Page MenuHomePhabricator
Differential D5269

[services] Provision EC2 Instance for Identity Service with Terraform
AbandonedPublic
Actions

Authored by varun on Sep 30 2022, 7:04 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Dec 17, 6:49 AM
Unknown Object (File)
Tue, Dec 17, 6:48 AM
Unknown Object (File)
Tue, Dec 17, 6:47 AM
Unknown Object (File)
Nov 26 2024, 3:23 PM
Unknown Object (File)
Nov 26 2024, 3:22 PM
Unknown Object (File)
Nov 24 2024, 12:23 PM
Unknown Object (File)
Oct 29 2024, 8:23 PM
Unknown Object (File)
Oct 29 2024, 8:22 PM
View All Files
Subscribers
abosh
ashoat
atul
tomek

Details

Reviewers
jon
atul
Group Reviewers
Restricted Owners Package(Owns No Changed Paths)
Summary

Currently we manually create the EC2 instances where our services (blob, backup, tunnelbroker, identity) run. We should provision them using Terraform instead.

The ami selected is the latest Amazon Linux 2 AMI. We use the t2.micro instance type because it is part of the free tier.

Will follow this diff up with similar diffs for the other services.

Resolves https://linear.app/comm/issue/ENG-1927/provision-ec2-instances-with-terraform

Test Plan

terraform validate && terraform plan

Diff Detail

Repository
rCOMM Comm
Branch
master
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

varun created this revision.Sep 30 2022, 7:04 AM
Herald added a reviewer: jon. · View Herald TranscriptSep 30 2022, 7:04 AM
Herald added subscribers: abosh, atul, tomek, ashoat. · View Herald Transcript
Harbormaster completed remote builds in B12562: Diff 17246.Sep 30 2022, 7:14 AM
varun requested review of this revision.Sep 30 2022, 7:14 AM
varun added inline comments.Sep 30 2022, 7:15 AM
services/terraform/ec2.tf
2

As mentioned in the summary, this is the latest AL2 AMI in us-east-2. Worth noting that the AMI ID is different in each region

varun added 1 blocking reviewer(s): Restricted Owners Package.Sep 30 2022, 7:15 AM
varun added a child revision: D5270: [services] Provision EC2 Instances for remaining services with Terraform.Sep 30 2022, 8:00 AM
atul requested changes to this revision.Sep 30 2022, 8:32 AM

At a high level this looks good but

A. I don't have terraform installed. It doesn't seem like it is part of the nix environment yet. We should at least create a task for that before landing (CC @jon)

atuls-MacBook-Pro:comm atul$ terraform validate && terraform plan
bash: terraform: command not found

B. Can you go into more detail in the Test Plan. Right now, even after installing terraform, I get the following:

│ Error: No configuration files
│ 
│ Plan requires configuration to be present. Planning without a configuration
│ would mark everything for destruction, which is normally not what is desired.
│ If you would like to destroy everything, run plan with the -destroy option.
│ Otherwise, create a Terraform configuration file (.tf file) and try again.

Is there a certain directory that it needs to be run in?

services/terraform/ec2.tf
2

Is there some sort of tag we can use that's a little more human readable? Like AL2-AMI-latest or something, or is this the only way to do it?

This revision now requires changes to proceed.Sep 30 2022, 8:32 AM
atul mentioned this in D5270: [services] Provision EC2 Instances for remaining services with Terraform.Sep 30 2022, 8:33 AM
varun requested review of this revision.Oct 10 2022, 12:31 PM
In D5269#155476, @atul wrote:

At a high level this looks good but

A. I don't have terraform installed. It doesn't seem like it is part of the nix environment yet. We should at least create a task for that before landing (CC @jon)

atuls-MacBook-Pro:comm atul$ terraform validate && terraform plan
bash: terraform: command not found

B. Can you go into more detail in the Test Plan. Right now, even after installing terraform, I get the following:

│ Error: No configuration files
│ 
│ Plan requires configuration to be present. Planning without a configuration
│ would mark everything for destruction, which is normally not what is desired.
│ If you would like to destroy everything, run plan with the -destroy option.
│ Otherwise, create a Terraform configuration file (.tf file) and try again.

Is there a certain directory that it needs to be run in?

yeah it has to be run in services/terraform

services/terraform/ec2.tf
2

looks like you have to provide the AMI ID

varun added a comment.Oct 10 2022, 12:31 PM

https://linear.app/comm/issue/ENG-1997/add-terraform-to-nix-environment

jon requested changes to this revision.Oct 10 2022, 1:40 PM

We should also think about where we want the terraform state file to live if this will be a shared resource

https://www.terraform.io/language/state

Adding terraform to nix shell: https://phab.comm.dev/D5336

This revision now requires changes to proceed.Oct 10 2022, 1:40 PM
ashoat added a comment.Jan 19 2023, 8:18 AM

Is it a bad practice security-wise to check in the state file?

ashoat added a comment.Jan 19 2023, 8:19 AM

If we have sensitive data there, we could consider using a Git submodule pointing to a private repo on GitHub – I think this is probably the most simple solution

varun abandoned this revision.Aug 10 2023, 6:36 AM

Revision Contents
Changeset List

PathSize
services/
terraform/
7 lines

Diff 17246

View Options

services/terraform/ec2.tf

Loading...