add backend service

thunderbird · Mar 26, 2024 · edb07b3 · edb07b3
1 parent 8e5d184
commit edb07b3
Show file tree

Hide file tree

Showing 19 changed files with 371 additions and 53 deletions.
diff --git a/tofu/README.md b/tofu/README.md
@@ -1,46 +1,106 @@
 ## Tooling
+
 Code was written and tested with the following (these versions are enforced in code as minimums):
+
 - OpenTofu v1.6.2
 - Terragrunt 0.55.15
 - hashicorp/aws v5.41.0
 
 **Note:** All code should be run through Terragrunt, which will then execute the required Tofu commands
-
+
+## Modules
+
+### tfbackend
+
+Contains the remote state resources:
+
+- S3 bucket - state
+- DynamoDB - locks
+
+### vpc
+
+Contains the VPC and all core network resources and supporting security groups etc...including:
+
+- subnets
+- vpc endpoints
+- IGW
+- NAT gateways
+
+### backend-infra
+
+Contains the ECS cluster & Application Load Balancer for the backend & supporting resources
+
+### cache
+
+Contains the Elasticache redis cluster and supporting resources
+
+### database
+
+Contains the RDS database instance and supporting resources
+
+### frontend
+
+Contains the Cloudfront CDN distribution, frontend S3 bucket and supporting resources.  WHile the bucket contents will change with frontend code changes the infrastructure defined here will remain static
+
+### backend-service
+
+Contains the backend ECS service and task definitions.  This will be redeployed whenever the backend code is updated
+
 ## Deployment Order
 
+All infrastructure should be deployed via terragrunt commands from the appropriate 'environments' folder.  Tofu should never be executed directly from the 'modules' folders
+
+### Remote State
+
+This is deployed individually before any other stacks and generally should not change with application or infrastructure deployments
+
 1. tofu/environments/\<env>/terraform/tfbackend
    1. `cd tofu/environments/<env>/terraform/tfbackend`
    2. `terragrun init`
    3. `terragrunt validate`
    4. `terragrunt plan -out tfplan`
    5. `terragrunt apply tfplan`
-2. tofu/environments/\<env>/network/vpc
+
+### Infrastructure Stacks
+
+These should be deployed in the following order and generally will only be updated with infrastructure changes while remaining static for code changes
+
+1. tofu/environments/\<env>/network/vpc
    1. `cd tofu/environments/<env>/network/vpc`
    2. `terragrun init`
    3. `terragrunt validate`
    4. `terragrunt plan -out tfplan`
    5. `terragrunt apply tfplan`
-3. tofu/environments/\<env>/services/backend
-   1. `cd tofu/environments/<env>/services/backend`
+2. tofu/environments/\<env>/services/backend-infra
+   1. `cd tofu/environments/<env>/services/backend-infra`
    2. `terragrun init`
    3. `terragrunt validate`
    4. `terragrunt plan -out tfplan`
    5. `terragrunt apply tfplan`
-4. tofu/environments/\<env>/data-store/cache
+3. tofu/environments/\<env>/data-store/cache
    1. `cd tofu/environments/<env>/datastore/cache`
    2. `terragrun init`
    3. `terragrunt validate`
    4. `terragrunt plan -out tfplan`
    5. `terragrunt apply tfplan`
-5. tofu/environments/\<env>/data-store/database
+4. tofu/environments/\<env>/data-store/database
    1. `cd tofu/environments/<env>/data-store/database`
    2. `terragrun init`
    3. `terragrunt validate`
    4. `terragrunt plan -out tfplan`
    5. `terragrunt apply tfplan`
-6. tofu/environments/\<end>/services/frontend
+5. tofu/environments/\<end>/services/frontend
    1. `cd tofu/environments/<env>/services/frontend`
    2. `terragrun init`
    3. `terragrunt validate`
    4. `terragrunt plan -out tfplan`
    5. `terragrunt apply tfplan`
+
+### Application Stacks
+
+1. tofu/environments/\<env>/services/backend-service
+   1. `cd tofu/environments/<env>/services/backend-service`
+   2. `terragrun init`
+   3. `terragrunt validate`
+   4. `terragrunt plan -out tfplan`
+   5. `terragrunt apply tfplan`
diff --git a/tofu/environments/production/data-store/cache/terragrunt.hcl b/tofu/environments/production/data-store/cache/terragrunt.hcl
@@ -24,9 +24,9 @@ dependency "vpc" {
 }
 
 dependency "backend" {
-  config_path = "../../services/backend"
+  config_path = "../../services/backend-infra"
 
