Merge pull request #260 from silinternational/task-module

Release 12.9.0 -- simplify scheduled tasks
silinternational · Sep 12, 2024 · c491e39 · c491e39
2 parents 7cf16b5 + f42c57d
commit c491e39
Show file tree

Hide file tree

Showing 24 changed files with 103 additions and 393 deletions.
diff --git a/terraform/000-core/main.tf b/terraform/000-core/main.tf
@@ -2,7 +2,7 @@
  * Create ECS cluster
  */
 module "ecscluster" {
-  source       = "github.com/silinternational/terraform-modules//aws/ecs/cluster?ref=8.7.0"
+  source       = "github.com/silinternational/terraform-modules//aws/ecs/cluster?ref=8.13.1"
   cluster_name = var.cluster_name
 }
 

diff --git a/terraform/000-core/versions.tf b/terraform/000-core/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = ">= 4.0.0, < 6.0.0"
     }
     cloudflare = {
       source  = "cloudflare/cloudflare"

diff --git a/terraform/010-cluster/main.tf b/terraform/010-cluster/main.tf
@@ -2,7 +2,9 @@
  * Create VPC
  */
 module "vpc" {
-  source                                          = "github.com/silinternational/terraform-modules//aws/vpc?ref=8.7.0"
+  source  = "silinternational/vpc/aws"
+  version = "~> 1.0"
+
   app_name                                        = var.app_name
   app_env                                         = var.app_env
   aws_zones                                       = var.aws_zones
@@ -20,7 +22,7 @@ module "vpc" {
  * Security group to limit traffic to Cloudflare IPs
  */
 module "cloudflare-sg" {
-  source = "github.com/silinternational/terraform-modules//aws/cloudflare-sg?ref=8.7.0"
+  source = "github.com/silinternational/terraform-modules//aws/cloudflare-sg?ref=8.13.1"
   vpc_id = module.vpc.id
 }
 
@@ -41,7 +43,7 @@ data "aws_ami" "ecs_ami" {
  * Create auto-scaling group
  */
 module "asg" {
-  source                  = "github.com/silinternational/terraform-modules//aws/asg?ref=8.7.0"
+  source                  = "github.com/silinternational/terraform-modules//aws/asg?ref=8.13.1"
   app_name                = var.app_name
   app_env                 = var.app_env
   aws_instance            = var.aws_instance
@@ -65,7 +67,9 @@ data "aws_acm_certificate" "wildcard" {
  * Create application load balancer for public access
  */
 module "alb" {
-  source          = "github.com/silinternational/terraform-modules//aws/alb?ref=8.7.0"
+  source  = "silinternational/alb/aws"
+  version = "~> 1.0"
+
   app_name        = var.app_name
   app_env         = var.app_env
   internal        = "false"
@@ -79,7 +83,7 @@ module "alb" {
  * Create application load balancer for internal use
  */
 module "internal_alb" {
-  source          = "github.com/silinternational/terraform-modules//aws/alb?ref=8.7.0"
+  source          = "github.com/silinternational/terraform-modules//aws/alb?ref=8.13.1"
   alb_name        = "alb-${var.app_name}-${var.app_env}-int"
   app_name        = var.app_name
   app_env         = var.app_env
@@ -111,7 +115,7 @@ module "ecs-service-cloudwatch-dashboard" {
   count = var.create_dashboard ? 1 : 0
 
   source  = "silinternational/ecs-service-cloudwatch-dashboard/aws"
-  version = "~> 3.0.1"
+  version = "~> 3.1"
 
   cluster_name   = var.ecs_cluster_name
   dashboard_name = "${var.app_name}-${var.app_env}-${data.aws_region.current.name}"

diff --git a/terraform/010-cluster/versions.tf b/terraform/010-cluster/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = ">= 4.0.0, < 6.0.0"
     }
   }
 }
diff --git a/terraform/020-database/main.tf b/terraform/020-database/main.tf
@@ -8,7 +8,7 @@ resource "random_id" "db_root_pass" {
 }
 
