Page MenuHomePhabricator

[terraform] initial ecs setup for keyserver primary
ClosedPublic

Authored by will on Jun 20 2024, 8:30 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Dec 24, 2:37 AM
Unknown Object (File)
Tue, Dec 24, 2:37 AM
Unknown Object (File)
Tue, Dec 24, 2:37 AM
Unknown Object (File)
Tue, Dec 24, 2:37 AM
Unknown Object (File)
Tue, Dec 24, 2:37 AM
Unknown Object (File)
Tue, Dec 24, 2:36 AM
Unknown Object (File)
Mon, Dec 23, 7:51 AM
Unknown Object (File)
Mon, Dec 2, 2:15 PM
Subscribers

Details

Summary

Drafting this for some initial feedback. This sets up ecs cluster with primary keyserver task def

Depends on D12475

Test Plan

Successfully running the the keyserver task in a docker container

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

will held this revision as a draft.
services/terraform/self-host/aws_ecs.tf
10–12 ↗(On Diff #41590)

Is service connect needed in self-host? Are nodes going to talk to each other?

services/terraform/self-host/aws_iam.tf
48–58 ↗(On Diff #41590)

I'd use jsonencode() - see examples in aws_iam.tf e.g. for resource "aws_iam_role" "ecs_task_execution".

Just see you used it right below

services/terraform/self-host/keyserver_primary.tf
3 ↗(On Diff #41590)

You're going to change this later to comm repo?

70–76 ↗(On Diff #41590)

can we use jsonencode()?

services/terraform/self-host/aws_ecs.tf
10–12 ↗(On Diff #41590)

That's a good question. I don't think so. I'll remove for now and add back in a separate diff if it comes up

services/terraform/self-host/keyserver_primary.tf
3 ↗(On Diff #41590)

Yep! Before landing the stack, I'll test and push the primary and secondary images on the commapp repo

will published this revision for review.Jun 24 2024, 6:42 PM
will added inline comments.
services/terraform/self-host/aws_iam.tf
48–58 ↗(On Diff #41590)

Will include in next rebase

services/terraform/self-host/keyserver_primary.tf
70–76 ↗(On Diff #41590)

Will include in next rebase

Accepting but please address feedback before landing

This revision is now accepted and ready to land.Jun 26 2024, 2:22 AM

configure user credentials as json object variable instead of individual string variables