-  mock_outputs_allowed_terraform_commands = ["validate"]
+  mock_outputs_allowed_terraform_commands = ["validate", "destroy"]
   mock_outputs = {
     security_group_id = "mock_sg_id"
   }

diff --git a/tofu/environments/production/data-store/database/terragrunt.hcl b/tofu/environments/production/data-store/database/terragrunt.hcl
@@ -35,7 +35,7 @@ dependency "cache" {
 dependency "backend" {
   config_path = "../../services/backend"
 
-  mock_outputs_allowed_terraform_commands = ["validate"]
+  mock_outputs_allowed_terraform_commands = ["validate", "destroy"]
   mock_outputs = {
     security_group_id = "sg-mocksecuritygroup"
   }

diff --git a/...tion/services/backend/.terraform.lock.hcl → ...ervices/backend-infra/.terraform.lock.hcl b/...tion/services/backend/.terraform.lock.hcl → ...ervices/backend-infra/.terraform.lock.hcl
diff --git a/...roduction/services/backend/terragrunt.hcl → ...ion/services/backend-infra/terragrunt.hcl b/...roduction/services/backend/terragrunt.hcl → ...ion/services/backend-infra/terragrunt.hcl
@@ -9,7 +9,7 @@ include "environment" {
 }
 
 terraform {
-  source = "../../../../modules/services/backend"
+  source = "../../../../modules/services/backend-infra"
 }
 
 dependency "vpc" {

diff --git a/tofu/environments/production/services/frontend/terragrunt.hcl b/tofu/environments/production/services/frontend/terragrunt.hcl
@@ -15,7 +15,7 @@ terraform {
 dependency "backend" {
   config_path = "../../services/backend"
 
-  mock_outputs_allowed_terraform_commands = ["validate"]
+  mock_outputs_allowed_terraform_commands = ["validate","destroy"]
   mock_outputs = {
     id       = "mock_alb_id"
     dns_name = "mock_dns_name"

diff --git a/tofu/environments/stage/data-store/cache/terragrunt.hcl b/tofu/environments/stage/data-store/cache/terragrunt.hcl
@@ -24,9 +24,9 @@ dependency "vpc" {
 }
 
 dependency "backend" {
-  config_path = "../../services/backend"
+  config_path = "../../services/backend-infra"
 
-  mock_outputs_allowed_terraform_commands = ["validate"]
+  mock_outputs_allowed_terraform_commands = ["validate", "destroy"]
   mock_outputs = {
     security_group_id = "mock_sg_id"
   }

diff --git a/tofu/environments/stage/data-store/database/terragrunt.hcl b/tofu/environments/stage/data-store/database/terragrunt.hcl
@@ -33,9 +33,9 @@ dependency "cache" {
 }
 
 dependency "backend" {
-  config_path = "../../services/backend"
+  config_path = "../../services/backend-infra"
 
-  mock_outputs_allowed_terraform_commands = ["validate"]
+  mock_outputs_allowed_terraform_commands = ["validate", "destroy"]
   mock_outputs = {
     security_group_id = "sg-mocksecuritygroup"
   }

diff --git a/...tage/services/backend/.terraform.lock.hcl → ...ervices/backend-infra/.terraform.lock.hcl b/...tage/services/backend/.terraform.lock.hcl → ...ervices/backend-infra/.terraform.lock.hcl
diff --git a/...nts/stage/services/backend/terragrunt.hcl → ...age/services/backend-infra/terragrunt.hcl b/...nts/stage/services/backend/terragrunt.hcl → ...age/services/backend-infra/terragrunt.hcl
@@ -9,7 +9,7 @@ include "environment" {
 }
 
 terraform {
-  source = "../../../../modules/services/backend"
+  source = "../../../../modules/services/backend-infra"
 }
 