 module "rds" {
-  source                  = "github.com/silinternational/terraform-modules//aws/rds/mariadb?ref=8.8.0"
+  source                  = "github.com/silinternational/terraform-modules//aws/rds/mariadb?ref=8.13.1"
   app_name                = var.app_name
   app_env                 = var.app_env
   db_name                 = var.db_name

diff --git a/terraform/020-database/versions.tf b/terraform/020-database/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = ">= 4.0.0, < 6.0.0"
     }
     random = {
       source  = "hashicorp/random"

diff --git a/terraform/022-ecr/main.tf b/terraform/022-ecr/main.tf
@@ -2,7 +2,7 @@
  * id-broker
  */
 module "ecr_idbroker" {
-  source                = "github.com/silinternational/terraform-modules//aws/ecr?ref=8.7.0"
+  source                = "github.com/silinternational/terraform-modules//aws/ecr?ref=8.13.1"
   repo_name             = "${var.idp_name}/id-broker"
   ecsInstanceRole_arn   = var.ecsInstanceRole_arn
   ecsServiceRole_arn    = var.ecsServiceRole_arn
@@ -15,7 +15,7 @@ module "ecr_idbroker" {
  * pw-api
  */
 module "ecr_pwapi" {
-  source                = "github.com/silinternational/terraform-modules//aws/ecr?ref=8.7.0"
+  source                = "github.com/silinternational/terraform-modules//aws/ecr?ref=8.13.1"
   repo_name             = "${var.idp_name}/pw-api"
   ecsInstanceRole_arn   = var.ecsInstanceRole_arn
   ecsServiceRole_arn    = var.ecsServiceRole_arn
@@ -28,7 +28,7 @@ module "ecr_pwapi" {
  * simplesamlphp
  */
 module "ecr_simplesamlphp" {
-  source                = "github.com/silinternational/terraform-modules//aws/ecr?ref=8.7.0"
+  source                = "github.com/silinternational/terraform-modules//aws/ecr?ref=8.13.1"
   repo_name             = "${var.idp_name}/simplesamlphp"
   ecsInstanceRole_arn   = var.ecsInstanceRole_arn
   ecsServiceRole_arn    = var.ecsServiceRole_arn
@@ -41,7 +41,7 @@ module "ecr_simplesamlphp" {
  * id-sync
  */
 module "ecr_idsync" {
-  source                = "github.com/silinternational/terraform-modules//aws/ecr?ref=8.7.0"
+  source                = "github.com/silinternational/terraform-modules//aws/ecr?ref=8.13.1"
   repo_name             = "${var.idp_name}/id-sync"
   ecsInstanceRole_arn   = var.ecsInstanceRole_arn
   ecsServiceRole_arn    = var.ecsServiceRole_arn

diff --git a/terraform/022-ecr/versions.tf b/terraform/022-ecr/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = ">= 4.0.0, < 6.0.0"
     }
   }
 }
diff --git a/terraform/030-phpmyadmin/main.tf b/terraform/030-phpmyadmin/main.tf
@@ -1,6 +1,6 @@
 module "phpmyadmin" {
   source                 = "silinternational/phpmyadmin/aws"
-  version                = "~> 1.1.3"
+  version                = "~> 1.2"
   app_name               = "${var.idp_name}-${var.app_name}"
   app_env                = var.app_env
   vpc_id                 = var.vpc_id

diff --git a/terraform/030-phpmyadmin/versions.tf b/terraform/030-phpmyadmin/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = ">= 4.0.0, < 6.0.0"
     }
     cloudflare = {
       source  = "cloudflare/cloudflare"

diff --git a/terraform/031-email-service/main.tf b/terraform/031-email-service/main.tf
@@ -143,7 +143,7 @@ locals {
 }
 
 module "ecsservice_api" {
-  source             = "github.com/silinternational/terraform-modules//aws/ecs/service-only?ref=8.7.0"
+  source             = "github.com/silinternational/terraform-modules//aws/ecs/service-only?ref=8.13.1"
   cluster_id         = var.ecs_cluster_id
   service_name       = "${var.idp_name}-${var.app_name}-api"
   service_env        = var.app_env
@@ -188,7 +188,7 @@ locals {
 }
 
