Merge pull request #972 from AlexsLemonade/avrohom/revert-tf-resource…

…s-aws-version-3-37-0-implementation Revert terraform resources aws version 3.37.0 implementation
AlexsLemonade · Nov 22, 2024 · bf43e39 · bf43e39
2 parents bdc5d94 + 923d24f
commit bf43e39
Show file tree

Hide file tree

Showing 8 changed files with 73 additions and 46 deletions.
diff --git a/infrastructure/api-configuration/environment.tpl b/infrastructure/api-configuration/environment.tpl
@@ -7,8 +7,9 @@ DATABASE_PORT=${database_port}
 DATABASE_USER=${database_user}
 DATABASE_NAME=${database_name}
 DATABASE_PASSWORD=${database_password}
-AWS_BATCH_JOB_QUEUE_NAME=${aws_batch_job_queue_name}
-AWS_BATCH_JOB_DEFINITION_NAME=${aws_batch_job_definition_name}
+# TODO: enable batch
+# AWS_BATCH_JOB_QUEUE_NAME
+# AWS_BATCH_JOB_DEFINITION_NAME
 AWS_REGION=${aws_region}
 AWS_S3_BUCKET_NAME=${aws_s3_bucket_name}
 SENTRY_DSN=${sentry_dsn}

diff --git a/infrastructure/api.tf b/infrastructure/api.tf
@@ -50,7 +50,9 @@ resource "aws_instance" "api_server_1" {
           database_host = aws_db_instance.postgres_db.address
           database_port = aws_db_instance.postgres_db.port
           database_user = aws_db_instance.postgres_db.username
-          database_name = aws_db_instance.postgres_db.db_name
+          database_name = aws_db_instance.postgres_db.name
+          # TODO: enable after upgrade
+          # database_name = aws_db_instance.postgres_db.db_name
           database_password = var.database_password
           # TODO: enable batch
           # aws_batch_job_queue_name = module.batch.job_queue_name

diff --git a/infrastructure/database.tf b/infrastructure/database.tf
@@ -37,7 +37,9 @@ resource "aws_db_instance" "postgres_db" {
   engine_version = "12.19"
   auto_minor_version_upgrade = false
   instance_class = var.database_instance_type
-  db_name = "scpca_portal"
+  name = "scpca_portal"
+  # TODO: replace db_name with name after upgrade
+  # db_name = "scpca_portal"
   port = "5432"
   username = "scpcapostgresuser"
   password = var.database_password

diff --git a/infrastructure/init_terraform.py b/infrastructure/init_terraform.py
@@ -15,6 +15,7 @@ def init_terraform(env, user):
         command = [
             "terraform",
             "init",
+            "-upgrade",
             init_bucket,
             init_key,
             "-backend-config=dynamodb_table=scpca-portal-terraform-lock",

diff --git a/infrastructure/networking.tf b/infrastructure/networking.tf
@@ -86,7 +86,9 @@ resource "aws_db_subnet_group" "scpca_portal" {
 
 # Get the API a static IP address.
 resource "aws_eip" "scpca_portal_api_ip" {
-  domain = "vpc"
+  vpc = true
+  # TODO: replace vpc with domain after upgrade
+  # domain = "vpc"
 
   tags = merge(
     var.default_tags,

diff --git a/infrastructure/provider.tf b/infrastructure/provider.tf
@@ -2,8 +2,7 @@ terraform {
   required_providers {
     aws = {
       source = "hashicorp/aws"
-      version = "3.76.1"
-
+      version = "3.37.0"
     }
   }
 }

diff --git a/infrastructure/s3.tf b/infrastructure/s3.tf
@@ -1,5 +1,7 @@
 resource "aws_s3_bucket" "scpca_portal_bucket" {
   bucket = "scpca-portal-${var.user}-${var.stage}"
+  # TODO: remove this when upgrading aws_provider version
+  acl = "private"
   force_destroy = var.stage == "prod" ? false : true
 
   tags = merge(
@@ -11,19 +13,21 @@ resource "aws_s3_bucket" "scpca_portal_bucket" {
   )
 }
 
