Skip to content

fix(terraform): updating terraform deployment #223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 18 commits into from
Sep 24, 2024
Merged

fix(terraform): updating terraform deployment #223

merged 18 commits into from
Sep 24, 2024

Conversation

bassrock
Copy link
Contributor

@bassrock bassrock commented Sep 24, 2024
edited
Loading

Goal

Lots of hotfixes to enable deployments similar to pocket-monorepo

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 24, 2024
edited
Loading

Plan Result (corpus-scheduler-lambda-cdk-production)

CI link

Plan: 0 to add, 1 to change, 0 to destroy.
  • Update
    • aws_lambda_function.corpus-scheduler-sqs-lambda_F2ECDF9F
Change Result (Click me) 
  # aws_lambda_function.corpus-scheduler-sqs-lambda_F2ECDF9F will be updated in-place
  ~ resource "aws_lambda_function" "corpus-scheduler-sqs-lambda_F2ECDF9F" {
        id                             = "CorpusSchedulerLambda-Prod-SQS-Function"
      ~ qualified_arn                  = "arn:aws:lambda:us-east-1:996905175585:function:CorpusSchedulerLambda-Prod-SQS-Function:153" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:996905175585:function:CorpusSchedulerLambda-Prod-SQS-Function:153/invocations" -> (known after apply)
        tags                           = {
            "app_code"       = "content"
            "component_code" = "content-corpusschedulerlambda"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "service"        = "CorpusSchedulerLambda"
        }
      ~ version                        = "153" -> (known after apply)
        # (20 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "GIT_SHA"                          = (sensitive value)
                # (7 unchanged elements hidden)
            }
        }

        # (4 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Changes to Outputs:
  + corpus-scheduler-sqs-lambda_lambda-code-deploy_lambda_codedeploy_app_706691FB   = "CorpusSchedulerLambda-Prod-SQS-Lambda"
  + corpus-scheduler-sqs-lambda_lambda-code-deploy_lambda_codedeploy_group_F15F3578 = "CorpusSchedulerLambda-Prod-SQS-Lambda"
  + corpus-scheduler-sqs-lambda_lambda_arn_39B3D17D                                 = "arn:aws:lambda:us-east-1:996905175585:function:CorpusSchedulerLambda-Prod-SQS-Function"
  + corpus-scheduler-sqs-lambda_lambda_function_name_5492C96F                       = "CorpusSchedulerLambda-Prod-SQS-Function"
  + corpus-scheduler-sqs-lambda_lambda_version_arn_51EA6331                         = "arn:aws:lambda:us-east-1:996905175585:function:CorpusSchedulerLambda-Prod-SQS-Function:DEPLOYED"

⚠️ Errors

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 24, 2024
edited
Loading

Plan Result (prospect-translation-lambda-cdk-production)

CI link

Plan: 0 to add, 1 to change, 0 to destroy.
  • Update
    • aws_lambda_function.translation-lambda_translation-sqs-lambda_B9BDF6BA
Change Result (Click me) 
  # aws_lambda_function.translation-lambda_translation-sqs-lambda_B9BDF6BA will be updated in-place
  ~ resource "aws_lambda_function" "translation-lambda_translation-sqs-lambda_B9BDF6BA" {
        id                             = "ProspectAPI-Prod-Sqs-Translation-Function"
        tags                           = {
            "app_code"       = "content"
            "component_code" = "content-prospectapi"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "service"        = "ProspectAPI-Sqs-Translation"
        }
        # (22 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "GIT_SHA"                      = (sensitive value)
                # (4 unchanged elements hidden)
            }
        }

        # (4 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Changes to Outputs:
  + translation-lambda_translation-sqs-lambda_lambda-code-deploy_lambda_codedeploy_app_469D6812   = "ProspectAPI-Prod-Sqs-Translation-Lambda"
  + translation-lambda_translation-sqs-lambda_lambda-code-deploy_lambda_codedeploy_group_4020FC6B = "ProspectAPI-Prod-Sqs-Translation-Lambda"
  + translation-lambda_translation-sqs-lambda_lambda_arn_0AF8A159                                 = "arn:aws:lambda:us-east-1:996905175585:function:ProspectAPI-Prod-Sqs-Translation-Function"
  + translation-lambda_translation-sqs-lambda_lambda_function_name_5D23CC3A                       = "ProspectAPI-Prod-Sqs-Translation-Function"
  + translation-lambda_translation-sqs-lambda_lambda_version_arn_46600E63                         = "arn:aws:lambda:us-east-1:996905175585:function:ProspectAPI-Prod-Sqs-Translation-Function:DEPLOYED"

⚠️ Errors

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 24, 2024
edited
Loading

Plan Result (curated-corpus-api-cdk-production)

CI link

⚠️ Resource Deletion will happen

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 0 to add, 0 to change, 1 to destroy.
  • Delete
    • null_resource.application_ecs_service_create-task-definition-file_6BADBAF7
Change Result (Click me) 
  # null_resource.application_ecs_service_create-task-definition-file_6BADBAF7 will be destroyed
  # (because null_resource.application_ecs_service_create-task-definition-file_6BADBAF7 is not in configuration)
  - resource "null_resource" "application_ecs_service_create-task-definition-file_6BADBAF7" {
      - id       = "444642245890521294" -> null
      - triggers = {
          - "alwaysRun" = "2024-09-24T14:55:16Z"
        } -> null
    }

Plan: 0 to add, 0 to change, 1 to destroy.

Changes to Outputs:
  + ecs-application-url    = "curated-corpus-api.readitlater.com"
  + ecs-clusterName        = "CuratedCorpusAPI-Prod"
  + ecs-codedeploy-app     = "CuratedCorpusAPI-Prod-ECS"
  + ecs-codedeploy-group   = "CuratedCorpusAPI-Prod-ECS"
  + ecs-serviceName        = "CuratedCorpusAPI-Prod"
  + ecs-task-arn           = "arn:aws:ecs:us-east-1:996905175585:task-definition/CuratedCorpusAPI-Prod:770"
  + ecs-task-containerName = "app"
  + ecs-task-containerPort = 4025
  + ecs-task-family        = "CuratedCorpusAPI-Prod"

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 24, 2024
edited
Loading

Plan Result (collection-api-cdk-production)

CI link

⚠️ Resource Deletion will happen

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 0 to add, 0 to change, 1 to destroy.
  • Delete
    • null_resource.application_ecs_service_create-task-definition-file_6BADBAF7
Change Result (Click me) 
  # null_resource.application_ecs_service_create-task-definition-file_6BADBAF7 will be destroyed
  # (because null_resource.application_ecs_service_create-task-definition-file_6BADBAF7 is not in configuration)
  - resource "null_resource" "application_ecs_service_create-task-definition-file_6BADBAF7" {
      - id       = "2822781892874217854" -> null
      - triggers = {
          - "alwaysRun" = "2024-09-24T14:54:46Z"
        } -> null
    }

Plan: 0 to add, 0 to change, 1 to destroy.

Changes to Outputs:
  + ecs-application-url    = "collection-api.readitlater.com"
  + ecs-clusterName        = "CollectionAPI-Prod"
  + ecs-codedeploy-app     = "CollectionAPI-Prod-ECS"
  + ecs-codedeploy-group   = "CollectionAPI-Prod-ECS"
  + ecs-serviceName        = "CollectionAPI-Prod"
  + ecs-task-arn           = "arn:aws:ecs:us-east-1:996905175585:task-definition/CollectionAPI-Prod:932"
  + ecs-task-containerName = "app"
  + ecs-task-containerPort = 4004
  + ecs-task-family        = "CollectionAPI-Prod"

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 24, 2024
edited
Loading

Plan Result (prospect-api-cdk-production)

CI link

⚠️ Resource Deletion will happen

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 0 to add, 3 to change, 1 to destroy.
  • Update
    • aws_dynamodb_table.dynamodb_prospects_dynamodb_table_9854E41E
    • aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6
    • aws_lambda_function.bridge-lambda_bridge-sqs-lambda_343B543A
  • Delete
    • null_resource.application_ecs_service_update-task-definition_D19A511D
Change Result (Click me) 
  # data.aws_iam_policy_document.application_ecs_service_ecs-iam_data-ecs-task-role-policy_090CC3AD will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "application_ecs_service_ecs-iam_data-ecs-task-role-policy_090CC3AD" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)
      + version       = "2012-10-17"

      + statement {
          + actions   = [
              + "dynamodb:BatchGet*",
              + "dynamodb:DescribeTable",
              + "dynamodb:Get*",
              + "dynamodb:Query",
              + "dynamodb:Scan",
              + "dynamodb:UpdateItem",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:dynamodb:us-east-1:996905175585:table/PROAPI-Prod-Prospects",
              + "arn:aws:dynamodb:us-east-1:996905175585:table/PROAPI-Prod-Prospects/*",
            ]
        }
      + statement {
          + actions   = [
              + "s3:*",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:s3:::pocket-prospectapi-prod-images",
              + "arn:aws:s3:::pocket-prospectapi-prod-images/*",
            ]
        }
      + statement {
          + actions   = [
              + "events:PutEvents",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:events:us-east-1:996905175585:event-bus/PocketEventBridge-Prod-Shared-Event-Bus",
            ]
        }
      + statement {
          + actions   = [
              + "logs:CreateLogGroup",
              + "logs:CreateLogStream",
              + "logs:DescribeLogGroups",
              + "logs:DescribeLogStreams",
              + "logs:PutLogEvents",
              + "xray:GetSamplingRules",
              + "xray:GetSamplingStatisticSummaries",
              + "xray:GetSamplingTargets",
              + "xray:PutTelemetryRecords",
              + "xray:PutTraceSegments",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
    }

  # aws_dynamodb_table.dynamodb_prospects_dynamodb_table_9854E41E will be updated in-place
  ~ resource "aws_dynamodb_table" "dynamodb_prospects_dynamodb_table_9854E41E" {
        id                          = "PROAPI-Prod-Prospects"
        name                        = "PROAPI-Prod-Prospects"
        tags                        = {
            "app_code"       = "content"
            "component_code" = "content-prospectapi"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "service"        = "ProspectAPI"
        }
        # (9 unchanged attributes hidden)

      - global_secondary_index {
          - hash_key           = "scheduledSurfaceGuid" -> null
          - name               = "scheduledSurfaceGuid-prospectType" -> null
          - non_key_attributes = [] -> null
          - projection_type    = "ALL" -> null
          - range_key          = "prospectType" -> null
          - read_capacity      = 0 -> null
          - write_capacity     = 0 -> null
        }
      + global_secondary_index {
          + hash_key           = "scheduledSurfaceGuid"
          + name               = "scheduledSurfaceGuid-prospectType"
          + non_key_attributes = []
          + projection_type    = "ALL"
          + range_key          = "prospectType"
          + read_capacity      = 5
          + write_capacity     = 5
        }

        # (5 unchanged blocks hidden)
    }

  # aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6 will be updated in-place
  ~ resource "aws_iam_policy" "application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6" {
        id               = "arn:aws:iam::996905175585:policy/ProspectAPI-Prod-TaskRolePolicy"
        name             = "ProspectAPI-Prod-TaskRolePolicy"
      ~ policy           = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "dynamodb:UpdateItem",
                          - "dynamodb:Scan",
                          - "dynamodb:Query",
                          - "dynamodb:Get*",
                          - "dynamodb:DescribeTable",
                          - "dynamodb:BatchGet*",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:dynamodb:us-east-1:996905175585:table/PROAPI-Prod-Prospects/*",
                          - "arn:aws:dynamodb:us-east-1:996905175585:table/PROAPI-Prod-Prospects",
                        ]
                    },
                  - {
                      - Action   = "s3:*"
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:s3:::pocket-prospectapi-prod-images/*",
                          - "arn:aws:s3:::pocket-prospectapi-prod-images",
                        ]
                    },
                  - {
                      - Action   = "events:PutEvents"
                      - Effect   = "Allow"
                      - Resource = "arn:aws:events:us-east-1:996905175585:event-bus/PocketEventBridge-Prod-Shared-Event-Bus"
                    },
                  - {
                      - Action   = [
                          - "xray:PutTraceSegments",
                          - "xray:PutTelemetryRecords",
                          - "xray:GetSamplingTargets",
                          - "xray:GetSamplingStatisticSummaries",
                          - "xray:GetSamplingRules",
                          - "logs:PutLogEvents",
                          - "logs:DescribeLogStreams",
                          - "logs:DescribeLogGroups",
                          - "logs:CreateLogStream",
                          - "logs:CreateLogGroup",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        tags             = {
            "app_code"       = "content"
            "component_code" = "content-prospectapi"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "service"        = "ProspectAPI"
        }
        # (5 unchanged attributes hidden)
    }

  # aws_lambda_function.bridge-lambda_bridge-sqs-lambda_343B543A will be updated in-place
  ~ resource "aws_lambda_function" "bridge-lambda_bridge-sqs-lambda_343B543A" {
        id                             = "ProspectAPI-Prod-Sqs-Bridge-Function"
      ~ qualified_arn                  = "arn:aws:lambda:us-east-1:996905175585:function:ProspectAPI-Prod-Sqs-Bridge-Function:195" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:996905175585:function:ProspectAPI-Prod-Sqs-Bridge-Function:195/invocations" -> (known after apply)
        tags                           = {
            "app_code"       = "content"
            "component_code" = "content-prospectapi"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "service"        = "ProspectAPI"
        }
      ~ version                        = "195" -> (known after apply)
        # (20 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "GIT_SHA"                  = (sensitive value)
                # (5 unchanged elements hidden)
            }
        }

