Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F3522862
D9038.id30830.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
4 KB
Referenced Files
None
Subscribers
None
D9038.id30830.diff
View Options
diff --git a/services/terraform/remote/aws_iam.tf b/services/terraform/remote/aws_iam.tf
--- a/services/terraform/remote/aws_iam.tf
+++ b/services/terraform/remote/aws_iam.tf
@@ -43,6 +43,7 @@
})
managed_policy_arns = [
+ "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess",
"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
# Let ECS write logs to CloudWatch
"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess",
diff --git a/services/terraform/remote/service_blob.tf b/services/terraform/remote/service_blob.tf
--- a/services/terraform/remote/service_blob.tf
+++ b/services/terraform/remote/service_blob.tf
@@ -1,8 +1,19 @@
locals {
- blob_service_image_tag = local.is_staging ? "latest" : "0.2.0"
- blob_service_container_name = "blob-service-server"
- blob_service_server_image = "commapp/blob-server:${local.blob_service_image_tag}"
+ blob_service_image_tag = local.is_staging ? "latest" : "0.2.0"
+ blob_service_container_name = "blob-service-server"
+ blob_service_server_image = "commapp/blob-server:${local.blob_service_image_tag}"
+
+ # HTTP port & configuration for ECS Service Connect
blob_service_container_http_port = 50053
+ blob_sc_port_name = "blob-service-ecs-http"
+ blob_sc_dns_name = "blob-service"
+
+ # URL accessible by other services in the same Service Connect namespace
+ # This renders to 'http://blob-service:50053'
+ blob_local_url = "http://${local.blob_sc_dns_name}:${local.blob_service_container_http_port}"
+
+ blob_service_container_grpc_port = 50051
+ blob_service_grpc_public_port = 50053
blob_service_domain_name = "blob.${local.root_domain}"
blob_service_s3_bucket = "commapp-blob${local.s3_bucket_name_suffix}"
}
@@ -16,7 +27,7 @@
essential = true
portMappings = [
{
- name = "blob-service-ecs-http"
+ name = local.blob_sc_port_name
containerPort = local.blob_service_container_http_port
protocol = "tcp"
appProtocol = "http"
@@ -69,6 +80,19 @@
ignore_changes = [desired_count]
}
+ # Expose Blob service to other services in the cluster
+ service_connect_configuration {
+ enabled = true
+ service {
+ discovery_name = local.blob_sc_dns_name
+ port_name = local.blob_sc_port_name
+ client_alias {
+ port = local.blob_service_container_http_port
+ dns_name = local.blob_sc_dns_name
+ }
+ }
+ }
+
# HTTP
load_balancer {
target_group_arn = aws_lb_target_group.blob_service_http.arn
diff --git a/services/terraform/remote/service_identity.tf b/services/terraform/remote/service_identity.tf
--- a/services/terraform/remote/service_identity.tf
+++ b/services/terraform/remote/service_identity.tf
@@ -5,6 +5,13 @@
# Port that the container is listening on
identity_service_container_grpc_port = 50054
+ identity_sc_port_name = "identity-service-ecs-grpc"
+ identity_sc_dns_name = "identity-service"
+
+ # Endpoint name accessible by other services in the same Service Connect namespace
+ # This renders to e.g. 'identity-service:50054'
+ identity_local_endpoint = "${local.identity_sc_dns_name}:${local.identity_service_container_grpc_port}"
+
# Port that is exposed to the public SSL endpoint (appended to domain name)
identity_service_grpc_public_port = 50054
identity_service_domain_name = "identity.${local.root_domain}"
@@ -25,7 +32,7 @@
essential = true
portMappings = [
{
- name = "identity-service-ecs-grpc"
+ name = local.identity_sc_port_name
containerPort = local.identity_service_container_grpc_port
protocol = "tcp"
appProtocol = "grpc"
@@ -87,6 +94,19 @@
ignore_changes = [desired_count]
}
+ # Expose Identity service to other services in the cluster
+ service_connect_configuration {
+ enabled = true
+ service {
+ discovery_name = local.identity_sc_dns_name
+ port_name = local.identity_sc_port_name
+ client_alias {
+ port = local.identity_service_container_grpc_port
+ dns_name = local.identity_sc_dns_name
+ }
+ }
+ }
+
load_balancer {
target_group_arn = aws_lb_target_group.identity_service_grpc.arn
container_name = local.identity_service_container_name
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Tue, Dec 24, 7:48 AM (15 h, 40 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2698295
Default Alt Text
D9038.id30830.diff (4 KB)
Attached To
Mode
D9038: [terraform] Set up ECS Service Connect
Attached
Detach File
Event Timeline
Log In to Comment