refactoring

PUGX · Dec 23, 2024 · 00d2240 · 00d2240
1 parent 7f2b5a7
commit 00d2240
Show file tree

Hide file tree

Showing 6 changed files with 91 additions and 154 deletions.
diff --git a/sys/terraform/ecs.tf b/sys/terraform/ecs.tf
@@ -8,9 +8,6 @@ resource "aws_security_group" "sgecs" {
     to_port     = 0
   }
   vpc_id = var.vpc_id
-  tags = {
-    env = var.service_name
-  }
 }
 
 resource "aws_security_group_rule" "sgecs_ingress_http" {
@@ -45,17 +42,12 @@ resource "aws_ecs_cluster" "ecscluster" {
     name  = "containerInsights"
     value = "disabled"
   }
-  tags = {
-    env = var.service_name
-  }
 }
 
 resource "aws_ecs_service" "ecsservice" {
   cluster                           = aws_ecs_cluster.ecscluster.arn
   desired_count                     = 1
   health_check_grace_period_seconds = 15
-  #   launch_type                       = "FARGATE"
-
 
   capacity_provider_strategy {
     base              = 0
@@ -80,9 +72,6 @@ resource "aws_ecs_service" "ecsservice" {
     security_groups  = [aws_security_group.sgecs.id]
     subnets          = var.subnets
   }
-  tags = {
-    env = var.service_name
-  }
 }
 
 resource "aws_ecs_task_definition" "ecstask" {
@@ -256,7 +245,4 @@ resource "aws_ecs_task_definition" "ecstask" {
   ]
   network_mode = "awsvpc"
   cpu          = "1024"
-  tags = {
-    env = var.service_name
-  }
 }
diff --git a/sys/terraform/elb.tf b/sys/terraform/elb.tf
@@ -8,9 +8,6 @@ resource "aws_security_group" "sgelb" {
     to_port     = 0
   }
   vpc_id = var.vpc_id
-  tags = {
-    env = var.service_name
-  }
 }
 
 resource "aws_security_group_rule" "sgelb_ingress_http" {
@@ -36,35 +33,18 @@ resource "aws_lb_target_group" "elbtargetgroup" {
   protocol    = "HTTP"
   vpc_id      = var.vpc_id
   target_type = "ip"
-  tags = {
-    "env" = "badge-poser"
-  }
-  tags_all = {
-    "env" = "badge-poser"
-  }
 }
 
 resource "aws_lb" "elb" {
-  name    = "${var.service_name}-elb"
-  subnets = var.subnets
-  // CF Property(SecurityGroups) = [
-  //   aws_security_group.sgelb.arn
-  // ]
-  // CF Property(tags) = {
-  //   env = var.service_name
-  // }
-  tags = {
-    "env" = "badge-poser"
-  }
-  tags_all = {
-    "env" = "badge-poser"
-  }
+  name            = "${var.service_name}-elb"
+  subnets         = var.subnets
+  security_groups = [aws_security_group.sgelb.name]
 }
 
 resource "aws_lb_listener" "elblistener80" {
   load_balancer_arn = aws_lb.elb.arn
   port              = 80
-  // CF Property(Protocol) = "HTTP"
+  protocol          = "HTTP"
   default_action {
     type = "fixed-response"
     fixed_response {

