No OneTemporary
Actions

Size

6 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/services/terraform/remote/service_backup.tf b/services/terraform/remote/service_backup.tf
	index 997884e5d..3ddbd1bfa 100644
	--- a/services/terraform/remote/service_backup.tf
	+++ b/services/terraform/remote/service_backup.tf
	@@ -1,198 +1,198 @@
	locals {
	- backup_service_image_tag = local.is_staging ? "0.4.3" : "0.4.3"
	+ backup_service_image_tag = local.is_staging ? "0.5.0-staging" : "0.4.3"
	backup_service_container_name = "backup-service-server"
	backup_service_server_image = "commapp/backup-server:${local.backup_service_image_tag}"
	backup_service_domain_name = "backup.${local.root_domain}"

	# HTTP port & configuration for ECS Service Connect
	backup_service_container_http_port = 50052
	backup_sc_port_name = "backup-service-ecs-http"
	backup_sc_dns_name = "backup-service"

	# URL accessible by other services in the same Service Connect namespace
	# This renders to 'http://backup-service:50052'
	backup_local_url = "http://${local.backup_sc_dns_name}:${local.backup_service_container_http_port}"
	}

	resource "aws_ecs_task_definition" "backup_service" {
	family = "backup-service-task-def"
	container_definitions = jsonencode([
	{
	name = local.backup_service_container_name
	image = local.backup_service_server_image
	essential = true
	portMappings = [
	{
	name = local.backup_sc_port_name
	containerPort = local.backup_service_container_http_port
	protocol = "tcp"
	appProtocol = "http"
	},
	]
	environment = [
	{
	name = "RUST_LOG"
	value = local.is_staging ? "info,backup=debug,comm_lib=debug" : "info"
	},
	{
	name = "BLOB_SERVICE_URL",
	value = local.blob_local_url
	# If this ever fails, we can fallback to blob public URL:
	# "https://${local.blob_service_domain_name}"
	},
	{
	name = "IDENTITY_SERVICE_ENDPOINT",
	value = local.identity_local_url
	},
	{
	name = "COMM_SERVICES_DISABLE_CSAT_VERIFICATION",
	value = local.is_staging ? "false" : "true"
	}
	]
	logConfiguration = {
	"logDriver" = "awslogs"
	"options" = {
	"awslogs-create-group" = "true"
	"awslogs-group" = "/ecs/backup-service-task-def"
	"awslogs-region" = "us-east-2"
	"awslogs-stream-prefix" = "ecs"
	}
	}
	}
	])
	task_role_arn = aws_iam_role.backup_service.arn
	execution_role_arn = aws_iam_role.ecs_task_execution.arn
	network_mode = "bridge"
	cpu = "256"
	memory = "256"
	requires_compatibilities = ["EC2"]

	# Set this to true if you want to keep old revisions
	# when this definition is changed
	skip_destroy = false
	}

	resource "aws_ecs_service" "backup_service" {
	name = "backup-service"
	cluster = aws_ecs_cluster.comm_services.id
	launch_type = "EC2"

	task_definition = aws_ecs_task_definition.backup_service.arn
	force_new_deployment = true

	desired_count = 1
	lifecycle {
	ignore_changes = [desired_count]
	}

	service_connect_configuration {
	enabled = true
	service {
	discovery_name = local.backup_sc_dns_name
	port_name = local.backup_sc_port_name
	client_alias {
	port = local.backup_service_container_http_port
	dns_name = local.backup_sc_dns_name
	}
	}
	}

	# HTTP
	load_balancer {
	target_group_arn = aws_lb_target_group.backup_service_http.arn
	container_name = local.backup_service_container_name
	container_port = local.backup_service_container_http_port
	}

	deployment_circuit_breaker {
	enable = true
	rollback = true
	}

	enable_execute_command = true
	enable_ecs_managed_tags = true
	}

	# Security group to configure access to the service
	resource "aws_security_group" "backup_service" {
	name = "backup-service-ecs-sg"
	vpc_id = aws_vpc.default.id

	ingress {
	from_port = local.backup_service_container_http_port
	to_port = local.backup_service_container_http_port
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	description = "HTTP port"
	}

	# Allow all outbound traffic
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}

	lifecycle {
	create_before_destroy = true
	}
	}

	resource "aws_lb_target_group" "backup_service_http" {
	name = "backup-service-ecs-http-tg"
	port = local.backup_service_container_http_port
	protocol = "HTTP"
	vpc_id = aws_vpc.default.id

	target_type = "instance"

	health_check {
	enabled = true
	healthy_threshold = 2
	unhealthy_threshold = 3

	protocol = "HTTP"
	path = "/health"
	matcher = "200-204"
	}
	}

	# Load Balancer
	resource "aws_lb" "backup_service" {
	load_balancer_type = "application"
	name = "backup-service-lb"
	internal = false
	subnets = [
	aws_subnet.public_a.id,
	aws_subnet.public_b.id,
	aws_subnet.public_c.id,
	]
	}

	resource "aws_lb_listener" "backup_service_https" {
	load_balancer_arn = aws_lb.backup_service.arn
	port = "443"
	protocol = "HTTPS"
	ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06"
	certificate_arn = data.aws_acm_certificate.backup_service.arn

	default_action {
	type = "forward"
	target_group_arn = aws_lb_target_group.backup_service_http.arn
	}

	lifecycle {
	# Target group cannot be destroyed if it is used
	replace_triggered_by = [aws_lb_target_group.backup_service_http]

	# Required to avoid no-op plan differences
	ignore_changes = [default_action[0].forward[0].stickiness[0].duration]
	}
	}

	# SSL Certificate
	data "aws_acm_certificate" "backup_service" {
	domain = local.backup_service_domain_name
	statuses = ["ISSUED"]
	}

File Metadata

Mime Type: text/x-diff
Expires: Sat, Nov 23, 1:10 AM (1 d, 19 h)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 2559246
Default Alt Text: (6 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions