update with current stuff

examples/dice-mojo-new/dns.tf

@@ -1,8 +1,14 @@
+data "aws_route53_zone" "zone" {
+  name         = var.vpc_domain_name
+  private_zone = true
+}
+
 resource "aws_route53_record" "app" {
-  zone_id = local.app_dns_zone_id
+  zone_id = data.aws_route53_zone.zone.zone_id
 
   name    = local.app_alb_dns_name
   type    = "CNAME"
   ttl     = "900"
   records = [aws_lb.app.dns_name]
 }
+

examples/dice-mojo-new/load-balancer.tf

@@ -16,7 +16,7 @@ resource "aws_lb_target_group" "app" {
     interval            = 180
     port                = local.app_lb_target_port
     timeout             = 120
-    protocol            = "HTTP"
+    protocol            = local.app_lb_target_protocol
     path                = local.app_lb_health_monitor_path
     healthy_threshold   = 3
     unhealthy_threshold = 5

examples/dice-mojo-new/locals.tf

@@ -4,7 +4,7 @@ locals {
     "CostAllocation" = format("%v:%v:%v", local.app_program, local.app_environment, local.app_project)
   }
 
-  ecs_cluster_id       = data.terraform_remote_state.vpc_east_vpc3_apps_dice-ecs-fargate.outputs.ecs_cluster_id
+  ecs_cluster_id       = data.terraform_remote_state.vpc_east_vpc3_apps_dice-qa-fargate.outputs.ecs_cluster_id
   vpc_details          = data.terraform_remote_state.vpc_east_vpc3.outputs
   vpc_info             = local.vpc_details.vpc_info
   vpc_id               = local.vpc_info["vpc_id"]

examples/dice-mojo-new/outputs.tf

@@ -10,9 +10,9 @@ output "app_info" {
     log_group              = local.app_log_group
     alb_name               = local.app_alb_name
     albtg_name             = local.app_albtg_name
-    alb_dns_zone           = local.app_alb_dns_zone
+    alb_dns_zone           = var.vpc_domain_name
     alb_dns_name           = local.app_alb_dns_name
-    dns_zone_id            = local.app_dns_zone_id
+    dns_zone_id            = data.aws_route53_zone.zone.zone_id
     execution_role_arn     = local.app_execution_role_arn
     task_role_arn          = local.app_task_role_arn
     lb_health_monitor_path = local.app_lb_health_monitor_path

examples/dice-mojo-new/role.tf

@@ -1,5 +1,5 @@
 #---
-# task role for api
+# instance role for api
 #   roles will be vpc and region specific
 #---
 locals {
@@ -12,14 +12,13 @@ locals {
   ]
 }
 
-module "app_ecs_task_role" {
+module "app_ecs_instance_role" {
   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
 
-  role_name         = local.app_instance_base_name
-  role_description  = format("Role for %v-%v-%v %v ECS instance", local.app_program, local.app_project, local.app_environment, local.app_name)
-  attached_policies = local.app_attached_policies
-  #  assume_policy_document     = data.terraform_remote_state.common.outputs.custom_policy_documents["ec2_assume"].policy
-  assume_policy_document  = data.aws_iam_policy_document.app_ecs_task_assume.json
+  role_name               = local.app_instance_base_name
+  role_description        = format("Role for %v-%v-%v %v ECS instance", local.app_program, local.app_project, local.app_environment, local.app_name)
+  attached_policies       = local.app_attached_policies
+  assume_policy_document  = data.aws_iam_policy_document.app_ecs_instance_assume.json
   enable_instance_profile = true
 
   tags = merge(
@@ -31,7 +30,7 @@ module "app_ecs_task_role" {
 }
 
 
-data "aws_iam_policy_document" "app_ecs_task_assume" {
+data "aws_iam_policy_document" "app_ecs_instance_assume" {
   statement {
     sid     = "AWSECSTaskAssumeRole"
     effect  = "Allow"