diff --git a/sys/terraform/iam.tf b/sys/terraform/iam.tf
@@ -1,55 +1,43 @@
+data "aws_iam_policy_document" "iamusergithubactions" {
+  statement {
+    sid       = "GitHubActionsDeploy"
+    effect    = "Allow"
+    actions   = ["cloudformation:CreateChangeSet", "sts:GetCallerIdentity"]
+    resources = ["arn:aws:ecr:eu-west-1:*:repository/badge-poser", "arn:aws:cloudformation:eu-west-1:*:stack/poser-ecs/6ad34900-d679-11ea-a884-0a9b71aae734"]
+  }
+  statement {
+    sid    = "GitHubActionsDeployECR"
+    effect = "Allow"
+    actions = [
+      "ecr:BatchCheckLayerAvailability",
+      "ecr:BatchGetImage",
+      "ecr:CompleteLayerUpload",
+      "ecr:DescribeImages",
+      "ecr:DescribeRepositories",
+      "ecr:GetDownloadUrlForLayer",
+      "ecr:InitiateLayerUpload",
+      "ecr:ListImages",
+      "ecr:PutImage",
+      "ecr:UploadLayerPart"
+    ]
+    resources = ["arn:aws:ecr:eu-west-1:*:repository/badge-poser"]
+  }
+  statement {
+    sid       = "GitHubActionsDeployECRToken"
+    effect    = "Allow"
+    actions   = ["ecr:GetAuthorizationToken"]
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_user_policy" "lb_ro" {
+  name   = "GitHubActionsDeploy"
+  user   = aws_iam_user.iamusergithubactions.name
+  policy = data.aws_iam_policy_document.iamusergithubactions.json
+}
+
 resource "aws_iam_user" "iamusergithubactions" {
-  // CF Property(Policies) = [
-  //   {
-  //     PolicyName = "GitHubActionsDeploy"
-  //     PolicyDocument = {
-  //       Version = "2012-10-17"
-  //       Statement = [
-  //         {
-  //           Sid = "GitHubActionsDeploy"
-  //           Effect = "Allow"
-  //           Action = [
-  //             "cloudformation:CreateChangeSet",
-  //             "sts:GetCallerIdentity"
-  //           ]
-  //           Resource = [
-  //             "arn:aws:ecr:eu-west-1:*:repository/badge-poser",
-  //             "arn:aws:cloudformation:eu-west-1:*:stack/poser-ecs/6ad34900-d679-11ea-a884-0a9b71aae734"
-  //           ]
-  //         },
-  //         {
-  //           Sid = "GitHubActionsDeployECR"
-  //           Effect = "Allow"
-  //           Action = [
-  //             "ecr:BatchCheckLayerAvailability",
-  //             "ecr:BatchGetImage",
-  //             "ecr:CompleteLayerUpload",
-  //             "ecr:DescribeImages",
-  //             "ecr:DescribeRepositories",
-  //             "ecr:GetDownloadUrlForLayer",
-  //             "ecr:InitiateLayerUpload",
-  //             "ecr:ListImages",
-  //             "ecr:PutImage",
-  //             "ecr:UploadLayerPart"
-  //           ]
-  //           Resource = "arn:aws:ecr:eu-west-1:*:repository/badge-poser"
-  //         },
-  //         {
-  //           Sid = "GitHubActionsDeployECRToken"
-  //           Effect = "Allow"
-  //           Action = [
-  //             "ecr:GetAuthorizationToken"
-  //           ]
-  //           Resource = "*"
-  //         }
-  //       ]
-  //     }
-  //   }
-  // ]
   name = "github_action_deploy"
-  tags = {
-    env = var.service_name
-  }
 }
 
 resource "aws_iam_access_key" "iamkey" {

diff --git a/sys/terraform/import.tf b/sys/terraform/import.tf
@@ -1,117 +1,104 @@
-import {
-  to = aws_cloudwatch_event_rule.eventrulecontributorsupdate
-  id = "default/app-contributors-update"
-}
-
+# ECS
 import {
   to = aws_security_group.sgecs
   id = "sg-06c2c1b1e7d48f166"
 }
-
 import {
-  to = aws_cloudwatch_log_group.cloudwatchloggroup
-  id = "badge-poser-logs"
+  to = aws_security_group_rule.sgecs_ingress_http
+  id = "sg-06c2c1b1e7d48f166_ingress_tcp_80_80_0.0.0.0/0"
+}
+import {
+  to = aws_security_group_rule.sgecs_ingress_https
+  id = "sg-06c2c1b1e7d48f166_ingress_tcp_443_443_0.0.0.0/0"
 }
-
 import {
   to = aws_ecs_cluster.ecscluster
   id = "badge-poser-cluster-prod"
 }
-
 import {
   to = aws_ecs_service.ecsservice
   id = "badge-poser-cluster-prod/badge-poser"
 }
-
 import {
   to = aws_ecs_task_definition.ecstask
   id = "arn:aws:ecs:eu-west-1:478389220392:task-definition/badge-poser:138"
 }
 
+# ELB
 import {
   to = aws_security_group.sgelb
   id = "sg-039400b411ff60301"
 }
-
 import {
-  to = aws_iam_user.iamusergithubactions
-  id = "github_action_deploy"
+  to = aws_security_group_rule.sgelb_ingress_http
+  id = "sg-039400b411ff60301_ingress_tcp_80_80_0.0.0.0/0"
 }
-
 import {
-  to = aws_iam_access_key.iamkey
-  id = ""
+  to = aws_security_group_rule.sgelb_ingress_https
+  id = "sg-039400b411ff60301_ingress_tcp_443_443_0.0.0.0/0"
 }
-
 import {
-  to = aws_security_group.sgredis
-  id = "sg-09ad9402145d8eb17"
+  to = aws_lb_target_group.elbtargetgroup
+  id = "arn:aws:elasticloadbalancing:eu-west-1:478389220392:targetgroup/badegposer/d24c3e0c7d0276d3"
 }
-
 import {
-  to = aws_elasticache_cluster.rediscluster
-  id = "poser-stats"
+  to = aws_lb.elb
+  id = "arn:aws:elasticloadbalancing:eu-west-1:478389220392:loadbalancer/app/badge-poser-elb/81d698b74f86c6b9"
 }
-
 import {
-  to = aws_elasticache_subnet_group.redissubnet
-  id = "poser-subnet"
+  to = aws_lb_listener.elblistener80
+  id = "arn:aws:elasticloadbalancing:eu-west-1:478389220392:listener/app/badge-poser-elb/81d698b74f86c6b9/cff7a4a219047f82"
 }
-
 import {
-  to = aws_lb_target_group.elbtargetgroup
-  id = "arn:aws:elasticloadbalancing:eu-west-1:478389220392:targetgroup/badegposer/d24c3e0c7d0276d3"
+  to = aws_lb_listener.elblistener443
+  id = "arn:aws:elasticloadbalancing:eu-west-1:478389220392:listener/app/badge-poser-elb/81d698b74f86c6b9/fc943ccbe12b086f"
 }
-
 import {
-  to = aws_security_group_rule.sgelb_ingress_http
-  id = "sg-039400b411ff60301_ingress_tcp_80_80_0.0.0.0/0"
+  to = aws_lb_listener_rule.elblistenerrule80
+  id = "arn:aws:elasticloadbalancing:eu-west-1:478389220392:listener-rule/app/badge-poser-elb/81d698b74f86c6b9/cff7a4a219047f82/23a572ed933cc547"
 }
-
 import {
-  to = aws_security_group_rule.sgelb_ingress_https
-  id = "sg-039400b411ff60301_ingress_tcp_443_443_0.0.0.0/0"
+  to = aws_lb_listener_rule.elblistenerrule443
+  id = "arn:aws:elasticloadbalancing:eu-west-1:478389220392:listener-rule/app/badge-poser-elb/81d698b74f86c6b9/fc943ccbe12b086f/57de0169e306c96e"
 }
 
