Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert terraform resources aws version 3.37.0 implementation #972

5 changes: 3 additions & 2 deletions infrastructure/api-configuration/environment.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,9 @@ DATABASE_PORT=${database_port}
DATABASE_USER=${database_user}
DATABASE_NAME=${database_name}
DATABASE_PASSWORD=${database_password}
AWS_BATCH_JOB_QUEUE_NAME=${aws_batch_job_queue_name}
AWS_BATCH_JOB_DEFINITION_NAME=${aws_batch_job_definition_name}
# TODO: enable batch
# AWS_BATCH_JOB_QUEUE_NAME
# AWS_BATCH_JOB_DEFINITION_NAME
AWS_REGION=${aws_region}
AWS_S3_BUCKET_NAME=${aws_s3_bucket_name}
SENTRY_DSN=${sentry_dsn}
Expand Down
4 changes: 3 additions & 1 deletion infrastructure/api.tf
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,9 @@ resource "aws_instance" "api_server_1" {
database_host = aws_db_instance.postgres_db.address
database_port = aws_db_instance.postgres_db.port
database_user = aws_db_instance.postgres_db.username
database_name = aws_db_instance.postgres_db.db_name
database_name = aws_db_instance.postgres_db.name
# TODO: enable after upgrade
# database_name = aws_db_instance.postgres_db.db_name
avrohomgottlieb marked this conversation as resolved.
Show resolved Hide resolved
database_password = var.database_password
# TODO: enable batch
# aws_batch_job_queue_name = module.batch.job_queue_name
Expand Down
4 changes: 3 additions & 1 deletion infrastructure/database.tf
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,9 @@ resource "aws_db_instance" "postgres_db" {
engine_version = "12.19"
auto_minor_version_upgrade = false
instance_class = var.database_instance_type
db_name = "scpca_portal"
name = "scpca_portal"
# TODO: replace db_name with name after upgrade
# db_name = "scpca_portal"
avrohomgottlieb marked this conversation as resolved.
Show resolved Hide resolved
port = "5432"
username = "scpcapostgresuser"
password = var.database_password
Expand Down
1 change: 1 addition & 0 deletions infrastructure/init_terraform.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ def init_terraform(env, user):
command = [
"terraform",
"init",
"-upgrade",
init_bucket,
init_key,
"-backend-config=dynamodb_table=scpca-portal-terraform-lock",
Expand Down
4 changes: 3 additions & 1 deletion infrastructure/networking.tf
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,9 @@ resource "aws_db_subnet_group" "scpca_portal" {

# Get the API a static IP address.
resource "aws_eip" "scpca_portal_api_ip" {
domain = "vpc"
vpc = true
# TODO: replace vpc with domain after upgrade
# domain = "vpc"
avrohomgottlieb marked this conversation as resolved.
Show resolved Hide resolved

tags = merge(
var.default_tags,
Expand Down
3 changes: 1 addition & 2 deletions infrastructure/provider.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "3.76.1"

version = "3.37.0"
}
}
}
Expand Down
94 changes: 56 additions & 38 deletions infrastructure/s3.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
resource "aws_s3_bucket" "scpca_portal_bucket" {
bucket = "scpca-portal-${var.user}-${var.stage}"
# TODO: remove this when upgrading aws_provider version
acl = "private"
force_destroy = var.stage == "prod" ? false : true

tags = merge(
Expand All @@ -11,19 +13,21 @@ resource "aws_s3_bucket" "scpca_portal_bucket" {
)
}

resource "aws_s3_bucket_ownership_controls" "scpca_portal_bucket" {
bucket = aws_s3_bucket.scpca_portal_bucket.id
rule {
object_ownership = "BucketOwnerPreferred"
}
}

resource "aws_s3_bucket_acl" "scpca_portal_bucket" {
depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_bucket]
# TODO: enable after upgrade
# resource "aws_s3_bucket_ownership_controls" "scpca_portal_bucket" {
avrohomgottlieb marked this conversation as resolved.
Show resolved Hide resolved
# bucket = aws_s3_bucket.scpca_portal_bucket.id
# rule {
# object_ownership = "BucketOwnerPreferred"
# }
#}