 module "ecsservice_cron" {
-  source             = "github.com/silinternational/terraform-modules//aws/ecs/service-no-alb?ref=8.7.0"
+  source             = "github.com/silinternational/terraform-modules//aws/ecs/service-no-alb?ref=8.13.1"
   cluster_id         = var.ecs_cluster_id
   service_name       = "${var.idp_name}-${var.app_name}-cron"
   service_env        = var.app_env

diff --git a/terraform/031-email-service/versions.tf b/terraform/031-email-service/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = ">= 4.0.0, < 6.0.0"
     }
     cloudflare = {
       source  = "cloudflare/cloudflare"

diff --git a/terraform/032-db-backup/main.tf b/terraform/032-db-backup/main.tf
@@ -113,50 +113,19 @@ locals {
   })
 }
 
-/*
- * Create role for scheduled running of cron task definitions.
- */
-resource "aws_iam_role" "ecs_events" {
-  name = "ecs_events-${var.idp_name}-${var.app_name}-${var.app_env}"
-
-  assume_role_policy = jsonencode(
-    {
-      Version = "2012-10-17"
-      Statement = [
-        {
-          Sid    = ""
-          Effect = "Allow"
-          Principal = {
-            Service = "events.amazonaws.com"
-          },
-          Action = "sts:AssumeRole"
-        },
-      ]
-    }
-  )
-}
-
-resource "aws_iam_role_policy" "ecs_events_run_task_with_any_role" {
-  name = "ecs_events_run_task_with_any_role"
-  role = aws_iam_role.ecs_events.id
-
-  policy = jsonencode(
-    {
-      Version = "2012-10-17"
-      Statement = [
-        {
-          Effect   = "Allow"
-          Action   = "iam:PassRole"
-          Resource = "*"
-        },
-        {
-          Effect   = "Allow"
-          Action   = "ecs:RunTask"
-          Resource = "${aws_ecs_task_definition.cron_td.arn_without_revision}:*"
-        },
-      ]
-    }
-  )
+module "backup_task" {
+  source  = "silinternational/scheduled-ecs-task/aws"
+  version = "0.1.0"
+
+  name                   = "${var.idp_name}-${var.app_name}-${var.app_env}"
+  event_rule_description = "Start scheduled backup"
+  event_schedule         = local.event_schedule
+  ecs_cluster_arn        = var.ecs_cluster_id
+  task_definition_arn    = aws_ecs_task_definition.cron_td.arn
+  tags = {
+    app_name = var.app_name
+    app_env  = var.app_env
+  }
 }
 
 /*
@@ -172,42 +141,14 @@ locals {
   event_schedule = var.cron_schedule != "" ? var.cron_schedule : var.event_schedule
 }
 
-/*
- * CloudWatch configuration to start scheduled backup.
- */
-resource "aws_cloudwatch_event_rule" "event_rule" {
-  name        = "${var.idp_name}-${var.app_name}-${var.app_env}"
-  description = "Start scheduled backup"
-
-  schedule_expression = local.event_schedule
-
-  tags = {
-    app_name = var.app_name
-    app_env  = var.app_env
-  }
-}
-
-resource "aws_cloudwatch_event_target" "backup_event_target" {
-  target_id = "${var.idp_name}-${var.app_name}-${var.app_env}"
-  rule      = aws_cloudwatch_event_rule.event_rule.name
-  arn       = var.ecs_cluster_id
-  role_arn  = aws_iam_role.ecs_events.arn
-
-  ecs_target {
-    task_count          = 1
-    launch_type         = "EC2"
-    task_definition_arn = aws_ecs_task_definition.cron_td.arn
-  }
-}
-
 /*
  * AWS backup
  */
 module "aws_backup" {
   count = var.enable_aws_backup ? 1 : 0
 
   source  = "silinternational/backup/aws"
-  version = "0.2.0"
+  version = "~> 0.2.0"
 
   app_name               = var.idp_name
   app_env                = var.app_env

diff --git a/terraform/032-db-backup/versions.tf b/terraform/032-db-backup/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.0"
+      version = ">= 4.0.0, < 6.0.0"
     }
   }
 }