fix inputs to be compatible with aspen (#20)

Makefile

@@ -13,7 +13,7 @@ init-tf:
 deploy: init-tf
 	@if [[ $(DEPLOYMENT_ENVIRONMENT) == staging && $$(git symbolic-ref --short HEAD) != staging ]]; then echo Please deploy staging from the staging branch; exit 1; fi
 	@if [[ $(DEPLOYMENT_ENVIRONMENT) == prod && $$(git symbolic-ref --short HEAD) != prod ]]; then echo Please deploy prod from the prod branch; exit 1; fi
-	TF_VAR_APP_NAME=$(APP_NAME) TF_VAR_DEPLOYMENT_ENVIRONMENT=$(DEPLOYMENT_ENVIRONMENT) TF_VAR_OWNER=$(OWNER) TF_VAR_BATCH_SSH_PUBLIC_KEY='$(BATCH_SSH_PUBLIC_KEY)' terraform apply
+	TF_VAR_APP_NAME=$(APP_NAME) TF_VAR_DEPLOYMENT_ENVIRONMENT=$(DEPLOYMENT_ENVIRONMENT) TF_VAR_BATCH_SSH_PUBLIC_KEY='$(BATCH_SSH_PUBLIC_KEY)' terraform apply
 
 deploy-mock:
 	aws ssm put-parameter --name /mock-aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id --value ami-12345678 --type String --endpoint-url http://localhost:9000

environment

@@ -25,7 +25,6 @@ TF_CLI_ARGS_init="--backend-config ${APP_HOME}/${TF_DATA_DIR}/aws_config.json"
 # See https://github.com/terraform-providers/terraform-provider-aws/issues/1184
 AWS_SDK_LOAD_CONFIG=1
 
-OWNER=akislyuk@chanzuckerberg.com
 TF_S3_BUCKET=tfstate-$AWS_ACCOUNT_ID
 BATCH_SSH_PUBLIC_KEY="$(cat ~/.ssh/${APP_NAME}-${DEPLOYMENT_ENVIRONMENT}.pub)"
 set +a

environment.test

@@ -14,6 +14,6 @@ AWS_SDK_LOAD_CONFIG=1
 
 TF_VAR_APP_NAME=$APP_NAME
 TF_VAR_DEPLOYMENT_ENVIRONMENT=$DEPLOYMENT_ENVIRONMENT
-TF_VAR_OWNER=$OWNER
 TF_VAR_BATCH_SSH_PUBLIC_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com"
+TF_VAR_batch_ec2_instance_types='["optimal"]'
 set +a

main.tf

@@ -17,7 +17,7 @@ module "batch_subnet" {
   source                 = "./terraform/modules/swipe-sfn-batch-subnet"
   app_name               = var.APP_NAME
   deployment_environment = var.DEPLOYMENT_ENVIRONMENT
-  count                  = length(var.batch_security_group_ids) == 0 || length(var.batch_subnet_ids) == 0 ? 1 : 0
+  count                  = var.vpc_id == "" || length(var.batch_subnet_ids) == 0 ? 1 : 0
 }
 
 module "batch_queue" {
@@ -26,8 +26,11 @@ module "batch_queue" {
   deployment_environment   = var.DEPLOYMENT_ENVIRONMENT
   batch_ssh_key_pair_id    = length(aws_key_pair.swipe_batch) > 0 ? aws_key_pair.swipe_batch[0].id : ""
   batch_subnet_ids         = length(module.batch_subnet) > 0 ? module.batch_subnet[0].batch_subnet_ids : var.batch_subnet_ids
-  batch_security_group_ids = length(module.batch_subnet) > 0 ? [module.batch_subnet[0].batch_security_group_id] : var.batch_security_group_ids
-  batch_ec2_instance_types = var.DEPLOYMENT_ENVIRONMENT == "test" ? ["optimal"] : ["r5d"]
+  batch_ec2_instance_types = var.batch_ec2_instance_types
+  min_vcpus                = var.min_vcpus
+  max_vcpus                = var.max_vcpus
+  spot_desired_vcpus       = var.spot_desired_vcpus
+  on_demand_desired_vcpus  = var.on_demand_desired_vcpus
 }
 
 locals {
@@ -42,7 +45,7 @@ module "sfn" {
   batch_spot_job_queue_arn = module.batch_queue.batch_spot_job_queue_arn
   batch_ec2_job_queue_arn  = module.batch_queue.batch_ec2_job_queue_arn
   additional_s3_path       = var.additional_s3_path
-  additional_policy_arn    = var.additional_policy_arn
+  job_policy_arns          = var.job_policy_arns
 }
 
 output "sfn_arn" {

terraform/modules/swipe-sfn-batch-job/main.tf

@@ -88,10 +88,10 @@ resource "aws_iam_role_policy_attachment" "swipe_batch_main_job" {
   policy_arn = aws_iam_policy.swipe_batch_main_job.arn
 }
 