-resource "aws_s3_bucket_ownership_controls" "scpca_portal_bucket" {
-  bucket = aws_s3_bucket.scpca_portal_bucket.id
-  rule {
-    object_ownership = "BucketOwnerPreferred"
-  }
-}
-
-resource "aws_s3_bucket_acl" "scpca_portal_bucket" {
-  depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_bucket]
+# TODO: enable after upgrade
+# resource "aws_s3_bucket_ownership_controls" "scpca_portal_bucket" {
+#  bucket = aws_s3_bucket.scpca_portal_bucket.id
+#  rule {
+#    object_ownership = "BucketOwnerPreferred"
+#  }
+#}
 
-  bucket = aws_s3_bucket.scpca_portal_bucket.id
-  acl = "private"
-}
+# TODO: enable after upgrade
+# resource "aws_s3_bucket_acl" "scpca_portal_bucket" {
+#  depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_bucket]
+#
+#  bucket = aws_s3_bucket.scpca_portal_bucket.id
+#  acl = "private"
+#}
 
 resource "aws_s3_bucket_public_access_block" "scpca_portal_bucket" {
   bucket = aws_s3_bucket.scpca_portal_bucket.id
@@ -34,8 +38,22 @@ resource "aws_s3_bucket_public_access_block" "scpca_portal_bucket" {
 
 resource "aws_s3_bucket" "scpca_portal_cert_bucket" {
   bucket = "scpca-portal-cert-${var.user}-${var.stage}"
+  # TODO: remove this when upgrading aws_provider version
+  acl = "private"
   force_destroy = var.stage == "prod" ? false : true
 
+  # TODO: remove lifecycle rule when we upgrade aws_provider version
+  lifecycle_rule {
+    id = "auto-delete-after-30-days-${var.user}-${var.stage}"
+    prefix = ""
+    enabled = true
+    abort_incomplete_multipart_upload_days = 1
+
+    expiration {
+      days = 30
+    }
+  }
+
   tags = merge(
     var.default_tags,
     {
@@ -45,34 +63,34 @@ resource "aws_s3_bucket" "scpca_portal_cert_bucket" {
   )
 }
 
-resource "aws_s3_bucket_ownership_controls" "scpca_portal_cert_bucket" {
-  bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
-  rule {
-    object_ownership = "BucketOwnerPreferred"
-  }
-}
-
-resource "aws_s3_bucket_acl" "scpca_portal_cert_bucket" {
-  depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_cert_bucket]
-  bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
-  acl = "private"
-}
-
-resource "aws_s3_bucket_lifecycle_configuration" "scpca_portal_cert_bucket" {
-  bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
-  rule {
-    id = "auto-delete-after-30-days-${var.user}-${var.stage}"
-    status = "Enabled"
-    abort_incomplete_multipart_upload {
-      days_after_initiation = 1
-    }
+# TODO: enable after upgrade
+# resource "aws_s3_bucket_ownership_controls" "scpca_portal_cert_bucket" {
+#   bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
+#   rule {
+#    object_ownership = "BucketOwnerPreferred"
+#  }
+#}
 
-    expiration {
-      days = 30
-    }
-  }
+# resource "aws_s3_bucket_acl" "scpca_portal_cert_bucket" {
+#  depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_cert_bucket]
+#  bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
+#  acl = "private"
+#}
 
-}
+# resource "aws_s3_bucket_lifecycle_configuration" "scpca_portal_cert_bucket" {
+#  bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
+#  rule {
+#    id = "auto-delete-after-30-days-${var.user}-${var.stage}"
+#    status = "Enabled"
+#    abort_incomplete_multipart_upload {
+#      days_after_initiation = 1
+#    }
+#
+#    expiration {
+#      days = 30
+#    }
+#  }
+#}
 
 resource "aws_s3_bucket_public_access_block" "scpca_portal_cert_bucket" {
   bucket = aws_s3_bucket.scpca_portal_cert_bucket.id

diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf
@@ -71,7 +71,9 @@ variable "ssh_public_key" {
 output "environment_variables" {
   value = [
     {name = "DATABASE_NAME"
-      value = aws_db_instance.postgres_db.db_name},
+      value = aws_db_instance.postgres_db.name},
+      # TODO: replace db_name with name after upgrade
+      # value = aws_db_instance.postgres_db.db_name},
     {name = "DATABASE_HOST"
       value = aws_db_instance.postgres_db.address},
     {name = "DATABASE_USER"