bucket = aws_s3_bucket.scpca_portal_bucket.id
acl = "private"
}
# TODO: enable after upgrade
# resource "aws_s3_bucket_acl" "scpca_portal_bucket" {
avrohomgottlieb marked this conversation as resolved.
Show resolved Hide resolved
# depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_bucket]
#
# bucket = aws_s3_bucket.scpca_portal_bucket.id
# acl = "private"
#}

resource "aws_s3_bucket_public_access_block" "scpca_portal_bucket" {
bucket = aws_s3_bucket.scpca_portal_bucket.id
Expand All @@ -34,8 +38,22 @@ resource "aws_s3_bucket_public_access_block" "scpca_portal_bucket" {

resource "aws_s3_bucket" "scpca_portal_cert_bucket" {
bucket = "scpca-portal-cert-${var.user}-${var.stage}"
# TODO: remove this when upgrading aws_provider version
acl = "private"
force_destroy = var.stage == "prod" ? false : true

# TODO: remove lifecycle rule when we upgrade aws_provider version
lifecycle_rule {
id = "auto-delete-after-30-days-${var.user}-${var.stage}"
prefix = ""
enabled = true
abort_incomplete_multipart_upload_days = 1

expiration {
days = 30
}
}

tags = merge(
var.default_tags,
{
Expand All @@ -45,34 +63,34 @@ resource "aws_s3_bucket" "scpca_portal_cert_bucket" {
)
}

resource "aws_s3_bucket_ownership_controls" "scpca_portal_cert_bucket" {
bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
rule {
object_ownership = "BucketOwnerPreferred"
}
}

resource "aws_s3_bucket_acl" "scpca_portal_cert_bucket" {
depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_cert_bucket]
bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
acl = "private"
}

resource "aws_s3_bucket_lifecycle_configuration" "scpca_portal_cert_bucket" {
bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
rule {
id = "auto-delete-after-30-days-${var.user}-${var.stage}"
status = "Enabled"
abort_incomplete_multipart_upload {
days_after_initiation = 1
}
# TODO: enable after upgrade
# resource "aws_s3_bucket_ownership_controls" "scpca_portal_cert_bucket" {
avrohomgottlieb marked this conversation as resolved.
Show resolved Hide resolved
# bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
# rule {
# object_ownership = "BucketOwnerPreferred"
# }
#}

expiration {
days = 30
}
}
# resource "aws_s3_bucket_acl" "scpca_portal_cert_bucket" {
# depends_on = [aws_s3_bucket_ownership_controls.scpca_portal_cert_bucket]
# bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
# acl = "private"
#}

}
# resource "aws_s3_bucket_lifecycle_configuration" "scpca_portal_cert_bucket" {
# bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
# rule {
# id = "auto-delete-after-30-days-${var.user}-${var.stage}"
# status = "Enabled"
# abort_incomplete_multipart_upload {
# days_after_initiation = 1
# }
#
# expiration {
# days = 30
# }
# }
#}

resource "aws_s3_bucket_public_access_block" "scpca_portal_cert_bucket" {
bucket = aws_s3_bucket.scpca_portal_cert_bucket.id
Expand Down
4 changes: 3 additions & 1 deletion infrastructure/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,9 @@ variable "ssh_public_key" {
output "environment_variables" {
value = [
{name = "DATABASE_NAME"
value = aws_db_instance.postgres_db.db_name},
value = aws_db_instance.postgres_db.name},
# TODO: replace db_name with name after upgrade
# value = aws_db_instance.postgres_db.db_name},
avrohomgottlieb marked this conversation as resolved.
Show resolved Hide resolved
{name = "DATABASE_HOST"
value = aws_db_instance.postgres_db.address},
{name = "DATABASE_USER"
Expand Down
Loading