-resource "aws_iam_role_policy_attachment" "swipe_batch_additional_policy" {
+resource "aws_iam_role_policy_attachment" "batch_job_policies" {
+  count      = length(var.job_policy_arns)
   role       = aws_iam_role.swipe_batch_main_job.name
-  policy_arn = var.additional_policy_arn
-  count      = var.additional_policy_arn != "" ? 1 : 0
+  policy_arn = var.job_policy_arns[count.index]
 }
 
 resource "aws_iam_role_policy_attachment" "swipe_batch_main_job_ecr_readonly" {

terraform/modules/swipe-sfn-batch-job/variables.tf

@@ -44,7 +44,8 @@ variable "additional_s3_path" {
   default = ""
 }
 
-variable "additional_policy_arn" {
-  type    = string
-  default = ""
+variable "job_policy_arns" {
+  type        = list(string)
+  description = "Policy ARNs to attach to batch jobs"
+  default     = []
 }

terraform/modules/swipe-sfn-batch-queue/main.tf

@@ -73,18 +73,27 @@ resource "aws_launch_template" "swipe_batch_main" {
   tags      = var.tags
 }
 
+resource "aws_security_group" "swipe" {
+  name   = local.app_slug
+  vpc_id = var.vpc_id
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
 # See https://github.com/hashicorp/terraform-provider-aws/pull/16819 for Batch Fargate CE support
 resource "aws_batch_compute_environment" "swipe_main" {
   for_each = {
     SPOT = {
       "cr_type" : "SPOT",
-      "min_vcpus" : 16,
-      "max_vcpus" : { "default" : 256, "staging" : 4096, "prod" : 4096 }
+      "desired_vcpus" : var.spot_desired_vcpus,
     }
     EC2 = {
       "cr_type" : "EC2",
-      "min_vcpus" : 0,
-      "max_vcpus" : { "default" : 16, "staging" : 128, "prod" : 4096 }
+      "desired_vcpus" : var.on_demand_desired_vcpus,
     }
   }
 
@@ -95,12 +104,12 @@ resource "aws_batch_compute_environment" "swipe_main" {
     instance_type      = var.batch_ec2_instance_types
     image_id           = data.aws_ssm_parameter.swipe_batch_ami.value
     ec2_key_pair       = var.batch_ssh_key_pair_id != "" ? var.batch_ssh_key_pair_id : null
-    security_group_ids = var.batch_security_group_ids
+    security_group_ids = [aws_security_group.swipe.id]
     subnets            = var.batch_subnet_ids
 
-    min_vcpus     = each.value["min_vcpus"]
-    desired_vcpus = 16
-    max_vcpus     = lookup(each.value["max_vcpus"], var.deployment_environment, each.value["max_vcpus"]["default"])
+    min_vcpus     = var.min_vcpus
+    desired_vcpus = each.value["desired_vcpus"]
+    max_vcpus     = var.max_vcpus
 
     type                = each.value["cr_type"]
     allocation_strategy = "BEST_FIT"
@@ -130,10 +139,7 @@ resource "aws_batch_compute_environment" "swipe_main" {
 }
 
 resource "aws_batch_job_queue" "swipe_main" {
-  for_each = {
-    "SPOT" : {},
-    "EC2" : {}
-  }
+  for_each = toset(["SPOT", "EC2"])
   name     = "${local.app_slug}-main-${each.key}"
   state    = "ENABLED"
   priority = 10

terraform/modules/swipe-sfn-batch-queue/variables.tf

@@ -4,18 +4,17 @@ variable "app_name" {
   default     = "swipe"
 }
 
+variable "vpc_id" {
+  type    = string
+  default = ""
+}
+
 variable "batch_ec2_instance_types" {
   description = "EC2 instance types to use for Batch EC2 compute environments"
   type        = list(string)
   default     = ["r5d.4xlarge"]
 }
 
-variable "batch_security_group_ids" {
-  description = "EC2 security group IDs for Batch EC2 compute environment container instances"
-  type        = list(string)
-  default     = []
-}
-
 variable "batch_subnet_ids" {
   description = "EC2 subnet IDs for Batch EC2 compute environment container instances"
   type        = list(string)
@@ -34,6 +33,30 @@ variable "deployment_environment" {
   default     = "dev"
 }
 