examples/dice-mojo-new/settings.tf

@@ -1,5 +1,9 @@
 locals {
-  app_name     = "borg"
+  app_program     = "dice"
+  app_project     = "mojo"
+  app_environment = "qa"
+
+  app_name     = "wario"
   app_fullname = format("%v-%v-%v", local.app_program, local.app_project, local.app_name)
   #  app_version  = "1.0.0"
   app_version      = "latest"
@@ -8,15 +12,15 @@ locals {
   app_secret_name  = format("/%v/%v/%v/%v/configs", local.app_program, local.app_project, local.app_environment, local.app_name)
   app_log_group    = format("/ecs/%v/%v/%v/%v", local.app_program, local.app_project, local.app_environment, local.app_name)
   app_alb_name     = format("alb-%v-%v-%v-%v", local.app_program, local.app_project, local.app_environment, local.app_name)
-  app_albtg_name   = format("albtg-%v-%v-%v-%v", local.app_program, local.app_project, local.app_environment, local.app_name)
-  app_alb_dns_zone = format("%v.%v.census.gov", local.app_environment, local.app_program)
-  app_alb_dns_name = format("%v.%v.%v", local.app_project, local.app_name, local.app_alb_dns_zone)
-  app_dns_zone_id  = data.terraform_remote_state.vpc_east_vpc2_apps_dns.outputs.domain_zone_id
-  # customize these two per app as needed
-  app_execution_role_arn = "arn:aws-us-gov:iam::252960665057:role/r-dice-ecs-task-execution-vpc2-us-gov-east-1"
-  #  app_task_role_arn      = "arn:aws-us-gov:iam::252960665057:role/r-dice-ecs-task-execution-vpc2-us-gov-east-1"
-  app_task_role_arn          = module.app_ecs_task_role.role_arn
-  app_lb_health_monitor_path = "/borg/health/"
+  app_albtg_name   = format("%v-%v-%v-%v", local.app_program, local.app_project, local.app_environment, local.app_name)
+  app_alb_dns_zone = var.vpc_domain_name
+  app_alb_dns_name = format("%v.%v.%v", local.app_project, local.app_name, var.vpc_domain_name)
+
+  app_execution_role_arn = data.terraform_remote_state.vpc_east_vpc3_apps_dice-qa-fargate.outputs.ecs_task_role_arn
+  app_task_role_arn      = module.app_ecs_instance_role.role_arn
+
+  app_lb_health_monitor_path = "/wario/health/"
+  app_lb_target_protocol     = "HTTP"
   app_lb_target_port         = "8080"
   app_desired_count          = 4
   app_health_check_grace     = 60

examples/dice-mojo-new/task.tf

@@ -53,11 +53,11 @@ resource "aws_cloudwatch_log_group" "app" {
 }
 
 resource "aws_ecs_service" "app" {
-  name            = local.app_fullname
-  cluster         = local.ecs_cluster_id
-  task_definition = aws_ecs_task_definition.app_1.arn
-  desired_count   = local.app_desired_count
-  health_check_grace_period_seconds  = local.app_health_check_grace
+  name                              = local.app_fullname
+  cluster                           = local.ecs_cluster_id
+  task_definition                   = aws_ecs_task_definition.app_1.arn
+  desired_count                     = local.app_desired_count
+  health_check_grace_period_seconds = local.app_health_check_grace
   #  iam_role        = aws_iam_role.foo.arn
   #  depends_on      = [aws_iam_role_policy.foo]
   launch_type = "FARGATE"

examples/dice-mojo-new/tf-run.data

@@ -1,9 +1,10 @@
-VERSION 1.0.3
+VERSION 1.0.4
 REMOTE-STATE
 COMMAND tf-directory-setup.py -l none -f
 COMMAND setup-new-directory.sh
 COMMAND tf-init -upgrade
 module.cert
+COMMAND ln -sf ../../../../../../common/apps/dice-mojo/remote_state.common_apps_dice-mojo.tf .
 ALL
 COMMENT  submit certs/*.csr file for signature from enterprise PKI
 COMMENT  if provided a link, change app_cert_download to true and continue

examples/dice-mojo-new/variables.ecs.tf

@@ -8,17 +8,17 @@ variable "cluster_name" {
 variable "ecs_container_subnet_filter" {
   description = "Container subnet filter (ex., *-container-*) to use to select the container subents in this VPC"
   type        = string
-  defualt     = "*-container-*"
+  default     = "*-container-*"
 }
 
 variable "ecs_apps_subnet_filter" {
   description = "Apps subnet filter (ex., *-apps-*) to use to select the container subents in this VPC"
   type        = string
-  defualt     = "*-apps-*"
+  default     = "*-apps-*"
 }
 
 variable "ecs_lb_subnet_filter" {
   description = "Private Load Balancer subnet filter (ex., *-private-lb-*) to use to select the container subents in this VPC"
   type        = string
-  defualt     = "*-private-lb-*"
+  default     = "*-private-lb-*"
 }