diff --git a/services/terraform/self-host/landing.tf b/services/terraform/self-host/landing.tf --- a/services/terraform/self-host/landing.tf +++ b/services/terraform/self-host/landing.tf @@ -12,178 +12,21 @@ "COMM_NODE_ROLE" = "landing", "COMM_JSONCONFIG_facts_run_server_config" = local.landing_run_server_config }) - - landing_environment = [ - for name, value in local.landing_environment_vars : { - name = name - value = value - } - ] -} - -resource "aws_cloudwatch_log_group" "landing_service" { - name = "/ecs/landing-task-def" - retention_in_days = 7 -} - -resource "aws_ecs_task_definition" "landing_service" { - network_mode = "awsvpc" - family = "landing-task-def" - requires_compatibilities = ["FARGATE"] - task_role_arn = aws_iam_role.ecs_task_role.arn - execution_role_arn = aws_iam_role.ecs_task_execution.arn - cpu = "2048" - memory = "4096" - - ephemeral_storage { - size_in_gib = 40 - } - - container_definitions = jsonencode([ - { - name = local.landing_container_name - image = local.keyserver_service_server_image - essential = true - portMappings = [ - { - name = "landing-port" - containerPort = 3000 - hostPort = 3000, - protocol = "tcp" - }, - - ] - environment = local.landing_environment - logConfiguration = { - "logDriver" = "awslogs" - "options" = { - "awslogs-create-group" = "true" - "awslogs-group" = aws_cloudwatch_log_group.landing_service.name - "awslogs-stream-prefix" = "ecs" - "awslogs-region" = "${var.region}" - } - } - linuxParameters = { - initProcessEnabled = true - } - } - ]) - - runtime_platform { - cpu_architecture = "ARM64" - operating_system_family = "LINUX" - } - - skip_destroy = false -} - -resource "aws_ecs_service" "landing_service" { - depends_on = [null_resource.create_comm_database] - - name = "landing-service" - cluster = aws_ecs_cluster.keyserver_cluster.id - task_definition = aws_ecs_task_definition.landing_service.arn - launch_type = "FARGATE" - enable_execute_command = true - enable_ecs_managed_tags = true - force_new_deployment = true - desired_count = 2 - deployment_maximum_percent = 200 - deployment_minimum_healthy_percent = 100 - - - network_configuration { - subnets = local.vpc_subnets - security_groups = [aws_security_group.keyserver_service.id] - assign_public_ip = true - } - - load_balancer { - target_group_arn = aws_lb_target_group.landing_service.arn - container_name = local.landing_container_name - container_port = 3000 - } - - deployment_circuit_breaker { - enable = true - rollback = true - } -} - -resource "aws_lb_target_group" "landing_service" { - name = "landing-service-ecs-tg" - port = 3000 - protocol = "HTTP" - vpc_id = local.vpc_id - - # "awsvpc" network mode requires target type set to ip - target_type = "ip" - - stickiness { - type = "lb_cookie" - cookie_duration = 86500 - enabled = true - } - - health_check { - enabled = true - healthy_threshold = 2 - unhealthy_threshold = 3 - - protocol = "HTTP" - path = "/health" - matcher = "200-299" - } -} - -resource "aws_lb" "landing_service" { - load_balancer_type = "application" - name = "landing-service-lb" - security_groups = [aws_security_group.landing_lb_sg.id] - - internal = false - subnets = local.vpc_subnets -} - -resource "aws_lb_listener" "landing_service" { - load_balancer_arn = aws_lb.landing_service.arn - port = "443" - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-2016-08" - certificate_arn = data.aws_acm_certificate.landing_service.arn - - default_action { - type = "forward" - target_group_arn = aws_lb_target_group.landing_service.arn - } - - lifecycle { - ignore_changes = [default_action[0].forward[0].stickiness[0].duration] - replace_triggered_by = [aws_lb_target_group.landing_service] - } -} - -resource "aws_security_group" "landing_lb_sg" { - name = "landing-lb-sg" - description = "Security group for landing load balancer" - vpc_id = local.vpc_id - - ingress { - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } } -data "aws_acm_certificate" "landing_service" { - domain = var.landing_domain_name - statuses = ["ISSUED"] +module "landing_service" { + source = "../modules/keyserver_node_service" + count = var.enable_landing_service ? 1 : 0 + + container_name = "landing" + image = local.keyserver_service_server_image + service_name = "landing" + cluster_id = aws_ecs_cluster.keyserver_cluster.id + domain_name = var.landing_domain_name + vpc_id = local.vpc_id + vpc_subnets = local.vpc_subnets + region = var.region + environment_vars = local.landing_environment_vars + ecs_task_role_arn = aws_iam_role.ecs_task_role.arn + ecs_task_execution_role_arn = aws_iam_role.ecs_task_execution.arn } diff --git a/services/terraform/self-host/variables.tf b/services/terraform/self-host/variables.tf --- a/services/terraform/self-host/variables.tf +++ b/services/terraform/self-host/variables.tf @@ -3,11 +3,6 @@ type = string } -variable "landing_domain_name" { - description = "Domain name for your landing page" - type = string -} - variable "region" { description = "Keyserver's AWS deployment region" type = string @@ -67,3 +62,18 @@ type = string default = "" } + +# Landing + +variable "enable_landing_service" { + description = "Whether to run landing on AWS" + type = bool + default = false +} + +variable "landing_domain_name" { + description = "Domain name for your landing page" + type = string + default = "" +} +