+variable "min_vcpus" {
+  type        = number
+  description = "Minimum CPUs for this cluster"
+  default     = 8
+}
+
+variable "max_vcpus" {
+  type        = number
+  description = "Maximum CPUs for this cluster"
+  default     = 16
+}
+
+variable "spot_desired_vcpus" {
+  type        = number
+  description = "Desired Spot CPUs for this cluster"
+  default     = 0
+}
+
+variable "on_demand_desired_vcpus" {
+  type        = number
+  description = "Desired on demand CPUs for this cluster"
+  default     = 0
+}
+
 variable "tags" {
   description = "Tags to apply to managed assets"
   type        = map(string)

terraform/modules/swipe-sfn-batch-subnet/main.tf

@@ -37,14 +37,3 @@ resource "aws_subnet" "swipe" {
     Name = local.app_slug
   })
 }
-
-resource "aws_security_group" "swipe" {
-  name   = local.app_slug
-  vpc_id = aws_vpc.swipe.id
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-}

terraform/modules/swipe-sfn-batch-subnet/outputs.tf

@@ -2,8 +2,3 @@ output "batch_subnet_ids" {
   description = "A list of EC2 VPC subnet IDs for the Batch EC2 compute environments"
   value       = [for subnet in aws_subnet.swipe : subnet.id]
 }
-
-output "batch_security_group_id" {
-  description = "Security group for Batch EC2 compute environments"
-  value       = aws_security_group.swipe.id
-}

terraform/modules/swipe-sfn/main.tf

@@ -38,7 +38,7 @@ module "batch_job" {
   batch_job_timeout_seconds = var.batch_job_timeout_seconds
   deployment_environment    = var.deployment_environment
   additional_s3_path        = var.additional_s3_path
-  additional_policy_arn     = var.additional_policy_arn
+  job_policy_arns           = var.job_policy_arns
   tags                      = var.tags
 }
 

terraform/modules/swipe-sfn/variables.tf

@@ -49,8 +49,8 @@ variable "additional_s3_path" {
   default     = ""
 }
 
-variable "additional_policy_arn" {
-  description = "Additional policy ARN for batch"
-  type        = string
-  default     = ""
+variable "job_policy_arns" {
+  type        = list(string)
+  description = "Policy ARNs to attach to batch jobs"
+  default     = []
 }

variables.tf

@@ -6,35 +6,60 @@ variable "DEPLOYMENT_ENVIRONMENT" {
   type = string
 }
 
-variable "OWNER" {
-  type = string
+variable "BATCH_SSH_PUBLIC_KEY" {
+  type    = string
+  default = ""
 }
 
-variable "BATCH_SSH_PUBLIC_KEY" {
+variable "vpc_id" {
   type    = string
   default = ""
 }
 
-variable "batch_security_group_ids" {
-  description = "EC2 security group IDs for Batch EC2 compute environment container instances"
+variable "batch_subnet_ids" {
+  description = "EC2 subnet IDs for Batch EC2 compute environment container instances"
   type        = list(string)
   default     = []
 }
 
-variable "batch_subnet_ids" {
-  description = "EC2 subnet IDs for Batch EC2 compute environment container instances"
+variable "job_policy_arns" {
   type        = list(string)
+  description = "Policy ARNs to attach to batch jobs"
   default     = []
 }
 
-variable "additional_s3_path" {
-  description = "additional S3 path to be granted permission for"
-  type        = string
-  default     = ""
+variable "batch_ec2_instance_types" {
+  type        = list(string)
+  description = "Instance type for Batch EC2 instances"
+  default     = ["r5d"]
+}
+
+variable "min_vcpus" {
+  type        = number
+  description = "Minimum CPUs for this cluster"
+  default     = 8
+}
+
+variable "max_vcpus" {
+  type        = number
+  description = "Maximum CPUs for this cluster"
+  default     = 16
 }
 
-variable "additional_policy_arn" {
-  description = "Additional policy ARN for batch"
+variable "spot_desired_vcpus" {
+  type        = number
+  description = "Desired Spot CPUs for this cluster"
+  default     = 0
+}
+
+variable "on_demand_desired_vcpus" {
+  type        = number
+  description = "Desired on demand CPUs for this cluster"
+  default     = 0
+}
+
+variable "additional_s3_path" {
+  description = "additional S3 path to be granted permission for"
   type        = string
   default     = ""
 }

version

@@ -1 +1 @@
-v0.0.2-beta
+v0.1.0-beta