 dependency "vpc" {

diff --git a/tofu/environments/stage/services/backend-service/.terraform.lock.hcl b/tofu/environments/stage/services/backend-service/.terraform.lock.hcl
diff --git a/tofu/environments/stage/services/backend-service/terragrunt.hcl b/tofu/environments/stage/services/backend-service/terragrunt.hcl
@@ -0,0 +1,54 @@
+include "root" {
+  path   = find_in_parent_folders()
+  expose = true
+}
+
+include "env" {
+  path   = find_in_parent_folders("environment.hcl")
+  expose = true
+}
+
+terraform {
+  source = "../../../../modules/services/backend-service"
+}
+
+dependency "vpc" {
+  config_path = "../../network/vpc"
+
+  mock_outputs_allowed_terraform_commands = ["validate"]
+  mock_outputs = {
+    private_subnets = ["subnet-mocksubnet1234567"]
+  }
+}
+
+dependency "backend-infra" {
+  config_path = "../backend-infra"
+
+  mock_outputs_allowed_terraform_commands = ["validate"]
+  mock_outputs = {
+    target_group_key = "MOCK_KEY"
+    log_group        = "MOCK_LOGS"
+    ecs_cluster = "MOCK_CLUSTER_ID"
+    security_group = "MOCK_SG"
+  }
+}
+
+locals {
+  environment      = include.env.locals.environment
+  name_prefix      = "tb-${include.root.locals.short_name}-${include.env.locals.environment}"
+  region           = include.env.locals.region
+  project_tags     = include.root.locals.tags
+  environment_tags = include.env.locals.tags
+  tags             = "${merge(local.project_tags, local.environment_tags)}"
+}
+
+inputs = {
+  name_prefix      = local.name_prefix
+  region           = local.region
+  subnets          = dependency.vpc.outputs.private_subnets
+  log_group        = dependency.backend-infra.outputs.log_group
+  target_group_arn = dependency.backend-infra.outputs.target_group_arn
+  security_group = dependency.backend-infra.outputs.security_group_id
+  ecs_cluster      = dependency.backend-infra.outputs.cluster_id
+  tags             = local.tags
+}
diff --git a/tofu/environments/stage/services/frontend/terragrunt.hcl b/tofu/environments/stage/services/frontend/terragrunt.hcl
@@ -13,9 +13,9 @@ terraform {
 }
 
 dependency "backend" {
-  config_path = "../../services/backend"
+  config_path = "../../services/backend-infra"
 
-  mock_outputs_allowed_terraform_commands = ["validate"]
+  mock_outputs_allowed_terraform_commands = ["validate", "destroy"]
   mock_outputs = {
     id       = "mock_alb_id"
     dns_name = "mock_dns_name"

diff --git a/tofu/modules/services/backend/main.tf → tofu/modules/services/backend-infra/main.tf b/tofu/modules/services/backend/main.tf → tofu/modules/services/backend-infra/main.tf
@@ -9,7 +9,7 @@ data "aws_prefix_list" "s3" {
 }
 
 locals {
-  target_group_key = "${var.name_prefix}-ecs-backend"
+  target_group_key = "${var.name_prefix}-backend"
 }
 
 module "ecs_cluster" {
@@ -28,28 +28,6 @@ module "ecs_cluster" {
   tags = var.tags
 }
 
-/*resource "aws_ecs_service" "backend_service" {
-  name    = "${var.name_prefix}-backend"
-  cluster = module.ecs_cluster.id
-
-  launch_type = "FARGATE"
-
-  load_balancer {
-    target_group_arn = module.backend_alb.target_groups["${local.target_group_key}"].arn
-    container_name   = "backend"
-    container_port   = 5000
-  }
-
-  network_configuration {
-    security_groups = [aws_security_group.backend.id]
-    subnets         = var.subnets
-  }
-
-  #task_definition = "arn:aws:ecs:${var.region}:768512802988:task-definition/${var.name_prefix}-backend"
-  desired_count   = 1
-  tags            = var.tags
-}*/
-
 module "backend_alb" {
   source  = "terraform-aws-modules/alb/aws"
   version = "~> 9.0"

diff --git a/tofu/modules/services/backend-infra/outputs.tf b/tofu/modules/services/backend-infra/outputs.tf
@@ -0,0 +1,27 @@
+output "alb_id" {
+  value = module.backend_alb.id
+}
+
+output "dns_name" {
+  value = module.backend_alb.dns_name
+}
+
+output "security_group_id" {
+  value = aws_security_group.backend.id
+}
+
+output "target_group_key" {
+  value = local.target_group_key
+}
+
+output "target_group_arn" {
+  value = module.backend_alb.target_groups["${local.target_group_key}"].arn
+}
+
+output "log_group" {
+  value = module.ecs_cluster.cloudwatch_log_group_name
+}
+
+output "cluster_id" {
+  value = module.ecs_cluster.id
+}
diff --git a/tofu/modules/services/backend/variables.tf → ...dules/services/backend-infra/variables.tf b/tofu/modules/services/backend/variables.tf → ...dules/services/backend-infra/variables.tf
@@ -46,4 +46,10 @@ variable "logs_endpoint_security_group" {
 variable "database_subnet_cidrs" {
   description = "Database subnet CIDRs"
   type        = list
+}
+
+variable "backend_image" {
+  description = "Backend image ECR URI"
+  type = string
+  default = "public.ecr.aws/amazonlinux/amazonlinux:minimal"
 }