+# REDIS
+import {
+  to = aws_security_group.sgredis
+  id = "sg-09ad9402145d8eb17"
+}
 import {
   to = aws_security_group_rule.sgredis_ingress_redis
   id = "sg-09ad9402145d8eb17_ingress_tcp_6379_6379_0.0.0.0/0"
 }
-
 import {
-  to = aws_security_group_rule.sgecs_ingress_http
-  id = "sg-06c2c1b1e7d48f166_ingress_tcp_80_80_0.0.0.0/0"
+  to = aws_elasticache_cluster.rediscluster
+  id = "poser-stats"
 }
-
 import {
-  to = aws_security_group_rule.sgecs_ingress_https
-  id = "sg-06c2c1b1e7d48f166_ingress_tcp_443_443_0.0.0.0/0"
+  to = aws_elasticache_subnet_group.redissubnet
+  id = "poser-subnet"
 }
 
-
+# LOGS
 import {
-  to = aws_lb.elb
-  id = "arn:aws:elasticloadbalancing:eu-west-1:478389220392:loadbalancer/app/badge-poser-elb/81d698b74f86c6b9"
+  to = aws_cloudwatch_log_group.cloudwatchloggroup
+  id = "badge-poser-logs"
 }
 
-import {
-  to = aws_lb_listener.elblistener80
-  id = "arn:aws:elasticloadbalancing:eu-west-1:478389220392:listener/app/badge-poser-elb/81d698b74f86c6b9/cff7a4a219047f82"
-}
 
+# CRONJOBS
 import {
-  to = aws_lb_listener.elblistener443
-  id = "arn:aws:elasticloadbalancing:eu-west-1:478389220392:listener/app/badge-poser-elb/81d698b74f86c6b9/fc943ccbe12b086f"
+  to = aws_cloudwatch_event_rule.eventrulecontributorsupdate
+  id = "default/app-contributors-update"
 }
 
-
+# IAM
 import {
-  to = aws_lb_listener_rule.elblistenerrule80
-  id = "arn:aws:elasticloadbalancing:eu-west-1:478389220392:listener-rule/app/badge-poser-elb/81d698b74f86c6b9/cff7a4a219047f82/23a572ed933cc547"
+  to = aws_iam_user.iamusergithubactions
+  id = "github_action_deploy"
 }
-
-
 import {
-  to = aws_lb_listener_rule.elblistenerrule443
-  id = "arn:aws:elasticloadbalancing:eu-west-1:478389220392:listener-rule/app/badge-poser-elb/81d698b74f86c6b9/fc943ccbe12b086f/57de0169e306c96e"
+  to = aws_iam_user_policy.lb_ro
+  id = "github_action_deploy:GitHubActionsDeploy"
 }
diff --git a/sys/terraform/main.tf b/sys/terraform/main.tf
@@ -21,4 +21,9 @@ terraform {
 
 provider "aws" {
   profile = "poser"
+  default_tags {
+    tags = {
+      "env" = var.service_name
+    }
+  }
 }
diff --git a/sys/terraform/redis.tf b/sys/terraform/redis.tf
@@ -8,9 +8,6 @@ resource "aws_security_group" "sgredis" {
     to_port     = 0
   }
   vpc_id = var.vpc_id
-  tags = {
-    env = var.service_name
-  }
 }
 
 resource "aws_security_group_rule" "sgredis_ingress_redis" {
@@ -32,12 +29,6 @@ resource "aws_elasticache_cluster" "rediscluster" {
   security_group_ids         = [aws_security_group.sgredis.id]
   snapshot_retention_limit   = 1
   transit_encryption_enabled = false
-  tags = {
-    "env" = "badge-poser"
-  }
-  tags_all = {
-    "env" = "badge-poser"
-  }
 }
 
 resource "aws_elasticache_subnet_group" "redissubnet" {