainerInstances", + "ecs:RegisterTaskDefinition", + "ecs:RunTask", + "ecs:StopTask", + "s3:GetObject", + "sns:GetSubscriptionAttributes", + "sns:Subscribe", + "sns:Unsubscribe", + "sqs:CreateQueue", + "sqs:DeleteQueue", + "sqs:GetQueueAttributes", + "sqs:SetQueueAttributes" + ], + "Resource" : "*" + } ] }) } @@ -335,8 +335,8 @@ resource "aws_iam_role_policy_attachment" "testbox_sqs_subscribe" { } resource "aws_iam_instance_profile" "testbox_profile" { - name = "testbox-profile" - role = aws_iam_role.testbox_role.name + name = "testbox-profile" + role = aws_iam_role.testbox_role.name } diff --git a/tf/ironbar.tf b/tf/ironbar.tf index 1849f57..7f5b645 100644 --- a/tf/ironbar.tf +++ b/tf/ironbar.tf @@ -12,9 +12,9 @@ resource "aws_ecs_service" "ironbar" { } load_balancer { - target_group_arn = "${aws_lb_target_group.ironbar.id}" + target_group_arn = aws_lb_target_group.ironbar.id container_name = "ironbar" - container_port = "${local.ironbar_port_number}" + container_port = local.ironbar_port_number } capacity_provider_strategy { @@ -25,7 +25,7 @@ resource "aws_ecs_service" "ironbar" { } resource "aws_service_discovery_service" "ironbar" { - name = "ironbar" + name = "ironbar" dns_config { namespace_id = aws_service_discovery_private_dns_namespace.main.id @@ -43,16 +43,16 @@ resource "aws_lb_target_group" "ironbar" { name = "ironbar" port = local.ironbar_port_number protocol = "TCP" - vpc_id = "${module.vpc.vpc_id}" + vpc_id = module.vpc.vpc_id target_type = "ip" } resource "aws_lb_listener" "front_end" { - load_balancer_arn = "${aws_lb.ecs.id}" - port = "${local.ironbar_port_number}" + load_balancer_arn = aws_lb.ecs.id + port = local.ironbar_port_number protocol = "TCP" default_action { - target_group_arn = "${aws_lb_target_group.ironbar.id}" + target_group_arn = aws_lb_target_group.ironbar.id type = "forward" } } @@ -118,12 +118,12 @@ resource "aws_ecs_task_definition" "ironbar" { { name = "grafana-agent" cpu = 0 - image = "grafana/agent:v0.26.1" + image = "grafana/agent:v0.39.1" command = [ "-metrics.wal-directory=/data/grafana-agent", "-config.expand-env", "-enable-features=remote-configs", - "-config.file=http://${module.s3_bucket_public.s3_bucket_bucket_domain_name}/${module.grafana_agent_config["ironbar"].s3_object_id}" + "-config.file=https://${module.s3_bucket_public.s3_bucket_bucket_domain_name}/${module.grafana_agent_config["ironbar"].s3_object_id}" ] environment = [ ] @@ -143,12 +143,12 @@ resource "aws_ecs_task_definition" "ironbar" { }, ] portMappings = [] - secrets = [ + secrets = [ { name = "PROMETHEUS_URL", valueFrom = "${data.aws_secretsmanager_secret.prometheus-secret.arn}:url::" }, { name = "PROMETHEUS_USER", valueFrom = "${data.aws_secretsmanager_secret.prometheus-secret.arn}:username::" }, { name = "PROMETHEUS_PASS", valueFrom = "${data.aws_secretsmanager_secret.prometheus-secret.arn}:password::" } ] - volumesFrom = [] + volumesFrom = [] } ]) } diff --git a/tf/locals.tf b/tf/locals.tf index e06e01c..c56aee0 100644 --- a/tf/locals.tf +++ b/tf/locals.tf @@ -3,26 +3,26 @@ locals { skyfish_image_tag = "2023-12-13-60b3d1f" - ironbar_image_tag = "2023-02-27-c7b617d" + ironbar_image_tag = "2023-02-27-c7b617d" ironbar_port_number = 8321 infra_json = jsonencode({ - AwsRegion = data.aws_region.current.name - DealgoodGrafanaAgentConfigURL = "http://${module.s3_bucket_public.s3_bucket_bucket_domain_name}/${module.grafana_agent_config["dealgood"].s3_object_id}" - DealgoodImage = "${aws_ecr_repository.dealgood.repository_url}:${local.dealgood_image_tag}" - DealgoodSecurityGroup = aws_security_group.dealgood.id - DealgoodTaskRoleArn = aws_iam_role.dealgood.arn - EcrBaseURL = aws_ecr_repository.thunderdome.repository_url - EcsClusterArn = module.ecs-asg.cluster_id - EcsExecutionRoleArn = aws_iam_role.ecsTaskExecutionRole.arn - EfsFileSystemID = aws_efs_file_system.thunderdome.id - ExperimentsTableName = aws_dynamodb_table.experiments.name - PrometheusSecretArn = data.aws_secretsmanager_secret.prometheus-secret.arn - IronbarAddr = "${aws_eip.ecs[0].public_ip}:${local.ironbar_port_number}" - LogGroupName = aws_cloudwatch_log_group.logs.name - RequestSNSTopicArn = aws_sns_topic.gateway_requests.arn - TargetGrafanaAgentConfigURL = "http://${module.s3_bucket_public.s3_bucket_bucket_domain_name}/${module.grafana_agent_config["target"].s3_object_id}" - TargetTaskRoleArn = aws_iam_role.target.arn - VpcPublicSubnet = module.vpc.public_subnets[0] + AwsRegion = data.aws_region.current.name + DealgoodGrafanaAgentConfigURL = "https://${module.s3_bucket_public.s3_bucket_bucket_domain_name}/${module.grafana_agent_config["dealgood"].s3_object_id}" + DealgoodImage = "${aws_ecr_repository.dealgood.repository_url}:${local.dealgood_image_tag}" + DealgoodSecurityGroup = aws_security_group.dealgood.id + DealgoodTaskRoleArn = aws_iam_role.dealgood.arn + EcrBaseURL = aws_ecr_repository.thunderdome.repository_url + EcsClusterArn = module.ecs-asg.cluster_id + EcsExecutionRoleArn = aws_iam_role.ecsTaskExecutionRole.arn + EfsFileSystemID = aws_efs_file_system.thunderdome.id + ExperimentsTableName = aws_dynamodb_table.experiments.name + PrometheusSecretArn = data.aws_secretsmanager_secret.prometheus-secret.arn + IronbarAddr = "${aws_eip.ecs[0].public_ip}:${local.ironbar_port_number}" + LogGroupName = aws_cloudwatch_log_group.logs.name + RequestSNSTopicArn = aws_sns_topic.gateway_requests.arn + TargetGrafanaAgentConfigURL = "https://${module.s3_bucket_public.s3_bucket_bucket_domain_name}/${module.grafana_agent_config["target"].s3_object_id}" + TargetTaskRoleArn = aws_iam_role.target.arn + VpcPublicSubnet = module.vpc.public_subnets[0] }) } diff --git a/tf/main.tf b/tf/main.tf index f1c7a58..b771c63 100644 --- a/tf/main.tf +++ b/tf/main.tf @@ -1,9 +1,9 @@ terraform { - required_version = "1.2.6" + required_version = ">= 1.6.0" required_providers { aws = { source = "hashicorp/aws" - version = "= 4.26.0" + version = ">= 4" } } backend "s3" { @@ -33,7 +33,8 @@ data "aws_secretsmanager_secret" "dealgood-loki-secret" { } module "vpc" { - source = "terraform-aws-modules/vpc/aws" + source = "terraform-aws-modules/vpc/aws" + version = "5.5.1" name = "thunderdome" cidr = "10.0.0.0/16" @@ -42,15 +43,12 @@ module "vpc" { private_subnets = ["10.0.1.0/24"] public_subnets = ["10.0.100.0/24"] - enable_ipv6 = true # This is mostly historic coincidence as we started out with it enabled + enable_ipv6 = false # This is mostly historic coincidence as we started out with it enabled # we don't assign ipv6 addresses by default as we can't block internal ipv6 traffic with a NACL - assign_ipv6_address_on_creation = false + public_subnet_assign_ipv6_address_on_creation = false private_subnet_assign_ipv6_address_on_creation = false - public_subnet_ipv6_prefixes = [0, 1] - private_subnet_ipv6_prefixes = [2, 3] - # Need both of these to make DNS auto-discovery work # see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-private-hosted-zones enable_dns_hostnames = true diff --git a/tf/modules/experiment/dealgood.tf b/tf/modules/experiment/dealgood.tf index 680104a..6600fda 100644 --- a/tf/modules/experiment/dealgood.tf +++ b/tf/modules/experiment/dealgood.tf @@ -105,7 +105,7 @@ resource "aws_ecs_task_definition" "dealgood" { { name = "grafana-agent" cpu = 0 - image = "grafana/agent:v0.26.1" + image = "grafana/agent:v0.39.1" command = [ "-metrics.wal-directory=/data/grafana-agent", "-config.expand-env", diff --git a/tf/modules/experiment/target.tf b/tf/modules/experiment/target.tf index ee99e5f..a1d957b 100644 --- a/tf/modules/experiment/target.tf +++ b/tf/modules/experiment/target.tf @@ -114,7 +114,7 @@ resource "aws_ecs_task_definition" "target" { }, { cpu = 0 - image = "grafana/agent:v0.26.1" + image = "grafana/agent:v0.39.1" command = [ "-metrics.wal-directory=/data/grafana-agent", "-config.expand-env", diff --git a/tf/s3.tf b/tf/s3.tf index dab4b85..428bc16 100644 --- a/tf/s3.tf +++ b/tf/s3.tf @@ -1,8 +1,12 @@ module "s3_bucket_public" { - source = "terraform-aws-modules/s3-bucket/aws" + source = "terraform-aws-modules/s3-bucket/aws" + version = "4.0.1" + + bucket = "pl-thunderdome-public" + acl = "public-read" + block_public_acls = false + ignore_public_acls = false - bucket = "pl-thunderdome-public" - acl = "public-read" force_destroy = true versioning = { enabled = true @@ -10,7 +14,7 @@ module "s3_bucket_public" { } resource "aws_s3_bucket" "s3_bucket_private" { - bucket = "pl-thunderdome-private" + bucket = "pl-thunderdome-private" force_destroy = true } diff --git a/tf/sgs.tf b/tf/sgs.tf index 50ebbfe..70eef9d 100644 --- a/tf/sgs.tf +++ b/tf/sgs.tf @@ -167,19 +167,19 @@ resource "aws_security_group_rule" "allow_http" { resource "aws_security_group" "alb" { name = "alb" description = "controls access to the ALB" - vpc_id = module.vpc.vpc_id + vpc_id = module.vpc.vpc_id ingress { - protocol = "tcp" - from_port = 8000 - to_port = 8999 - cidr_blocks = ["0.0.0.0/0"] - ipv6_cidr_blocks = ["::/0"] + protocol = "tcp" + from_port = 8000 + to_port = 8999 + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] } egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - ipv6_cidr_blocks = ["::/0"] + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] } } diff --git a/tf/skyfish.tf b/tf/skyfish.tf index ed51425..5a48f34 100644 --- a/tf/skyfish.tf +++ b/tf/skyfish.tf @@ -19,7 +19,7 @@ resource "aws_ecs_service" "skyfish" { } resource "aws_ecs_task_definition" "skyfish" { - family = "skyfish" + family = "skyfish-something-else" requires_compatibilities = ["FARGATE"] network_mode = "awsvpc" execution_role_arn = aws_iam_role.ecsTaskExecutionRole.arn @@ -96,12 +96,12 @@ resource "aws_ecs_task_definition" "skyfish" { { name = "grafana-agent" cpu = 0 - image = "grafana/agent:v0.26.1" + image = "grafana/agent:v0.39.1" command = [ "-metrics.wal-directory=/data/grafana-agent", "-config.expand-env", "-enable-features=remote-configs", - "-config.file=http://${module.s3_bucket_public.s3_bucket_bucket_domain_name}/${module.grafana_agent_config["skyfish"].s3_object_id}" + "-config.file=https://${module.s3_bucket_public.s3_bucket_bucket_domain_name}/${module.grafana_agent_config["skyfish"].s3_object_id}" ] environment = [ ] @@ -125,12 +125,12 @@ resource "aws_ecs_task_definition" "skyfish" { } ] portMappings = [] - secrets = [ + secrets = [ { name = "PROMETHEUS_URL", valueFrom = "${data.aws_secretsmanager_secret.prometheus-secret.arn}:url::" }, { name = "PROMETHEUS_USER", valueFrom = "${data.aws_secretsmanager_secret.prometheus-secret.arn}:username::" }, { name = "PROMETHEUS_PASS", valueFrom = "${data.aws_secretsmanager_secret.prometheus-secret.arn}:password::" } ] - volumesFrom = [] + volumesFrom = [] } ]) } diff --git a/tf/users.tf b/tf/users.tf index ac47800..3309faf 100644 --- a/tf/users.tf +++ b/tf/users.tf @@ -6,12 +6,6 @@ variable "admins" { ami = string })) default = { - "ian.davis" = { - key_name = "ian.davis" - provision_workbox = true - instance_type = "t2.small" - ami = "ami-0591c8c8aa7d9b217" # debian 11 - } "dennis" = { key_name = "dennis" provision_workbox = false @@ -44,10 +38,10 @@ resource "aws_iam_user_policy_attachment" "admin" { } resource "aws_instance" "testbox" { - for_each = { for k, v in var.admins : k => v if v.provision_workbox } - ami = each.value["ami"] - instance_type = each.value["instance_type"] - key_name = each.value["key_name"] + for_each = { for k, v in var.admins : k => v if v.provision_workbox } + ami = each.value["ami"] + instance_type = each.value["instance_type"] + key_name = each.value["key_name"] iam_instance_profile = aws_iam_instance_profile.testbox_profile.name vpc_security_group_ids = [ aws_security_group.dealgood.id,