Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Staging and Production environments; Refactor and create necessary modules and resources #67

Merged
merged 59 commits into from
Oct 29, 2024
Merged

Create Staging and Production environments; Refactor and create necessary modules and resources #67

merged 59 commits into from
Oct 29, 2024

Conversation

smokestacklightnin
Copy link
Contributor

This PR addresses Issues #60, #61, #62, and #63.

The following changes are made:

  • Create modules for a bootstrap stage that creates state resources for shared, stage, and prod environments
  • Create a shared network configuration
  • Create a shared ECR repository configuration
  • Create a shared IAM policy configuration for continuous deployment to ECR
  • Split EC2 configurations into staging and production environments

This PR should not break the current deployment because the deploy workflow is only run on tagged pushes.

@smokestacklightnin
Move state storage modules to bootstrap step in anticipation of refactor
d35a9ee
@smokestacklightnin
Refactor state bootstrap to use variables and output modules
2beb465
@smokestacklightnin
Use variables in names
03630f1
@smokestacklightnin
Refactor versioning and encryption resources
ddd1b13
@smokestacklightnin
Add dynamodb policy
06b17f5 
Remove `README.md` because it outlines a manual process that is not automated by terraform/opentofu
@smokestacklightnin
Add empty bootstrap modules for staging and production
216d0a9
@smokestacklightnin
Add bootstrap modules for state storage for staging and production
b726799
@smokestacklightnin
Temporarily comment out IAM policy resources
37c370b
@smokestacklightnin
Add required version
2d9ed40
@smokestacklightnin
Run validate before lint and format
59da31e
@smokestacklightnin
Refactor outputs to their own files
247a870
@smokestacklightnin
Remove logic for iam policy from bootstrap stage
9cff3b0
@smokestacklightnin
Refactor to move variables to separate file
a60882d
@smokestacklightnin
Rename development_environment variable to environmentx
1cbdbb6
@smokestacklightnin
Move all state bootstrap files to a single directory
f38eea2
@smokestacklightnin
Add deprecated files for reference
de9dce8
@smokestacklightnin
Reorganize modules
565b193
@smokestacklightnin
Add shared state storage
a518d60
@smokestacklightnin
Prevent destruction of state infrastructure
13dd738
@smokestacklightnin
Add .terraform.lock.hcl to version control
80b9258
@smokestacklightnin
Move state modules to appropriate directory
8011072
@smokestacklightnin
Move state modules to modules directory
8f372d1
@smokestacklightnin
Move network module files to appropriate location
66c2d27
@smokestacklightnin
Store network config values in variables
38a6ce6
@smokestacklightnin
Set up networking infrastructure config
dfd83e5
@smokestacklightnin
Fix typo
898d04b
@smokestacklightnin
Add ECR configuration
ce6440d
@smokestacklightnin
Add arn output
d941f0a
@smokestacklightnin
Use separate ECRs for API and dashboard
253b92d
@smokestacklightnin
Add basic IAM roles and infrastructure to be used by github actions
bc82e12 
The IAM roles might need to be modified before this PR is merged
smokestacklightnin
smokestacklightnin commented Oct 16, 2024
View reviewed changes
web/deploy/terraform/modules/ec2/main.tf Outdated
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
subnet_id = data.terraform_remote_state.shared.outputs.subnet_id
# key_name = var.ec2_key_name
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might want separate keys for stage and prod

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We discussed this on a call and we're going to be using a pre-existing key for both instances

@smokestacklightnin smokestacklightnin force-pushed the infra/meta/deploy-staging-prod branch 2 times, most recently from 082a2eb to 16ca672 Compare October 16, 2024 10:35
@smokestacklightnin smokestacklightnin force-pushed the infra/meta/deploy-staging-prod branch from 16ca672 to 591dafa Compare October 16, 2024 10:37
smokestacklightnin
smokestacklightnin commented Oct 16, 2024
View reviewed changes
web/deploy/terraform/modules/iam/policies/gha-policy.json.tftpl
Comment on lines +5 to +17
"Effect": "Allow",
"Action": [
"ec2:*",
"ecr:*",
"s3:*",
"dynamodb:*"
],
"Resource": ${resources}
},
{
"Effect": "Allow",
"Action": "ecr:GetAuthorizationToken",
"Resource": "*"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are too permissive, and we will refine them in the very near future

smokestacklightnin
smokestacklightnin commented Oct 16, 2024
View reviewed changes
web/deploy/terraform/staging/main.tf
output "public_ip" {
value = aws_eip.staging.public_ip
module "ec2" {
source = "../modules/ec2/"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will need to be changed to a github URL with a reference to a tag after this PR is merged

smokestacklightnin
smokestacklightnin commented Oct 16, 2024
View reviewed changes
web/deploy/terraform/production/main.tf
}

module "ec2" {
source = "../modules/ec2/"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will need to be changed to a github URL with a reference to a tag after this PR is merged

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@smokestacklightnin why not leave it like this? What's the advantage of referencing the source as a GitHub URL?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the ec2 config changes from stage to prod, this is how we can keep track of those changes

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You mean the module changing? I'd say let's not overcomplicate things for now and keep the reference to the local module

leej3
leej3 previously approved these changes Oct 16, 2024
View reviewed changes
Copy link
Collaborator

@leej3 leej3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. LGTM, but let's discuss with @agt24 and @marcelovilla before merging.

marcelovilla
marcelovilla suggested changes Oct 16, 2024
View reviewed changes
Copy link
Contributor

@marcelovilla marcelovilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@smokestacklightnin this looks good but we need to make some minor adjustements before merging it:

  1. Uncomment elastic IP resource and output blocks
  2. Use pre-existing key pair for both instances

I suggest we merge the PR after having deployed the infrastructure on the NIH AWS account

@marcelovilla marcelovilla mentioned this pull request Oct 16, 2024
Open
@leej3 leej3 mentioned this pull request Oct 25, 2024
Closed
marcelovilla
marcelovilla approved these changes Oct 28, 2024
View reviewed changes
Copy link
Contributor

@marcelovilla marcelovilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@leej3 I'm approving this PR but I'd like for you to take a look at the non-Terraform changes that we're suggesting

@leej3 leej3 self-requested a review October 28, 2024 10:24
leej3
leej3 previously approved these changes Oct 28, 2024
View reviewed changes
Copy link
Collaborator

@leej3 leej3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Looks good to me. I can debug any remaining issues in the python code post merge. I'll most likely do that as part of my WIP PR.

Can you add an explanation for the stored state files (perhaps compared to just storing them ourselves somewhere.

osm/schemas/schema_helpers.py Show resolved Hide resolved
osm/__init__.py Show resolved Hide resolved
web/deploy/terraform/state/terraform.tfstate Outdated Show resolved Hide resolved
@leej3 leej3 merged commit 3a65859 into nimh-dsst:main Oct 29, 2024
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcelovilla marcelovilla marcelovilla approved these changes

@leej3 leej3 leej3 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@smokestacklightnin @leej3 @marcelovilla