        # (4 unchanged blocks hidden)
    }

  # null_resource.application_ecs_service_update-task-definition_D19A511D will be destroyed
  # (because null_resource.application_ecs_service_update-task-definition_D19A511D is not in configuration)
  - resource "null_resource" "application_ecs_service_update-task-definition_D19A511D" {
      - id       = "1296762370919987311" -> null
      - triggers = {
          - "task_arn" = "arn:aws:ecs:us-east-1:996905175585:task-definition/ProspectAPI-Prod:401"
        } -> null
    }

Plan: 0 to add, 3 to change, 1 to destroy.

Changes to Outputs:
  + bridge-lambda_bridge-sqs-lambda_lambda-code-deploy_lambda_codedeploy_app_BD948EDE   = "ProspectAPI-Prod-Sqs-Bridge-Lambda"
  + bridge-lambda_bridge-sqs-lambda_lambda-code-deploy_lambda_codedeploy_group_17D2BC30 = "ProspectAPI-Prod-Sqs-Bridge-Lambda"
  + bridge-lambda_bridge-sqs-lambda_lambda_arn_C758E72B                                 = "arn:aws:lambda:us-east-1:996905175585:function:ProspectAPI-Prod-Sqs-Bridge-Function"
  + bridge-lambda_bridge-sqs-lambda_lambda_function_name_6562A52D                       = "ProspectAPI-Prod-Sqs-Bridge-Function"
  + bridge-lambda_bridge-sqs-lambda_lambda_version_arn_E04FAFDE                         = "arn:aws:lambda:us-east-1:996905175585:function:ProspectAPI-Prod-Sqs-Bridge-Function:DEPLOYED"
  + ecs-application-url                                                                 = "prospect-api.readitlater.com"
  + ecs-clusterName                                                                     = "ProspectAPI-Prod"
  + ecs-codedeploy-app                                                                  = "ProspectAPI-Prod-ECS"
  + ecs-codedeploy-group                                                                = "ProspectAPI-Prod-ECS"
  + ecs-serviceName                                                                     = "ProspectAPI-Prod"
  + ecs-task-arn                                                                        = "arn:aws:ecs:us-east-1:996905175585:task-definition/ProspectAPI-Prod:401"
  + ecs-task-containerName                                                              = "app"
  + ecs-task-containerPort                                                              = 4026
  + ecs-task-family                                                                     = "ProspectAPI-Prod"

@github-actions github-actions bot deployed to collection-api-dev September 24, 2024 15:51 Active
@github-actions github-actions bot deployed to curated-corpus-api-dev September 24, 2024 15:51 Active
@github-actions github-actions bot deployed to prospect-api-dev September 24, 2024 15:52 Active
@github-actions github-actions bot deployed to collection-api-dev September 24, 2024 16:17 Active
@github-actions github-actions bot deployed to curated-corpus-api-dev September 24, 2024 16:17 Active
@github-actions github-actions bot deployed to prospect-api-dev September 24, 2024 16:17 Active
@github-actions github-actions bot deployed to prospect-api-dev September 24, 2024 16:32 Active
@github-actions github-actions bot deployed to collection-api-dev September 24, 2024 16:32 Active
@github-actions github-actions bot deployed to curated-corpus-api-dev September 24, 2024 18:19 Active
@github-actions github-actions bot deployed to collection-api-dev September 24, 2024 18:19 Active
@github-actions github-actions bot deployed to collection-api-dev September 24, 2024 18:29 Active
@github-actions github-actions bot deployed to prospect-api-dev September 24, 2024 18:29 Active
@github-actions github-actions bot deployed to curated-corpus-api-dev September 24, 2024 18:30 Active
@bassrock bassrock marked this pull request as ready for review September 24, 2024 18:40
@bassrock bassrock requested a review from jpetto September 24, 2024 18:40
jpetto
jpetto approved these changes Sep 24, 2024
View reviewed changes
Copy link
Contributor

@jpetto jpetto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😮‍💨 🤞

@jpetto jpetto merged commit ffae4f3 into main Sep 24, 2024
49 checks passed
@jpetto jpetto deleted the fix/deployment branch September 24, 2024 18:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpetto jpetto jpetto approved these changes

Assignees
No one assigned
Labels
collection-api-cdk-production/destroy curated-corpus-api-cdk-production/destroy prospect-api-cdk-production/destroy
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bassrock @jpetto